Page 1 of 3 123 Last
  1. #1

    [Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persists)

    Hello,I've been having the Windows Update restart loop and I've tried many "fixes" to no avail. It still persists after attempting the following:

    Microsoft Fixit tool
    Windows Update troubleshooter tool
    Deleted registry for RebootRequired
    Reset Windows Update & files
    removed servicing/Sessions with permissions
    /sfc scannow
    Tried installing various Windows update hotfixes (several kb# packages)
    removed SoftwareDistribution contents

    Tried just about everything else, including a fix suggested below:
    fsutil resource setautoreset true %systemdrive%\

    attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
    del %SystemRoot%\System32\Config\TxR\*

    attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
    del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
    del %SystemRoot%\System32\SMI\Store\Machine\*.blf
    del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms

    --------------------------------
    SFCFix version 3.0.0.0 by niemiro.
    Start time: 2017-02-19 17:33:47.466
    Microsoft Windows 7 Service Pack 1 - amd64
    Not using a script file.








    AutoAnalysis::
    SUMMARY: No corruptions were detected.
    AutoAnalysis:: directive completed successfully.








    Successfully processed all directives.






    Failed to generate a complete zip file. Upload aborted.




    SFCFix version 3.0.0.0 by niemiro has completed.
    Currently storing 0 datablocks.
    Finish time: 2017-02-19 17:44:04.631
    ----------------------EOF-----------------------


    I have about given up and decided to post a thread to see if anyone here can assist with finally resolving my Windows Update required reboot loop issue. I will post my CBS file shortly to help.
    Attached Files Attached Files


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Obi wan, you're my only hope! Anyone want to take a look at my CBS folder? Please help, I've tried nearly everything!

    Use link for CBS.zip:

    Download CBS.zip from Sendspace.com - send big files the easy way

  3. #3
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Hi and welcome to Sysnative. Please start with the following.

    1. Click your start button and type cmd in the search box.
    2. Right-click on cmd that comes up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears.
    3. Copy/Paste the following into the command-prompt window and hit enter.
    reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /s >1.txt && notepad 1.txt

    4. Notepad will open showing the WU info. Can you copy and paste this into your next reply?

  4. #4

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Brian,
    Thank your for your help! Please see below for the WU txt file you requested:



    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
    SusClientIdValidation REG_BINARY 060228011E2A530030004D0053004E0045004100420036003000300038003500320020002000200020002000200006001FC6508F9D4D005300310043003800330042005A00430052003000320039003100380043006800610073007300690073002000530065007200690061006C0020004E0075006D00620065007200
    SusClientId REG_SZ 2f114d40-cf73-4a70-98cc-26f7036f2341
    LastRestorePointSetTime REG_SZ 2017-02-24 03:34:36


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
    NextSqmReportTime REG_SZ 2017-02-25 05:32:30
    FeaturedUpdatesNotificationSeqNum REG_DWORD 0x14dd
    FeaturedUpdatesNotificationSeqNumGenTime REG_SZ 2017-02-19 08:09:36
    AUOptions REG_DWORD 0x4
    IncludeRecommendedUpdates REG_DWORD 0x1
    ElevateNonAdmins REG_DWORD 0x1
    ActionCenterLastPossibleRestartNotification REG_SZ 2011-08-25 10:00:00
    ScheduledInstallDay REG_DWORD 0x0
    ScheduledInstallTime REG_DWORD 0x14
    LastRestoreId REG_SZ {C9588BA8-AF01-45EB-8FDE-39225DC94DF1}
    NextDetectionTime REG_SZ 2017-02-25 02:11:30
    NextFeaturedUpdatesNotificationTime REG_SZ 2017-02-20 03:07:07
    FirstDetectionFailureTime REG_SZ 2017-02-20 03:07:07
    UnableToDetectTime REG_SZ 2017-02-24 03:33:55
    ScheduledInstallDate REG_SZ 2017-02-25 04:00:00


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
    LastError REG_DWORD 0x80070bc9


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS
    UpdateCount REG_DWORD 0x0


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade
    AllowOSUpgrade REG_DWORD 0x0


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade\State
    OSUpgradeState REG_DWORD 0x1


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
    BatchFlushAge REG_DWORD 0x25c
    SamplingValue2 REG_DWORD 0x3a1


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d
    AuthorizationCab REG_SZ authcab.cab


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
    ValidatedPreWsus3RegistrationRequests REG_DWORD 0x1


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
    SelfUpdateStatus REG_DWORD 0x1
    SelfupdateUnmanaged REG_DWORD 0x1
    ServerId REG_SZ 9482f4b4-e343-43b6-b170-9a65bc822c77
    SetupHandlerUpdateId REG_SZ 61ca813a-7585-442e-a66b-b0d15ce6bdc0
    UpdateSessionId REG_DWORD 0xffffffff


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Results


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Results\SelfUpdate
    LastSuccessTime REG_SZ 2014-08-22 05:27:50
    RebootFailCount REG_DWORD 0x13
    LastError REG_DWORD 0x80070bc9

  5. #5
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    No problem. Please do the following.

    Step#1 - Gather Event Logs
    Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
    1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
    2. Download the file below, SFCScript.txt, and save this to your Desktop.
    3. Save any open documents and close all open windows.
    4. On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
    5. Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
    6. SFCFix will now process the script.
    7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
    8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please
    9. In addition a file will be created on your desktop named EvtLogs.zip. As this file will likely be too large to attach to your reply, please upload this file to a file sharing/hosting site such as SendSpace, Dropbox or Onedrive and provide the link in your next reply.
    Attached Files Attached Files

  6. #6

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Good evening,

    Done and done! Please see below. The EvtLogs.zip is also attached to my reply below, as the size appears to be smaller than expected.

    -----------------------------------------------------------------------------------------

    SFCFix version 3.0.0.0 by niemiro.
    Start time: 2017-02-24 20:06:30.625
    Microsoft Windows 7 Service Pack 1 - amd64
    Using .txt script file at F:\Users\Owner\Desktop\SFCScript.txt [0]








    Zip::
    Successfully copied file C:\Windows\Sysnative\winevt\Logs\Application.evtx to zip file at C:\Users\Owner\desktop\EvtLogs.zip.
    Successfully copied file C:\Windows\Sysnative\winevt\Logs\System.evtx to zip file at C:\Users\Owner\desktop\EvtLogs.zip.
    Zip:: directive completed successfully.








    Successfully processed all directives.
    SFCFix version 3.0.0.0 by niemiro has completed.
    Currently storing 0 datablocks.
    Finish time: 2017-02-24 20:06:34.759
    Script hash: 3ptSf3vNPLM/TFnzG9y5oFNBAyUPBWzpo0Wv8lEQIVk=
    ----------------------EOF-----------------------

  7. #7
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Thanks for the info. Please also do the following.

