Jump to content

S1rTr4sh4l0t

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by S1rTr4sh4l0t

  1. Ok, just making sure. I ran it 2x and it and came back saying that "Windows Protection Resource did not find any integrity violations." Also, I tried running System Restore but kept getting an error (0x80070005). All antivirus programs were turned off (and MBAM has essentially been rendered useless at this point). Imgur link to the snapshot of the error. I certainly don't mean to be wasting your time with this, so if there's nothing else that can be done I understand. It's probably time for a good ole drive wipe anyway.
  2. Also, for what its worth, MBAM and several other programs are crashing.
  3. I glanced over the article, but it seems to address only Vista & Server 8 (and the other link addresses XP). Would this still apply to Win 7?
  4. Ok, awesome. MiniToolBox: MiniToolBox by Farbar Version: 06-07-2014 Ran by Marcus (administrator) on 09-07-2014 at 21:59:07 Running from "C:\Users\Marcus\Desktop" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Qualcomm Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected) TAP-Windows Adapter V9 = Local Area Connection 2 (Connected) Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled add address name="ethernet_28" address=192.168.56.1 mask=255.255.255.0 add address name="Local Area Connection 2" address=169.254.123.55 mask=255.255.0.0 popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : AsusLaptop Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-CD-55-10-AF DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 169.254.123.55(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 2A-5D-60-81-1C-64 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 74-F0-6D-B3-C3-B1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) Physical Address. . . . . . . . . : BC-AE-C5-16-95-C3 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Qualcomm Atheros AR9285 Wireless Network Adapter Physical Address. . . . . . . . . : 48-5D-60-81-1C-64 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::edae:4a5f:6830:a23a%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.124(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, July 09, 2014 9:31:03 PM Lease Expires . . . . . . . . . . : Thursday, July 10, 2014 9:31:07 PM Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 189291872 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-35-C7-66-BC-AE-C5-16-95-C3 DNS Servers . . . . . . . . . . . : 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter 6TO4 Adapter: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 21: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #12 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{CD5510AF-59AD-4D7D-B575-F1EF328DE200}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #13 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{48971C12-C8FC-4C34-AA79-FA81C40F99FA}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #14 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.2.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Pinging google.com [173.194.37.39] with 32 bytes of data: Reply from 173.194.37.39: bytes=32 time=36ms TTL=52 Reply from 173.194.37.39: bytes=32 time=31ms TTL=52 Ping statistics for 173.194.37.39: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 31ms, Maximum = 36ms, Average = 33ms DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.2.1 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=79ms TTL=45 Reply from 98.138.253.109: bytes=32 time=73ms TTL=45 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 73ms, Maximum = 79ms, Average = 76ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 17...00 ff cd 55 10 af ......TAP-Windows Adapter V9 15...2a 5d 60 81 1c 64 ......Microsoft Virtual WiFi Miniport Adapter 14...74 f0 6d b3 c3 b1 ......Bluetooth Device (Personal Area Network) 12...bc ae c5 16 95 c3 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) 11...48 5d 60 81 1c 64 ......Qualcomm Atheros AR9285 Wireless Network Adapter 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #12 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #13 32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #14 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.124 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 169.254.123.55 286 169.254.123.55 255.255.255.255 On-link 169.254.123.55 286 169.254.255.255 255.255.255.255 On-link 169.254.123.55 286 192.168.2.0 255.255.255.0 On-link 192.168.2.124 281 192.168.2.124 255.255.255.255 On-link 192.168.2.124 281 192.168.2.255 255.255.255.255 On-link 192.168.2.124 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 169.254.123.55 286 224.0.0.0 240.0.0.0 On-link 192.168.2.124 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 169.254.123.55 286 255.255.255.255 255.255.255.255 On-link 192.168.2.124 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 11 281 fe80::/64 On-link 11 281 fe80::edae:4a5f:6830:a23a/128 On-link 1 306 ff00::/8 On-link 11 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (07/09/2014 09:31:32 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 09:25:29 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/09/2014 09:04:39 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 09:04:18 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeFailed to create process. [1018] Error: (07/08/2014 10:20:54 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2014 02:00:57 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 11:14:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 10:08:00 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 09:25:27 PM) (Source: Application Error) (User: ) Description: Faulting application name: plugin-container.exe, version: 30.0.0.5269, time stamp: 0x53914233 Faulting module name: mozalloc.dll, version: 30.0.0.5269, time stamp: 0x53911393 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x1b44 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (07/07/2014 08:20:52 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/09/2014 09:31:48 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/09/2014 09:31:46 PM) (Source: Service Control Manager) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (07/09/2014 09:31:46 PM) (Source: Service Control Manager) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (07/09/2014 09:31:45 PM) (Source: Service Control Manager) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (07/09/2014 09:31:45 PM) (Source: Service Control Manager) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (07/09/2014 09:31:46 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (07/09/2014 09:31:45 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (07/09/2014 09:31:32 PM) (Source: Service Control Manager) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (07/09/2014 09:31:32 PM) (Source: Service Control Manager) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (07/09/2014 09:31:32 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Microsoft Office Sessions: ========================= Error: (07/09/2014 09:31:32 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 09:25:29 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (07/09/2014 09:04:39 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/09/2014 09:04:18 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeFailed to create process. [1018] Error: (07/08/2014 10:20:54 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/08/2014 02:00:57 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 11:14:35 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 10:08:00 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/07/2014 09:25:27 PM) (Source: Application Error)(User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b1b4401cf9a4adfa37680C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1f273b2a-0647-11e4-b3f2-74f06db3c3b1 Error: (07/07/2014 08:20:52 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-07-09 21:01:57.281 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-09 21:01:57.205 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{5CEBB0CE-1783-40C2-A7E1-02EE705820F0}) (Version: 1.0 - Eyeo GmbH) Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - ) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.2.3 - Angry IP Scanner) Anki (HKLM-x32\...