[Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persists)

ubershin · Feb 19, 2017

Hello,I've been having the Windows Update restart loop and I've tried many "fixes" to no avail. It still persists after attempting the following:

Microsoft Fixit tool
Windows Update troubleshooter tool
Deleted registry for RebootRequired
Reset Windows Update & files
removed servicing/Sessions with permissions
/sfc scannow
Tried installing various Windows update hotfixes (several kb# packages)
removed SoftwareDistribution contents

Tried just about everything else, including a fix suggested below:
fsutil resource setautoreset true %systemdrive%\

attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
del %SystemRoot%\System32\Config\TxR\*

attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
del %SystemRoot%\System32\SMI\Store\Machine\*.blf
del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
--------------------------------
SFCFix version 3.0.0.0 by niemiro.
Start time: 2017-02-19 17:33:47.466
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.

AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.

Failed to generate a complete zip file. Upload aborted.

SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2017-02-19 17:44:04.631
----------------------EOF-----------------------

I have about given up and decided to post a thread to see if anyone here can assist with finally resolving my Windows Update required reboot loop issue. I will post my CBS file shortly to help.

ubershin · Feb 22, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Obi wan, you're my only hope! Anyone want to take a look at my CBS folder? Please help, I've tried nearly everything!

Use link for CBS.zip:

Download CBS.zip from Sendspace.com - send big files the easy way

BrianDrab · Feb 23, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Hi and welcome to Sysnative. Please start with the following.

1. Click your start button and type cmd in the search box.
2. Right-click on cmd that comes up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears.
3. Copy/Paste the following into the command-prompt window and hit enter.
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /s >1.txt && notepad 1.txt

4. Notepad will open showing the WU info. Can you copy and paste this into your next reply?

ubershin · Feb 24, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Brian,
Thank your for your help! Please see below for the WU txt file you requested:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
SusClientIdValidation REG_BINARY 060228011E2A530030004D0053004E0045004100420036003000300038003500320020002000200020002000200006001FC6508F9D4D005300310043003800330042005A00430052003000320039003100380043006800610073007300690073002000530065007200690061006C0020004E0075006D00620065007200
SusClientId REG_SZ 2f114d40-cf73-4a70-98cc-26f7036f2341
LastRestorePointSetTime REG_SZ 2017-02-24 03:34:36

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
NextSqmReportTime REG_SZ 2017-02-25 05:32:30
FeaturedUpdatesNotificationSeqNum REG_DWORD 0x14dd
FeaturedUpdatesNotificationSeqNumGenTime REG_SZ 2017-02-19 08:09:36
AUOptions REG_DWORD 0x4
IncludeRecommendedUpdates REG_DWORD 0x1
ElevateNonAdmins REG_DWORD 0x1
ActionCenterLastPossibleRestartNotification REG_SZ 2011-08-25 10:00:00
ScheduledInstallDay REG_DWORD 0x0
ScheduledInstallTime REG_DWORD 0x14
LastRestoreId REG_SZ {C9588BA8-AF01-45EB-8FDE-39225DC94DF1}
NextDetectionTime REG_SZ 2017-02-25 02:11:30
NextFeaturedUpdatesNotificationTime REG_SZ 2017-02-20 03:07:07
FirstDetectionFailureTime REG_SZ 2017-02-20 03:07:07
UnableToDetectTime REG_SZ 2017-02-24 03:33:55
ScheduledInstallDate REG_SZ 2017-02-25 04:00:00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
LastError REG_DWORD 0x80070bc9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS
UpdateCount REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade
AllowOSUpgrade REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade\State
OSUpgradeState REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
BatchFlushAge REG_DWORD 0x25c
SamplingValue2 REG_DWORD 0x3a1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d
AuthorizationCab REG_SZ authcab.cab

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
ValidatedPreWsus3RegistrationRequests REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
SelfUpdateStatus REG_DWORD 0x1
SelfupdateUnmanaged REG_DWORD 0x1
ServerId REG_SZ 9482f4b4-e343-43b6-b170-9a65bc822c77
SetupHandlerUpdateId REG_SZ 61ca813a-7585-442e-a66b-b0d15ce6bdc0
UpdateSessionId REG_DWORD 0xffffffff

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Results

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Results\SelfUpdate
LastSuccessTime REG_SZ 2014-08-22 05:27:50
RebootFailCount REG_DWORD 0x13
LastError REG_DWORD 0x80070bc9

BrianDrab · Feb 24, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

No problem. Please do the following.

Step#1 - Gather Event Logs
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
Download the file below, SFCScript.txt, and save this to your Desktop.
Save any open documents and close all open windows.
On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
SFCFix will now process the script.
Upon completion, a file should be created on your Desktop: SFCFix.txt.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please
In addition a file will be created on your desktop named EvtLogs.zip. As this file will likely be too large to attach to your reply, please upload this file to a file sharing/hosting site such as SendSpace, Dropbox or Onedrive and provide the link in your next reply.

ubershin · Feb 24, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Good evening,

Done and done! Please see below. The EvtLogs.zip is also attached to my reply below, as the size appears to be smaller than expected.

-----------------------------------------------------------------------------------------

SFCFix version 3.0.0.0 by niemiro.
Start time: 2017-02-24 20:06:30.625
Microsoft Windows 7 Service Pack 1 - amd64
Using .txt script file at F:\Users\Owner\Desktop\SFCScript.txt [0]

Zip::
Successfully copied file C:\Windows\Sysnative\winevt\Logs\Application.evtx to zip file at C:\Users\Owner\desktop\EvtLogs.zip.
Successfully copied file C:\Windows\Sysnative\winevt\Logs\System.evtx to zip file at C:\Users\Owner\desktop\EvtLogs.zip.
Zip:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2017-02-24 20:06:34.759
Script hash: 3ptSf3vNPLM/TFnzG9y5oFNBAyUPBWzpo0Wv8lEQIVk=
----------------------EOF-----------------------

BrianDrab · Feb 25, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Thanks for the info. Please also do the following.

