[SOLVED] [Win7SP1 x64] WU haven't worked in a while, reboot loop, CSI deployment error

event3horizon · Aug 8, 2017

softwaremaniac said:
Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.

Download the file below, SFCFix.txt, and save this to your Desktop.

Save any open documents and close all open windows.

On your Desktop, you should see two files: SFCFix.exe and SFCFix.txt.

Drag the file SFCFix.txt onto the file SFCFix.exe and release it.

SFCFix will now process the script.

Upon completion, a file should be created on your Desktop: SFCFix.txt.

Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Here is the result:
SFCFix version 3.0.0.0 by niemiro.
Start time: 2017-08-08 20:49:21.997
Microsoft Windows 7 Service Pack 1 - amd64
Using .txt script file at C:\Users\Dime\Desktop\SFCFix.txt [1]

RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired.

WARNING: Failed to create backup for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired.

Successfully deleted registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired.

Failed to open registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired with error code ERROR_FILE_NOT_FOUND.
RegistryScript:: directive failed to complete successfully.

Failed to process all directives successfully.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 3 datablocks.
Finish time: 2017-08-08 20:49:22.023
Script hash: vygNwPGEbuf7ax4r4PQ3Orn5Te4Tu0ODgIsBwsyvrTM=
----------------------EOF-----------------------

After this, I went and clicked check for updates and got this message:

After reboot, I clicked check for updates and AGAIN, the same "you must restart your computer" is back on.

Sysnative Windows Update · Aug 8, 2017

Please reboot your PC and follow my steps in Post #20.

event3horizon · Aug 8, 2017

softwaremaniac said:
Please reboot your PC and follow my steps in Post #20.

ok i just did once more the same thing:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2017-08-08 21:48:02.562
Microsoft Windows 7 Service Pack 1 - amd64
Using .txt script file at C:\Users\Dime\Desktop\SFCFix.txt [2]

RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update.

Successfully deleted registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired.

Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update.
RegistryScript:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 4 datablocks.
Finish time: 2017-08-08 21:48:02.574
Script hash: vygNwPGEbuf7ax4r4PQ3Orn5Te4Tu0ODgIsBwsyvrTM=
----------------------EOF-----------------------

Sysnative Windows Update · Aug 8, 2017

1. Click your Start button and type Windows Update
2. Click on the Windows Update link that appears in the search results.
3. Click the Change Settings link
4. Change the drop-down from "Never check for updates (not recommended)" to "Install updates automatically (recommended)" and then click OK.

Then do this please:

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

event3horizon · Aug 9, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2017
Ran by Dime (administrator) on DIMESPC (09-08-2017 00:21:07)
Running from C:\Users\Dime\Desktop
Loaded Profiles: Dime (Available Profiles: Dime & Sanja)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Dell Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Saitek, Madcatz) C:\Program Files (x86)\Saitek\Pro Flight XPlugin\xplservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Spotify Ltd) C:\Users\Dime\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Resilio, Inc.) C:\Users\Dime\AppData\Roaming\Resilio Sync\Resilio Sync.exe
(Flux Software LLC) C:\Users\Dime\AppData\Local\FluxSoftware\Flux\flux.exe
(NirSoft) C:\Program Files\volumouse-x64\volumouse.exe
() C:\Program Files\volumouse-x64\volumouse32.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Mouse Driver\MouseDrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WireLessMouse] => C:\Program Files (x86)\Mouse Driver\StartAutorun.exe MouseDrv.exe
HKLM-x32\...\Run: [VMware hqtray] => C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64048 2009-08-14] (VMware, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1165920 2017-07-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [ASRockIES] => [X]
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [Spotify Web Helper] => C:\Users\Dime\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-09] (Spotify Ltd)
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [Resilio Sync] => C:\Users\Dime\AppData\Roaming\Resilio Sync\Resilio Sync.exe [17147912 2017-07-21] (Resilio, Inc.)
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [f.lux] => C:\Users\Dime\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4295360 2016-06-08] (Disc Soft Ltd)
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Run: [$Volumouse$] => C:\Program Files\volumouse-x64\volumouse.exe [88576 2014-06-17] (NirSoft)
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\MountPoints2: F - F:\Installer_Windows.exe
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\MountPoints2: {2e997dfd-92c3-11e3-a42a-806e6f6e6963} - F:\Installer_Windows.exe
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\MountPoints2: {30469073-943f-11e3-8a70-001966fffa32} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\MountPoints2: {a43a95f6-92d9-11e3-a776-806e6f6e6963} - F:\Installer_Windows.exe
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\plane9.scr [78336 2014-09-21] ()
AppInit_DLLs: C:\PROGRA~2\SSSUPP~1\ASSIST~2.DLL => No File
Startup: C:\Users\Dime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk [2014-02-11]
ShortcutTarget: Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Startup: C:\Users\Dime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WatchGuard Access Client.lnk [2016-07-13]
ShortcutTarget: WatchGuard Access Client.lnk -> C:\Users\Dime\AppData\Local\Temp\AccessClient.exe (WatchGuard)
Startup: C:\Users\Sanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-08-04]
ShortcutTarget: Dropbox.lnk -> C:\Users\Dime\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
GroupPolicyScripts: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{9A9F00BA-1E51-475D-B272-AAF3257287B5}: [NameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3956391901-1326303859-230559083-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-24] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {3195CF7C-E9E2-49B2-8B61-14F285298E1C} hxxps://vo.coastalbh.org/wa/AccessClientLoader.cab