\Anki) (Version: - ) AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Box Sync (HKLM\...\{86E0470C-6250-4FCD-8903-AC3D49EB98D7}) (Version: 4.0.5078.0 - Box, Inc.) Box Sync (x32 Version: 4.0.4758.0 - Box Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) Copy (HKLM\...\{2242404A-D301-470B-A8C4-41F47A53D602}) (Version: 1.40.196.0 - Barracuda Networks, Inc.) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) EagleGet version 1.1.8.3 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 1.1.8.3 - EagleGet) ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.) Fresco Logic USB3.0 Host Controller (HKLM\...\{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}) (Version: 3.0.105.11 - Fresco Logic Inc.) Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC) iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) mBackup (HKLM-x32\...\{43AC78D1-3BE9-405F-AE04-6FE679885E2A}) (Version: 3.01 - mSeven Software) MEGAsync 1.0 (HKLM-x32\...\MEGAsync) (Version: 1.0 - Mega Limited) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1166.0618 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiniTool Power Data Recovery - Bootable Media Builder 6.8 (HKLM-x32\...\{33187B46-F813-428A-8EE0-4B721B838C2C}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) mSecure (HKLM-x32\...\{A19A3191-0AB6-453F-B237-A37677356F07}) (Version: 3.143 - mSeven Software LLC) Nmap 6.40 (HKLM-x32\...\Nmap) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team) NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation) NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Optimus Update 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden OpenSSL 1.0.1e Light (64-bit) (HKLM\...\OpenSSL Light (64-bit)_is1) (Version: - OpenSSL Win64 Installer Team) OpenVPN 2.3.2-I003 (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - ) Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA) PC Remote (HKLM-x32\...\{A9364C10-E23A-4598-8B56-790461B983C0}) (Version: 3.48 - PC Remote) PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC) Plex Media Server (HKLM-x32\...\{bcb7db0e-500f-445b-8200-bdde7f3c7f08}) (Version: 0.9.910 - Plex, Inc.) Plex Media Server (x32 Version: 0.9.910 - Plex, Inc.) Hidden Prezi (HKLM-x32\...\{BD44409B-A691-4B97-B33D-F07E1DE791F3}) (Version: 5.0.5 - Prezi.com) Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.) Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32) PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform) System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Tresorit (HKLM-x32\...\{35FD2DF3-B635-40B8-9FF6-68C021F02FB7}) (Version: 1.0.217.194 - Tresorit) Trustedbird 17.0.7 (x86 en-US) (HKLM-x32\...\Trustedbird 17.0.7 (x86 en-US)) (Version: 17.0.7 - Mozilla) Unified Remote (HKLM-x32\...\{F9CFFF94-4077-417B-87B0-C5B75F5D7707}) (Version: 2.14.0.0 - Unified Remote) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) Wireshark 1.10.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.8 - The Wireshark developer community, http://www.wireshark.org) YNAB 4 version 4.3.543 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.543 - YouNeedABudget.com) ========================= Devices: ================================ Name: USB Input Device Description: USB Input Device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: HidUsb Name: MBAMWebAccessControl Description: MBAMWebAccessControl Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MBAMWebAccessControl Name: Microsoft Bluetooth Enumerator Description: Microsoft Bluetooth Enumerator Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Microsoft Service: BthEnum Name: WAN Miniport (IKEv2) Description: WAN Miniport (IKEv2) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasAgileVpn Name: cpudrv64 Description: cpudrv64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: cpudrv64 Name: UMBus Enumerator Description: UMBus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: Ancillary Function Driver for Winsock Description: Ancillary Function Driver for Winsock Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AFD Name: Intel® 5 Series/3400 Series Chipset Family 4 Port SATA AHCI Controller - 3B29 Description: Intel® 5 Series/3400 Series Chipset Family 4 Port SATA AHCI Controller - 3B29 Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: msahci Name: High Definition Audio Controller Description: High Definition Audio Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Name: Intel® 82802 Firmware Hub Device Description: Intel® 82802 Firmware Hub Device Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Intel® Core i7 CPU Q 740 @ 1.73GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: Intel® processor System Control and Status Registers - D157 Description: Intel® processor System Control and Status Registers - D157 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: NVIDIA High Definition Audio Description: NVIDIA High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: NVHDA Name: Bluetooth Device (Personal Area Network) Description: Bluetooth Device (Personal Area Network) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Name: Null Description: Null Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Null Name: WAN Miniport (L2TP) Description: WAN Miniport (L2TP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: Rasl2tp Name: Mount Point Manager Description: Mount Point Manager Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mountmgr Name: Intel® processor Integrated Memory Controller Channel 0 Address Registers - 2CA1 Description: Intel® processor Integrated Memory Controller Channel 0 Address Registers - 2CA1 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: USB Input Device Description: USB Input Device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: HidUsb Name: ammntdrv Description: ammntdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ammntdrv Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Intel® QuickPath Architecture Generic Non-Core Registers - 2C52 Description: Intel® QuickPath Architecture Generic Non-Core Registers - 2C52 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: TCP/IP Protocol Driver Description: TCP/IP Protocol Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Tcpip Name: NvStreamKms Description: NvStreamKms Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NvStreamKms Name: System Attribute Cache Description: System Attribute Cache Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: discache Name: Programmable interrupt controller Description: Programmable interrupt controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: HID-compliant consumer control device Description: HID-compliant consumer control device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Microsoft Service: Name: Bluetooth Device (RFCOMM Protocol TDI) Description: Bluetooth Device (RFCOMM Protocol TDI) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RFCOMM Name: WAN Miniport (Network Monitor) Description: WAN Miniport (Network Monitor) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: Windows Firewall Authorization Driver Description: Windows Firewall Authorization Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mpsdrv Name: amwrtdrv Description: amwrtdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: amwrtdrv Name: TCP/IP Registry Compatibility Description: TCP/IP Registry Compatibility Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tcpipreg Name: LDDM Graphics Subsystem Description: LDDM Graphics Subsystem Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: DXGKrnl Name: System timer Description: System timer Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Performance Counters for Windows Driver Description: Performance Counters for Windows Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: pcw Name: WAN Miniport (IP) Description: WAN Miniport (IP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: Intel® 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B34 Description: Intel® 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B34 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Name: Intel® Management Engine Interface Description: Intel® Management Engine Interface Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: HECIx64 Name: Crucial_CT240M500SSD1 ATA Device Description: Disk drive Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard disk drives) Service: disk Name: Intel® processor Miscellaneous Registers - D158 Description: Intel® processor Miscellaneous Registers - D158 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Bluetooth HID Device Description: Bluetooth HID Device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Microsoft Service: HidBth Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Intel® processor Integrated Memory Controller Channel 0 Rank Registers - 2CA2 Description: Intel® processor Integrated Memory Controller Channel 0 Rank Registers - 2CA2 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: NetIO Legacy TDI Support Driver Description: NetIO Legacy TDI Support Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tdx Name: NVIDIA High Definition Audio Description: NVIDIA High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: NVHDA Name: PEAUTH Description: PEAUTH Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: PEAUTH Name: High precision event timer Description: High precision event timer Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Intel® QuickPath Architecture System Address Decoder - 2C81 Description: Intel® QuickPath Architecture System Address Decoder - 2C81 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: WAN Miniport (IPv6) Description: WAN Miniport (IPv6) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: Microsoft AC Adapter Description: Microsoft AC Adapter Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: CmBatt Name: avast! HardwareID Description: avast! HardwareID Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswHwid Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Direct memory access controller Description: Direct memory access controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Intel® Core i7 CPU Q 740 @ 1.73GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: WAN Miniport (PPPOE) Description: WAN Miniport (PPPOE) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasPppoe Name: ATK0100 ACPI UTILITY Description: ATK0100 ACPI UTILITY Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: ATK Service: MTsensor Name: HID-compliant device Description: HID-compliant device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Name: Intel® 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B3C Description: Intel® 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B3C Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Name: Intel® processor DMI - D132 Description: Intel® processor DMI - D132 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: ATA Channel 0 Description: IDE Channel Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Name: Intel® processor Integrated Memory Controller Channel 0 Thermal Control Registers - 2CA3 Description: Intel® processor Integrated Memory Controller Channel 0 Thermal Control Registers - 2CA3 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: High Definition Audio Controller Description: High Definition Audio Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Name: WAN Miniport (PPTP) Description: WAN Miniport (PPTP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: PptpMiniport Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Intel® QPI Link - 2C90 Description: Intel® QPI Link - 2C90 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: aswRdr Description: aswRdr Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRdr Name: PCI bus Description: PCI bus Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: pci Name: Fresco Logic xHCI (USB3) Root Hub Description: Fresco Logic xHCI (USB3) Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Fresco Logic Service: FLxHCIh Name: High Definition Audio Device Description: High Definition Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Name: Microsoft Virtual WiFi Miniport Adapter Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Name: ATA Channel 1 Description: IDE Channel Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: QoS Packet Scheduler Description: QoS Packet Scheduler Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Psched Name: ACPI Fixed Feature Button Description: ACPI Fixed Feature Button Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: WAN Miniport (SSTP) Description: WAN Miniport (SSTP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasSstp Name: PCI bus Description: PCI bus Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: pci Name: Generic Bluetooth Adapter Description: Generic Bluetooth Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: GenericAdapter Service: BTHUSB Name: avast! Revert Description: avast! Revert Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Name: VgaSave Description: VgaSave Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: VgaSave Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 1 - 3B42 Description: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 1 - 3B42 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Bitlocker Drive Encryption Filter Driver Description: Bitlocker Drive Encryption Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: fvevol Name: Intel® processor PCI Express Root Port 1 - D138 Description: Intel® processor PCI Express Root Port 1 - D138 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: System CMOS/real time clock Description: System CMOS/real time clock Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Privacyware Filter Driver Description: Privacyware Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: pwipf6 Name: msisadrv Description: msisadrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: msisadrv Name: Intel® processor Integrated Memory Controller Channel 1 Control Registers - 2CA8 Description: Intel® processor Integrated Memory Controller Channel 1 Control Registers - 2CA8 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Name: ATA Channel 5 Description: IDE Channel Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: Intel® Core i7 CPU Q 740 @ 1.73GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: Intel® Core i7 CPU Q 740 @ 1.73GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: NVIDIA GeForce GT 425M Description: NVIDIA GeForce GT 425M Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvlddmkm Name: Intel® QPI Physical 0 - 2C91 Description: Intel® QPI Physical 0 - 2C91 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Dynamic Volume Manager Description: Dynamic Volume Manager Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: volmgrx Name: HID-compliant device Description: HID-compliant device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Name: Remote Desktop Device Redirector Bus Description: Remote Desktop Device Redirector Bus Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: rdpbus Name: HTTP Description: HTTP Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: HTTP Name: QWAVE driver Description: QWAVE driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: QWAVEdrv Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Microsoft ISATAP Adapter #14 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Terminal Server Keyboard Driver Description: Terminal Server Keyboard Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: TermDD Name: Microsoft 6to4 Adapter Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: HID-compliant mouse Description: HID-compliant mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: mouhid Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Hardware Policy Driver Description: Hardware Policy Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: hwpolicy Name: Storage volumes Description: Storage volumes Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: volsnap Name: NativeWiFi Filter Description: NativeWiFi Filter Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NativeWifiP Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 