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

ubershin · Feb 25, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Interesting! Results are below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by Owner (administrator) on OWNER-PC (24-02-2017 22:59:04)
Running from C:\Users\Owner\desktop
Loaded Profiles: Owner (Available Profiles: Owner & Podge & Test)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
() C:\Windows\SysWOW64\PSIService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134160 2007-07-17] (Logitech, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2011-07-22]
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{723FE6D0-E37D-423F-9DBF-819765C5B4A8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3195744136-2440721999-3062411521-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-09-02] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll [2011-11-22] (doubleTwist Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-05] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-09-02] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-05] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-09-02] (LastPass)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-09-02] (LastPass)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default [2017-02-22]
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\user.js [2011-08-25]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\0a401suh.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\0a401suh.default -> Yahoo
FF Extension: (LastPass) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\support@lastpass.com [2016-12-22]
FF Extension: (FlashGot) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-02]
FF Extension: (NoScript) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-17]
FF Extension: (Video DownloadHelper) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-02]
FF Extension: (Adblock Plus) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\features\{054e40f9-b74b-4719-989a-35f0bccf1884}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-09-02] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-03-14] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [2011-11-22] (doubleTwist Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-05] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-09-02] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Owner\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3195744136-2440721999-3062411521-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3195744136-2440721999-3062411521-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-27]
CHR Extension: (OneTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-24] () [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-03-25] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-09-28] (EasyAntiCheat Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-04-05] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-07-27] () [File not signed]
S3 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\Precision XOC\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U3 ae2aeg7j; C:\Windows\System32\Drivers\ae2aeg7j.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 22:59 - 2017-02-24 22:59 - 00020450 _____ C:\Users\Owner\Desktop\FRST.txt
2017-02-24 22:58 - 2017-02-24 22:59 - 00000000 ____D C:\FRST
2017-02-24 22:58 - 2017-02-24 22:58 - 02423296 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2017-02-24 20:06 - 2017-02-24 20:06 - 05797401 _____ C:\Users\Owner\Desktop\EvtLogs.zip
2017-02-22 09:56 - 2017-02-22 09:56 - 00000000 ____D C:\CBS
2017-02-21 08:07 - 2017-02-24 13:52 - 00003590 _____ C:\Users\Owner\1.txt
2017-02-19 20:28 - 2017-02-19 20:28 - 00000000 ____D C:\Users\Owner\.oracle_jre_usage
2017-02-19 17:44 - 2017-02-24 20:06 - 00000000 ____D C:\SFCFix
2017-02-19 17:33 - 2017-02-24 20:06 - 00000000 ____D C:\Users\Owner\AppData\Local\niemiro
2017-02-19 16:57 - 2017-02-19 17:33 - 02884096 _____ (niemiro) C:\SFCFix.exe
2017-02-19 16:54 - 2017-02-19 16:54 - 00000000 ____D C:\Windows\system32\Catroot2.bak
2017-02-19 16:31 - 2017-02-19 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2017-02-19 16:31 - 2017-02-19 16:31 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider
2017-02-19 16:26 - 2017-02-19 16:26 - 02507584 _____ C:\GwxControlPanelSetup.exe
2017-02-19 15:55 - 2017-02-19 15:56 - 500046015 _____ C:\windows6.1-kb3125574-v4-x64_2dafb1d203c8964239af3048b5dd4b1264cd93b9.msu
2017-02-19 15:53 - 2017-02-19 15:54 - 30659457 _____ C:\Windows6.1-KB3172605-x64.msu
2017-02-19 15:53 - 2017-02-19 15:53 - 09575735 _____ C:\Windows6.1-KB3020369-x64.msu
2017-02-19 15:50 - 2017-02-19 15:50 - 00000000 ____D C:\Windows\SysWOW64\catroot2.bak
2017-02-19 15:49 - 2017-02-19 15:49 - 00004471 _____ C:\Reset_Windows_Update_Full.bat
2017-02-19 15:30 - 2017-02-19 15:30 - 00689664 _____ C:\MicrosoftFixit50202.msi
2017-02-19 14:32 - 2017-02-19 14:32 - 00000000 ____D C:\Windows\CheckSur
2017-02-19 14:30 - 2017-02-19 14:30 - 00313366 _____ C:\WindowsUpdateDiagnostic.diagcab
2017-02-19 14:29 - 2017-02-19 14:31 - 564744309 _____ C:\Windows6.1-KB947821-v34-x64.msu
2017-02-19 00:03 - 2017-02-19 00:03 - 00000000 ____D C:\New folder
2017-02-18 23:25 - 2017-02-18 23:26 - 00000000 ____D C:\Users\Test\AppData\Local\NVIDIA Corporation
2017-02-18 23:25 - 2017-02-18 23:25 - 00001417 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-18 23:25 - 2017-02-18 23:25 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe
2017-02-18 23:25 - 2017-02-18 23:25 - 00000000 ____D C:\Users\Test\AppData\Local\NVIDIA