    Step#1 - FRST Scan
    1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
    2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
    3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
    4. Press Scan button.
    5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
    6. Please copy and paste log back here.
    7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

  8. #8

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Interesting! Results are below:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
    Ran by Owner (administrator) on OWNER-PC (24-02-2017 22:59:04)
    Running from C:\Users\Owner\desktop
    Loaded Profiles: Owner (Available Profiles: Owner & Podge & Test)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
    () C:\Windows\SysWOW64\PSIService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    (Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    (Microsoft Corporation) C:\Windows\System32\calc.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
    HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134160 2007-07-17] (Logitech, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-19] (Adobe Systems Incorporated)
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
    HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk [2011-07-22]
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{723FE6D0-E37D-423F-9DBF-819765C5B4A8}: [DhcpNameServer] 192.168.1.1


    Internet Explorer:
    ==================
    HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
    HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    SearchScopes: HKU\S-1-5-21-3195744136-2440721999-3062411521-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-09-02] (LastPass)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
    BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll [2011-11-22] (doubleTwist Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-05] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-09-02] (LastPass)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-05] (Oracle Corporation)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-09-02] (LastPass)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-09-02] (LastPass)
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)


    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default [2017-02-22]
    FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\user.js [2011-08-25]
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\0a401suh.default -> Google
    FF Homepage: Mozilla\Firefox\Profiles\0a401suh.default -> Yahoo
    FF Extension: (LastPass) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\support@lastpass.com [2016-12-22]
    FF Extension: (FlashGot) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-12-02]
    FF Extension: (NoScript) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-17]
    FF Extension: (Video DownloadHelper) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-02]
    FF Extension: (Adblock Plus) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0a401suh.default\features\{054e40f9-b74b-4719-989a-35f0bccf1884}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-09-02] (LastPass)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-03-14] (Adobe Systems, Inc.)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
    FF Plugin-x32: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [2011-11-22] (doubleTwist Corporation)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-05] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-05] (Oracle Corporation)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-09-02] (LastPass)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Owner\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [No File]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3195744136-2440721999-3062411521-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3195744136-2440721999-3062411521-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)


    Chrome:
    =======
    CHR DefaultSearchKeyword: Default -> lp
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
    CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-27]
    CHR Extension: (OneTab) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-19]
    CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-03]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
    CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-30]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-24] () [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-03-25] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-09-28] (EasyAntiCheat Ltd)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
    R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
    R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] ()
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-04-05] (CACE Technologies, Inc.)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-07-27] () [File not signed]
    S3 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\Precision XOC\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
    R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
    U3 ae2aeg7j; C:\Windows\System32\Drivers\ae2aeg7j.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-02-24 22:59 - 2017-02-24 22:59 - 00020450 _____ C:\Users\Owner\Desktop\FRST.txt
    2017-02-24 22:58 - 2017-02-24 22:59 - 00000000 ____D C:\FRST
    2017-02-24 22:58 - 2017-02-24 22:58 - 02423296 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2017-02-24 20:06 - 2017-02-24 20:06 - 05797401 _____ C:\Users\Owner\Desktop\EvtLogs.zip
    2017-02-22 09:56 - 2017-02-22 09:56 - 00000000 ____D C:\CBS
    2017-02-21 08:07 - 2017-02-24 13:52 - 00003590 _____ C:\Users\Owner\1.txt
    2017-02-19 20:28 - 2017-02-19 20:28 - 00000000 ____D C:\Users\Owner\.oracle_jre_usage
    2017-02-19 17:44 - 2017-02-24 20:06 - 00000000 ____D C:\SFCFix
    2017-02-19 17:33 - 2017-02-24 20:06 - 00000000 ____D C:\Users\Owner\AppData\Local\niemiro
    2017-02-19 16:57 - 2017-02-19 17:33 - 02884096 _____ (niemiro) C:\SFCFix.exe
    2017-02-19 16:54 - 2017-02-19 16:54 - 00000000 ____D C:\Windows\system32\Catroot2.bak
    2017-02-19 16:31 - 2017-02-19 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
    2017-02-19 16:31 - 2017-02-19 16:31 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider
    2017-02-19 16:26 - 2017-02-19 16:26 - 02507584 _____ C:\GwxControlPanelSetup.exe
    2017-02-19 15:55 - 2017-02-19 15:56 - 500046015 _____ C:\windows6.1-kb3125574-v4-x64_2dafb1d203c8964239af3048b5dd4b1264cd93b9.msu
    2017-02-19 15:53 - 2017-02-19 15:54 - 30659457 _____ C:\Windows6.1-KB3172605-x64.msu
    2017-02-19 15:53 - 2017-02-19 15:53 - 09575735 _____ C:\Windows6.1-KB3020369-x64.msu
    2017-02-19 15:50 - 2017-02-19 15:50 - 00000000 ____D C:\Windows\SysWOW64\catroot2.bak
    2017-02-19 15:49 - 2017-02-19 15:49 - 00004471 _____ C:\Reset_Windows_Update_Full.bat
    2017-02-19 15:30 - 2017-02-19 15:30 - 00689664 _____ C:\MicrosoftFixit50202.msi
    2017-02-19 14:32 - 2017-02-19 14:32 - 00000000 ____D C:\Windows\CheckSur
    2017-02-19 14:30 - 2017-02-19 14:30 - 00313366 _____ C:\WindowsUpdateDiagnostic.diagcab
    2017-02-19 14:29 - 2017-02-19 14:31 - 564744309 _____ C:\Windows6.1-KB947821-v34-x64.msu
    2017-02-19 00:03 - 2017-02-19 00:03 - 00000000 ____D C:\New folder
    2017-02-18 23:25 - 2017-02-18 23:26 - 00000000 ____D C:\Users\Test\AppData\Local\NVIDIA Corporation
    2017-02-18 23:25 - 2017-02-18 23:25 - 00001417 _____ C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-02-18 23:25 - 2017-02-18 23:25 - 00000000 ____D C:\Users\Test\AppData\Roaming\Adobe
    2017-02-18 23:25 - 2017-02-18 23:25 - 00000000 ____D C:\Users\Test\AppData\Local\NVIDIA
    2017-02-18 23:25 - 2017-02-18 23:25 - 00000000 ____D C:\Users\Test\AppData\Local\LogiShrd
    2017-02-18 23:24 - 2017-02-18 23:25 - 00000000 ____D C:\Users\Test
    2017-02-18 23:24 - 2017-02-18 23:24 - 00000020 ___SH C:\Users\Test\ntuser.ini
    2017-02-18 23:24 - 2017-02-18 23:24 - 00000000 _SHDL C:\Users\Test\My Documents
    2017-02-18 23:24 - 2013-04-07 14:34 - 00000000 ____D C:\Users\Test\AppData\Roaming\Macromedia
    2017-02-18 23:24 - 2011-04-12 00:28 - 00000000 ____D C:\Users\Test\AppData\Roaming\Media Center Programs
    2017-02-18 23:23 - 2017-02-18 23:23 - 00000000 ____D C:\Users\Podge\AppData\Local\CEF
    2017-02-18 23:22 - 2017-02-18 23:22 - 00000000 ____D C:\Users\Podge\AppData\Local\LogiShrd
    2017-02-18 23:21 - 2017-02-18 23:23 - 00000000 ____D C:\Users\Podge\AppData\Local\NVIDIA Corporation
    2017-02-18 23:21 - 2017-02-18 23:21 - 00001417 _____ C:\Users\Podge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-02-18 23:21 - 2017-02-18 23:21 - 00000020 ___SH C:\Users\Podge\ntuser.ini
    2017-02-18 23:21 - 2017-02-18 23:21 - 00000000 _SHDL C:\Users\Podge\My Documents
    2017-02-18 23:21 - 2017-02-18 23:21 - 00000000 ____D C:\Users\Podge\AppData\Roaming\Adobe
    2017-02-18 23:21 - 2017-02-18 23:21 - 00000000 ____D C:\Users\Podge\AppData\Local\NVIDIA
    2017-02-18 23:21 - 2017-02-18 23:21 - 00000000 ____D C:\Users\Podge
    2017-02-18 23:21 - 2013-04-07 14:34 - 00000000 ____D C:\Users\Podge\AppData\Roaming\Macromedia
    2017-02-18 23:21 - 2011-04-12 00:28 - 00000000 ____D C:\Users\Podge\AppData\Roaming\Media Center Programs
    2017-02-18 23:11 - 2017-02-18 23:11 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2017-02-18 22:20 - 2017-02-19 00:11 - 00151990 _____ C:\Windows\ntbtlog.txt
    2017-02-11 18:02 - 2017-02-11 19:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\discord
    2017-02-11 18:02 - 2017-02-11 18:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2017-02-11 18:02 - 2017-02-11 18:02 - 00000000 ____D C:\Users\Owner\AppData\Local\SquirrelTemp
    2017-02-11 18:02 - 2017-02-11 18:02 - 00000000 ____D C:\Users\Owner\AppData\Local\Discord
    2017-02-11 10:16 - 2017-02-11 10:16 - 00001591 _____ C:\Module1.bas
    2017-01-31 09:53 - 2017-01-31 09:53 - 00013062 _____ C:\testryanArtificial Grass Liquidators of Woodland Hills (Location 4).xlsx
    2017-01-29 21:05 - 2017-01-20 10:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2017-01-29 21:05 - 2017-01-20 10:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2017-01-29 21:05 - 2017-01-20 10:39 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2017-01-29 11:46 - 2017-01-29 11:46 - 00014191 _____ C:\project.xlsx