2 - 3B44 Description: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 2 - 3B44 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Intel® QuickPath Interconnect - D150 Description: Intel® QuickPath Interconnect - D150 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: USB Composite Device Description: USB Composite Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbccgp Name: Terminal Server Mouse Driver Description: Terminal Server Mouse Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: TermDD Name: Intel® processor Integrated Memory Controller Channel 1 Address Registers - 2CA9 Description: Intel® processor Integrated Memory Controller Channel 1 Address Registers - 2CA9 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: aswStm Description: aswStm Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswStm Name: Generic PnP Monitor Description: Generic PnP Monitor Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard monitor types) Service: monitor Name: Virtual WiFi Filter Driver Description: Virtual WiFi Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: vwififlt Name: Intel® processor Integrated Memory Controller - 2C98 Description: Intel® processor Integrated Memory Controller - 2C98 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Qualcomm Atheros AR9285 Wireless Network Adapter Description: Qualcomm Atheros AR9285 Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: athr Name: RDPCDD Description: RDPCDD Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPCDD Name: Numeric data processor Description: Numeric data processor Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Plug and Play Software Device Enumerator Description: Plug and Play Software Device Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: swenum Name: NDIS System Driver Description: NDIS System Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NDIS Name: HID-compliant consumer control device Description: HID-compliant consumer control device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Microsoft Service: Name: UMBus Root Bus Enumerator Description: UMBus Root Bus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: Microsoft ISATAP Adapter #11 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Remote Access IPv6 ARP Driver Description: Remote Access IPv6 ARP Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Wanarpv6 Name: RDP Encoder Mirror Driver Description: RDP Encoder Mirror Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPENCDD Name: USB2.0 UVC 2M WebCam Description: USB Video Device Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Name: NDIS Usermode I/O Protocol Description: NDIS Usermode I/O Protocol Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Ndisuio Name: Microsoft ACPI-Compliant Embedded Controller Description: Microsoft ACPI-Compliant Embedded Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: KSecDD Description: KSecDD Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: KSecDD Name: Intel® Core i7 CPU Q 740 @ 1.73GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: Intel® Core i7 CPU Q 740 @ 1.73GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: HID-compliant device Description: HID-compliant device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Name: avast! VM Monitor Description: avast! VM Monitor Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Name: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) Description: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: nvvad_WaveExtensible Name: Microsoft ISATAP Adapter #12 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 4 - 3B48 Description: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 4 - 3B48 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Intel® QuickPath Interconnect - D151 Description: Intel® QuickPath Interconnect - D151 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Intel® processor Integrated Memory Controller Channel 1 Rank Registers - 2CAA Description: Intel® processor Integrated Memory Controller Channel 1 Rank Registers - 2CAA Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Kernel Mode Driver Frameworks service Description: Kernel Mode Driver Frameworks service Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Wdf01000 Name: Reflector Display Driver used to gain access to graphics data Description: Reflector Display Driver used to gain access to graphics data Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPREFMP Name: NDProxy Description: NDProxy Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NDProxy Name: KSecPkg Description: KSecPkg Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: KSecPkg Name: Microsoft ACPI-Compliant Control Method Battery Description: Microsoft ACPI-Compliant Control Method Battery Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: CmBatt Name: Intel® processor Integrated Memory Controller Target Address Decoder - 2C99 Description: Intel® processor Integrated Memory Controller Target Address Decoder - 2C99 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: IDE Channel Description: IDE Channel Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: atapi Name: Microsoft ISATAP Adapter #13 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Service: L1C Name: HID-compliant device Description: HID-compliant device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Name: Microsoft Virtual Drive Enumerator Driver Description: Microsoft Virtual Drive Enumerator Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: vdrvroot Name: ACPI Lid Description: ACPI Lid Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Generic USB Hub Description: Generic USB Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Generic USB Hub) Service: usbhub Name: NVIDIA High Definition Audio Description: NVIDIA High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: NVHDA Name: WFP Lightweight Filter Description: WFP Lightweight Filter Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: WfpLwf Name: RAS Async Adapter Description: RAS Async Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: AsyncMac Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Link-Layer Topology Discovery Responder Description: Link-Layer Topology Discovery Responder Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: rspndr Name: Link-Layer Topology Discovery Mapper I/O Driver Description: Link-Layer Topology Discovery Mapper I/O Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: lltdio Name: Beep Description: Beep Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Beep Name: Volume Manager Description: Volume Manager Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: volmgr Name: ACPI Sleep Button Description: ACPI Sleep Button Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Winsock IFS Driver Description: Winsock IFS Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ws2ifsl Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 5 - 3B4A Description: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 5 - 3B4A Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Intel® processor Integrated Memory Controller Channel 1 Thermal Control Registers - 2CAB Description: Intel® processor Integrated Memory Controller Channel 1 Thermal Control Registers - 2CAB Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: SbieDrv Description: SbieDrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SbieDrv Name: Intel® processor System Management Registers - D155 Description: Intel® processor System Management Registers - D155 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: NETBT Description: NETBT Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NetBT Name: Generic USB Hub Description: Generic USB Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Generic USB Hub) Service: usbhub Name: Intel® processor Integrated Memory Controller Test Registers - 2C9C Description: Intel® processor Integrated Memory Controller Test Registers - 2C9C Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: HID-compliant device Description: HID-compliant device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Name: ACPI x64-based PC Description: ACPI x64-based PC Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard computers) Service: \Driver\ACPI_HAL Name: Fresco Logic xHCI (USB3) Controller FL1000 Series Description: Fresco Logic xHCI (USB3) Controller FL1000 Series Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Fresco Logic Service: FLxHCIc Name: Intel® Core i7 CPU Q 740 @ 1.73GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: Intel® Core i7 CPU Q 740 @ 1.73GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: User Mode Driver Frameworks Platform Driver Description: User Mode Driver Frameworks Platform Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: WudfPf Name: Security Driver Description: Security Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: secdrv Name: NetGroup Packet Filter Driver Description: NetGroup Packet Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NPF Name: Slimtype DVD A DS8A5SH ATA Device Description: CD-ROM Drive Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Name: File as Volume Driver Description: File as Volume Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: blbdrive Name: NVIDIA High Definition Audio Description: NVIDIA High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: NVHDA Name: USB Composite Device Description: USB Composite Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbccgp Name: ACPI Thermal Zone Description: ACPI Thermal Zone Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Name: Common Log (CLFS) Description: Common Log (CLFS) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: CLFS Name: Composite Bus Enumerator Description: Composite Bus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: CompositeBus Name: Intel® HM55 Express Chipset LPC Interface Controller - 3B09 Description: Intel® HM55 Express Chipset LPC Interface Controller - 3B09 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: msisadrv Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 6 - 3B4C Description: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 6 - 3B4C Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Intel® processor Semaphore and Scratchpad Registers - D156 Description: Intel® processor Semaphore and Scratchpad Registers - D156 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: HID Keyboard Device Description: HID Keyboard Device Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: kbdhid Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Intel® processor Integrated Memory Controller Channel 0 Control Registers - 2CA0 Description: Intel® processor Integrated Memory Controller Channel 0 Control Registers - 2CA0 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Microsoft ACPI-Compliant System Description: Microsoft ACPI-Compliant System Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: ACPI Name: NSI proxy service driver. Description: NSI proxy service driver. Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: nsiproxy Name: CNG Description: CNG Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: CNG Name: Microsoft System Management BIOS Driver Description: Microsoft System Management BIOS Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: mssmbios Name: Microsoft Composite Battery Description: Microsoft Composite Battery Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: Compbatt Name: Intel® 82801 PCI Bridge - 2448 Description: Intel® 82801 PCI Bridge - 2448 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci ========================= Memory info: =================================== Percentage of memory in use: 16% Total physical RAM: 14260.55 MB Available physical RAM: 11858.34 MB Total Pagefile: 28519.27 MB Available Pagefile: 25990.46 MB Total Virtual: 4095.88 MB Available Virtual: 3974.75 MB ========================= Partitions: ===================================== 1 Drive c: (Primary) (Fixed) (Total:122.07 GB) (Free:29.98 GB) NTFS 2 Drive d: (Secondary) (Fixed) (Total:78.12 GB) (Free:44.48 GB) NTFS 3 Drive e: () (Fixed) (Total:23.37 GB) (Free:23.26 GB) NTFS ========================= Users: ======================================== User accounts for \\ASUSLAPTOP Admin Administrator Guest Marcus UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log **** MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/9/2014 Scan Time: 10:02:30 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.09.13 Rootkit Database: v2014.07.09.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Marcus Scan Type: Threat Scan Result: Completed Objects Scanned: 392337 Time Elapsed: 8 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. I've posted the ComboFIx log. I stepped away for a minute and the computer rebooted after running CF, so hopefully that was intended. ComboFix.txt
  6. Ok. SecurityCheck log below. For some reason it opened in Notepad++ and not Notepad, so sorry about that. Also, I've downloaded a few programs, and several checksums haven't matched. I know that MitM attacks is far from what you guys do here and really has nothing to do with malware, but thought I'd mention it in case you know something I don't. Thanks, Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 14.0.0.125 Mozilla Firefox (30.0) Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Privatefirewall 6.1 pfsvc.exe Malwarebytes Anti-Malware mbamscheduler.exe Privacyware Privatefirewall 7.0 PFGUI.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  7. Here is an imgur link to the pop up message that Avast gave me when trying to open SecurityCheck.exe.
  8. Thank you, Staff. So I've posted the MBAM log below. However, when trying to download SecurityCheck.exe from both locations, Avast is blocking it and treating it like a virus. Should I disable Avast when trying to open SecurityCheck? I've included an imgurl link of the message Avast is giving me. MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/7/2014 Scan Time: 6:27:48 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.07.09 Rootkit Database: v2014.07.07.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Marcus Scan Type: Threat Scan Result: Completed Objects Scanned: 381073 Time Elapsed: 8 min, 49 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) SecurityCheck.exe error link
  9. Hi Staff - Thank you for your patience. I've posted both logs below for JavaRa and Fixlog below. JavaRa: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jul 06 19:26:30 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. FixLog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-07-2014 Ran by Marcus at 2014-07-06 19:28:01 Run:1 Running from C:\Users\Marcus\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {0DEC09C5-8871-46C5-A0DC-8AADF557449C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.) Task: {E65170E5-286D-4346-A283-0735B8319E07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\Marcus\AppData\Local\Temp\_MEI34962 C:\Users\Marcus\AppData\Local\Temp\_MEI36322 AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) GroupPolicyUsers\S-1-5-21-4014696108-1420568990-2194914157-1001\User: Group Policy restriction detected <======= ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U219DHP&pc=U219 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x15C123D3CDF3CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpokkfs4.dll C:\Users\Admin\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\Marcus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvkejdg.dll C:\Users\Marcus\AppData\Local\Temp\log4net.dll C:\Users\Marcus\AppData\Local\Temp\Quarantine.exe C:\Users\Marcus\AppData\Local\Temp\SyncRestarter.exe C:\Users\Marcus\AppData\Local\Temp\sync_upgrader.exe ***************** 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DEC09C5-8871-46C5-A0DC-8AADF557449C}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DEC09C5-8871-46C5-A0DC-8AADF557449C}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E65170E5-286D-4346-A283-0735B8319E07}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E65170E5-286D-4346-A283-0735B8319E07}' => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore' => Key deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Users\Marcus\AppData\Local\Temp\_MEI34962 => Moved successfully. "C:\Users\Marcus\AppData\Local\Temp\_MEI36322" => File/Directory not found. C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-4014696108-1420568990-2194914157-1001\User => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found. 'HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found. 'HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found. 'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2'=> Key not found. C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found. 'HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2'=> Key not found. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found. C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpokkfs4.dll => Moved successfully. C:\Users\Admin\AppData\Local\Temp\nvSCPAPISvr.exe => Moved successfully. C:\Users\Marcus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvkejdg.dll => Moved successfully. C:\Users\Marcus\AppData\Local\Temp\log4net.dll => Moved successfully. C:\Users\Marcus\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Marcus\AppData\Local\Temp\SyncRestarter.exe => Moved successfully. C:\Users\Marcus\AppData\Local\Temp\sync_upgrader.exe => Moved successfully. The system needed a reboot. ==== End of Fixlog ====
  10. Hi Staff - Thank you for the time spent helping me out. I'm unfortunately going to be out of commission until 7/7, but I will definitely be back on then and follow your latest instructions. I understand if you must close this thread, but your help is greatly appreciated. Thanks,
  11. Logs below: Junkware: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Marcus on Wed 07/02/2014 at 22:01:51.18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\yd850wff.default\prefs.js user_pref("extensions.bookmarkfaviconchanger.backupFolderFaviconDataURISpec", "545_data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACQklEQVQ4jY3SXUiTARTG8W user_pref("samfind.social.notused", "ballhype,bitly,blinklist,connotea,current,delicious,diigo,dzone,fark,faves,foxiewire,friendfeed,googlebookmarks,googlereader,healthranker, Emptied folder: C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\yd850wff.default\minidumps [12 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/02/2014 at 22:11:41.60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: # AdwCleaner v3.214 - Report created 02/07/2014 at 22:40:49 # Updated 29/06/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Marcus - ASUSLAPTOP # Running from : C:\Users\Marcus\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\blewkbvu.default\prefs.js ] [ File : C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\yd850wff.default\prefs.js ] ************************* AdwCleaner[R0].txt - [874 octets] - [02/07/2014 22:18:01] AdwCleaner[R1].txt - [933 octets] - [02/07/2014 22:36:32] AdwCleaner[s0].txt - [855 octets] - [02/07/2014 22:40:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [914 octets] ########## MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/2/2014 Scan Time: 10:44:13 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.02.08 Rootkit Database: v2014.07.01.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Marcus Scan Type: Threat Scan Result: Completed Objects Scanned: 381637 Time Elapsed: 8 min, 28 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ESET: C:\Users\Marcus\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcus\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcus\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcus\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcus\Downloads\ccsetup413.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcus\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcus\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcus\Downloads\FoxitReader611.1031_enu_Setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\Marcus\Downloads\FoxitReader614.0217_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application C:\Users\Marcus\Downloads\rcsetup150.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application Farbar - attached FRST & Addition FRST.txt Addition.txt
  12. Hi Staff - Thank you for the quick reply. The logs are posted below. RKILL: Rkill 2.6.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/02/2014 08:20:13 PM in x64 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Users\Marcus\AppData\Local\MEGAsync\MEGAsync.exe (PID: 4876) [uP-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 07/02/2014 08:21:26 PM Execution time: 0 hours(s), 1 minute(s), and 13 seconds(s) MBAM: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/2/2014 Scan Time: 8:27:48 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.02.08 Rootkit Database: v2014.07.01.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Marcus Scan Type: Threat Scan Result: Completed Objects Scanned: 380660 Time Elapsed: 9 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RogueKiller: RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Marcus [Admin rights] Mode : Scan -- Date : 07/02/2014 20:50:42 ¤¤¤ Bad processes : 6 ¤¤¤ [suspicious.Path] EvernoteClipper.exe -- C:\Users\Marcus\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe[7] -> KILLED [TermProc] [suspicious.Path] explorer.exe -- C:\Users\Marcus\AppData\Local\MEGAsync\ShellExtX64.dll[-] -> UNLOADED [suspicious.Path] explorer.exe -- C:\Users\Marcus\AppData\Roaming\Copy\overlay\CopyShExt.dll[-] -> UNLOADED [suspicious.Path] explorer.exe -- C:\Users\Marcus\AppData\Roaming\Copy\overlay\Brt.dll[7] -> UNLOADED [suspicious.Path] explorer.exe -- C:\Users\Marcus\AppData\Local\Tresorit\v0.8\TresoritShellExt_5.dll[-] -> UNLOADED [suspicious.Path] explorer.exe -- C:\Users\Marcus\AppData\Local\Tresorit\v0.8\SharpShell_3.dll[-] -> UNLOADED ¤¤¤ Registry Entries : 18 ¤¤¤ [suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Copy : "C:\Users\Marcus\AppData\Roaming\Copy\CopyAgent.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Copy : "C:\Users\Marcus\AppData\Roaming\Copy\CopyAgent.exe" -> FOUND [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4014696108-1420568990-2194914157-1001\Software\Microsoft\Windows\CurrentVersion\Run | Tresorit : "C:\Users\Marcus\AppData\Local\Tresorit\v0.8\Tresorit.exe" /tray -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4014696108-1420568990-2194914157-1001\Software\Microsoft\Windows\CurrentVersion\Run | Tresorit : "C:\Users\Marcus\AppData\Local\Tresorit\v0.8\Tresorit.exe" /tray -> FOUND [suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Copy : "C:\Users\Marcus\AppData\Roaming\Copy\CopyAgent.exe" -> FOUND [suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Copy : "C:\Users\Marcus\AppData\Roaming\Copy\CopyAgent.exe" -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4014696108-1420568990-2194914157-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4014696108-1420568990-2194914157-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [HJ.FileAsso] (X64) HKEY_LOCAL_MACHINE\Software\Classes\pezfile\shell\open\command | : "C:\Program Files (x86)\Prezi\Prezi.exe" "%1" -> FOUND [HJ.FileAsso] (X64) HKEY_CLASSES_ROOT\pezfile\shell\open\command | : "C:\Program Files (x86)\Prezi\Prezi.exe" "%1" -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 2 ¤¤¤ [suspicious.Path][File] EvernoteClipper.lnk -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [LNK@] C:\Users\Marcus\AppData\Local\Apps\Evernote\Evernote\EVERNO~2.EXE -> FOUND [suspicious.Path][File] MEGAsync.lnk -- C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [LNK@] C:\Users\Marcus\AppData\Local\MEGAsync\MEGAsync.exe -> FOUND ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Crucial_CT240M500SSD1 ATA Device +++++ --- User --- [MBR] 9d7880cd949ed546b05182f07a290eec [bSP] d36a4934c5487fb749a4098b7ce4c5bb : Standard MBR Code Partition table: 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 256002048 | Size: 80000 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419842048 | Size: 23935 MB 3 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 125000 MB User = LL1 ... OK User = LL2 ... OK
  13. would really appreciate some help if anyone is able to take a look.