2017-02-18 23:25 - 2017-02-18 23:25 - 00000000 ____D C:\Users\Test\AppData\Local\LogiShrd
2017-02-18 23:24 - 2017-02-18 23:25 - 00000000 ____D C:\Users\Test
2017-02-18 23:24 - 2017-02-18 23:24 - 00000020 ___SH C:\Users\Test\ntuser.ini
2017-02-18 23:24 - 2017-02-18 23:24 - 00000000 _SHDL C:\Users\Test\My Documents
2017-02-18 23:24 - 2013-04-07 14:34 - 00000000 ____D C:\Users\Test\AppData\Roaming\Macromedia
2017-02-18 23:24 - 2011-04-12 00:28 - 00000000 ____D C:\Users\Test\AppData\Roaming\Media Center Programs
2017-02-18 23:23 - 2017-02-18 23:23 - 00000000 ____D C:\Users\Podge\AppData\Local\CEF
2017-02-18 23:22 - 2017-02-18 23:22 - 00000000 ____D C:\Users\Podge\AppData\Local\LogiShrd
2017-02-18 23:21 - 2017-02-18 23:23 - 00000000 ____D C:\Users\Podge\AppData\Local\NVIDIA Corporation
2017-02-18 23:21 - 2017-02-18 23:21 - 00001417 _____ C:\Users\Podge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-18 23:21 - 2017-02-18 23:21 - 00000020 ___SH C:\Users\Podge\ntuser.ini
2017-02-18 23:21 - 2017-02-18 23:21 - 00000000 _SHDL C:\Users\Podge\My Documents
2017-02-18 23:21 - 2017-02-18 23:21 - 00000000 ____D C:\Users\Podge\AppData\Roaming\Adobe
2017-02-18 23:21 - 2017-02-18 23:21 - 00000000 ____D C:\Users\Podge\AppData\Local\NVIDIA
2017-02-18 23:21 - 2017-02-18 23:21 - 00000000 ____D C:\Users\Podge
2017-02-18 23:21 - 2013-04-07 14:34 - 00000000 ____D C:\Users\Podge\AppData\Roaming\Macromedia
2017-02-18 23:21 - 2011-04-12 00:28 - 00000000 ____D C:\Users\Podge\AppData\Roaming\Media Center Programs
2017-02-18 23:11 - 2017-02-18 23:11 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2017-02-18 22:20 - 2017-02-19 00:11 - 00151990 _____ C:\Windows\ntbtlog.txt
2017-02-11 18:02 - 2017-02-11 19:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\discord
2017-02-11 18:02 - 2017-02-11 18:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-11 18:02 - 2017-02-11 18:02 - 00000000 ____D C:\Users\Owner\AppData\Local\SquirrelTemp
2017-02-11 18:02 - 2017-02-11 18:02 - 00000000 ____D C:\Users\Owner\AppData\Local\Discord
2017-02-11 10:16 - 2017-02-11 10:16 - 00001591 _____ C:\Module1.bas
2017-01-31 09:53 - 2017-01-31 09:53 - 00013062 _____ C:\testryanArtificial Grass Liquidators of Woodland Hills (Location 4).xlsx
2017-01-29 21:05 - 2017-01-20 10:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-01-29 21:05 - 2017-01-20 10:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-01-29 21:05 - 2017-01-20 10:39 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-01-29 11:46 - 2017-01-29 11:46 - 00014191 _____ C:\project.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 22:37 - 2016-08-23 16:32 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000UA.job
2017-02-24 22:35 - 2013-11-17 15:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-24 20:22 - 2011-07-30 14:16 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-24 20:06 - 2011-07-16 03:26 - 00000000 ____D C:\Users\Owner
2017-02-24 01:20 - 2013-03-25 15:44 - 00061448 _____ C:\Windows\system32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
2017-02-24 01:20 - 2013-03-25 15:44 - 00061448 _____ C:\Windows\system32\BMXState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
2017-02-24 01:20 - 2013-03-25 15:44 - 00000788 _____ C:\Windows\system32\DVCState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
2017-02-22 20:26 - 2016-11-19 20:24 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-02-21 18:56 - 2015-10-31 20:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-20 11:14 - 2016-10-21 23:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-20 08:10 - 2009-07-13 20:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-20 08:10 - 2009-07-13 20:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-19 19:21 - 2013-03-25 15:37 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-19 19:12 - 2009-07-13 21:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-19 19:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-19 19:08 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-19 16:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2017-02-19 00:09 - 2016-10-21 23:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer
2017-02-19 00:09 - 2016-10-17 21:41 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-02-19 00:09 - 2011-07-27 14:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic
2017-02-19 00:09 - 2011-07-19 14:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
2017-02-18 23:25 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-18 22:16 - 2016-12-18 19:18 - 00000000 ____D C:\tuger
2017-02-18 22:15 - 2011-07-16 05:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-02-13 13:44 - 2013-09-02 14:38 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\LastPass
2017-02-11 20:53 - 2016-10-09 20:16 - 00000000 ____D C:\Program Files\EditPlus
2017-02-11 20:53 - 2011-07-16 19:06 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
2017-02-11 17:52 - 2012-05-30 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-11 06:46 - 2016-12-05 22:34 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-01 18:55 - 2011-07-16 03:39 - 00002376 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-29 21:06 - 2013-05-26 19:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-01-29 21:05 - 2014-04-04 17:06 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA
2017-01-29 21:05 - 2013-03-25 15:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-29 21:05 - 2013-03-25 15:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-29 21:05 - 2013-03-14 12:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-29 18:20 - 2016-11-19 05:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories =======