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-02-24 22:37 - 2016-08-23 16:32 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000UA.job
    2017-02-24 22:35 - 2013-11-17 15:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-02-24 20:22 - 2011-07-30 14:16 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-02-24 20:06 - 2011-07-16 03:26 - 00000000 ____D C:\Users\Owner
    2017-02-24 01:20 - 2013-03-25 15:44 - 00061448 _____ C:\Windows\system32\BMXStateBkp-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
    2017-02-24 01:20 - 2013-03-25 15:44 - 00061448 _____ C:\Windows\system32\BMXState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
    2017-02-24 01:20 - 2013-03-25 15:44 - 00000788 _____ C:\Windows\system32\DVCState-{00000006-00000000-00000001-00001102-00000005-00311102}.rfx
    2017-02-22 20:26 - 2016-11-19 20:24 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
    2017-02-21 18:56 - 2015-10-31 20:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-02-20 11:14 - 2016-10-21 23:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2017-02-20 08:10 - 2009-07-13 20:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-02-20 08:10 - 2009-07-13 20:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-02-19 19:21 - 2013-03-25 15:37 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-02-19 19:12 - 2009-07-13 21:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-19 19:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
    2017-02-19 19:08 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-02-19 16:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
    2017-02-19 00:09 - 2016-10-21 23:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer
    2017-02-19 00:09 - 2016-10-17 21:41 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
    2017-02-19 00:09 - 2011-07-27 14:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic
    2017-02-19 00:09 - 2011-07-19 14:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
    2017-02-18 23:25 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-02-18 22:16 - 2016-12-18 19:18 - 00000000 ____D C:\tuger
    2017-02-18 22:15 - 2011-07-16 05:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
    2017-02-13 13:44 - 2013-09-02 14:38 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\LastPass
    2017-02-11 20:53 - 2016-10-09 20:16 - 00000000 ____D C:\Program Files\EditPlus
    2017-02-11 20:53 - 2011-07-16 19:06 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live
    2017-02-11 17:52 - 2012-05-30 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-11 06:46 - 2016-12-05 22:34 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-02-01 18:55 - 2011-07-16 03:39 - 00002376 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-01-29 21:06 - 2013-05-26 19:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
    2017-01-29 21:05 - 2014-04-04 17:06 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA
    2017-01-29 21:05 - 2013-03-25 15:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-01-29 21:05 - 2013-03-25 15:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2017-01-29 21:05 - 2013-03-14 12:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-01-29 18:20 - 2016-11-19 05:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox


    ==================== Files in the root of some directories =======


    2013-09-02 14:38 - 2013-09-02 14:38 - 15678464 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2016-03-10 18:16 - 2016-03-10 18:16 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2013-08-01 02:27 - 2013-08-01 19:41 - 0001259 _____ () C:\Users\Owner\AppData\Roaming\BreakingPoint_Options.ini
    2013-03-30 20:35 - 2013-04-07 18:25 - 0000086 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
    2013-03-30 20:35 - 2013-04-07 18:25 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
    2013-03-30 20:35 - 2013-04-07 18:25 - 0000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
    2013-03-30 20:35 - 2013-04-07 18:25 - 0004551 _____ () C:\Users\Owner\AppData\Roaming\CamStudio.cfg
    2011-07-22 13:32 - 2011-07-22 13:32 - 0000760 _____ () C:\Users\Owner\AppData\Roaming\setup_ldm.iss


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2017-02-22 01:15


    ==================== End of FRST.txt ============================



    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
    Ran by Owner (24-02-2017 22:59:35)
    Running from C:\Users\Owner\desktop
    Windows 7 Professional Service Pack 1 (X64) (2011-07-16 11:26:11)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-3195744136-2440721999-3062411521-500 - Administrator - Disabled)
    Guest (S-1-5-21-3195744136-2440721999-3062411521-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3195744136-2440721999-3062411521-1003 - Limited - Enabled)
    Owner (S-1-5-21-3195744136-2440721999-3062411521-1000 - Administrator - Enabled) => C:\Users\Owner
    Podge (S-1-5-21-3195744136-2440721999-3062411521-1001 - Administrator - Enabled) => C:\Users\Podge
    Test (S-1-5-21-3195744136-2440721999-3062411521-1006 - Administrator - Enabled) => C:\Users\Test