FireFox:
========
FF ProfilePath: C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default [2017-08-09]
FF user.js: detected! => C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\user.js [2014-01-06]
FF DefaultSearchEngine,S: Mozilla\Firefox\Profiles\gi7n9gd9.default ->
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\gi7n9gd9.default ->
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\gi7n9gd9.default ->
FF SearchEngineOrder.1,S: Mozilla\Firefox\Profiles\gi7n9gd9.default ->
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\gi7n9gd9.default -> Bing
FF SelectedSearchEngine,S: Mozilla\Firefox\Profiles\gi7n9gd9.default ->
FF Homepage: Mozilla\Firefox\Profiles\gi7n9gd9.default -> hxxp://www.yahoo.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\gi7n9gd9.default -> hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\gi7n9gd9.default -> http", "212.144.254.124"
FF NetworkProxy: Mozilla\Firefox\Profiles\gi7n9gd9.default -> http_port", 3128
FF NetworkProxy: Mozilla\Firefox\Profiles\gi7n9gd9.default -> type", 0
FF Extension: (FlashStopper) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\flashstopper@byo.co.il.xpi [2017-07-05]
FF Extension: (Strict Pop-up Blocker) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2017-08-06]
FF Extension: (Firesizer) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi [2016-04-28]
FF Extension: (FireShot) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-07-22]
FF Extension: (Flagfox) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-07-31]
FF Extension: (HttpFox) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2016-04-28]
FF Extension: (EPUBReader) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-02-19]
FF Extension: (YouTube High Definition) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2017-06-24]
FF Extension: (Video DownloadHelper) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-08]
FF Extension: (Adblock Plus) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (Greasemonkey) - C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-27]
FF SearchPlugin: C:\Users\Dime\AppData\Roaming\Mozilla\Firefox\Profiles\gi7n9gd9.default\searchplugins\bing-zugo.xml [2010-07-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default [2016-07-28]
CHR Extension: (Google Docs) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-03]
CHR Extension: (Google Drive) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-05]
CHR Extension: (YouTube) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-05]
CHR Extension: (Google Search) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-05-05]
CHR Extension: (Google Docs Offline) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-05]
CHR Extension: (Avast Online Security) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-05]
CHR Extension: (RSS Live Links) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcamnijgggppihioleoenjmlnakejdph [2014-03-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-03]
CHR Extension: (Gmail) - C:\Users\Dime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1458368 2016-06-08] (Disc Soft Ltd)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3878728 2017-02-25] (Paramount Software UK Ltd)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [290816 2011-04-08] (Puran Software) [File not signed]
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [758928 2016-09-26] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2008-12-01] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XSaiSvc; C:\Program Files (x86)\Saitek\Pro Flight XPlugin\xplservice.exe [86528 2015-04-10] (Saitek, Madcatz) [File not signed]
S3 TweakingRunAsSystem8999; "C:\Users\Dime\Desktop\Tweaking.com - Repair Windows Firewall\files\tweaking_ras.exe" 8999[]

C:\Windows\Sysnative\cmd.exe

[]/c start /HIGH cmd.exe /c

C:\Windows\Temp\temp982.bat

& exit
S3 TweakingRunAsSystem9543; "C:\Users\Dime\Desktop\Tweaking.com - Repair Windows Firewall\files\tweaking_ras.exe" 9543[]

