[In Progress] Running slow and occassional crash

  • 8 Replies
  • 920 Views
*

Offline chuckles

  • Bronze Member
  • 101
[In Progress] Running slow and occassional crash
« on: October 18, 2018, 05:56:28 AM »
My Tradestation charting program and Mozilla Firefox have been crashing on occasion with an error message that says Computer Low on Memory. When I do C-Alt-D and check the Program Monitor, it appears I’m only using 3 G of 16 Gig of memory. Computer also seems slow at times, programs wait to open, etc.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/18/18
Scan Time: 7:20 AM
Log File: d48def11-d2c7-11e8-b155-74d02bc9909d.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7413
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steve-PC\Steve

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 315346
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Steve (administrator) on STEVE-PC (18-10-2018 07:44:00)
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Maxima Analytics) C:\Program Files (x86)\LVX\services\LvxCtrlSvc.exe
(Maxima Analytics) C:\Program Files (x86)\LVX\services\LvxLocalSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(© 2015 Microsoft Corporation) C:\Users\Steve\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dropbox, Inc.) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Dropbox, Inc.) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1476104 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [445416 2018-09-23] (LogMeIn, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-30] (Intel Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2013-11-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] ()
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\Run: [Dropbox Update] => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\Run: [BingSvc] => C:\Users\Steve\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe <==== ATTENTION
HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8898480 2018-07-16] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk [2013-11-04]
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-10-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2018-10-18]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{07C7AACC-E91A-4DB8-B194-4DC35B3D7807}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6411B234-E853-484A-BF8D-7F8FAE13820F}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2629409913-288290882-4150647290-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2629409913-288290882-4150647290-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-2629409913-288290882-4150647290-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2629409913-288290882-4150647290-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2013-11-06] (RealPlayer)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-18] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-10-08] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-10-08] (Oracle Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/event/ieatgpc1.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF DefaultProfile: o6vqx4br.default-1413636091724
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\o6vqx4br.default-1413636091724 [2018-10-18]
FF Homepage: Mozilla\Firefox\Profiles\o6vqx4br.default-1413636091724 -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\o6vqx4br.default-1413636091724 -> about:home
FF HomepageOverride: Mozilla\Firefox\Profiles\o6vqx4br.default-1413636091724 -> Enabled: web@Packages
FF NewTabOverride: Mozilla\Firefox\Profiles\o6vqx4br.default-1413636091724 -> Enabled: web@Packages
FF Extension: (Bing Search) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\o6vqx4br.default-1413636091724\Extensions\bingsearch.full@microsoft.com [2015-09-18] [Legacy] [not signed]
FF Extension: (Telemetry coverage) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\o6vqx4br.default-1413636091724\features\{838ef422-6f7f-4b2f-8d43-d7b557ad60f3}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Legacy]
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\o6vqx4br.default-1413636091724\searchplugins\bing-lavasoft.xml [2016-09-11]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-02-24] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-12-30] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-10-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-23] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2013-11-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2013-11-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2013-11-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-06] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2629409913-288290882-4150647290-1000: @adobe.com/Acrobat,version=5.1 -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll [2002-08-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2629409913-288290882-4150647290-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Steve\AppData\Roaming\Zoom\bin_00\npzoomplugin.dll [2018-06-23] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2629409913-288290882-4150647290-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll [2018-07-31] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2629409913-288290882-4150647290-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll [2018-07-31] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Steve\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-09-16] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2018-10-18]
CHR Extension: (Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-11-06]
CHR Extension: (Cisco Webex Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-10]
CHR Extension: (Skype) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Steve Brown: Southern NH area Listing...) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\odadamognedamdfdfgbefebfkfalnjon [2016-04-24]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-21]