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.1.0 - Futuremark)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.2 - Adobe Systems Incorporated)
    Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
    AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
    AMR Player 1.3 (HKLM-x32\...\{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1) (Version: - AMR Player, Free AMR audio player and AMR to MP3 or MP3 to AMR converter)
    Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
    ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
    Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0183 - Disc Soft Ltd)
    BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
    BitTorrent (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\BitTorrent) (Version: 7.9.1.31396 - BitTorrent Inc.)
    Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 7.9 - Codeusa Software)
    CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
    CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
    Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MP Navigator EX 1.1 (HKLM-x32\...\MP Navigator EX 1.1) (Version: - )
    Canon MX850 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series) (Version: - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
    Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
    Combined Community Codec Pack 2011-06-26 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.06.26.0 - CCCP Project)
    ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
    Corel Snapfire DVD Maker (HKLM-x32\...\{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}) (Version: 1.20.0000 - Corel Corporation)
    Corel Snapfire Plus (HKLM-x32\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.201.0000 - Corel Corporation)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
    Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DayZ Commander (HKLM-x32\...\{FA6C04F0-DC19-49B7-8910-DA3DF4B8BC1D}) (Version: 1.09.64 - Dotjosh Studios)
    Desktop APM (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Desktop APM) (Version: - )
    Diablo II (HKLM-x32\...\Diablo II) (Version: - )
    Discord (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.0.12944 - doubleTwist Corporation)
    Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.5.0 - Treexy)
    EditPlus (64 bit) (HKLM\...\EditPlus) (Version: - ES-Computing)
    erLT (x32 Version: 1.20.137.31 - Logitech, Inc.) Hidden
    EVEREST Ultimate Edition v4.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
    EVGA OC Scanner X 2.2.4 (HKLM-x32\...\{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1) (Version: - EVGA)
    EVGA Precision XOC (HKLM-x32\...\{3949A984-CF6F-48DD-BE84-64C148CCBEC6}) (Version: 6.0.7 - EVGA Corporation)
    FOREXTraderPro (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\1df0cdb088182ccc) (Version: 3.1.0.142 - FOREXTraderPro)
    Free M4a to MP3 Converter 6.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
    Google Chrome (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
    Google+ Auto Backup (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
    Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
    GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
    Logitech SetPoint 5.00 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.00 - Logitech)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
    Music Editor Free (HKLM-x32\...\Music Editor Free) (Version: - MEF GmbH.)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
    NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
    NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
    OCCT Perestroika 2.0.0a (HKLM-x32\...\OCCT_is1) (Version: - Tetedeiench)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.3 - )
    RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
    RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.2 - Rockstar Games)
    RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
    ScopeUserGuide (Version: 1.00.0000 - Logitech) Hidden
    Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    SMPlayer 0.8.0 (HKLM-x32\...\SMPlayer) (Version: 0.8.0 - Ricardo Villalba)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
    Try Corel Snapfire muvee autoProducer add on (x32 Version: 1.00.0000 - Corel Corporation) Hidden
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    Viber (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
    Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
    Warcraft III: All Products (HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\Warcraft III) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\...\ChromeHTML: -> C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-3195744136-2440721999-3062411521-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3195744136-2440721999-3062411521-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {00F9104D-6CF2-45EC-943F-A2202873DE7B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {04983A36-5288-4A8D-A05A-3E4A0A67AB06} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-29] (NVIDIA Corporation)
    Task: {055FBE26-3AB0-43E2-8160-C5AFAE665BB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
    Task: {1B7CB0BB-46EC-499D-BFB2-A62573A67A2D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
    Task: {62481887-E3AE-4965-8A75-F8DC9F295BBA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
    Task: {D48ECEFC-918B-4081-A009-36578E80080A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
    Task: {DAE4CB3F-D909-4BE8-9946-81A5A81DA9BF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
    Task: {E07F3A03-A77C-413D-B253-D448ED32525D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {F3035D70-6808-48A4-900F-4A0E18EE3E78} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {F4A29031-E202-430B-8D6F-C7597ADEEF88} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195744136-2440721999-3062411521-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============