  14. So I'm guilty of the cardinal sin. I was messing around today looking for a new badass download manager and downloaded MiPony - which apparently is full of free ebola. So yea, that sucked. Anyway, I've since deleted it, but I've posted an updated FRST and Addition log below. Sorry for the extra headache, but I appreciate your help. Addition.txt FRST.txt
  15. Hi! MBAM just detected a Spyware.Banker trojan, and it quarantined it, but I just want to make sure the trojan didn't leave any remnants. Below are the FRST & Addition logs. Thanks! FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 01 Ran by Marcus (administrator) on ASUSLAPTOP on 27-06-2014 19:24:24 Running from C:\Users\Marcus\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.wireshark.org) YNAB 4 version 4.3.543 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.543 - YouNeedABudget.com) ==================== Restore Points ========================= 02-06-2014 00:00:12 Windows Backup 09-06-2014 00:00:14 Windows Backup 12-06-2014 08:00:13 Windows Update 16-06-2014 01:23:48 Windows Backup 24-06-2014 01:03:12 Scheduled Checkpoint 24-06-2014 01:03:27 Windows Backup 25-06-2014 01:07:11 Installed DirectX ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {22237F5D-0E8A-4784-9860-E3EFBADDA470} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated) Task: {41958FDE-ADC0-4FB4-9702-85249C4D8FD6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {AA0A2A9A-F2E4-4EF0-B4E7-D04A2435EB00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {C3BF2B8B-9CCC-4922-A051-BCAB4E0A6E4E} - System32\Tasks\WindowsFirewallNotifierTask => C:\Users\Admin\Downloads\WFN_1.8.0\Notifier.exe Task: {DE6B58EA-D964-4A69-BC60-27F72697AFA6} - System32\Tasks\Opera scheduled Autoupdate 1401414164 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software) Task: {EDA130C4-618E-4056-A712-963A6EFBA6BC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-05] (AVAST Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-19 08:36 - 2014-05-04 11:22 - 00470016 _____ () C:\Users\Marcus\AppData\Local\MEGAsync\ShellExtX64.dll 2014-06-27 18:48 - 2014-06-27 18:48 - 00471552 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_hashlib.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00128512 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32api.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00137728 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\pywintypes27.dll 2014-06-27 18:48 - 2014-06-27 18:48 - 00503808 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\pythoncom27.dll 2014-06-27 18:48 - 2014-06-27 18:48 - 00111616 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_ctypes.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00689664 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\unicodedata.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00046080 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_socket.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 01167360 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_ssl.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00003584 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\clr.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00103424 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\Python.Runtime.dll 2014-06-27 18:48 - 2014-06-27 18:48 - 00030720 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32cred.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00030208 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\Crypto.Cipher._AES.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00008192 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\Crypto.Util.strxor.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00010752 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\Crypto.Random.OSRNG.winrandom.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00011264 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\Crypto.Util._counter.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00010752 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\select.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00027136 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\ujson.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00438784 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32com.shell.shell.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00023040 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32event.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00149504 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32file.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00136192 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32security.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00058368 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_sqlite3.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00535040 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\sqlite3.dll 2014-06-27 18:48 - 2014-06-27 18:48 - 00041984 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_psutil_mswindows.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00044032 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32process.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00166912 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_elementtree.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00164352 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\pyexpat.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00031744 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_multiprocessing.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00053760 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32service.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00020992 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\_yappi.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00021504 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32clipboard.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00223232 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\win32gui.pyd 2014-06-27 18:48 - 2014-06-27 18:48 - 00068096 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI39922\SystemWrapper.dll 2014-06-20 13:47 - 2014-06-20 13:47 - 00030232 _____ () c:\Program Files\Box\Box Sync\BoxSyncMonitor.exe 2014-05-10 16:48 - 2014-05-10 16:48 - 00046080 _____ () C:\Users\Marcus\AppData\Local\KeePass\PluginCache\NBz9KIlSmFbfR3L72J7a\Fleck2.dll 2014-06-27 17:45 - 2014-06-27 17:45 - 02787840 _____ () C:\Program Files\AVAST Software\Avast\defs\14062701\algo.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00196312 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00220888 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00171736 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00257752 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00368344 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00057048 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00167640 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00245464 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00073432 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00093912 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00043736 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll 2014-01-20 01:04 - 2014-05-04 11:22 - 00463360 _____ () C:\Users\Marcus\AppData\Local\MEGAsync\ShellExtX32.dll 2014-06-27 18:48 - 2014-06-27 18:48 - 00043008 _____ () c:\users\marcus\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkclada.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Marcus\AppData\Roaming\Dropbox\bin\libcef.dll 2013-12-08 00:32 - 2013-12-08 00:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-05-13 16:22 - 2014-05-13 16:22 - 00436576 _____ () C:\Users\Marcus\AppData\Local\Apps\Evernote\Evernote\libxml2.dll 2014-05-13 16:22 - 2014-05-13 16:22 - 00318304 _____ () C:\Users\Marcus\AppData\Local\Apps\Evernote\Evernote\libtidy.dll 2014-03-18 20:11 - 2014-06-11 00:48 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-05-03 12:02 - 2014-05-03 12:02 - 03019888 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-05-03 12:02 - 2014-05-03 12:02 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-05-03 12:02 - 2014-05-03 12:02 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Marcus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/27/2014 06:49:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: dragon_updater.exe, version: 0.0.0.0, time stamp: 0x537b64e5 Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51db9710 Exception code: 0xc0000005 Fault offset: 0x0001901e Faulting process id: 0x9a0 Faulting application start time: 0xdragon_updater.exe0 Faulting application path: dragon_updater.exe1 Faulting module path: dragon_updater.exe2 Report Id: dragon_updater.exe3 Error: (06/27/2014 06:48:48 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2014 06:48:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2014 06:30:32 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2014 06:30:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2014 06:15:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program GFExperience.exe version 14.6.22.