CHR HKU\S-1-5-21-2629409913-288290882-4150647290-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [945152 2013-05-07] (ASUSTeK Computer Inc.) [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.22\AsusFanControlService.exe [1639424 2013-05-08] (ASUSTeK Computer Inc.) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249320 2016-11-09] (DTS, Inc)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-06-06] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2018-09-23] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [587752 2018-09-23] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 LvxCtrlSvc; C:\Program Files (x86)\LVX\services\LvxCtrlSvc.exe [829144 2015-07-23] (Maxima Analytics)
R2 LvxLocalSvc; C:\Program Files (x86)\LVX\services\LvxLocalSvc.exe [1084632 2015-07-23] (Maxima Analytics)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [311296 2011-08-01] (WDC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (hxxp://www.asmedia.com.tw) [File not signed]
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [545776 2017-09-22] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-03] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-18] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-10-18] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-12-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-12-11] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-12-11] (Acronis International GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 MpKsl39bacc83; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC8EC362-11CC-4FE6-B26B-174C7E90A476}\MpKsl39bacc83.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-18 07:44 - 2018-10-18 07:44 - 000027828 _____ C:\Users\Steve\Downloads\FRST.txt
2018-10-18 07:41 - 2018-10-18 07:44 - 000000000 ____D C:\FRST
2018-10-18 07:41 - 2018-10-18 07:41 - 000000000 ____D C:\Users\Steve\Downloads\FRST-OlderVersion
2018-10-18 07:40 - 2018-10-18 07:41 - 002414592 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2018-10-18 07:36 - 2018-10-18 07:36 - 000000000 ____D C:\Users\Steve\Documents\OneNote Notebooks
2018-10-18 07:35 - 2018-10-18 07:43 - 000000000 ____D C:\Users\Steve\Desktop\SpywareHammer
2018-10-18 07:18 - 2018-10-18 07:18 - 080509968 _____ (Malwarebytes ) C:\Users\Steve\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7401 (1).exe
2018-10-18 07:17 - 2018-10-18 07:17 - 080509968 _____ (Malwarebytes ) C:\Users\Steve\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7401.exe
2018-10-18 07:14 - 2018-10-18 07:14 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-10-18 07:14 - 2018-10-18 07:14 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-10-18 07:14 - 2018-10-18 07:14 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-10-18 07:12 - 2018-10-18 07:12 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-10-10 15:57 - 2018-10-10 15:57 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-05 17:17 - 2018-10-05 17:17 - 000019449 _____ C:\Users\Steve\Downloads\broker info sheet.pdf
2018-10-04 00:22 - 2018-10-04 00:22 - 000005760 _____ C:\Users\Steve\Downloads\GENERAL_STMT_209_STEPHEN_BROWN_20188.PDF
2018-10-03 20:20 - 2018-10-03 20:20 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-10-03 20:20 - 2018-10-03 20:20 - 000000000 ____D C:\Users\Steve\AppData\Local\mbamtray
2018-10-03 20:19 - 2018-10-03 20:19 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-03 20:19 - 2018-10-03 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-03 20:19 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-09-29 21:09 - 2018-09-29 21:09 - 000000000 ____D C:\Users\Steve\AppData\Local\mbam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-18 07:42 - 2016-11-17 23:39 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2018-10-18 07:40 - 2015-05-31 15:15 - 000000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2629409913-288290882-4150647290-1000.job
2018-10-18 07:19 - 2013-11-06 00:08 - 000000000 _____ C:\Windows\Path.idx
2018-10-18 07:19 - 2009-07-14 00:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-18 07:19 - 2009-07-14 00:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-18 07:17 - 2009-07-14 01:13 - 000777598 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-18 07:17 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-10-18 07:15 - 2015-06-20 19:29 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2629409913-288290882-4150647290-1000UA.job
2018-10-18 07:14 - 2014-01-27 17:46 - 000000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2018-10-18 07:14 - 2013-11-06 00:01 - 001048576 _____ C:\Windows\PE_Rom.dll
2018-10-18 07:13 - 2013-12-20 20:48 - 000003340 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2629409913-288290882-4150647290-1000
2018-10-18 07:13 - 2013-12-20 20:48 - 000003206 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2629409913-288290882-4150647290-1000
2018-10-18 07:13 - 2013-11-16 14:39 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Nitro PDF
2018-10-18 07:12 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-18 07:10 - 2013-11-08 14:32 - 000000000 ____D C:\ProgramData\LogMeIn
2018-10-18 07:08 - 2014-01-30 13:23 - 000000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2629409913-288290882-4150647290-1000.job
2018-10-18 06:19 - 2013-11-09 20:23 - 000000000 ____D C:\Users\Steve\Documents\Outlook Files
2018-10-18 01:54 - 2015-01-04 18:10 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FA6660F8-BAB8-4A8B-8CF1-1FC1FC509515}
2018-10-17 20:55 - 2013-10-31 23:20 - 000000000 ____D C:\Users\Steve
2018-10-17 09:15 - 2015-06-20 19:29 - 000000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2629409913-288290882-4150647290-1000Core.job
2018-10-15 17:48 - 2010-11-20 23:27 - 000559880 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-10-14 21:53 - 2017-07-08 21:19 - 000000000 ____D C:\Users\Steve\AppData\Local\GoToMeeting
2018-10-14 21:53 - 2015-05-31 15:15 - 000003660 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2629409913-288290882-4150647290-1000
2018-10-14 21:53 - 2014-01-30 13:23 - 000003564 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2629409913-288290882-4150647290-1000
2018-10-12 09:37 - 2013-11-16 14:36 - 000000000 ____D C:\Users\Steve\AppData\Roaming\PrimoPDF
2018-10-10 15:57 - 2014-04-17 21:23 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Dropbox