    2016-10-05 19:11 - 2016-09-29 20:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2016-10-05 19:11 - 2016-09-29 20:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
    2016-10-05 19:11 - 2016-09-29 20:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
    2006-11-02 19:40 - 2006-11-02 19:40 - 00174656 _____ () C:\Windows\SysWOW64\PSIService.exe
    2013-03-25 15:37 - 2016-10-25 12:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2011-07-19 03:14 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2016-10-09 20:16 - 2016-07-30 15:35 - 00065768 _____ () C:\Program Files\EditPlus\eppshell64.dll
    2012-06-18 07:24 - 2012-06-18 07:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
    2016-10-05 19:11 - 2016-09-29 20:25 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2017-02-01 18:55 - 2017-02-01 01:01 - 01870168 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
    2017-02-01 18:55 - 2017-02-01 01:01 - 00085848 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
    2013-03-12 16:10 - 2016-12-23 10:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-01-21 20:41 - 2016-08-31 17:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-01-21 20:41 - 2016-08-31 17:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-01-21 20:41 - 2016-08-31 17:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2014-05-21 17:41 - 2017-01-18 17:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-08-30 17:14 - 2016-01-26 23:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-30 17:14 - 2016-01-26 23:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-08-30 17:14 - 2016-01-26 23:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-30 17:14 - 2016-01-26 23:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2014-08-30 17:14 - 2016-01-26 23:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2011-07-30 14:17 - 2017-01-18 17:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2016-03-08 17:53 - 2016-07-04 14:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
    2016-12-12 23:55 - 2017-01-04 19:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
    2011-07-30 14:17 - 2017-01-18 17:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
    2015-01-21 20:41 - 2015-09-24 15:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-3195744136-2440721999-3062411521-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeBridge =>
    MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
    MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
    MSCONFIG\startupreg: Launch LGDCore => "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{330FE41B-0F00-40D1-8614-09E42791D4B1}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
    FirewallRules: [{735CAFC0-4ECC-4352-BB6B-8892BB9D6F73}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
    FirewallRules: [{4FD0FE78-B34B-4C4F-A583-A7BFC603167A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{22088E7B-3A5D-4C3B-A15C-ED75D1348B93}] => (Allow) LPort=2869
    FirewallRules: [{76B9F18F-BC91-498C-89BA-75B81E328E12}] => (Allow) LPort=1900
    FirewallRules: [{7A932D6A-AFDD-4FA3-92D1-928C8E522B3E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{A416A4CD-DC5A-4289-B1E3-5312A5BCBA97}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{C48DEEB2-D417-468E-B736-5F1A870D562B}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
    FirewallRules: [{CB27D0B1-B319-47F0-8F09-81BB78C1DC43}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
    FirewallRules: [{7D403620-EB66-44F4-B344-C9693D2C5DAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{FD7DF124-B3C1-4289-A948-C119B907BF0C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{D92BFEF6-CB5E-4597-BB69-373E7358AA07}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe
    FirewallRules: [{F61976BC-367F-4425-9254-D83A1E9A0563}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe
    FirewallRules: [{17D63135-19ED-4CA3-9305-92FB78545A0E}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe
    FirewallRules: [{62582A45-88B4-45BF-8231-8EA2BC67BC25}] => (Allow) C:\Program Files (x86)\Mumble\mumble.exe
    FirewallRules: [TCP Query User{50751028-6067-43C9-827E-5D6083AB812A}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
    FirewallRules: [UDP Query User{B3E5D911-F35A-41A5-AB63-B053C972CA3D}C:\program files (x86)\aim\aim.exe] => (Allow) C:\program files (x86)\aim\aim.exe
    FirewallRules: [TCP Query User{E60F81A5-13E5-4B4A-A7A4-4FAFA86A800E}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
    FirewallRules: [UDP Query User{FE5943F9-A226-41BD-8B8B-7B6D14CE1CC7}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
    FirewallRules: [TCP Query User{D8DFD02A-BFFD-433B-BC5A-88C9EBF6CE98}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
    FirewallRules: [UDP Query User{B0506703-32D6-4F8E-9A25-5429011D1D42}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
    FirewallRules: [{F1CC2F0D-CBF3-46E7-829F-7A6EE9A16850}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
    FirewallRules: [{8F06C021-2FCA-4C5E-A50A-1DC3427D6AD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\_runA2CO.cmd
    FirewallRules: [{1FB0ADAF-7690-4EBD-AE95-7BECFBA9246C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
    FirewallRules: [{59ED7778-6C37-473D-A1C4-B9DE740A2030}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
    FirewallRules: [TCP Query User{3BB326B3-ADA9-45DB-ACEE-37B18A868F20}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
    FirewallRules: [UDP Query User{47B40EC0-556C-4974-87DB-94209F2F4DA4}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
    FirewallRules: [{44083EB7-E3CE-43BC-9BD6-3DC5ABB088B4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{CF77D0EA-D106-4424-A6EF-8BFF45AB29FC}F:\users\owner\desktop\breakingpoint.exe] => (Allow) F:\users\owner\desktop\breakingpoint.exe
    FirewallRules: [UDP Query User{B3F2134E-96B9-4E18-8480-88ADA43AE984}F:\users\owner\desktop\breakingpoint.exe] => (Allow) F:\users\owner\desktop\breakingpoint.exe
    FirewallRules: [{E381CAF7-1795-458A-88A3-BF420AD23504}] => (Allow) F:\Users\Owner\Desktop\BreakingPoint.exe
    FirewallRules: [{CF811ED6-F278-4E00-8E4A-862BA05BE58A}] => (Allow) F:\Users\Owner\Desktop\BreakingPoint.exe
    FirewallRules: [{D045ECD5-9AB3-4752-A447-01781AFEB99A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
    FirewallRules: [{E9CA8226-FEB5-4464-9092-2AF5DA53AD94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
    FirewallRules: [{48B71691-E1D0-403D-B061-98EB428D9DF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{79AC811D-F671-4669-91BA-20DDD7603CF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{107C98A4-7A9A-401C-8B84-E28627247941}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
    FirewallRules: [{1F74DA55-BF4A-4004-A796-ADD5616C7FD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
    FirewallRules: [{A0B271A3-D3CF-4CD2-A29F-17467264BEAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{316090EB-35B8-43C2-8F05-82199E435505}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{51776ED5-B725-4F42-8803-1EC4331A8835}] => (Allow) G:\GTA V\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
    FirewallRules: [{C0EA661D-FB0F-44D9-BD90-FF04CE716EB3}] => (Allow) G:\GTA V\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
    FirewallRules: [TCP Query User{8E0125CA-6D2F-407D-B7AB-A64FCB6BFF8F}G:\gta v\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\gta v\steamapps\common\grand theft auto v\gta5.exe
    FirewallRules: [UDP Query User{A6634CCA-7D42-4FDA-A93B-DD647B036ACA}G:\gta v\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\gta v\steamapps\common\grand theft auto v\gta5.exe
    FirewallRules: [TCP Query User{40FC1986-DAF5-4FA4-BA5F-BDC55217065D}G:\gta v\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\gta v\steamapps\common\grand theft auto v\gta5.exe
    FirewallRules: [UDP Query User{5EF472C9-4517-483C-B1DF-2763FCB79F1C}G:\gta v\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\gta v\steamapps\common\grand theft auto v\gta5.exe
    FirewallRules: [{72C8E0B7-4311-46DE-947D-81B316A6C104}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{5884D159-F72E-4DAF-B511-AC579B7F3D56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{FFF0AF1E-049B-4E15-9C2B-3FAB20EE72F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B1A96EAB-6198-4CE0-8165-8E51F1DA22EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5DC5458D-4DCD-483B-AC31-33D98CF231B7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{E0633927-87D3-48A0-90D2-452AAEBE817E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{8EC4D1D8-A57F-4E7D-ADE2-E2573705FAF4}] => (Allow) C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{374C2206-734D-44B2-B014-E144BF9B743B}] => (Allow) C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{E7A7FEE6-1C9B-46E3-ABEA-33F44AE54959}] => (Allow) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [{FAC0F93A-D638-4D8E-960D-A6835F513AA3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{9E87DC53-493E-4B5F-A1E2-D9B4445EE713}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{6EB34014-78E8-4369-A089-47B4E91DACF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{9DD9A608-2FA8-4418-A10B-4620AD15AFC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe


    ==================== Restore Points =========================


    23-02-2017 08:04:14 Windows Update


    ==================== Faulty Device Manager Devices =============


    Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
    Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Marvell
    Service: yukonw7
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    Name: Canon MX850 ser Network
    Description: Canon MX850 ser Network
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Canon
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (02/21/2017 09:14:46 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "G:\SoftonicDownloader_for_mkv-player.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


    Error: (02/21/2017 09:14:46 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "G:\SoftonicDownloader_for_mkv-player.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


    Error: (02/19/2017 07:09:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (02/19/2017 07:00:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (02/19/2017 05:28:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (02/19/2017 05:24:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (02/19/2017 05:15:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (02/19/2017 05:13:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (02/19/2017 04:52:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (02/19/2017 04:43:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.




    System errors:
    =============
    Error: (02/23/2017 08:04:25 AM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume \Device\HarddiskVolumeShadowCopy5 encountered a non-retryable error and could not start. The data contains the error code.


    Error: (02/23/2017 12:00:10 AM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume \Device\HarddiskVolumeShadowCopy4 encountered a non-retryable error and could not start. The data contains the error code.


    Error: (02/22/2017 04:03:46 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


    Error: (02/21/2017 12:00:08 AM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume \Device\HarddiskVolumeShadowCopy3 encountered a non-retryable error and could not start. The data contains the error code.


    Error: (02/20/2017 08:06:42 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


    Error: (02/20/2017 02:53:37 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.


    Error: (02/19/2017 07:08:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    The system cannot find the file specified.


    Error: (02/19/2017 07:08:05 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume \\?\Volume{6a0a7879-af9d-11e0-a78d-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code.


    Error: (02/19/2017 07:08:05 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume G: encountered a non-retryable error and could not start. The data contains the error code.


    Error: (02/19/2017 07:08:04 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.