C:\Windows\Sysnative\cmd.exe

[]/c start /HIGH cmd.exe /c

C:\Windows\Temp\temp038.bat

& exit

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2015-07-15] (Advanced Micro Devices) [File not signed]
U5 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462096 2015-08-12] (Apple Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-09] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-09] (Disc Soft Ltd)
S3 hcw10bda; C:\Windows\System32\drivers\hcw10bda.sys [721496 2014-02-26] (Hauppauge Computer Works, Inc.)
S2 hcw10cir; C:\Windows\System32\drivers\hcw10cir.sys [46080 2010-05-10] (Hauppauge Computer Works, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [26472 2016-09-27] (SonicWALL Inc.)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-09-14] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2016-06-09] (Duplex Secure Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2016-01-19] (Oracle Corporation)
R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2008-12-01] (VMware, Inc.)
R2 waclient; C:\Windows\SysWOW64\drivers\waclient.sys [63608 2014-02-13] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-09 00:07 - 2017-08-09 00:21 - 000020925 _____ C:\Users\Dime\Desktop\FRST.txt
2017-08-09 00:07 - 2017-08-09 00:21 - 000000000 ____D C:\FRST
2017-08-09 00:07 - 2017-08-09 00:07 - 002381312 _____ (Farbar) C:\Users\Dime\Desktop\FRST64.exe
2017-08-08 21:47 - 2017-08-08 21:52 - 000001964 _____ C:\Users\Dime\Desktop\SFCFix.txt
2017-08-06 20:25 - 2017-08-06 20:25 - 006403140 _____ C:\Users\Dime\Desktop\EvtLogs.zip
2017-08-06 20:25 - 2017-08-06 20:25 - 000000000 ____D C:\Users\Dime\Desktop\EvtLogs
2017-08-06 13:27 - 2017-08-08 21:45 - 000011398 _____ C:\Users\Dime\Desktop\iptvlist.xlsx
2017-08-04 17:33 - 2017-08-04 17:33 - 000000000 ____D C:\Users\Sanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-02 21:14 - 2017-08-07 22:17 - 000003695 _____ C:\Windows\system32\1.txt
2017-07-27 21:55 - 2017-08-07 20:44 - 000000000 ____D C:\Users\Sanja\AppData\Local\Viber
2017-07-13 22:21 - 2017-08-08 21:52 - 000000000 ____D C:\SFCFix
2017-07-13 22:18 - 2017-08-08 21:52 - 000000000 ____D C:\Users\Dime\AppData\Local\niemiro
2017-07-13 22:18 - 2017-07-13 22:18 - 002884096 _____ (niemiro) C:\Users\Dime\Desktop\SFCFix.exe
2017-07-13 21:57 - 2017-07-13 21:57 - 030659457 _____ C:\Users\Dime\Desktop\Windows6.1-KB3172605-x64.msu
2017-07-13 21:46 - 2017-07-13 21:48 - 564744309 _____ C:\Users\Dime\Desktop\Windows6.1-KB947821-v34-x64.msu
2017-07-13 20:10 - 2017-07-13 20:10 - 000313366 _____ C:\Users\Dime\Desktop\WindowsUpdate.diagcab
2017-07-13 19:59 - 2017-07-13 19:59 - 000000000 ____D C:\Windows\system32\EventProviders
2017-07-13 19:46 - 2017-07-13 19:46 - 000000000 ____D C:\Windows\CheckSur
2017-07-13 19:20 - 2017-07-13 19:21 - 500046015 _____ C:\Users\Dime\Desktop\windows6.1-kb3125574-v4-x64_2dafb1d203c8964239af3048b5dd4b1264cd93b9.msu
2017-07-13 19:17 - 2017-07-13 19:17 - 000120416 _____ C:\Users\Dime\list.txt
2017-07-13 18:55 - 2017-07-13 18:55 - 009575735 _____ C:\Users\Dime\Desktop\Windows6.1-KB3020369-x64.msu
2017-07-10 22:58 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-07-10 22:58 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-07-10 22:58 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-07-10 22:58 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-07-10 22:58 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-07-10 22:58 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-07-10 22:58 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-07-10 22:58 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-07-10 22:58 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-07-10 22:58 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-07-10 22:58 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-07-10 22:58 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-07-10 22:58 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-07-10 22:58 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-07-10 22:58 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-07-10 22:58 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-07-10 22:58 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-07-10 22:58 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-07-10 22:58 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-07-10 22:58 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-07-10 22:58 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-07-10 22:58 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-07-10 22:58 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-07-10 22:58 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-07-10 22:58 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-07-10 22:58 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-07-10 22:58 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-07-10 22:58 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-07-10 22:58 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-07-10 22:58 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-07-10 22:58 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-07-10 22:58 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-07-10 22:58 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-07-10 22:58 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-07-10 22:58 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-07-10 22:58 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-07-10 22:58 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-07-10 22:58 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-07-10 22:58 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-07-10 22:58 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-07-10 22:58 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-07-10 22:58 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-07-10 22:58 - 2008-10-10 04:52 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-07-10 22:58 - 2008-10-10 04:52 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-07-10 22:58 - 2008-10-10 04:52 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-07-10 22:58 - 2008-10-10 04:52 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-07-10 22:58 - 2008-10-10 04:52 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-07-10 22:58 - 2008-10-10 04:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-07-10 22:58 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-07-10 22:58 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-07-10 22:58 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-07-10 22:58 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-07-10 22:58 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-07-10 22:58 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-07-10 22:58 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-07-10 22:58 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-07-10 22:58 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-07-10 22:58 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-07-10 22:58 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-07-10 22:58 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-07-10 22:57 - 2017-07-10 22:58 - 000000000 ____D C:\Windows\SysWOW64\directx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-09 00:20 - 2017-03-22 19:21 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-09 00:20 - 2016-12-13 00:22 - 000000000 ____D C:\Users\Dime\AppData\Roaming\Resilio Sync
2017-08-09 00:20 - 2014-02-13 01:34 - 000000000 ____D C:\ProgramData\VMware
2017-08-09 00:20 - 2014-02-11 00:09 - 000000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-08-09 00:20 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-09 00:19 - 2016-11-16 09:00 - 000000000 ____D C:\Users\Dime\AppData\LocalLow\Mozilla
2017-08-08 23:32 - 2015-06-17 23:03 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004UA.job
2017-08-08 23:28 - 2014-02-11 00:09 - 000000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-08-08 21:58 - 2009-07-14 00:45 - 000031376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-08 21:58 - 2009-07-14 00:45 - 000031376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-08 21:55 - 2009-07-14 01:13 - 000786086 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-08 21:55 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-08-08 21:48 - 2014-04-01 12:43 - 000000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004UA.job
2017-08-08 21:38 - 2015-01-10 23:04 - 000011004 _____ C:\Users\Dime\Desktop\Finance.xlsx
2017-08-08 20:32 - 2014-02-11 00:21 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 20:32 - 2014-02-11 00:21 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 20:32 - 2014-02-11 00:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-08 20:32 - 2014-02-11 00:21 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-08 19:21 - 2014-08-17 13:10 - 000000000 ____D C:\Users\Dime\AppData\Local\Adobe
2017-08-07 22:07 - 2016-11-15 15:39 - 000000000 ____D C:\Users\Sanja\AppData\LocalLow\Mozilla
2017-08-07 20:51 - 2015-01-25 23:46 - 000000000 ____D C:\Users\Sanja\AppData\Roaming\Plane9
2017-08-07 20:44 - 2014-11-26 23:57 - 000000000 ____D C:\Users\Sanja\AppData\Roaming\ViberPC
2017-08-07 20:29 - 2014-02-11 00:10 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-07 16:30 - 2015-01-24 18:04 - 000000000 ____D C:\Users\Dime\AppData\Roaming\Plane9
2017-08-07 12:48 - 2014-04-01 12:43 - 000000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004Core.job
2017-08-06 20:23 - 2014-04-19 19:40 - 000000000 ____D C:\Users\Dime\AppData\Roaming\vlc
2017-08-05 12:16 - 2014-02-12 22:50 - 000000000 ____D C:\Windows\pss
2017-08-05 11:49 - 2014-03-31 01:35 - 000000000 ____D C:\Users\Sanja\AppData\Roaming\Skype
2017-08-04 17:33 - 2014-04-14 00:53 - 000000000 ____D C:\Users\Sanja\AppData\Roaming\Dropbox
2017-08-03 22:41 - 2014-02-11 23:42 - 000000000 ____D C:\Users\Dime\AppData\Roaming\KeePass
2017-08-03 19:36 - 2014-03-07 21:02 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-08-02 21:05 - 2016-08-30 23:41 - 000010953 _____ C:\Users\Dime\Desktop\FinanceHelene.xlsx
2017-08-01 14:25 - 2014-11-18 23:11 - 000000000 ____D C:\Users\Dime\AppData\Local\Spotify
2017-08-01 14:10 - 2014-11-18 22:54 - 000000000 ____D C:\Users\Dime\AppData\Roaming\Spotify
2017-07-30 21:34 - 2017-02-27 20:35 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-24 23:25 - 2014-11-26 23:57 - 000000000 ____D C:\Users\Sanja\Documents\ViberDownloads
2017-07-23 11:34 - 2016-12-13 00:22 - 000000000 ____D C:\ProgramData\Resilio Sync
2017-07-21 20:08 - 2014-02-11 01:05 - 000000073 _____ C:\Users\Dime\AppData\Local\X-Plane_drm.prf
2017-07-21 07:12 - 2009-07-14 01:08 - 000032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-15 00:06 - 2014-03-07 21:02 - 000000000 ____D C:\Users\Dime\AppData\Roaming\TeamViewer
2017-07-13 23:17 - 2014-02-10 22:12 - 000000000 ____D C:\Users\Dime
2017-07-13 23:17 - 2011-04-12 04:28 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-07-13 23:17 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2017-07-13 23:11 - 2015-12-23 18:50 - 000000000 ____D C:\Users\Test Acct
2017-07-13 23:11 - 2014-03-31 01:31 - 000000000 ____D C:\Users\Sanja
2017-07-13 19:12 - 2015-01-04 02:01 - 000000000 ____D C:\Users\Dime\AppData\Local\ElevatedDiagnostics
2017-07-12 23:00 - 2015-11-03 00:31 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-12-21 14:47 - 2016-12-21 14:47 - 000000048 ____H () C:\Program Files (x86)\dsb0afqzuj.dat
2016-04-13 21:04 - 2017-02-18 15:02 - 000000100 _____ () C:\Users\Dime\AppData\Roaming\Camdata.ini
2016-04-13 21:04 - 2017-02-18 15:02 - 000000408 _____ () C:\Users\Dime\AppData\Roaming\CamLayout.ini
2016-04-13 21:04 - 2017-02-18 15:02 - 000000408 _____ () C:\Users\Dime\AppData\Roaming\CamShapes.ini
2016-04-13 21:11 - 2017-02-18 15:02 - 000004546 _____ () C:\Users\Dime\AppData\Roaming\CamStudio.cfg
2014-05-04 22:50 - 2014-05-04 22:50 - 000099384 _____ () C:\Users\Dime\AppData\Roaming\inst.exe
2015-01-07 01:37 - 2017-04-25 22:02 - 000000261 _____ () C:\Users\Dime\AppData\Roaming\OpenSceneryX Installer.plist
2014-05-04 22:50 - 2014-05-04 22:50 - 000007859 _____ () C:\Users\Dime\AppData\Roaming\pcouffin.cat
2014-05-04 22:50 - 2014-05-04 22:50 - 000001167 _____ () C:\Users\Dime\AppData\Roaming\pcouffin.inf
2014-05-04 22:50 - 2014-05-04 22:50 - 000000034 _____ () C:\Users\Dime\AppData\Roaming\pcouffin.log
2014-05-04 22:50 - 2014-05-04 22:50 - 000082816 _____ (VSO Software) C:\Users\Dime\AppData\Roaming\pcouffin.sys
2014-07-02 23:57 - 2014-07-02 23:57 - 000001181 _____ () C:\Users\Dime\AppData\Roaming\trace_FilterInstaller.1.txt
2014-07-02 23:57 - 2014-07-03 00:29 - 000000919 _____ () C:\Users\Dime\AppData\Roaming\trace_FilterInstaller.txt
2014-07-02 23:57 - 2014-07-03 00:29 - 000000000 _____ () C:\Users\Dime\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-04-13 20:58 - 2017-02-18 15:01 - 000000096 _____ () C:\Users\Dime\AppData\Roaming\version2.xml
2014-05-04 22:51 - 2014-07-31 00:34 - 000001041 _____ () C:\Users\Dime\AppData\Roaming\vso_ts_preview.xml
2015-01-17 00:24 - 2017-04-27 00:10 - 000002515 _____ () C:\Users\Dime\AppData\Roaming\WED.prefs
2015-10-06 18:40 - 2017-04-26 21:22 - 000004233 _____ () C:\Users\Dime\AppData\Roaming\XAddonManager.plist
2016-06-05 22:55 - 2017-04-22 16:48 - 000001456 _____ () C:\Users\Dime\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-16 00:59 - 2015-05-04 21:23 - 000000600 _____ () C:\Users\Dime\AppData\Local\PUTTY.RND
2015-11-18 22:18 - 2015-11-18 22:18 - 000000864 _____ () C:\Users\Dime\AppData\Local\recently-used.xbel
2014-02-14 02:26 - 2017-05-01 23:54 - 000007648 _____ () C:\Users\Dime\AppData\Local\Resmon.ResmonCfg
2014-12-26 23:13 - 2017-01-02 02:47 - 000000028 _____ () C:\Users\Dime\AppData\Local\X-Plane Installer.prf
2014-02-11 01:05 - 2017-07-21 20:08 - 000000073 _____ () C:\Users\Dime\AppData\Local\X-Plane_drm.prf
2014-02-11 01:03 - 2017-04-29 22:43 - 000000048 _____ () C:\Users\Dime\AppData\Local\x-plane_install_10.txt