2018-10-10 04:42 - 2016-10-22 08:24 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-09 15:55 - 2018-03-13 20:55 - 000004462 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-09 15:55 - 2014-01-27 09:06 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-10-09 15:55 - 2013-11-04 10:35 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-09 15:55 - 2013-11-04 10:35 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-09 15:55 - 2013-11-04 10:35 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-09 15:55 - 2013-11-04 10:35 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-09 13:32 - 2015-06-14 20:17 - 000000000 ____D C:\Users\Steve\AppData\Roaming\VTTrader
2018-10-09 13:32 - 2013-10-31 23:28 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-10-09 13:31 - 2017-10-03 13:15 - 000000000 ____D C:\Users\Steve\Documents\NinjaTrader 8
2018-10-09 13:31 - 2017-10-03 13:15 - 000000000 ____D C:\Program Files (x86)\NinjaTrader 8
2018-10-08 12:51 - 2018-01-24 16:30 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-10-08 11:44 - 2014-08-08 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-10-08 11:44 - 2013-11-06 00:09 - 000000000 ____D C:\Program Files (x86)\Java
2018-10-08 11:43 - 2013-11-06 00:09 - 000098680 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-10-04 00:30 - 2013-11-01 19:10 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Adobe
2018-10-03 11:03 - 2017-06-22 09:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-10-03 11:03 - 2017-05-30 23:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-29 21:30 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\Cursors
2018-09-29 21:29 - 2014-09-24 10:54 - 000000080 _____ C:\Windows\Brownie.ini
2018-09-29 21:29 - 2014-09-22 21:02 - 000000013 _____ C:\Windows\BRVIDEO.INI
2018-09-29 21:21 - 2009-07-14 00:45 - 000446728 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-26 13:56 - 2013-11-01 15:51 - 000117016 _____ C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2018-09-23 16:02 - 2013-11-08 14:32 - 000000000 ____D C:\Program Files (x86)\LogMeIn
2018-09-23 16:01 - 2013-11-08 14:32 - 000114176 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll.000.bak
2018-09-23 16:01 - 2013-11-08 14:32 - 000114176 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2018-09-23 16:01 - 2013-11-08 14:32 - 000108512 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll.000.bak
2018-09-23 16:01 - 2013-11-08 14:32 - 000108512 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2018-09-22 09:10 - 2015-06-20 19:29 - 000003888 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2629409913-288290882-4150647290-1000UA
2018-09-22 09:10 - 2015-06-20 19:29 - 000003492 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2629409913-288290882-4150647290-1000Core
2018-09-21 16:43 - 2016-10-22 08:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-09-18 16:41 - 2017-05-30 23:22 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-18 16:41 - 2017-05-30 23:22 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2013-11-02 16:36 - 2013-11-02 16:36 - 000000320 _____ () C:\Users\Steve\AppData\Roaming\SEC517874.trad
2013-11-02 16:45 - 2013-11-02 16:45 - 000000320 _____ () C:\Users\Steve\AppData\Roaming\SEC540721.trad
2013-11-01 00:06 - 2013-11-01 00:06 - 000007648 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2015-11-11 21:14 - 2015-11-11 21:14 - 000144008 _____ (© 2015 Microsoft Corporation) C:\Users\Steve\AppData\Local\Temp\BingSvc.exe
2015-09-19 01:37 - 2015-11-11 21:14 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\Steve\AppData\Local\Temp\BSvcProcessor.exe
2015-09-19 01:37 - 2015-11-11 21:14 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\Steve\AppData\Local\Temp\BSvcUpdater.exe
2017-09-19 18:34 - 2017-09-19 18:34 - 000290304 _____ (Microsoft Corporation) C:\Users\Steve\AppData\Local\Temp\CakeTubeSdk.Windows.Service.subinacl.exe
2017-03-03 00:43 - 2018-09-29 21:29 - 003451392 _____ () C:\Users\Steve\AppData\Local\Temp\clean20.dll
2015-09-18 23:26 - 2015-09-18 23:26 - 002308240 _____ (Microsoft Corporation) C:\Users\Steve\AppData\Local\Temp\DefaultPack.EXE
2015-12-08 10:27 - 2015-12-08 10:27 - 000071168 _____ () C:\Users\Steve\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppathyh.dll
2017-03-03 00:43 - 2018-09-29 21:29 - 000008704 _____ (TradeStation Technologies) C:\Users\Steve\AppData\Local\Temp\GACInstaller.dll
2017-06-11 09:47 - 2017-09-14 00:18 - 050762208 _____ (Garmin Ltd or its subsidiaries) C:\Users\Steve\AppData\Local\Temp\GarminExpressInstaller.exe
2015-10-14 01:00 - 2015-10-14 01:00 - 000000000 _____ () C:\Users\Steve\AppData\Local\Temp\GUR3A22.exe
2017-08-18 21:11 - 2017-08-18 21:11 - 000000000 _____ () C:\Users\Steve\AppData\Local\Temp\GUR8D7F.exe
2016-09-07 16:58 - 2016-09-07 16:58 - 000035680 _____ () C:\Users\Steve\AppData\Local\Temp\i4jdel0.exe
2017-03-03 00:43 - 2018-09-29 21:29 - 000017920 _____ () C:\Users\Steve\AppData\Local\Temp\instutil.dll
2017-07-26 21:56 - 2017-07-26 21:56 - 000740416 _____ (Oracle Corporation) C:\Users\Steve\AppData\Local\Temp\jre-8u144-windows-au.exe
2017-11-30 11:35 - 2017-11-30 11:35 - 001856576 _____ (Oracle Corporation) C:\Users\Steve\AppData\Local\Temp\jre-8u151-windows-au.exe
2016-05-29 04:27 - 2016-05-29 04:27 - 000739904 _____ (Oracle Corporation) C:\Users\Steve\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-09-19 01:28 - 2018-06-08 10:34 - 000186688 _____ (RealNetworks, Inc.) C:\Users\Steve\AppData\Local\Temp\lowproc.exe
2017-03-03 00:43 - 2018-09-29 21:29 - 000005632 _____ (TradeStation) C:\Users\Steve\AppData\Local\Temp\RegistASM.exe
2017-05-19 15:42 - 2017-05-19 15:42 - 014608752 _____ (Samsung Electronics                                         ) C:\Users\Steve\AppData\Local\Temp\Samsung_Magician_Installer.exe
2015-09-19 01:28 - 2017-09-05 14:52 - 000096440 _____ (RealNetworks, Inc.) C:\Users\Steve\AppData\Local\Temp\stubhelper.dll
2017-03-03 00:43 - 2018-09-29 21:29 - 001548656 _____ (TradeStation Technologies, Inc.) C:\Users\Steve\AppData\Local\Temp\TSInst10.exe
2017-03-03 00:43 - 2018-09-29 21:29 - 000052736 _____ (TradeStation) C:\Users\Steve\AppData\Local\Temp\TSInstallCAUtils.dll
2018-10-09 13:31 - 2017-11-01 12:30 - 000455600 _____ (Macrovision Corporation) C:\Users\Steve\AppData\Local\Temp\_is4642.exe
2017-11-01 11:55 - 2017-03-04 16:37 - 000455600 _____ (Macrovision Corporation) C:\Users\Steve\AppData\Local\Temp\_isAA82.exe
2017-11-01 11:54 - 2017-03-04 16:37 - 000455600 _____ (Macrovision Corporation) C:\Users\Steve\AppData\Local\Temp\_isE946.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-15 00:26