    CodeIntegrity:
    ===================================
    Date: 2011-07-20 15:28:21.788
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 15:28:21.788
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 15:20:07.835
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 15:20:07.819
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 15:18:11.788
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 15:18:11.788
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 15:00:00.975
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 15:00:00.975
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 14:59:10.741
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2011-07-20 14:59:10.741
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ATITool64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
    Percentage of memory in use: 89%
    Total physical RAM: 4095.11 MB
    Available physical RAM: 425.23 MB
    Total Virtual: 8188.41 MB
    Available Virtual: 3496.38 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:119.14 GB) (Free:5.29 GB) NTFS
    Drive d: (Jim Fuller) (CDROM) (Total:7.86 GB) (Free:0 GB) UDF
    Drive f: (Main) (Fixed) (Total:558.91 GB) (Free:0.15 GB) NTFS
    Drive g: (Media) (Fixed) (Total:698.63 GB) (Free:0.17 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: A8317F9E)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)


    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 558.9 GB) (Disk ID: 2E65DE39)
    Partition 1: (Not Active) - (Size=558.9 GB) - (Type=07 NTFS)


    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 4A8A952C)
    Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================

  9. #9

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Application errors:
    ==================
    Error: (02/21/2017 09:14:46 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "G:\SoftonicDownloader_for_mkv-player.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


    @BrianDrab

    Error: (02/21/2017 09:14:46 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "G:\SoftonicDownloader_for_mkv-player.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


    Roy

  10. #10
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Before we continue, are you able to free up some disk space on your drives? All of them are extremely low. The tools/commands I'm going to have you run may not work properly with the amount of space that is left.

    Drive c: () (Fixed) (Total:119.14 GB) (Free:5.29 GB) NTFS
    Drive f: (Main) (Fixed) (Total:558.91 GB) (Free:0.15 GB) NTFS
    Drive g: (Media) (Fixed) (Total:698.63 GB) (Free:0.17 GB) NTFS

  11. #11

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    I apologize for the delay! I knew I should've been more organized with my data :x but anywhoo, I went through my drives and freed up some space. Now I have:

    about 13.5 GB free in Drive C;
    10 GB in Drive F;
    and 11 GB in Drive G.

    Would this be sufficient to proceed? Please advise.

  12. #12
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    That should work. Please start with the following.

    Step#1 - FRST Fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    1. Download attached file and save it to the Desktop.
    Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
    2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
    3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
    Attached Files Attached Files

  13. #13

    Re: Windows Update does not update (infinite Restart loop uncorrected and persists)

    Results below:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
    Ran by Owner (26-02-2017 00:04:44) Run:1
    Running from C:\Users\Owner\desktop
    Loaded Profiles: Owner (Available Profiles: Owner & Podge & Test)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    CreateRestorePoint:
    U3 ae2aeg7j; C:\Windows\System32\Drivers\ae2aeg7j.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    cmd: regsvr32.exe Wuaueng.dll
    EmptyTemp:




    *****************


    Restore point was successfully created.
    HKLM\System\CurrentControlSet\Services\ae2aeg7j => key removed successfully
    ae2aeg7j => service removed successfully


    ========= regsvr32.exe Wuaueng.dll =========




    ========= End of CMD: =========




    =========== EmptyTemp: ==========


    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 118997091 B
    Java, Flash, Steam htmlcache => 6673463 B
    Windows/system/drivers => 3332906 B
    Edge => 0 B
    Chrome => 633218187 B
    Firefox => 68224600 B
    Opera => 0 B


    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 33058 B
    systemprofile32 => 33058 B
    LocalService => 33058 B
    NetworkService => 1699778 B
    Owner => 22226082 B
    Podge => 173508 B
    UpdatusUser => 0 B
    UpdatusUser => 0 B
    Test => 60636 B


    RecycleBin => 101118689 B
    EmptyTemp: => 919.5 MB temporary data Removed.


    ================================




    The system needed a reboot.


    ==== End of Fixlog 00:05:18 ====

  14. #14
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: [Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persis

    Thanks. Please do the following.

    Step#1 - ChkDsk Scan
    1. Click your Start Orb in the lower left of your computer and type cmd in the search box.
    2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.

    3. Answer Yes when asked to allow.
    4. You should now have a black window open that you can type in to.
    5. Please type chkdsk and then press enter.
    6. Chkdsk will start to run. Please allow it to finish. You will know it is running when you see text as follows.


    7. Download ListChkdskResult.exe by SleepyDude and save it on your desktop. If it's already downloaded to your desktop, just skip this step.
    8. Right-click this file and select Run as administrator (Allow if prompted)and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

  15. #15

    Re: [Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persis

    ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013


    ------< Log generate on 2/26/2017 3:43:01 PM >------
    Category: 0
    Computer Name: Owner-PC
    Event Code: 26212
    Record Number: 37967
    Source Name: Chkdsk
    Time Written: 02-26-2017 @ 23:42:43
    Event Type: Information
    User:
    Message: Chkdsk was executed in read-only mode on a volume snapshot.


    Checking file system on C:
    The type of the file system is NTFS.


    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.


    CHKDSK is verifying files (stage 1 of 3)...
    275968 file records processed.


    File verification completed.
    1456 large file records processed.


    0 bad file records processed.


    2 EA records processed.


    76 reparse records processed.


    CHKDSK is verifying indexes (stage 2 of 3)...
    359700 index entries processed.


    Index verification completed.
    0 unindexed files scanned.


    0 unindexed files recovered.


    CHKDSK is verifying security descriptors (stage 3 of 3)...
    275968 file SDs/SIDs processed.


    Cleaning up 398 unused index entries from index $SII of file 0x9.
    Cleaning up 398 unused index entries from index $SDH of file 0x9.
    Cleaning up 398 unused security descriptors.
    Security descriptor verification completed.
    41867 data files processed.


    CHKDSK is verifying Usn Journal...
    35075752 USN bytes processed.


    Usn Journal verification completed.
    Windows has checked the file system and found no problems.


    124930047 KB total disk space.
    109316920 KB in 216510 files.
    123028 KB in 41868 indexes.
    0 KB in bad sectors.
    383375 KB in use by the system.
    65536 KB occupied by the log file.
    15106724 KB available on disk.


    4096 bytes in each allocation unit.
    31232511 total allocation units on disk.
    3776681 allocation units available on disk.


    -----------------------------------------------------------------------
    Category: 0
    Computer Name: Owner-PC
    Event Code: 1001
    Record Number: 34314
    Source Name: Microsoft-Windows-Wininit
    Time Written: 12-27-2016 @ 09:13:32
    Event Type: Information
    User:
    Message:


    Checking file system on C:
    The type of the file system is NTFS.




    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk.


    CHKDSK is verifying files (stage 1 of 3)...
    The attribute of type 0x80 and instance tag 0x0 in file 0xe639
    has allocated length of 0x512870000 instead of 0x5128f0000.
    Deleted corrupt attribute list entry
    with type code 128 in file 58937.
    Unable to locate attribute with instance tag 0x0 and segment
    reference 0x49000000000154. The expected attribute type is 0x80.
    Deleting corrupt attribute record (128, $J)
    from file record segment 340.
    Unable to locate attribute with instance tag 0x0 and segment
    reference 0x27300000001becf. The expected attribute type is 0x80.
    Deleting corrupt attribute record (128, $J)
    from file record segment 114383.
    275968 file records processed.


    File verification completed.
    Deleting orphan file record segment 340.
    1607 large file records processed.


    0 bad file records processed.