Files to move or delete:
====================

Some files in TEMP:
====================
2015-12-29 22:08 - 2015-12-29 22:08 - 001481368 _____ (WatchGuard) C:\Users\Dime\AppData\Local\Temp\AccessClient.exe
2016-06-09 22:18 - 2016-06-09 22:18 - 000102912 _____ () C:\Users\Dime\AppData\Local\Temp\bitool.dll
2015-12-29 22:08 - 2017-01-16 09:04 - 000048128 ____N () C:\Users\Dime\AppData\Local\Temp\ClientLoader.dll
2017-03-26 17:32 - 2017-03-26 17:32 - 000204800 _____ (Sony DADC Austria AG) C:\Users\Dime\AppData\Local\Temp\drm_dyndata_7370014.dll
2016-06-09 22:12 - 2016-06-09 22:12 - 000692072 _____ (Disc Soft Ltd.) C:\Users\Dime\AppData\Local\Temp\DTLiteInstaller.exe
2016-01-02 00:52 - 2016-01-02 00:52 - 000006321 _____ () C:\Users\Dime\AppData\Local\Temp\dt_8B2F.tmp.exe
2017-06-24 23:06 - 2017-06-24 23:06 - 000739904 _____ (Oracle Corporation) C:\Users\Dime\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-02-01 01:31 - 2016-02-01 01:31 - 000644704 _____ (Oracle Corporation) C:\Users\Dime\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-15 23:01 - 2016-02-15 23:01 - 000736352 _____ (Oracle Corporation) C:\Users\Dime\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-06-09 22:31 - 2016-06-09 22:31 - 004211112 _____ () C:\Users\Dime\AppData\Local\Temp\npp.6.9.2.Installer.exe
2017-02-26 20:45 - 2017-02-26 20:45 - 002903480 _____ () C:\Users\Dime\AppData\Local\Temp\npp.7.3.2.Installer.exe
2017-03-22 19:41 - 2017-03-16 18:56 - 000352704 _____ (NVIDIA Corporation) C:\Users\Dime\AppData\Local\Temp\nvStInst.exe
2016-10-22 13:48 - 2016-10-22 13:48 - 043760768 _____ (Skype Technologies S.A.) C:\Users\Dime\AppData\Local\Temp\SkypeSetup.exe
2015-08-02 19:58 - 2015-08-02 19:58 - 000118784 _____ () C:\Users\Dime\AppData\Local\Temp\xmlUpdater.exe
2016-12-01 14:25 - 2016-12-01 14:25 - 074916336 _____ (Dropbox, Inc.) C:\Users\Dime\AppData\Local\Temp\{517BADC9-29FB-4DFD-9047-CF5DB4ACBC8C}-DropboxClient_15.4.22.exe
2017-01-18 14:53 - 2017-01-18 14:53 - 075703976 _____ (Dropbox, Inc.) C:\Users\Dime\AppData\Local\Temp\{B2599AE0-7791-42B9-BAD0-AFDF7F84651E}-DropboxClient_18.4.32.exe
2016-08-20 15:28 - 2016-08-20 15:29 - 069030792 _____ (Dropbox, Inc.) C:\Users\Dime\AppData\Local\Temp\{D0E160C1-A8DC-47F6-B307-D7DE60B74BBA}-DropboxClient_8.4.19.exe
2015-12-22 18:11 - 2016-04-07 11:26 - 046945408 _____ (Skype Technologies S.A.) C:\Users\Sanja\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-01 14:50