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Steve (18-10-2018 07:44:19)
Running from C:\Users\Steve\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-11-01 03:20:33)
Boot Mode: Normal
==========================================================

[ the system is requiring me t split the post due to length]
« Last Edit: October 19, 2018, 11:02:52 PM by Hoov »

*

Offline chuckles

  • Bronze Member
  • 101
Re: Running slow and occassional crash
« Reply #1 on: October 18, 2018, 05:58:45 AM »
[continued]


==================== Accounts: =============================

Administrator (S-1-5-21-2629409913-288290882-4150647290-500 - Administrator - Disabled)
Guest (S-1-5-21-2629409913-288290882-4150647290-501 - Limited - Disabled)
Steve (S-1-5-21-2629409913-288290882-4150647290-1000 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}) (Version: 17.0.6673 - Acronis) Hidden
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.1 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
AI Suite III (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.44 - ASUSTeK Computer Inc.)
ANT Drivers Installer x64 (HKLM\...\{20AB389B-8602-403C-B19B-F0A1D6C510A5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.9) (Version: 5.0.1.9 - Coupons.com Incorporated)
CPUID ASUS CPU-Z 1.63 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.63 - CPUID, Inc.)
CrystalDiskMark 3.0.2f (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2f - Crystal Dew World)
Dropbox (HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\Dropbox) (Version: 59.4.93 - Dropbox, Inc.)
Dropbox Setup (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.0.4 - Dropbox, Inc.)
Elevated Installer (HKLM-x32\...\{6E257EB0-5EFF-416D-82D4-592924566BB4}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Garmin Express (HKLM-x32\...\{3e534d41-dcc4-4f51-9858-70dd42beb3d5}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E1C18A5C-63D7-4DC5-977F-5B4BAB4169D9}) (Version: 6.5.1.0 - Garmin Ltd or its subsidiaries) Hidden
GenesisDependencyInstaller (HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\1d1c516df34faca9) (Version: 3.2.1.40 - Microsoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{0FC4261B-F502-48B3-B1CF-60021C8F7D22}) (Version: 1.0.481 - LogMeIn, Inc.)
GoToMeeting 8.36.0.10831 (HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\GoToMeeting) (Version: 8.36.0.10831 - LogMeIn, Inc.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HL-5450DN (HKLM-x32\...\{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
hotComm® CL (HKLM-x32\...\hotComm® CL) (Version: 8.00.012x - 1stWorks Corporation)
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
LVX (HKLM-x32\...\{4F5D023A-9462-1290-C9AA-62BE83F0613C}) (Version: 4.20.9 - Chicago Board Options Exchange) Hidden
LVX (HKLM-x32\...\LVX_Prod) (Version: 2.2015.07.23 - Livevol Inc.)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySpeed v5.4.5 (HKLM-x32\...\{C3F2AE48-FEEB-4697-BFCE-FB9B17289A7F}) (Version: 5.04.0413 - Enounce Incorporated)
Nero12EssTSST (HKLM-x32\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS (HKLM-x32\...\{73602FD6-3749-461D-870C-D171C510191A}) (Version: ANH00-NH - )
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.1.2) (Version: 7.1.2 - Applian Technologies Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHARP MX/DX Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Simpler Trading Early In-N-Out Indicator TS 1.0 (HKLM-x32\...\Simpler Trading Early In-N-Out Indicator TS_is1) (Version:  - Simpler Options, LLC)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.23 (HKLM-x32\...\Skype_is1) (Version: 8.23 - Skype Technologies S.A.)
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.)
ST_HOLB_LOHB Indicator (HKLM-x32\...\ST_HOLB_LOHB Indicator) (Version:  - )
ST_MTF_Trend Indicator for Tradestation (HKLM-x32\...\ST_MTF_Trend Indicator for Tradestation) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Trade Navigator (HKLM-x32\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version:  - )
TradeStation 9.5 (HKLM-x32\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.00.3070 - TradeStation Technologies)
TradeStream Professional 2018 (HKLM-x32\...\TradeStream Professional_is1) (Version: 2018.3.29.0 - TradeStream Analytics Ltd.)
TTM Squeeze 2.2 (HKLM-x32\...\TTM Squeeze_is1) (Version:  - TradeTheMarkets.com)
TTM Squeeze Radar 3.2 (HKLM-x32\...\TTM Squeeze Radar_is1) (Version:  - TradeTheMarkets.com)
TTM Voodoo Lines (HKLM-x32\...\{6F988572-FE9A-48DB-B4B8-0F7C825E164D}) (Version: 1.0.0 - Trade The Markets)
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
VectorVest 7 (HKLM-x32\...\{04996b42-3644-41a7-8d57-0a93d811cdd6}) (Version: 1.33.39.0 - VectorVest, Inc.)
VisualTour Studio (HKLM-x32\...\VisualTour Studio) (Version: 6 - TRF Systems, Inc.)
VT Remote Support (HKLM-x32\...\VT Remote Support) (Version:  - TRF Systems, Inc.)
WD SmartWare Drive Manager (HKLM\...\{BEC2EFB7-93E4-4F5F-B056-602ACEC2B759}) (Version: 1.5.0 - Western Digital)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare Video Converter Ultimate(Build 9.0.0.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.0.4 - Wondershare Software)
zipForm6 (HKLM-x32\...\zipForm6) (Version: 1.0.0.0 - )
Zoom (HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll => No File
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Steve\AppData\Local\GoToMeeting\9508\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629409913-288290882-4150647290-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2013-10-01] (Acronis)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing, S.L.)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2013-10-01] (Acronis)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-12-15] (WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-2629409913-288290882-4150647290-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2629409913-288290882-4150647290-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2629409913-288290882-4150647290-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-09] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2BA262D3-D5B3-46A6-81EA-2A20527BAF7C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {31298CE8-603A-414B-9DBE-266EFFA84C07} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2629409913-288290882-4150647290-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {36AC4430-5E9B-420D-8D96-030436EA4866} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-30] (Google Inc.)
Task: {3D56EB33-9595-412B-BA84-B3A93B519BF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-30] (Google Inc.)
Task: {417FC7DD-6B7C-478B-8F56-4CE19B16266D} - System32\Tasks\DropboxSetup => C:\Program Files (x86)\Dropbox\DropboxSetup\DropboxSetup.exe [2015-06-19] ()
Task: {4B8F0300-73B8-40E5-AE64-344DEAA5FA5E} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-05-07] (ASUSTeK Computer Inc.)
Task: {649F0FBF-A7F1-429C-B310-703D10C9AA2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6567C4CC-38B8-4521-8340-03092A0D075A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2629409913-288290882-4150647290-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {6E7F5FA7-163D-4F92-B2A9-9F983869AA61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {7487FAF9-CFA1-40EA-B7CA-BA5124378B32} - System32\Tasks\{95BBD54F-CFE9-438B-A680-2E12502A8E7F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ZipLogix\zipForm6\zipForm6.exe" -d "C:\Program Files (x86)\ZipLogix\zipForm6\"
Task: {7A0F665E-E74E-4B16-8F1C-9D5B6CDF5D26} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {7A33DCF8-8AAA-4E45-8B14-02F669CCCBF3} - System32\Tasks\{BB416695-AF75-4755-96B3-99ADC5A9D3AD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}\setup.exe" -c -runfromtemp -l0x0009 -removeonly -PanelRemove
Task: {7DFABFC9-F6CB-481F-B27C-95E76039328C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9AF7193C-4066-445E-AA7C-B677BA3CBB22} - System32\Tasks\G2MUploadTask-S-1-5-21-2629409913-288290882-4150647290-1000 => C:\Users\Steve\AppData\Local\GoToMeeting\10831\g2mupload.exe [2018-10-14] (LogMeIn, Inc.)
Task: {9CF10A85-F795-4E16-996A-DB4E21A29DEB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9EEB4A68-87E3-4BC0-BB70-0551857E6C64} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-06-06] ()
Task: {A5C18412-B627-49F7-AEE2-60BD21ED8A33} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {AAB7BB24-CDBC-4D37-912E-0D94B613F7EC} - System32\Tasks\G2MUpdateTask-S-1-5-21-2629409913-288290882-4150647290-1000 => C:\Users\Steve\AppData\Local\GoToMeeting\10831\g2mupdate.exe [2018-10-14] (LogMeIn, Inc.)
Task: {B0C6E097-391A-4D8B-8379-B764EB66B601} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2629409913-288290882-4150647290-1000UA => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {B2B089F3-1F78-4A85-8A49-50CA800AE0A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B97BBD18-D715-49D8-8D39-F7F2714B6928} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BD91039C-6255-444E-BD67-9716187EAB51} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2629409913-288290882-4150647290-1000Core => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {BE4CC0D0-B02B-45E2-A775-CBEBCE3CD132} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C41EC623-8426-4E4F-A0EF-B54D7F0D85BF} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {E70303C5-86F5-4EA7-8474-36EDC17BA756} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-09] (Adobe Systems Incorporated)