2013-09-02 14:38 - 2013-09-02 14:38 - 15678464 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-03-10 18:16 - 2016-03-10 18:16 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-01 02:27 - 2013-08-01 19:41 - 0001259 _____ () C:\Users\Owner\AppData\Roaming\BreakingPoint_Options.ini
2013-03-30 20:35 - 2013-04-07 18:25 - 0000086 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
2013-03-30 20:35 - 2013-04-07 18:25 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
2013-03-30 20:35 - 2013-04-07 18:25 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
2013-03-30 20:35 - 2013-04-07 18:25 - 0004551 _____ () C:\Users\Owner\AppData\Roaming\CamStudio.cfg
2011-07-22 13:32 - 2011-07-22 13:32 - 0000760 _____ () C:\Users\Owner\AppData\Roaming\setup_ldm.iss

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 01:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Owner (24-02-2017 22:59:35)
Running from C:\Users\Owner\desktop
Windows 7 Professional Service Pack 1 (X64) (2011-07-16 11:26:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3195744136-2440721999-3062411521-500 - Administrator - Disabled)
Guest (S-1-5-21-3195744136-2440721999-3062411521-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3195744136-2440721999-3062411521-1003 - Limited - Enabled)
Owner (S-1-5-21-3195744136-2440721999-3062411521-1000 - Administrator - Enabled) => C:\Users\Owner
Podge (S-1-5-21-3195744136-2440721999-3062411521-1001 - Administrator - Enabled) => C:\Users\Podge
Test (S-1-5-21-3195744136-2440721999-3062411521-1006 - Administrator - Enabled) => C:\Users\Test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.2 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
AMR Player 1.3 (HKLM-x32\...\{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1) (Version: - AMR Player, Free AMR audio player and AMR to MP3 or MP3 to AMR converter)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0183 - Disc Soft Ltd)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BitTorrent (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\BitTorrent) (Version: 7.9.1.31396 - BitTorrent Inc.)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 7.9 - Codeusa Software)
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 1.1 (HKLM-x32\...\MP Navigator EX 1.1) (Version: - )
Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Combined Community Codec Pack 2011-06-26 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.06.26.0 - CCCP Project)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Corel Snapfire DVD Maker (HKLM-x32\...\{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}) (Version: 1.20.0000 - Corel Corporation)
Corel Snapfire Plus (HKLM-x32\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.201.0000 - Corel Corporation)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{FA6C04F0-DC19-49B7-8910-DA3DF4B8BC1D}) (Version: 1.09.64 - Dotjosh Studios)
Desktop APM (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Desktop APM) (Version: - )
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Discord (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.0.12944 - doubleTwist Corporation)
Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.5.0 - Treexy)
EditPlus (64 bit) (HKLM\...\EditPlus) (Version: - ES-Computing)
erLT (x32 Version: 1.20.137.31 - Logitech, Inc.) Hidden
EVEREST Ultimate Edition v4.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
EVGA OC Scanner X 2.2.4 (HKLM-x32\...\{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1) (Version: - EVGA)
EVGA Precision XOC (HKLM-x32\...\{3949A984-CF6F-48DD-BE84-64C148CCBEC6}) (Version: 6.0.7 - EVGA Corporation)
FOREXTraderPro (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\1df0cdb088182ccc) (Version: 3.1.0.142 - FOREXTraderPro)
Free M4a to MP3 Converter 6.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Google+ Auto Backup (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech SetPoint 5.00 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.00 - Logitech)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Music Editor Free (HKLM-x32\...\Music Editor Free) (Version: - MEF GmbH.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
OCCT Perestroika 2.0.0a (HKLM-x32\...\OCCT_is1) (Version: - Tetedeiench)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.3 - )
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.2 - Rockstar Games)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
ScopeUserGuide (Version: 1.00.0000 - Logitech) Hidden
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SMPlayer 0.8.0 (HKLM-x32\...\SMPlayer) (Version: 0.8.0 - Ricardo Villalba)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Try Corel Snapfire muvee autoProducer add on (x32 Version: 1.00.0000 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Viber (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Warcraft III) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\ChromeHTML: -> C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3195744136-2440721999-3062411521-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3195744136-2440721999-3062411521-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F9104D-6CF2-45EC-943F-A2202873DE7B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {04983A36-5288-4A8D-A05A-3E4A0A67AB06} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-29] (NVIDIA Corporation)
Task: {055FBE26-3AB0-43E2-8160-C5AFAE665BB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {1B7CB0BB-46EC-499D-BFB2-A62573A67A2D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {62481887-E3AE-4965-8A75-F8DC9F295BBA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {D48ECEFC-918B-4081-A009-36578E80080A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {DAE4CB3F-D909-4BE8-9946-81A5A81DA9BF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {E07F3A03-A77C-413D-B253-D448ED32525D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F3035D70-6808-48A4-900F-4A0E18EE3E78} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {F4A29031-E202-430B-8D6F-C7597ADEEF88} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 19:11 - 2016-09-29 20:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-05 19:11 - 2016-09-29 20:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-05 19:11 - 2016-09-29 20:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe
2013-03-25 15:37 - 2016-10-25 12:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-19 03:14 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2016-10-09 20:16 - 2016-07-30 15:35 - 00065768 _____ () C:\Program Files\EditPlus\eppshell64.dll
2012-06-18 07:24 - 2012-06-18 07:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2016-10-05 19:11 - 2016-09-29 20:25 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-01 18:55 - 2017-02-01 01:01 - 01870168 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-01 18:55 - 2017-02-01 01:01 - 00085848 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