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2017
Ran by Dime (09-08-2017 00:21:29)
Running from C:\Users\Dime\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-02-11 02:12:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3956391901-1326303859-230559083-500 - Administrator - Disabled)
Dime (S-1-5-21-3956391901-1326303859-230559083-1000 - Administrator - Enabled) => C:\Users\Dime
Guest (S-1-5-21-3956391901-1326303859-230559083-501 - Limited - Disabled)
Sanja (S-1-5-21-3956391901-1326303859-230559083-1004 - Limited - Enabled) => C:\Users\Sanja
__vmware_user__ (S-1-5-21-3956391901-1326303859-230559083-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.4.0.0 - )
µTorrent (HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ASRock IES v2.0.15 (HKLM-x32\...\ASRock IES_is1) (Version: - )
ASRock InstantBoot v1.23 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
ASRock OC DNA v1.5 (HKLM-x32\...\ASRock OC DNA_is1) (Version: - )
ASRock OC Tuner v2.3.93 (HKLM-x32\...\ASRock OC Tuner_is1) (Version: - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.2.0.0 - Auslogics Labs Pty Ltd)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVStoDVD 2.7.4 (HKLM-x32\...\AVStoDVD) (Version: 2.7.4 - MrC)
Binary Viewer 5.15.01.01 (HKLM-x32\...\{A15E821D-0A75-4B45-BA20-481051C7F4E5}_is1) (Version: - ProXoft L.L.C.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bullzip PDF Printer 10.2.0.2141 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.2.0.2141 - Bullzip)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
ConvertXtoDVD 4.0.3.312 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.3.312 - )
Core Temp 1.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.7 - ALCPU)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0191 - Disc Soft Ltd)
Day of Defeat: Source (HKLM\...\Steam App 300) (Version: - Valve)
Dell SonicWALL NetExtender (HKLM-x32\...\Dell SonicWALL NetExtender) (Version: 8.5.251 - Dell Inc.)
DiskCheckup v3.2 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.2.1000 - PassMark Software)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.13.3 - SCS Software)
f.lux (HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Flux) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.18.0 (HKLM-x32\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\{56B708CC-28A0-3CFC-A83B-BE70E5C4EA18}) (Version: 60.0.3112.90 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Half-Life 2 (HKLM\...\Steam App 220) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version: - Valve)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 6960 Basic Device Software (HKLM\...\{25594F97-2B8B-4D91-A0E8-F1CCA35D65E1}) (Version: 39.2.1964.60632 - HP Inc.)
HP OfficeJet 6960 Help (HKLM-x32\...\{8AE50691-E409-4656-A974-76C841B3D934}) (Version: 39.0.0 - HP)
Huffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version: - )
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
K-Lite Codec Pack 10.6.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
Kodi (HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Kodi) (Version: - XBMC-Foundation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
LGFlashTool 1.6.01.0529 (HKLM-x32\...\LGFlashTool) (Version: 1.6.01.0529 - LGE)
Logitech WebCam Driver (HKLM\...\Logitech WebCam Driver) (Version: - )
Macrium Reflect Free Edition (HKLM\...\{595B8A7B-253D-4A4E-95C2-A823EDDD5496}) (Version: 6.3.1745 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVtoolnix 4.2.0 (HKLM-x32\...\MKVtoolnix) (Version: 4.2.0 - Moritz Bunkus)
Mouse Driver (HKLM-x32\...\{F3700370-62E5-446C-A6A5-FF5F7C7D42CD}) (Version: 2.0 - Author) Hidden
Mouse Driver (HKLM-x32\...\InstallShield_{F3700370-62E5-446C-A6A5-FF5F7C7D42CD}) (Version: 2.0 - Author)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.2.1 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.2.1 ESR (x86 en-US)) (Version: 52.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.2.1.6387 - Mozilla)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - )
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
novaPDF for SDK v7 (novaPDF 7.7 printer) (HKLM\...\novaPDF for SDK v7_is1) (Version: 7.7.3987 - Softland)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
OBD 2007 Pid Reader (HKLM-x32\...\{C708DC4C-AE8D-4658-9955-0DFC2B3EFF44}) (Version: 1.0.0 - GLM Software)
OpenPHT (HKLM-x32\...\OpenPHT) (Version: 1.5.2 - Team RasPlex)
Oracle VM VirtualBox 5.0.14 (HKLM\...\{82022940-639B-48A3-86D9-B139864105F7}) (Version: 5.0.14 - Oracle Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PdfMerge (HKLM-x32\...\{238BE990-A412-4129-A434-D03B1A9E396E}) (Version: 1.22.0 - PdfMerge)
PingPlotter 5 (HKLM-x32\...\{01330983-DC52-4ED0-BA46-9F9F4F202759}) (Version: 5.3.2.2388 - Pingman Tools, LLC) Hidden
PingPlotter 5 5.3.2 (HKLM-x32\...\PingPlotter 5 5.3.2.2388) (Version: 5.3.2.2388 - Pingman Tools, LLC)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
Plane9 v2.1.1.3 (HKLM-x32\...\Plane9) (Version: v2.1.1.3 - Joakim Dahl / Planestate Software)
Project64 version 2.3.2.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.3 - )
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
Puran Defrag Free Edition 7.3 (HKLM\...\Puran Defrag Free Edition_is1) (Version: - Puran Software)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RawTherapee version 4.2 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.2 - rawtherapee.com)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Resilio Sync (HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Resilio Sync) (Version: 2.5.6 - Resilio, Inc.)
Saitek ProFlight X-Plane Plugin (HKLM-x32\...\{51CAE556-D569-4A4C-85B1-8DDA2B65D3D6}) (Version: 1.2.5.0 - Saitek, MadCatz Inc.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3956391901-1326303859-230559083-1000\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 7.0.14.0 - 2BrightSparks)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TubeMaster++ 2.7 (HKLM-x32\...\TubeMaster++) (Version: 2.7 - GgSofts)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.7.3 - Tweaking.com)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
URL Snooper v2.38.01 (HKLM-x32\...\URLSnooper 2_is1) (Version: - DonationCoder.com)
Viber (HKLM-x32\...\{097A0B4C-1568-4735-8C3D-4CB265A115C8}) (Version: 5.4.0.1664 - Viber Media Inc.) Hidden
VisualSubSync (remove only) (HKLM-x32\...\VisualSubSync) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\{A53A11EA-0095-493F-86FA-A15E8A86A405}) (Version: 2.5.3.8888 - VMware, Inc.)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
XMedia Recode version 3.3.4.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.4.8 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3956391901-1326303859-230559083-1000_Classes\CLSID\{581FFA00-FC33-0006-0502-95003A5CDE89}\InprocServer32 -> C:\Users\Dime\AppData\Roaming\Resilio Sync\ShellExtensionPath64_413.dll ()
CustomCLSID: HKU\S-1-5-21-3956391901-1326303859-230559083-1000_Classes\CLSID\{581FFA01-FC33-0006-0502-95003A5CDE89}\InprocServer32 -> C:\Users\Dime\AppData\Roaming\Resilio Sync\ShellExtensionPath64_413.dll ()
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.5.6Done] -> {581FFA04-FC33-0006-0502-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_413.dll [2017-07-21] ()
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.5.6RO] -> {581FFA03-FC33-0006-0502-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_413.dll [2017-07-21] ()
ShellIconOverlayIdentifiers: [ !Resilio Sync 2.5.6RW] -> {581FFA02-FC33-0006-0502-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_413.dll [2017-07-21] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.5.6Done] -> {581FFA04-FC33-0006-0502-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_413.dll [2017-07-21] ()
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.5.6RO] -> {581FFA03-FC33-0006-0502-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_413.dll [2017-07-21] ()
ShellIconOverlayIdentifiers-x32: [ !Resilio Sync 2.5.6RW] -> {581FFA02-FC33-0006-0502-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_413.dll [2017-07-21] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2010-01-27] (Puran Software)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2010-01-27] (Puran Software)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-03-16] (NVIDIA Corporation)
ContextMenuHandlers6: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2010-01-27] (Puran Software)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU)
ContextMenuHandlers1_S-1-5-21-3956391901-1326303859-230559083-1000: [Resilio Sync 2.5.6] -> {581FFA00-FC33-0006-0502-95003A5CDE89} => C:\Users\Dime\AppData\Roaming\Resilio Sync\ShellExtensionPath64_413.dll [2017-07-21] ()
ContextMenuHandlers4_S-1-5-21-3956391901-1326303859-230559083-1000: [Resilio Sync 2.5.6] -> {581FFA00-FC33-0006-0502-95003A5CDE89} => C:\Users\Dime\AppData\Roaming\Resilio Sync\ShellExtensionPath64_413.dll [2017-07-21] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08EC48F1-72B9-400A-ACAE-06FAA5AB23D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {20CD36A0-0E51-46F1-92C3-951E6010E666} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {28C8DAC4-2A79-49A8-B9DC-225C2F547E33} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {45F152DE-0449-46A0-9F20-4E557E9FCAAB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1000UA => C:\Users\Dime\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: {56B22919-76B0-42FA-ACD2-655628603D3D} - System32\Tasks\CoreTemp => C:\Program Files\CoreTemp64\Core Temp.exe [2013-10-08] ()
Task: {600AAA43-7D5C-4345-B29B-0BDEB5004A98} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1000Core => C:\Users\Dime\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: {6DC4038B-CB77-4068-BAC0-0C19632B9EA9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004Core => C:\Users\Sanja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {763429A5-60B7-4219-AC2B-881FD74E337E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004Core => C:\Users\Sanja\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {99F88ECD-E466-45DE-B5B7-DAA09BD769FD} - System32\Tasks\Core Temp Autostart Dime => C:\Program Files\Core Temp\Core Temp.exe [2017-03-18] (ALCPU)