Task: {E9033F01-B5B0-4E1E-A972-D6F54F4E1DB2} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {E92841AA-EFC6-4D07-A2A3-9DF6CFCF2B76} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-05-09] ()
Task: {EB516F08-E2AB-46B6-834A-6C9CC196C9D8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FEF44E94-F40D-427F-B804-19C466A43C02} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe [2017-05-19] (Samsung Electronics Co. Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2629409913-288290882-4150647290-1000Core.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2629409913-288290882-4150647290-1000UA.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2629409913-288290882-4150647290-1000.job => C:\Users\Steve\AppData\Local\GoToMeeting\10831\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2629409913-288290882-4150647290-1000.job => C:\Users\Steve\AppData\Local\GoToMeeting\10831\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-10-07 22:14 - 2012-09-18 15:27 - 000192512 _____ () C:\Windows\System32\zlhp1020.dll
2013-11-16 14:35 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-10-07 22:14 - 2012-09-18 15:27 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-05-07 03:45 - 2013-05-07 03:45 - 000936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2017-06-15 13:52 - 2018-09-23 16:01 - 002522104 _____ () C:\Program Files (x86)\LogMeIn\x64\ksu.dll
2014-10-07 22:14 - 2012-09-18 15:27 - 003162624 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2014-10-07 22:14 - 2012-09-18 15:27 - 001236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2018-10-03 20:19 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-10-03 20:19 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 001218360 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2013-10-01 11:26 - 2013-10-01 11:26 - 002810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 001221432 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
2013-11-05 23:57 - 2018-10-18 07:12 - 000029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2013-11-05 23:57 - 2013-05-07 03:45 - 000104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2018-06-06 14:31 - 2018-06-06 14:31 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2013-11-05 23:58 - 2013-05-07 16:45 - 000147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2013-11-05 23:58 - 2013-05-09 12:13 - 002686464 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2013-11-05 23:58 - 2013-05-03 19:40 - 001111040 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2013-11-05 23:59 - 2013-04-02 18:32 - 001173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2013-11-05 23:57 - 2013-05-07 03:45 - 000662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2013-11-05 23:58 - 2013-05-07 16:45 - 000053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 000010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll
2013-11-06 00:00 - 2012-01-19 10:39 - 000028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2013-11-05 23:58 - 2013-05-07 16:45 - 000208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2013-11-05 23:58 - 2013-05-07 16:45 - 000253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2013-11-06 00:00 - 2010-09-23 12:51 - 000114688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\AsIdxParser.dll
2013-11-06 00:00 - 2010-02-25 15:01 - 000139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 000497664 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\vvc2.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 000685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 000784384 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 000765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 000769024 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2013-11-05 23:58 - 2013-05-09 12:08 - 000904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\UsbPowerManager.dll
2018-10-10 15:57 - 2018-10-09 07:53 - 001140552 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-10-10 15:57 - 2018-10-09 07:53 - 002247496 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-09-25 13:40 - 2018-10-09 07:58 - 000023376 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:55 - 000025456 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000142312 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 001953640 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000025960 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:53 - 000117720 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\pywintypes35.dll
2018-09-25 13:40 - 2018-10-09 07:53 - 000109024 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000083784 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:53 - 000418264 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\pythoncom35.dll
2018-09-25 13:40 - 2018-10-09 07:53 - 000027616 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000049128 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000074072 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000131552 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:55 - 000025944 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000026600 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000182752 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000027616 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000118760 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000401752 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000028640 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000034664 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:53 - 000023704 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000053736 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000064992 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000059744 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000068968 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000028520 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:55 - 000027488 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000032408 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000156504 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000092488 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 001778000 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000518992 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000052056 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 001929552 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:57 - 003821392 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000044888 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000132944 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000218456 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000205656 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000061408 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000051552 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000027624 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000033632 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000028008 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000025960 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000025448 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000025960 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000031600 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:53 - 000486880 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000029040 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000029024 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:53 - 000036312 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\librsync.dll
2018-09-25 13:40 - 2018-10-09 07:58 - 000025960 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000433992 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-09-25 13:40 - 2018-10-09 07:58 - 000035680 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000025920 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-10-10 15:57 - 2018-10-09 07:56 - 001592128 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-10-10 15:57 - 2018-10-09 07:57 - 000102736 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000028520 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.shell32.compiled._winffi_shell32.cp35-win32.pyd
2018-09-25 13:40 - 2018-10-09 07:58 - 000029544 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000530768 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000348496 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd
2018-10-10 15:57 - 2018-10-09 07:56 - 000037200 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.cp35-win32.pyd
2014-10-16 10:23 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 000036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 000028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-07-04 22:31 - 2016-10-08 17:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-07-04 22:31 - 2016-07-21 11:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2013-10-31 23:28 - 2013-09-03 16:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 19:28 - 2014-02-04 19:28 - 000420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2629409913-288290882-4150647290-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-01-23 19:17 - 000000145 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
255.255.255.255   hcurltest5
255.255.255.255   vnsjs1.1stworks.com
76.74.166.147   hcurltest2
74.208.77.54   hcurltest1