    2 EA records processed.


    44 reparse records processed.


    CHKDSK is verifying indexes (stage 2 of 3)...
    356878 index entries processed.


    Index verification completed.
    CHKDSK is scanning unindexed files for reconnect to their original directory.
    1 unindexed files scanned.


    CHKDSK is recovering remaining unindexed files.
    1 unindexed files recovered.


    CHKDSK is verifying security descriptors (stage 3 of 3)...
    275968 file SDs/SIDs processed.


    Cleaning up 514 unused index entries from index $SII of file 0x9.
    Cleaning up 514 unused index entries from index $SDH of file 0x9.
    Cleaning up 514 unused security descriptors.
    Security descriptor verification completed.
    40456 data files processed.


    CHKDSK is verifying Usn Journal...
    Creating Usn Journal $J data stream
    Usn Journal verification completed.
    Correcting errors in the master file table's (MFT) BITMAP attribute.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.


    124930047 KB total disk space.
    114976604 KB in 209691 files.
    119868 KB in 40458 indexes.
    0 KB in bad sectors.
    348191 KB in use by the system.
    65536 KB occupied by the log file.
    9485384 KB available on disk.


    4096 bytes in each allocation unit.
    31232511 total allocation units on disk.
    2371346 allocation units available on disk.


    Internal Info:
    00 36 04 00 2e d1 03 00 da e5 06 00 00 00 00 00 .6..............
    2a 02 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 *...,...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


    Windows has finished checking your disk.
    Please wait while your computer restarts.


    -----------------------------------------------------------------------
    Category: 0
    Computer Name: Owner-PC
    Event Code: 1001
    Record Number: 23203
    Source Name: Microsoft-Windows-Wininit
    Time Written: 10-01-2014 @ 00:58:12
    Event Type: Information
    User:
    Message:


    Checking file system on G:
    The type of the file system is NTFS.
    Volume label is Media.




    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk.


    CHKDSK is verifying files (stage 1 of 3)...
    110080 file records processed.


    File verification completed.
    2 large file records processed.


    0 bad file records processed.


    0 EA records processed.


    0 reparse records processed.


    CHKDSK is verifying indexes (stage 2 of 3)...
    113646 index entries processed.


    Index verification completed.
    0 unindexed files scanned.


    0 unindexed files recovered.


    CHKDSK is verifying security descriptors (stage 3 of 3)...
    110080 file SDs/SIDs processed.


    Cleaning up 8 unused index entries from index $SII of file 0x9.
    Cleaning up 8 unused index entries from index $SDH of file 0x9.
    Cleaning up 8 unused security descriptors.
    Security descriptor verification completed.
    1783 data files processed.


    CHKDSK discovered free space marked as allocated in the volume bitmap.
    Windows has made corrections to the file system.


    732571647 KB total disk space.
    710666352 KB in 100919 files.
    48772 KB in 1785 indexes.
    0 KB in bad sectors.
    198403 KB in use by the system.
    65536 KB occupied by the log file.
    21658120 KB available on disk.


    4096 bytes in each allocation unit.
    183142911 total allocation units on disk.
    5414530 allocation units available on disk.


    Internal Info:
    00 ae 01 00 3b 91 01 00 78 d3 02 00 00 00 00 00 ....;...x.......
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


    -----------------------------------------------------------------------
    Category: 0
    Computer Name: Owner-PC
    Event Code: 1001
    Record Number: 22720
    Source Name: Microsoft-Windows-Wininit
    Time Written: 08-23-2014 @ 19:39:31
    Event Type: Information
    User:
    Message:


    Checking file system on G:
    The type of the file system is NTFS.
    Volume label is Media.




    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk.


    CHKDSK is verifying files (stage 1 of 3)...
    110080 file records processed.


    File verification completed.
    2 large file records processed.


    0 bad file records processed.


    0 EA records processed.


    0 reparse records processed.


    CHKDSK is verifying indexes (stage 2 of 3)...
    113640 index entries processed.


    Index verification completed.
    0 unindexed files scanned.


    0 unindexed files recovered.


    CHKDSK is verifying security descriptors (stage 3 of 3)...
    110080 file SDs/SIDs processed.


    Cleaning up 31 unused index entries from index $SII of file 0x9.
    Cleaning up 31 unused index entries from index $SDH of file 0x9.
    Cleaning up 31 unused security descriptors.
    Security descriptor verification completed.
    1780 data files processed.


    Windows has checked the file system and found no problems.


    732571647 KB total disk space.
    702960600 KB in 100915 files.
    48776 KB in 1782 indexes.
    0 KB in bad sectors.
    198403 KB in use by the system.
    65536 KB occupied by the log file.
    29363868 KB available on disk.


    4096 bytes in each allocation unit.
    183142911 total allocation units on disk.
    7340967 allocation units available on disk.


    Internal Info:
    00 ae 01 00 34 91 01 00 71 d3 02 00 00 00 00 00 ....4...q.......
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


    -----------------------------------------------------------------------
    Category: 0
    Computer Name: Owner-PC
    Event Code: 1001
    Record Number: 22498
    Source Name: Microsoft-Windows-Wininit
    Time Written: 08-09-2014 @ 21:44:21
    Event Type: Information
    User:
    Message:


    Checking file system on C:
    The type of the file system is NTFS.




    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk.


    CHKDSK is verifying files (stage 1 of 3)...
    The attribute of type 0x80 and instance tag 0x4 in file 0x10f1f
    has allocated length of 0x4000 instead of 0x20000.
    Deleting corrupt attribute record (128, "")
    from file record segment 69407.
    The attribute of type 0x80 and instance tag 0x4 in file 0x2578e
    has allocated length of 0x4000 instead of 0x20000.
    Deleting corrupt attribute record (128, "")
    from file record segment 153486.
    241408 file records processed.


    File verification completed.
    1023 large file records processed.


    0 bad file records processed.


    2 EA records processed.


    57 reparse records processed.


    CHKDSK is verifying indexes (stage 2 of 3)...
    320628 index entries processed.


    Index verification completed.
    0 unindexed files scanned.


    0 unindexed files recovered.


    CHKDSK is verifying security descriptors (stage 3 of 3)...
    241408 file SDs/SIDs processed.


    Cleaning up 372 unused index entries from index $SII of file 0x9.
    Cleaning up 372 unused index entries from index $SDH of file 0x9.
    Cleaning up 372 unused security descriptors.
    Security descriptor verification completed.
    Inserting data attribute into file 69407.
    Inserting data attribute into file 153486.
    39613 data files processed.


    CHKDSK is verifying Usn Journal...
    35674624 USN bytes processed.


    Usn Journal verification completed.
    CHKDSK discovered free space marked as allocated in the
    master file table (MFT) bitmap.
    CHKDSK discovered free space marked as allocated in the volume bitmap.
    Windows has made corrections to the file system.


    124930047 KB total disk space.
    116689284 KB in 167719 files.
    112940 KB in 39612 indexes.
    0 KB in bad sectors.
    347775 KB in use by the system.
    65536 KB occupied by the log file.
    7780048 KB available on disk.