Task: {9D24115D-43DB-4B9D-ACD5-91B52E9F2DEB} - System32\Tasks\AdobeAAMUpdater-1.0-DimesPC-Dime => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A3E24E36-D9BD-4C2F-96E2-96D9C61C7E70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AC1B666D-5434-4717-A802-7BEFBAF0F08A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {BFBD7027-1771-46E9-947D-9298EC7A0027} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004UA => C:\Users\Sanja\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {C5D3413C-0C9C-43F4-BACA-6D3F2933BFC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CC1B51C6-A6C0-4D71-9EB1-EBB4676A9DEF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {DD287D5B-CBBD-4631-A6D0-86C0F00F415B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {F3EEA863-D1F2-41E2-B702-6CB5805F5737} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {F46D1353-F190-4A94-8FDA-2B19E5B4A31D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004UA => C:\Users\Sanja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004Core1d249d824db29a3.job => C:\Users\Sanja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004UA.job => C:\Users\Sanja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004Core.job => C:\Users\Sanja\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3956391901-1326303859-230559083-1004UA.job => C:\Users\Sanja\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15d3fe4644245.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab2ce98a8a70.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e927e7ef6bce.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-22 19:26 - 2017-03-16 19:16 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-20 11:34 - 2015-07-20 11:34 - 000012288 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2017-07-21 20:17 - 2017-07-21 20:17 - 000590336 _____ () C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_413.dll
2016-05-27 08:23 - 2016-05-27 08:23 - 000052912 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-08-23 23:01 - 2014-06-17 11:21 - 000014848 _____ () C:\Program Files\volumouse-x64\volumouse32.exe
2006-11-25 22:14 - 2006-11-25 22:14 - 000311296 _____ () C:\Program Files (x86)\Mouse Driver\MouseDrv.exe
2015-07-20 11:34 - 2015-07-20 11:34 - 000073728 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2009-08-14 21:12 - 2009-08-14 21:12 - 000970288 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2009-08-14 21:13 - 2009-08-14 21:13 - 000068656 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
2006-11-22 11:32 - 2006-11-22 11:32 - 000028672 _____ () C:\Program Files (x86)\Mouse Driver\MouseHook.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dime\AppData\Local\Temp:HbGSYtIDP4l3pvWJ5AC50q4YBG [2210]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-08-09 00:16 - 2017-08-09 00:17 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3956391901-1326303859-230559083-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dime\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{A3026705-2B76-4071-A613-76DD09C62885}C:\users\dime\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dime\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4D1C7425-6B44-46D1-B9D9-AC645A27A326}C:\users\dime\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dime\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{35F62E4F-A327-4B41-89E8-D96BC157EEED}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B7C6A07C-87B8-4C14-A2E8-D14C854E0BAA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1A5CDB20-F603-4EAD-A67D-098E6C5E45C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF0DD6B3-B7C1-492D-8EB2-4CA11E871FAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{32181F1F-6BC4-4998-82FB-C93A2D63A439}C:\users\dime\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dime\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3A467BAC-F088-43B9-8610-2F4C11358703}C:\users\dime\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dime\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FCC1F124-1C19-45B5-B7AF-744BE5177444}] => (Allow) C:\Users\Dime\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{5EE7302F-3CAF-4140-9661-934FA3F2C9EC}] => (Allow) C:\Users\Dime\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{39F6D935-CFF4-4491-92D1-C7CFE3FC7965}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1083E1B0-ACC9-4875-963D-B601D25B05DC}] => (Block) %ProgramFiles% (x86)\Roni Music\Amazing Slow Downer\amazing.exe
FirewallRules: [TCP Query User{34149009-9341-4432-815E-98356B9B36B6}C:\users\dime\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dime\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D6797399-B392-41E8-BB9C-2EBBD21A2604}C:\users\dime\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dime\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{1731E86B-531A-4FA6-B0DB-8CC4684333C6}D:\x-plane 10\x-plane.exe] => (Allow) D:\x-plane 10\x-plane.exe
FirewallRules: [UDP Query User{306CC2BB-65EE-46A3-8353-422055C45584}D:\x-plane 10\x-plane.exe] => (Allow) D:\x-plane 10\x-plane.exe
FirewallRules: [TCP Query User{16A9C60E-CBE0-49DE-B374-5A5595539E20}C:\program files (x86)\openpht\openpht.exe] => (Allow) C:\program files (x86)\openpht\openpht.exe
FirewallRules: [UDP Query User{795232D7-D7CB-4A3C-840C-38C2B1CAFA69}C:\program files (x86)\openpht\openpht.exe] => (Allow) C:\program files (x86)\openpht\openpht.exe
FirewallRules: [{87FCC1BF-24E4-4AE8-A484-ABD2E04F660E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{44F1D1C5-5866-472F-95EB-CACEE5F3DE82}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6E9B958D-74C6-41B5-9AFD-3DC35AFC6995}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{EE19F318-4712-4A38-BBDB-F2579C51B161}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe
FirewallRules: [UDP Query User{154E7D24-87E8-4459-A743-BC213451C486}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe
FirewallRules: [{F7956F05-1509-427A-84C8-84350E3B22F2}] => (Allow) C:\Users\Dime\AppData\Roaming\Resilio Sync\Resilio Sync.exe
FirewallRules: [{BED1E0E9-2D93-4DA7-A1B8-32F49A75BE56}] => (Allow) C:\Users\Dime\AppData\Roaming\Resilio Sync\Resilio Sync.exe
FirewallRules: [{5BC0BE53-2FC9-4C67-9847-646742FD1D26}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{F1DCC226-0369-44A5-9B5D-7A0D913E2A53}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{4B3F0AF8-FEB6-40D5-9B5B-CADB988A144A}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2D3F2136-C22C-410E-8044-937B83190A48}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DB72D3A4-F22D-4383-9F15-AA0C064FBB8A}] => (Allow) D:\Programs\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C5224714-239F-417D-8363-2C561FE8AD2D}] => (Allow) D:\Programs\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{8AC557E9-1830-4DBD-9CAB-8A6882052C3A}] => (Allow) C:\Program Files\HP\HP OfficeJet 6960\bin\FaxApplications.exe
FirewallRules: [{1277DF68-2651-404B-82C9-39A5F129A6A6}] => (Allow) C:\Program Files\HP\HP OfficeJet 6960\bin\DigitalWizards.exe
FirewallRules: [{B2662571-39DD-4B6B-A9C5-7F7D4C15DD57}] => (Allow) C:\Program Files\HP\HP OfficeJet 6960\bin\SendAFax.exe
FirewallRules: [{9F2F6E74-3DEA-42D1-91D7-830FD08D34C0}] => (Allow) C:\Program Files\HP\HP OfficeJet 6960\bin\FaxPrinterUtility.exe
FirewallRules: [{8DF1F2E9-9873-4AE0-87D6-240F1CA2B7CD}] => (Allow) C:\Program Files\HP\HP OfficeJet 6960\Bin\DeviceSetup.exe
FirewallRules: [{F48CACED-9C3E-4DBE-B5F2-C391C128DF57}] => (Allow) LPort=5357
FirewallRules: [{B07F6793-73C1-4906-BE9A-57D88B42EA93}] => (Allow) C:\Program Files\HP\HP OfficeJet 6960\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{10B2B392-DA0F-4CD1-8C06-33DD769D7CD0}] => (Allow) D:\Programs\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{084918AD-0433-452D-AFE3-49CF30F032F0}] => (Allow) D:\Programs\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{6CE0186D-D4AE-405D-8F22-947B41D02006}] => (Allow) D:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{8DA44762-EBEB-43DD-BC6D-1020BA4DE014}] => (Allow) D:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{C539E1D5-2055-4CFE-89F9-EB0F90ACD528}] => (Allow) D:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{E47DAEF8-08A4-4914-81F2-525E32613ABA}] => (Allow) D:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{4B63520D-EB53-41A2-A5F5-366F53E89778}] => (Allow) D:\Programs\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4D59AE60-7899-4F84-8781-B11696378B68}] => (Allow) D:\Programs\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [TCP Query User{8B989BF4-8105-4F06-A171-C2370669D777}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe
FirewallRules: [UDP Query User{C19B6E0C-0A7A-48B3-A288-FEE5112B0554}H:\x-plane 10\x-plane.exe] => (Allow) H:\x-plane 10\x-plane.exe
FirewallRules: [{FFF93789-F2AA-4C40-A1A5-EDB1993BA2CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D7CB6AF4-0997-4A8F-88EC-AEBEF23E6316}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7D076297-AAB6-41F0-B32C-253DF547AE11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C062CB29-CABB-48F3-9EE5-9E3FB921DAF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7ECD3BD1-23C1-4955-8E97-9E30F5AE56C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-07-2017 21:48:29 Windows Update
13-07-2017 22:01:25 Windows Update
13-07-2017 22:14:36 Windows Update
13-07-2017 22:26:12 Windows Update
13-07-2017 22:51:09 Windows Update
13-07-2017 22:58:29 Windows Update
13-07-2017 23:10:20 Restore Operation
13-07-2017 23:13:04 Windows Update
13-07-2017 23:16:28 Restore Operation
13-07-2017 23:24:31 Windows Update
16-07-2017 22:09:55 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2017 09:52:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/08/2017 08:48:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/08/2017 07:13:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/07/2017 04:08:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/06/2017 12:53:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2017 04:47:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2017 04:36:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2017 12:39:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/05/2017 12:19:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/04/2017 04:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (08/09/2017 12:20:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CIR Receiver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/08/2017 09:50:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CIR Receiver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/08/2017 08:46:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CIR Receiver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/08/2017 07:11:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CIR Receiver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/07/2017 08:45:31 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 127.0.0.1.