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{21A1AE11-95D7-4E29-98A3-B68EE54ED13F}] => (Allow) LPort=2869
FirewallRules: [{31125C20-054F-4D3B-B7EE-41577FE420FC}] => (Allow) LPort=1900
FirewallRules: [{C2905159-84A8-4FE0-A075-50CD9E81753C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{1B0D23C4-99A0-4C8C-BEC2-23F9C4B9CBED}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{30605CA5-2F71-47C0-B459-1C128DC62EE0}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{94F13A7F-5B78-4DC0-9535-3A32AFE54B23}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [TCP Query User{7A2A186A-B013-42B7-92FB-490DB8EB2324}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [UDP Query User{60409D79-3331-4547-A23F-735DBFB80E4C}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Allow) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [TCP Query User{EF0C0001-DA14-48CA-BA09-A2B516EB3D42}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe] => (Allow) C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe
FirewallRules: [UDP Query User{F18FB17B-F2F0-4916-B32B-42AAD832BD9D}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe] => (Allow) C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe
FirewallRules: [{6607007C-CDCD-4106-B55F-BE86D7F67A1B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{139817A0-7F3B-4249-AD04-C8D1B9960D66}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Block) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [UDP Query User{9E79DCE7-D2B1-4DA7-81B4-CF364864C9D8}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Block) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [{150FAC61-2252-432E-AA08-2279D5D034DF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{658A5FFA-9842-45BB-A451-25992A2879B2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{80BB75C3-5EAB-47A0-A999-4BFA99408A7E}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{1653F6EC-98E6-46BE-BDD0-2CA36AD337D4}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [{67A64A37-5C0A-446A-9F3F-BF3496985337}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF09EBC2-707A-4600-89BD-B5E2F1086CA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D6FB8393-5B30-43D0-B525-EB4E24531EAC}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{EFEC7210-5402-4CCB-96F2-99E38B214E4F}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [TCP Query User{24290C9D-0EC0-401D-B4AE-90D1F9437799}C:\users\steve\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\steve\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{2CA2E633-2D4B-4AD1-AAFA-39EE54785B07}C:\users\steve\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\steve\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{68685A12-7735-4726-B3DB-9308F0A7951E}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{818B883E-BEDC-4A73-A319-3A499559C971}C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [TCP Query User{2274E0C1-B2A6-40A4-8F9A-51D6F74BC647}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F93F80F3-CFAD-448F-8F2B-A5F244713F7E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F93A4129-EE3D-4570-B235-5AC89823EC55}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [UDP Query User{9357080C-7DE2-4FAD-A260-BFE3289C8D33}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [{C7FDC3A3-0AFE-4AEC-AED1-84F5581F7C64}] => (Block) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [{3F3B879A-5933-4B35-BBB1-ACBBAF707EB7}] => (Block) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [TCP Query User{AA6CBA5C-BD02-4053-B1D9-11305536EF53}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{9C26A072-B1B3-4EA5-9C64-1DB7C5935794}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [{6E1B98C1-D9BA-4DAD-B270-01310A806C0C}] => (Block) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [{065D9817-CDF9-4714-9EAC-6CBA60B8E8E1}] => (Block) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [{2C4DA205-C322-489E-AFF9-3A8F05853BEF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{8C632EE5-5A37-4CF2-92AA-78EB62ADC738}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{80316FA3-C91C-49F8-B27B-234752F09310}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-10-2018 13:31:21 Removed NinjaTrader 8
09-10-2018 13:32:03 Removed NETGEAR WNDA3100v2 wireless USB 2.0 adapter
09-10-2018 13:42:23 Windows Update
10-10-2018 05:32:07 Removed StreetSmart Edge®
12-10-2018 19:22:14 Windows Update
16-10-2018 09:38:16 Windows Update