    4096 bytes in each allocation unit.
    31232511 total allocation units on disk.
    1945012 allocation units available on disk.


    Internal Info:
    00 af 03 00 f0 29 03 00 e9 b9 05 00 00 00 00 00 .....)..........
    10 02 00 00 39 00 00 00 00 00 00 00 00 00 00 00 ....9...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


    Windows has finished checking your disk.
    Please wait while your computer restarts.


    -----------------------------------------------------------------------
    Category: 0
    Computer Name: Owner-PC
    Event Code: 1001
    Record Number: 11288
    Source Name: Microsoft-Windows-Wininit
    Time Written: 08-04-2012 @ 23:34:38
    Event Type: Information
    User:
    Message:


    Checking file system on C:
    The type of the file system is NTFS.




    One of your disks needs to be checked for consistency. You
    may cancel the disk check, but it is strongly recommended
    that you continue.
    Windows will now check the disk.


    CHKDSK is verifying files (stage 1 of 3)...
    149504 file records processed.


    File verification completed.
    345 large file records processed.


    0 bad file records processed.


    2 EA records processed.


    41 reparse records processed.


    CHKDSK is verifying indexes (stage 2 of 3)...
    201166 index entries processed.


    Index verification completed.
    0 unindexed files scanned.


    0 unindexed files recovered.


    CHKDSK is verifying security descriptors (stage 3 of 3)...
    149504 file SDs/SIDs processed.


    Cleaning up 452 unused index entries from index $SII of file 0x9.
    Cleaning up 452 unused index entries from index $SDH of file 0x9.
    Cleaning up 452 unused security descriptors.
    Security descriptor verification completed.
    25832 data files processed.


    CHKDSK is verifying Usn Journal...
    37432552 USN bytes processed.


    Usn Journal verification completed.
    Windows has checked the file system and found no problems.


    124930047 KB total disk space.
    64793648 KB in 120834 files.
    72456 KB in 25833 indexes.
    0 KB in bad sectors.
    256611 KB in use by the system.
    65536 KB occupied by the log file.
    59807332 KB available on disk.


    4096 bytes in each allocation unit.
    31232511 total allocation units on disk.
    14951833 allocation units available on disk.


    Internal Info:
    00 48 02 00 f6 3c 02 00 90 22 04 00 00 00 00 00 .H...<..."......
    ab 01 00 00 29 00 00 00 00 00 00 00 00 00 00 00 ....)...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


    Windows has finished checking your disk.
    Please wait while your computer restarts.


    -----------------------------------------------------------------------

  16. #16
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: [Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persis

    Check for Windows Updates and let me know what happens.

  17. #17

    Re: [Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persis

    Unfortunately, the restart loop still persists. "Restart your computer to install important updates."

    I tried restarting a few times.

  18. #18
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: [Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persis

    Please do the following again.

    1. Click your start button and type cmd in the search box.
    2. Right-click on cmd that comes up in the search results and select Run as administrator. Answer Yes to the UAC prompt if it appears.
    3. Copy/Paste the following into the command-prompt window and hit enter.
    reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /s >1.txt && notepad 1.txt

    4. Notepad will open showing the WU info. Can you copy and paste this into your next reply?

  19. #19

    Re: [Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persis

    Please see below:



    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
    SusClientIdValidation REG_BINARY 060228011E2A530030004D0053004E0045004100420036003000300038003500320020002000200020002000200006001FC6508F9D4D005300310043003800330042005A00430052003000320039003100380043006800610073007300690073002000530065007200690061006C0020004E0075006D00620065007200
    SusClientId REG_SZ 2f114d40-cf73-4a70-98cc-26f7036f2341
    LastRestorePointSetTime REG_SZ 2017-02-24 03:34:36


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
    NextSqmReportTime REG_SZ 2017-02-27 05:32:30
    FeaturedUpdatesNotificationSeqNum REG_DWORD 0x14dd
    FeaturedUpdatesNotificationSeqNumGenTime REG_SZ 2017-02-19 08:09:36
    AUOptions REG_DWORD 0x1
    IncludeRecommendedUpdates REG_DWORD 0x1
    ElevateNonAdmins REG_DWORD 0x1
    ActionCenterLastPossibleRestartNotification REG_SZ 2011-08-25 10:00:00
    ScheduledInstallDay REG_DWORD 0x0
    ScheduledInstallTime REG_DWORD 0x14
    LastRestoreId REG_SZ {2430A326-7F36-4DF0-BC6E-58F721EBA341}
    NextFeaturedUpdatesNotificationTime REG_SZ 2017-02-27 00:45:18
    FirstDetectionFailureTime REG_SZ 2017-02-27 00:45:22


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
    LastError REG_DWORD 0x80070bc9


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS
    UpdateCount REG_DWORD 0x0


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade
    AllowOSUpgrade REG_DWORD 0x0


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade\State
    OSUpgradeState REG_DWORD 0x1


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
    BatchFlushAge REG_DWORD 0x25c
    SamplingValue2 REG_DWORD 0x3a1


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d
    AuthorizationCab REG_SZ authcab.cab


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
    ValidatedPreWsus3RegistrationRequests REG_DWORD 0x1


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
    SelfUpdateStatus REG_DWORD 0x101
    SelfupdateUnmanaged REG_DWORD 0x1
    ServerId REG_SZ 9482f4b4-e343-43b6-b170-9a65bc822c77
    SetupHandlerUpdateId REG_SZ 61ca813a-7585-442e-a66b-b0d15ce6bdc0
    UpdateSessionId REG_DWORD 0xffffffff


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Results


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Results\SelfUpdate
    LastSuccessTime REG_SZ 2014-08-22 05:27:50
    RebootFailCount REG_DWORD 0x1
    LastError REG_DWORD 0x80070bc9

  20. #20
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    15,979

    Re: [Win7SP1] Win.Update doesn't update (infinite Restart loop uncorrected and persis

    Please do the following.

    Step#1 - SFCFix Script
    Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
    1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
    2. Download the file below, SFCScript.txt, and save this to your Desktop.
    3. Save any open documents and close all open windows.
    4. On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
    5. Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
    6. SFCFix will now process the script.
    7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
    8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please
    Attached Files Attached Files

Page 1 of 3 123 Last

Similar Threads

  1. Replies: 7
    Last Post: 03-26-2016, 01:34 PM
  2. Windows Update and IE11 loop on Win7Sp1
    By AndyH in forum Windows Update
    Replies: 36
    Last Post: 01-28-2016, 05:08 PM
  3. [SOLVED] Restart your computer to install important updates infinite loop
    By engineeringpunk in forum Windows Update
    Replies: 5
    Last Post: 12-22-2015, 11:55 AM
  4. [SOLVED] Yet another W7 update infinite loop
    By dpunk4 in forum Windows Update
    Replies: 22
    Last Post: 12-15-2015, 09:16 PM
  5. [SOLVED] Windows Update error 80070bc9 now become infinite Update restart loop
    By monsieurrigsby in forum Windows Update
    Replies: 23
    Last Post: 12-20-2013, 08:26 AM

Log in

Log in