Error: (08/07/2017 04:07:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CIR Receiver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/06/2017 08:25:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (08/06/2017 12:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CIR Receiver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/05/2017 04:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CIR Receiver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/05/2017 04:34:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CIR Receiver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

CodeIntegrity:
===================================
Date: 2017-02-15 20:16:57.541
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 20:06:36.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 19:16:55.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 19:05:47.805
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-12-07 21:30:24.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 22:55:34.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-10-19 12:20:51.200
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-10-19 12:13:39.624
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 20:54:43.046
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-08-11 18:02:21.354
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 19%
Total physical RAM: 8190.08 MB
Available physical RAM: 6560.34 MB
Total Virtual: 9212.29 MB
Available Virtual: 7550.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:40.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.5 GB) (Free:316.3 GB) NTFS
Drive f: (XPLANE10) (CDROM) (Total:5.69 GB) (Free:0 GB) CDFS
Drive h: (SSD2) (Fixed) (Total:111.79 GB) (Free:30.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B2F8F4CB)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 229D229D)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 70B7EFB0)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Sysnative Windows Update · Aug 9, 2017

Do you still have Haupauge WINTV stick or has it been removed from the system?

event3horizon · Aug 9, 2017

softwaremaniac said:
Do you still have Haupauge WINTV stick or has it been removed from the system?