==================== Faulty Device Manager Devices =============

Name: MpKsl39bacc83
Description: MpKsl39bacc83
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl39bacc83
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


*

Offline chuckles

  • Bronze Member
  • 101
Re: Running slow and occassional crash
« Reply #2 on: October 18, 2018, 06:01:50 AM »

==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2018 07:14:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/18/2018 07:00:05 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Steve-PC)
Description: Application or service 'TradeStation Charting' could not be shut down.

Error: (10/18/2018 04:31:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: orchart.exe, version: 9.50.0.3070, time stamp: 0x5823c28f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24150, time stamp: 0x5b0cba25
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x2308
Faulting application start time: 0x01d465c4c91f15d1
Faulting application path: C:\Program Files (x86)\TradeStation 9.5\Program\orchart.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 33833d6c-d2b0-11e8-b6ab-74d02bc9909d

Error: (10/18/2018 04:31:09 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: orchart.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.OutOfMemoryException
   at System.Xml.XmlDictionaryReader.ReadContentAsBase64(Int32, Int32)
   at System.Xml.XmlBaseReader.ReadContentAsBase64()
   at System.Xml.XmlDictionaryReader.ReadElementContentAsBase64()
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter+PartInfo.ReadValue(System.Xml.XmlDictionaryReader)
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter.DeserializeParameter(System.Xml.XmlDictionaryReader, PartInfo)
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter.DeserializeParameters(System.Xml.XmlDictionaryReader, PartInfo[], System.Object[])
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter.DeserializeRequest(System.Xml.XmlDictionaryReader, System.Object[])
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter.DeserializeRequest(System.ServiceModel.Channels.Message, System.Object[])
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.DeserializeInputs(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage41(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean)
   at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(System.ServiceModel.Channels.RequestContext, Boolean, System.ServiceModel.OperationContext)
   at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(System.ServiceModel.Channels.RequestContext, System.ServiceModel.OperationContext)
   at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(System.IAsyncResult)
   at System.ServiceModel.Dispatcher.ChannelHandler.OnAsyncReceiveComplete(System.IAsyncResult)
   at System.Runtime.Fx+AsyncThunk.UnhandledExceptionFrame(System.IAsyncResult)
   at System.Runtime.AsyncResult.Complete(Boolean)
   at System.ServiceModel.Channels.TransportDuplexSessionChannel+TryReceiveAsyncResult.OnReceive(System.IAsyncResult)
   at System.Runtime.Fx+AsyncThunk.UnhandledExceptionFrame(System.IAsyncResult)
   at System.Runtime.AsyncResult.Complete(Boolean)
   at System.ServiceModel.Channels.SynchronizedMessageSource+ReceiveAsyncResult.OnReceiveComplete(System.Object)
   at System.ServiceModel.Channels.SessionConnectionReader.OnAsyncReadComplete(System.Object)
   at System.ServiceModel.Channels.PipeConnection.OnAsyncReadComplete(Boolean, Int32, Int32)
   at System.ServiceModel.Channels.OverlappedContext.CompleteCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Runtime.Fx+IOCompletionThunk.UnhandledExceptionFrame(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (10/16/2018 10:54:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/16/2018 07:14:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: orchart.exe, version: 9.50.0.3070, time stamp: 0x5823c28f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24150, time stamp: 0x5b0cba25
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x2500
Faulting application start time: 0x01d46554424dd6b8
Faulting application path: C:\Program Files (x86)\TradeStation 9.5\Program\orchart.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 30328a3e-d199-11e8-b737-74d02bc9909d