2013-03-12 16:10 - 2016-12-23 10:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-21 20:41 - 2016-08-31 17:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-21 20:41 - 2016-08-31 17:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-21 20:41 - 2016-08-31 17:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 17:41 - 2017-01-18 17:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-30 17:14 - 2016-01-26 23:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-30 17:14 - 2016-01-26 23:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-30 17:14 - 2016-01-26 23:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-30 17:14 - 2016-01-26 23:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-30 17:14 - 2016-01-26 23:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-07-30 14:17 - 2017-01-18 17:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 17:53 - 2016-07-04 14:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-12 23:55 - 2017-01-04 19:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2011-07-30 14:17 - 2017-01-18 17:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-01-21 20:41 - 2015-09-24 15:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: Launch LGDCore => "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{330FE41B-0F00-40D1-8614-09E42791D4B1}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{735CAFC0-4ECC-4352-BB6B-8892BB9D6F73}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{4FD0FE78-B34B-4C4F-A583-A7BFC603167A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{22088E7B-3A5D-4C3B-A15C-ED75D1348B93}] => (Allow) LPort=2869
FirewallRules: [{76B9F18F-BC91-498C-89BA-75B81E328E12}] => (Allow) LPort=1900
FirewallRules: [{7A932D6A-AFDD-4FA3-92D1-928C8E522B3E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A416A4CD-DC5A-4289-B1E3-5312A5BCBA97}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C48DEEB2-D417-468E-B736-5F1A870D562B}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{CB27D0B1-B319-47F0-8F09-81BB78C1DC43}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{7D403620-EB66-44F4-B344-C9693D2C5DAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FD7DF124-B3C1-4289-A948-C119B907BF0C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D92BFEF6-CB5E-4597-BB69-373E7358AA07}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe
FirewallRules: [{F61976BC-367F-4425-9254-D83A1E9A0563}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe
FirewallRules: [{17D63135-19ED-4CA3-9305-92FB78545A0E}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe
FirewallRules: [{62582A45-88B4-45BF-8231-8EA2BC67BC25}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe
FirewallRules: [TCP Query User{50751028-6067-43C9-827E-5D6083AB812A}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{B3E5D911-F35A-41A5-AB63-B053C972CA3D}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
FirewallRules: [TCP Query User{E60F81A5-13E5-4B4A-A7A4-4FAFA86A800E}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [UDP Query User{FE5943F9-A226-41BD-8B8B-7B6D14CE1CC7}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [TCP Query User{D8DFD02A-BFFD-433B-BC5A-88C9EBF6CE98}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [UDP Query User{B0506703-32D6-4F8E-9A25-5429011D1D42}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [{F1CC2F0D-CBF3-46E7-829F-7A6EE9A16850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [{8F06C021-2FCA-4C5E-A50A-1DC3427D6AD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
FirewallRules: [{1FB0ADAF-7690-4EBD-AE95-7BECFBA9246C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{59ED7778-6C37-473D-A1C4-B9DE740A2030}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [TCP Query User{3BB326B3-ADA9-45DB-ACEE-37B18A868F20}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{47B40EC0-556C-4974-87DB-94209F2F4DA4}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{44083EB7-E3CE-43BC-9BD6-3DC5ABB088B4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{CF77D0EA-D106-4424-A6EF-8BFF45AB29FC}F:\users\owner\desktop\breakingpoint.exe] => (Allow) F:\users\owner\desktop\breakingpoint.exe
FirewallRules: [UDP Query User{B3F2134E-96B9-4E18-8480-88ADA43AE984}F:\users\owner\desktop\breakingpoint.exe] => (Allow) F:\users\owner\desktop\breakingpoint.exe
FirewallRules: [{E381CAF7-1795-458A-88A3-BF420AD23504}] => (Allow) F:\Users\Owner\Desktop\BreakingPoint.exe
FirewallRules: [{CF811ED6-F278-4E00-8E4A-862BA05BE58A}] => (Allow) F:\Users\Owner\Desktop\BreakingPoint.exe
FirewallRules: [{D045ECD5-9AB3-4752-A447-01781AFEB99A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{E9CA8226-FEB5-4464-9092-2AF5DA53AD94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{48B71691-E1D0-403D-B061-98EB428D9DF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{79AC811D-F671-4669-91BA-20DDD7603CF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{107C98A4-7A9A-401C-8B84-E28627247941}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{1F74DA55-BF4A-4004-A796-ADD5616C7FD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{A0B271A3-D3CF-4CD2-A29F-17467264BEAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{316090EB-35B8-43C2-8F05-82199E435505}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51776ED5-B725-4F42-8803-1EC4331A8835}] => (Allow) G:\GTA V\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{C0EA661D-FB0F-44D9-BD90-FF04CE716EB3}] => (Allow) G:\GTA V\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{8E0125CA-6D2F-407D-B7AB-A64FCB6BFF8F}G:\gta v\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\gta v\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A6634CCA-7D42-4FDA-A93B-DD647B036ACA}G:\gta v\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\gta v\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{40FC1986-DAF5-4FA4-BA5F-BDC55217065D}G:\gta v\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\gta v\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5EF472C9-4517-483C-B1DF-2763FCB79F1C}G:\gta v\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\gta v\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{72C8E0B7-4311-46DE-947D-81B316A6C104}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5884D159-F72E-4DAF-B511-AC579B7F3D56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FFF0AF1E-049B-4E15-9C2B-3FAB20EE72F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B1A96EAB-6198-4CE0-8165-8E51F1DA22EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DC5458D-4DCD-483B-AC31-33D98CF231B7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E0633927-87D3-48A0-90D2-452AAEBE817E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8EC4D1D8-A57F-4E7D-ADE2-E2573705FAF4}] => (Allow) C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{374C2206-734D-44B2-B014-E144BF9B743B}] => (Allow) C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E7A7FEE6-1C9B-46E3-ABEA-33F44AE54959}] => (Allow) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{FAC0F93A-D638-4D8E-960D-A6835F513AA3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9E87DC53-493E-4B5F-A1E2-D9B4445EE713}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6EB34014-78E8-4369-A089-47B4E91DACF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9DD9A608-2FA8-4418-A10B-4620AD15AFC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