No it is not on my system anymore

Sysnative Windows Update · Aug 9, 2017

Thanks for letting me know. Download and run HCW Clear to remove the remnants.
It is listed under Utilities on this site:

Hauppauge Computer Works : Support

event3horizon · Aug 9, 2017

softwaremaniac said:
Thanks for letting me know. Download and run HCW Clear to remove the remnants.
It is listed under Utilities on this site:

Hauppauge Computer Works : Support

Ok I went ahead and ran the hcwclear and rebooted the pc.

Sysnative Windows Update · Aug 9, 2017

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Download SFCFix.exe (by niemiro) and save this to your Desktop.
Download the attached file, SFCFix.txt, and save this to your Desktop. Ensure that this file is named SFCFix.txt - do not rename it.
Save any open documents and close all open windows.
On your Desktop, you should see two files: SFCFix.exe and SFCFix.txt.
Drag the file SFCFix.txt onto the file SFCFix.exe and release it.
SFCFix will now process the script.
Upon completion, a log should be created on your Desktop: SFCFix.txt.
Attach the contents of this into your next post for me to analyse.
You should see a file named SOFTWARE.zip on your Desktop.
Please attach it with your next reply.

event3horizon · Aug 9, 2017

softwaremaniac said:
SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Download SFCFix.exe (by niemiro) and save this to your Desktop.

Download the attached file, SFCFix.txt, and save this to your Desktop. Ensure that this file is named SFCFix.txt - do not rename it.

Save any open documents and close all open windows.

On your Desktop, you should see two files: SFCFix.exe and SFCFix.txt.

Drag the file SFCFix.txt onto the file SFCFix.exe and release it.

SFCFix will now process the script.

Upon completion, a log should be created on your Desktop: SFCFix.txt.

Attach the contents of this into your next post for me to analyse.

You should see a file named SOFTWARE.zip on your Desktop.

Please attach it with your next reply.

http://dimesworld.net/Archives/Software.zip

Sysnative Windows Update · Aug 10, 2017

Are you aware that you are using a proxy?

event3horizon · Aug 10, 2017

softwaremaniac said:
Are you aware that you are using a proxy?

no, I have a vpn but turn it on occasionally. I can't see where I'm using a proxy though, any more detail?

Sysnative Windows Update · Aug 11, 2017

Thanks for letting me know, let's try this:

Right-click on the Start button and select Command Prompt (Admin)
When command prompt opens, Copy (Ctrl+C) and Paste (Right-click > Paste) the following command into it, then press Enter
netsh winhttp reset proxy

Please attempt to update your system again, and if it fails, provide me with a fresh CBS.log

event3horizon · Aug 11, 2017

sorry man, didn't do anything. Here's the CBS.log. View attachment CBS.zip

Sysnative Windows Update · Aug 14, 2017

Step#1 - Windows Module Installer
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Click your start button and type services.msc in the search box. Click on the services.msc program that shows up.
Scroll down until you see Windows Modules Installer
Right click it and click properties
Change startup type to Automatic
Reboot the computer and try Windows Update again

Only do Step#2 below if Step#1 doesn't work.

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

event3horizon · Aug 16, 2017

step 1 did not help but step 2 did the trick!!! After running that it is finalllly pulling updates. You guys rock. Can you provide a brief explanation of maybe what the problem was?

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2017 01
Ran by Dime (16-08-2017 00:03:07) Run:1
Running from C:\Users\Dime\Desktop\wuupdate_issue
Loaded Profiles: Dime (Available Profiles: Dime & Sanja)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: sc config trustedinstaller start=auto
cmd: net start trustedinstaller
cmd: fsutil resource setautoreset true %SystemDrive%\
cmd: attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
cmd: echo y | del %SystemRoot%\System32\Config\TxR\*
cmd: attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
EmptyTemp:
*****************

========= sc config trustedinstaller start=auto =========

DESCRIPTION:
Modifies a service entry in the registry and Service Database.
USAGE:
sc <server> config [service name] <option1> <option2>...

OPTIONS:
NOTE: The option name includes the equal sign.
A space is required between the equal sign and the value.
type= <own|share|interact|kernel|filesys|rec|adapt>
start= <boot|system|auto|demand|disabled|delayed-auto>
error= <normal|severe|critical|ignore>
binPath= <BinaryPathName>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
DisplayName= <display name>
password= <password>

========= End of CMD: =========

========= net start trustedinstaller =========

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

========= End of CMD: =========

========= fsutil resource setautoreset true %SystemDrive%\ =========

The operation completed successfully.

========= End of CMD: =========

========= attrib -r -s -h %SystemRoot%\System32\Config\TxR\* =========

========= End of CMD: =========

========= echo y | del %SystemRoot%\System32\Config\TxR\* =========

C:\Windows\System32\Config\TxR\*, Are you sure (Y/N)? y

========= End of CMD: =========

========= attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\* =========

========= End of CMD: =========

========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm* =========

========= End of CMD: =========

========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf =========

Could Not Find C:\Windows\System32\SMI\Store\Machine\*.blf

========= End of CMD: =========

========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms =========

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 89001538 B
Java, Flash, Steam htmlcache => 302182642 B
Windows/system/drivers => 195658743 B
Edge => 0 B
Chrome => 40071784 B
Firefox => 191370351 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 66228 B
NetworkService => 0 B
Dime => 1367842240 B
Sanja => 188840412 B
Test Acct => 270644 B

RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 00:03:30 ====

Sysnative Windows Update · Aug 17, 2017

Awesome news!

The Common Log File System (CLFS) is a general-purpose logging service that can be used by software clients running in user-mode or kernel-mode.
Your system transaction logs were messed up which caused the issues.

[SOLVED] [Win7SP1 x64] WU haven't worked in a while, reboot loop, CSI deployment error

event3horizon

Member

Sysnative Windows Update

Inactive

event3horizon

Member

Sysnative Windows Update

Inactive

event3horizon

Member

Sysnative Windows Update

Inactive

event3horizon

Member

Sysnative Windows Update

Inactive

event3horizon

Member

Sysnative Windows Update

Inactive

Attachments

event3horizon

Member

Sysnative Windows Update

Inactive

event3horizon

Member

Sysnative Windows Update

Inactive

event3horizon

Member

Sysnative Windows Update

Inactive

Attachments

event3horizon

Member

Sysnative Windows Update

Inactive