Error: (10/16/2018 07:14:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: orchart.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.OutOfMemoryException
   at System.Xml.XmlDictionaryReader.ReadContentAsBase64(Int32, Int32)
   at System.Xml.XmlBaseReader.ReadContentAsBase64()
   at System.Xml.XmlDictionaryReader.ReadElementContentAsBase64()
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter+PartInfo.ReadValue(System.Xml.XmlDictionaryReader)
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter.DeserializeParameter(System.Xml.XmlDictionaryReader, PartInfo)
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter.DeserializeParameters(System.Xml.XmlDictionaryReader, PartInfo[], System.Object[])
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter.DeserializeRequest(System.Xml.XmlDictionaryReader, System.Object[])
   at System.ServiceModel.Dispatcher.PrimitiveOperationFormatter.DeserializeRequest(System.ServiceModel.Channels.Message, System.Object[])
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.DeserializeInputs(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage41(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage31(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage3(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage2(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage1(System.ServiceModel.Dispatcher.MessageRpc ByRef)
   at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean)
   at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(System.ServiceModel.Channels.RequestContext, Boolean, System.ServiceModel.OperationContext)
   at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(System.ServiceModel.Channels.RequestContext, System.ServiceModel.OperationContext)
   at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(System.IAsyncResult)
   at System.ServiceModel.Dispatcher.ChannelHandler.OnAsyncReceiveComplete(System.IAsyncResult)
   at System.Runtime.Fx+AsyncThunk.UnhandledExceptionFrame(System.IAsyncResult)
   at System.Runtime.AsyncResult.Complete(Boolean)
   at System.ServiceModel.Channels.TransportDuplexSessionChannel+TryReceiveAsyncResult.OnReceive(System.IAsyncResult)
   at System.Runtime.Fx+AsyncThunk.UnhandledExceptionFrame(System.IAsyncResult)
   at System.Runtime.AsyncResult.Complete(Boolean)
   at System.ServiceModel.Channels.SynchronizedMessageSource+ReceiveAsyncResult.OnReceiveComplete(System.Object)
   at System.ServiceModel.Channels.SessionConnectionReader.OnAsyncReadComplete(System.Object)
   at System.ServiceModel.Channels.PipeConnection.OnAsyncReadComplete(Boolean, Int32, Int32)
   at System.ServiceModel.Channels.OverlappedContext.CompleteCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Runtime.Fx+IOCompletionThunk.UnhandledExceptionFrame(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (10/16/2018 09:28:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (10/18/2018 07:20:41 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.

Error: (10/18/2018 07:12:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
 and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2018 07:12:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
 and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2018 07:03:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {44D304D4-55F4-455C-B159-FB88DD525B47} did not register with DCOM within the required timeout.

Error: (10/18/2018 06:41:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/18/2018 06:41:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (10/18/2018 06:41:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (10/16/2018 10:52:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
 and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-10-18 07:34:03.827
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-18 07:12:48.443
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-18 07:08:48.406
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-18 06:59:05.164
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-18 04:16:15.179
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-17 23:59:24.064
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-17 22:26:57.895
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-17 20:55:58.583
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 16063.66 MB
Available physical RAM: 12178.67 MB
Total Virtual: 16261.83 MB
Available Virtual: 12282.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:61.21 GB) NTFS
Drive y: (Share Drive) (Network) (Total:3663.11 GB) (Free:1210.62 GB) NTFS

\\?\Volume{fa53452d-4257-11e3-8022-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: D9F4A5D1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
esult of Security Analysis by Rocket Grannie (x86) Updated: 06th, October 2018
Running from:C:\Users\Steve\Desktop (07:50:52 - 10/18/2018)
***---------------------------------------------------------***
Microsoft Windows 7 Professional X64 Service Pack 1
UAC is Enabled
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Microsoft Security Essentials (Enabled - up to Date)
Microsoft Security Essentials (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (31.0.0.122)
Adobe Acrobat Reader DC (19.008.20074)
CCleaner (4.17) ==> is out of Date
Google Chrome (69.0.3497.100)
Java (8.0.1810.13)
Malwarebytes (3.6.1.2711)
Microsoft Security Essentials (4.10.209.0)
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (62.0.3)
SUPERAntiSpyware (6.0.1254)

***----------------Analysis Complete-------------------------***


Thanks for being there!

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27171
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Running slow and occassional crash
« Reply #3 on: October 19, 2018, 11:09:57 PM »
I did not get to far into the logs and I found something disturbing. Is your computer connected directly to a cable or a piece of fiber coming into your home with no modem on it? Also can you tell me, do these programs crash right away, or only after they have been running a while?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline chuckles

  • Bronze Member
  • 101
Re: [In Progress] Running slow and occassional crash
« Reply #4 on: November 17, 2018, 04:59:40 PM »
After they have been running for a while.
I use Tradestation for stock trading. I leave it on a lot.
It uses a lot of data. This just started recently.
I am on a regular xfinity in home cable modem.

*

Offline chuckles

  • Bronze Member
  • 101
Re: [In Progress] Running slow and occassional crash
« Reply #5 on: November 17, 2018, 05:06:57 PM »
Here are a couple of photo screen captures of the error.

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27171
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Running slow and occassional crash
« Reply #6 on: November 18, 2018, 06:08:51 AM »
Well after doing some reading, this is not a malware problem, or does not seem like it. It seems like there are a lot of people with the same issues. Do you clean out the Tradestation cache at all?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

*

Offline chuckles

  • Bronze Member
  • 101
Re: [In Progress] Running slow and occassional crash
« Reply #7 on: November 18, 2018, 08:26:55 AM »
Cache,
No I don't know how to do that but it might help?
Also, They have a software version update, but in the past, we've waited until they get the bugs out.
I can check with them about this.

What about the cache?

*

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • 27171
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!