23-02-2017 08:04:14 Windows Update

==================== Faulty Device Manager Devices =============

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Canon MX850 ser Network
Description: Canon MX850 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2017 09:14:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "G:\SoftonicDownloader_for_mkv-player.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (02/21/2017 09:14:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "G:\SoftonicDownloader_for_mkv-player.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (02/19/2017 07:09:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 07:00:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 05:28:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 05:24:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 05:15:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 05:13:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 04:52:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/19/2017 04:43:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (02/23/2017 08:04:25 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \Device\HarddiskVolumeShadowCopy5 encountered a non-retryable error and could not start. The data contains the error code.

Error: (02/23/2017 12:00:10 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \Device\HarddiskVolumeShadowCopy4 encountered a non-retryable error and could not start. The data contains the error code.

Error: (02/22/2017 04:03:46 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/21/2017 12:00:08 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \Device\HarddiskVolumeShadowCopy3 encountered a non-retryable error and could not start. The data contains the error code.

Error: (02/20/2017 08:06:42 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/20/2017 02:53:37 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (02/19/2017 07:08:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
The system cannot find the file specified.

Error: (02/19/2017 07:08:05 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \\?\Volume{6a0a7879-af9d-11e0-a78d-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code.

Error: (02/19/2017 07:08:05 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.

Error: (02/19/2017 07:08:04 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.

CodeIntegrity:
===================================
Date: 2011-07-20 15:28:21.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 15:28:21.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 15:20:07.835
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 15:20:07.819
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 15:18:11.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 15:18:11.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 15:00:00.975
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 15:00:00.975
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 14:59:10.741
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-07-20 14:59:10.741
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
Percentage of memory in use: 89%
Total physical RAM: 4095.11 MB
Available physical RAM: 425.23 MB
Total Virtual: 8188.41 MB
Available Virtual: 3496.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:5.29 GB) NTFS
Drive d: (Jim Fuller) (CDROM) (Total:7.86 GB) (Free:0 GB) UDF
Drive f: (Main) (Fixed) (Total:558.91 GB) (Free:0.15 GB) NTFS
Drive g: (Media) (Fixed) (Total:698.63 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: A8317F9E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 2E65DE39)
Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4A8A952C)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Torchwood · Feb 25, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Application errors:
==================
Error: (02/21/2017 09:14:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "G:\SoftonicDownloader_for_mkv-player.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

@BrianDrab

Error: (02/21/2017 09:14:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "G:\SoftonicDownloader_for_mkv-player.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Roy

BrianDrab · Feb 25, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Before we continue, are you able to free up some disk space on your drives? All of them are extremely low. The tools/commands I'm going to have you run may not work properly with the amount of space that is left.

Drive c: () (Fixed) (Total:119.14 GB) (Free:5.29 GB) NTFS
Drive f: (Main) (Fixed) (Total:558.91 GB) (Free:0.15 GB) NTFS
Drive g: (Media) (Fixed) (Total:698.63 GB) (Free:0.17 GB) NTFS

ubershin · Feb 25, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

I apologize for the delay! I knew I should've been more organized with my data :x but anywhoo, I went through my drives and freed up some space. Now I have:

about 13.5 GB free in Drive C;
10 GB in Drive F;
and 11 GB in Drive G.

Would this be sufficient to proceed? Please advise.

BrianDrab · Feb 26, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

That should work. Please start with the following.

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

ubershin · Feb 26, 2017

Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

Results below:

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Owner (26-02-2017 00:04:44) Run:1
Running from C:\Users\Owner\desktop
Loaded Profiles: Owner (Available Profiles: Owner & Podge & Test)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
U3 ae2aeg7j; C:\Windows\System32\Drivers\ae2aeg7j.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
cmd: regsvr32.exe Wuaueng.dll
EmptyTemp:

*****************

Restore point was successfully created.
HKLM\System\CurrentControlSet\Services\ae2aeg7j => key removed successfully
ae2aeg7j => service removed successfully

========= regsvr32.exe Wuaueng.dll =========

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 118997091 B
Java, Flash, Steam htmlcache => 6673463 B
Windows/system/drivers => 3332906 B
Edge => 0 B
Chrome => 633218187 B
Firefox => 68224600 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33058 B
systemprofile32 => 33058 B
LocalService => 33058 B
NetworkService => 1699778 B
Owner => 22226082 B
Podge => 173508 B
UpdatusUser => 0 B
UpdatusUser => 0 B
Test => 60636 B

RecycleBin => 101118689 B
EmptyTemp: => 919.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 00:05:18 ====

BrianDrab · Feb 26, 2017

Thanks. Please do the following.

Step#1 - ChkDsk Scan
1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.

3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk and then press enter.
6. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.

7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
8. Right-click this file and select Run as administrator (Allow if prompted)and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
Please copy the contents of this file and paste into your next post.

ubershin · Feb 26, 2017

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 2/26/2017 3:43:01 PM >------
Category: 0
Computer Name: Owner-PC
Event Code: 26212
Record Number: 37967
Source Name: Chkdsk
Time Written: 02-26-2017 @ 23:42:43
Event Type: Information
User:
Message: Chkdsk was executed in read-only mode on a volume snapshot.

Checking file system on C:
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
275968 file records processed.

File verification completed.
1456 large file records processed.

0 bad file records processed.

2 EA records processed.

76 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
359700 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
275968 file SDs/SIDs processed.

Cleaning up 398 unused index entries from index $SII of file 0x9.
Cleaning up 398 unused index entries from index $SDH of file 0x9.
Cleaning up 398 unused security descriptors.
Security descriptor verification completed.
41867 data files processed.

CHKDSK is verifying Usn Journal...
35075752 USN bytes processed.

Usn Journal verification completed.
Windows has checked the file system and found no problems.

124930047 KB total disk space.
109316920 KB in 216510 files.
123028 KB in 41868 indexes.
0 KB in bad sectors.
383375 KB in use by the system.
65536 KB occupied by the log file.
15106724 KB available on disk.

4096 bytes in each allocation unit.
31232511 total allocation units on disk.
3776681 allocation units available on disk.

-----------------------------------------------------------------------
Category: 0
Computer Name: Owner-PC
Event Code: 1001
Record Number: 34314
Source Name: Microsoft-Windows-Wininit
Time Written: 12-27-2016 @ 09:13:32
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
The attribute of type 0x80 and instance tag 0x0 in file 0xe639
has allocated length of 0x512870000 instead of 0x5128f0000.
Deleted corrupt attribute list entry
with type code 128 in file 58937.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x49000000000154. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, $J)
from file record segment 340.
Unable to locate attribute with instance tag 0x0 and segment
reference 0x27300000001becf. The expected attribute type is 0x80.
Deleting corrupt attribute record (128, $J)
from file record segment 114383.
275968 file records processed.

File verification completed.
Deleting orphan file record segment 340.
1607 large file records processed.

0 bad file records processed.

2 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
356878 index entries processed.

Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
1 unindexed files scanned.

CHKDSK is recovering remaining unindexed files.
1 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
275968 file SDs/SIDs processed.

Cleaning up 514 unused index entries from index $SII of file 0x9.
Cleaning up 514 unused index entries from index $SDH of file 0x9.
Cleaning up 514 unused security descriptors.
Security descriptor verification completed.
40456 data files processed.

CHKDSK is verifying Usn Journal...
Creating Usn Journal $J data stream
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

124930047 KB total disk space.
114976604 KB in 209691 files.
119868 KB in 40458 indexes.
0 KB in bad sectors.
348191 KB in use by the system.
65536 KB occupied by the log file.
9485384 KB available on disk.

4096 bytes in each allocation unit.
31232511 total allocation units on disk.
2371346 allocation units available on disk.

Internal Info:
00 36 04 00 2e d1 03 00 da e5 06 00 00 00 00 00 .6..............
2a 02 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 *...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Owner-PC
Event Code: 1001
Record Number: 23203
Source Name: Microsoft-Windows-Wininit
Time Written: 10-01-2014 @ 00:58:12
Event Type: Information
User:
Message:

Checking file system on G:
The type of the file system is NTFS.
Volume label is Media.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
110080 file records processed.

File verification completed.
2 large file records processed.

0 bad file records processed.

0 EA records processed.

0 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
113646 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
110080 file SDs/SIDs processed.

Cleaning up 8 unused index entries from index $SII of file 0x9.
Cleaning up 8 unused index entries from index $SDH of file 0x9.
Cleaning up 8 unused security descriptors.
Security descriptor verification completed.
1783 data files processed.

CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

732571647 KB total disk space.
710666352 KB in 100919 files.
48772 KB in 1785 indexes.
0 KB in bad sectors.
198403 KB in use by the system.
65536 KB occupied by the log file.
21658120 KB available on disk.

4096 bytes in each allocation unit.
183142911 total allocation units on disk.
5414530 allocation units available on disk.

Internal Info:
00 ae 01 00 3b 91 01 00 78 d3 02 00 00 00 00 00 ....;...x.......
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

-----------------------------------------------------------------------
Category: 0
Computer Name: Owner-PC
Event Code: 1001
Record Number: 22720
Source Name: Microsoft-Windows-Wininit
Time Written: 08-23-2014 @ 19:39:31
Event Type: Information
User:
Message:

Checking file system on G:
The type of the file system is NTFS.
Volume label is Media.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
110080 file records processed.

File verification completed.
2 large file records processed.

0 bad file records processed.

0 EA records processed.

0 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
113640 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
110080 file SDs/SIDs processed.

Cleaning up 31 unused index entries from index $SII of file 0x9.
Cleaning up 31 unused index entries from index $SDH of file 0x9.
Cleaning up 31 unused security descriptors.
Security descriptor verification completed.
1780 data files processed.

Windows has checked the file system and found no problems.

732571647 KB total disk space.
702960600 KB in 100915 files.
48776 KB in 1782 indexes.
0 KB in bad sectors.
198403 KB in use by the system.
65536 KB occupied by the log file.
29363868 KB available on disk.

4096 bytes in each allocation unit.
183142911 total allocation units on disk.
7340967 allocation units available on disk.

Internal Info:
00 ae 01 00 34 91 01 00 71 d3 02 00 00 00 00 00 ....4...q.......
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

-----------------------------------------------------------------------
Category: 0
Computer Name: Owner-PC
Event Code: 1001
Record Number: 22498
Source Name: Microsoft-Windows-Wininit
Time Written: 08-09-2014 @ 21:44:21
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
The attribute of type 0x80 and instance tag 0x4 in file 0x10f1f
has allocated length of 0x4000 instead of 0x20000.
Deleting corrupt attribute record (128, "")
from file record segment 69407.
The attribute of type 0x80 and instance tag 0x4 in file 0x2578e
has allocated length of 0x4000 instead of 0x20000.
Deleting corrupt attribute record (128, "")
from file record segment 153486.
241408 file records processed.

File verification completed.
1023 large file records processed.

0 bad file records processed.

2 EA records processed.

57 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
320628 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
241408 file SDs/SIDs processed.

Cleaning up 372 unused index entries from index $SII of file 0x9.
Cleaning up 372 unused index entries from index $SDH of file 0x9.
Cleaning up 372 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 69407.
Inserting data attribute into file 153486.
39613 data files processed.

CHKDSK is verifying Usn Journal...
35674624 USN bytes processed.

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

124930047 KB total disk space.
116689284 KB in 167719 files.
112940 KB in 39612 indexes.
0 KB in bad sectors.
347775 KB in use by the system.
65536 KB occupied by the log file.
7780048 KB available on disk.

4096 bytes in each allocation unit.
31232511 total allocation units on disk.
1945012 allocation units available on disk.

Internal Info:
00 af 03 00 f0 29 03 00 e9 b9 05 00 00 00 00 00 .....)..........
10 02 00 00 39 00 00 00 00 00 00 00 00 00 00 00 ....9...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------
Category: 0
Computer Name: Owner-PC
Event Code: 1001
Record Number: 11288
Source Name: Microsoft-Windows-Wininit
Time Written: 08-04-2012 @ 23:34:38
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 3)...
149504 file records processed.

File verification completed.
345 large file records processed.

0 bad file records processed.

2 EA records processed.

41 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
201166 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
149504 file SDs/SIDs processed.

Cleaning up 452 unused index entries from index $SII of file 0x9.
Cleaning up 452 unused index entries from index $SDH of file 0x9.
Cleaning up 452 unused security descriptors.
Security descriptor verification completed.
25832 data files processed.

CHKDSK is verifying Usn Journal...
37432552 USN bytes processed.

Usn Journal verification completed.
Windows has checked the file system and found no problems.

124930047 KB total disk space.
64793648 KB in 120834 files.
72456 KB in 25833 indexes.
0 KB in bad sectors.
256611 KB in use by the system.
65536 KB occupied by the log file.
59807332 KB available on disk.

4096 bytes in each allocation unit.
31232511 total allocation units on disk.
14951833 allocation units available on disk.

Internal Info:
00 48 02 00 f6 3c 02 00 90 22 04 00 00 00 00 00 .H...<..."......
ab 01 00 00 29 00 00 00 00 00 00 00 00 00 00 00 ....)...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------

BrianDrab · Feb 26, 2017

Check for Windows Updates and let me know what happens.

ubershin · Feb 26, 2017

Unfortunately, the restart loop still persists. "Restart your computer to install important updates."

I tried restarting a few times.

BrianDrab · Feb 26, 2017

Please do the following again.

1. Click your start button and type cmd in the search box.
2. Right-click on cmd that comes up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears.
3. Copy/Paste the following into the command-prompt window and hit enter.
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /s >1.txt && notepad 1.txt

4. Notepad will open showing the WU info. Can you copy and paste this into your next reply?

ubershin · Feb 26, 2017

Please see below:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
SusClientIdValidation REG_BINARY 060228011E2A530030004D0053004E0045004100420036003000300038003500320020002000200020002000200006001FC6508F9D4D005300310043003800330042005A00430052003000320039003100380043006800610073007300690073002000530065007200690061006C0020004E0075006D00620065007200
SusClientId REG_SZ 2f114d40-cf73-4a70-98cc-26f7036f2341
LastRestorePointSetTime REG_SZ 2017-02-24 03:34:36

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
NextSqmReportTime REG_SZ 2017-02-27 05:32:30
FeaturedUpdatesNotificationSeqNum REG_DWORD 0x14dd
FeaturedUpdatesNotificationSeqNumGenTime REG_SZ 2017-02-19 08:09:36
AUOptions REG_DWORD 0x1
IncludeRecommendedUpdates REG_DWORD 0x1
ElevateNonAdmins REG_DWORD 0x1
ActionCenterLastPossibleRestartNotification REG_SZ 2011-08-25 10:00:00
ScheduledInstallDay REG_DWORD 0x0
ScheduledInstallTime REG_DWORD 0x14
LastRestoreId REG_SZ {2430A326-7F36-4DF0-BC6E-58F721EBA341}
NextFeaturedUpdatesNotificationTime REG_SZ 2017-02-27 00:45:18
FirstDetectionFailureTime REG_SZ 2017-02-27 00:45:22

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
LastError REG_DWORD 0x80070bc9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS
UpdateCount REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade
AllowOSUpgrade REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade\State
OSUpgradeState REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
BatchFlushAge REG_DWORD 0x25c
SamplingValue2 REG_DWORD 0x3a1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d
AuthorizationCab REG_SZ authcab.cab

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
ValidatedPreWsus3RegistrationRequests REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
SelfUpdateStatus REG_DWORD 0x101
SelfupdateUnmanaged REG_DWORD 0x1
ServerId REG_SZ 9482f4b4-e343-43b6-b170-9a65bc822c77
SetupHandlerUpdateId REG_SZ 61ca813a-7585-442e-a66b-b0d15ce6bdc0
UpdateSessionId REG_DWORD 0xffffffff

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Results

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Results\SelfUpdate
LastSuccessTime REG_SZ 2014-08-22 05:27:50
RebootFailCount REG_DWORD 0x1
LastError REG_DWORD 0x80070bc9

BrianDrab · Feb 27, 2017

Please do the following.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
Download the file below, SFCScript.txt, and save this to your Desktop.
Save any open documents and close all open windows.
On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
SFCFix will now process the script.
Upon completion, a file should be created on your Desktop: SFCFix.txt.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

[Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persists)

Member

Attachments

Member

Emeritus

Member

Emeritus

Attachments

Member

Emeritus

Member

Banned

Emeritus

Member

Emeritus

Attachments

Member

Emeritus

Member

Emeritus

Member

Emeritus

Member

Emeritus

Attachments