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3a4 Start Time: 01cf9011d51f8578 Termination Time: 7 Application Path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe Report Id: Error: (06/23/2014 08:05:51 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048). Error: (06/20/2014 10:35:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Tresorit.exe, version: 1.0.195.190, time stamp: 0x5373730a Faulting module name: CoreManagedWrapper.dll, version: 1.0.4.190, time stamp: 0x537372ef Exception code: 0xc0000005 Fault offset: 0x002bbe80 Faulting process id: 0x1138 Faulting application start time: 0xTresorit.exe0 Faulting application path: Tresorit.exe1 Faulting module path: Tresorit.exe2 Report Id: Tresorit.exe3 Error: (06/20/2014 10:35:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Tresorit.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AccessViolationException Stack: at <Module>.std._Ref_count_base._Decref(std._Ref_count_base*) at CoreManagedWrapper.Unmanaged<std::shared_ptr<Tresorium::API::AVersionSentinelTransactions> >.forceDispose() at CoreManagedWrapper.Unmanaged<std::shared_ptr<Tresorium::API::AVersionSentinelTransactions> >.Dispose(Boolean) at CoreManagedWrapper.WVersionSentinel.Dispose(Boolean) at CoreManagedWrapper.Unmanaged<std::shared_ptr<Tresorium::API::AVersionSentinelTransactions> >.Finalize() Error: (06/12/2014 06:14:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (06/27/2014 06:49:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (06/27/2014 06:49:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (06/27/2014 06:49:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (06/27/2014 06:49:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (06/27/2014 06:49:14 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (06/27/2014 06:49:14 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (06/27/2014 06:49:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/27/2014 06:49:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/27/2014 06:49:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (06/27/2014 06:49:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Microsoft Office Sessions: ========================= Error: (06/27/2014 06:49:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: dragon_updater.exe0.0.0.0537b64e5RPCRT4.dll6.1.7601.1820551db9710c00000050001901e9a001cf92624787b605C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exeC:\Windows\syswow64\RPCRT4.dll9c07fbb1-fe55-11e3-b044-74f06db3c3b1 Error: (06/27/2014 06:48:48 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Vectir\Plugins\Hardware\btwapi.dll Error: (06/27/2014 06:48:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2014 06:30:32 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Vectir\Plugins\Hardware\btwapi.dll Error: (06/27/2014 06:30:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2014 06:15:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: GFExperience.exe14.6.22.13a401cf9011d51f85787C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe Error: (06/23/2014 08:05:51 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: There is not enough free space on the backup storage location to back up the data. (0x80780048) Error: (06/20/2014 10:35:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Tresorit.exe1.0.195.1905373730aCoreManagedWrapper.dll1.0.4.190537372efc0000005002bbe80113801cf8693fe5979e7C:\Users\Marcus\AppData\Local\Tresorit\v0.8\Tresorit.exeC:\Users\Marcus\AppData\Local\Tresorit\v0.8\CoreManagedWrapper.dll1f62d215-f8f5-11e3-9107-74f06db3c3b1 Error: (06/20/2014 10:35:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Tresorit.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AccessViolationException Stack: at <Module>.std._Ref_count_base._Decref(std._Ref_count_base*) at CoreManagedWrapper.Unmanaged<std::shared_ptr<Tresorium::API::AVersionSentinelTransactions> >.forceDispose() at CoreManagedWrapper.Unmanaged<std::shared_ptr<Tresorium::API::AVersionSentinelTransactions> >.Dispose(Boolean) at CoreManagedWrapper.WVersionSentinel.Dispose(Boolean) at CoreManagedWrapper.Unmanaged<std::shared_ptr<Tresorium::API::AVersionSentinelTransactions> >.Finalize() Error: (06/12/2014 06:14:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Vectir\Plugins\Hardware\btwapi.dll ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 14260.55 MB Available physical RAM: 11224.67 MB Total Pagefile: 28519.27 MB Available Pagefile: 25316.77 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Primary) (Fixed) (Total:122.07 GB) (Free:24.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Secondary) (Fixed) (Total:78.12 GB) (Free:47.88 GB) NTFS Drive e: () (Fixed) (Total:23.37 GB) (Free:23.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 224 GB) (Disk ID: 00095699) Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=23 GB) - (Type=07 NTFS) Partition 4: (Active) - (Size=122 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  16. Hi - I'm not sure what I've got, but my computer is sending data vs receiving data at a 5:1 ratio. I've got MWB Pro, and it didn't pick up anything. Below is the FRST.exe and Addition.txt contents. Thanks! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by Marcus (administrator) on ASUSLAPTOP on 15-05-2014 22:32:44 Running from C:\Users\Marcus\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.wireshark.org) YNAB 4 version 4.3.450 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.450 - YouNeedABudget.com) ==================== Restore Points ========================= 03-05-2014 17:33:37 Removed eM Client 05-05-2014 10:55:44 Windows Backup 06-05-2014 00:44:41 avast! antivirus system restore point 06-05-2014 12:03:29 Windows Update 10-05-2014 15:08:17 Installed WinFlash 10-05-2014 15:14:45 Installed Fresco Logic USB3.0 Host Controller 12-05-2014 01:17:16 Windows Backup 15-05-2014 01:07:17 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {22237F5D-0E8A-4784-9860-E3EFBADDA470} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {41958FDE-ADC0-4FB4-9702-85249C4D8FD6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {AA0A2A9A-F2E4-4EF0-B4E7-D04A2435EB00} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd) Task: {C3BF2B8B-9CCC-4922-A051-BCAB4E0A6E4E} - System32\Tasks\WindowsFirewallNotifierTask => C:\Users\Admin\Downloads\WFN_1.8.0\Notifier.exe Task: {EDA130C4-618E-4056-A712-963A6EFBA6BC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-05] (AVAST Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-23 18:54 - 2014-04-23 18:54 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe 2014-01-19 08:36 - 2014-05-04 11:22 - 00470016 _____ () C:\Users\Marcus\AppData\Local\MEGAsync\ShellExtX64.dll 2014-04-05 17:10 - 2014-04-05 17:10 - 00011776 _____ () C:\Users\Marcus\AppData\Local\Tresorit\v0.8\TresoritShellExt_5.dll 2013-12-16 01:27 - 2013-12-16 01:27 - 08167968 _____ () C:\Users\Marcus\AppData\Roaming\Copy\overlay\Brt.dll 2014-05-10 16:48 - 2014-05-10 16:48 - 00046080 _____ () C:\Users\Marcus\AppData\Local\KeePass\PluginCache\NBz9KIlSmFbfR3L72J7a\Fleck2.dll 2014-05-14 20:10 - 2014-05-14 20:10 - 00471552 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_hashlib.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00128512 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32api.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00137728 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\pywintypes27.dll 2014-05-14 20:10 - 2014-05-14 20:10 - 00503808 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\pythoncom27.dll 2014-05-14 20:10 - 2014-05-14 20:10 - 00111616 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_ctypes.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00689664 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\unicodedata.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00046080 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_socket.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 01167360 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_ssl.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00003584 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\clr.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00103424 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\Python.Runtime.dll 2014-05-14 20:10 - 2014-05-14 20:10 - 00030720 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32cred.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00030208 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\Crypto.Cipher._AES.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00008192 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\Crypto.Util.strxor.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00010752 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\Crypto.Random.OSRNG.winrandom.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00011264 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\Crypto.Util._counter.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00010752 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\select.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00027136 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\ujson.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00438784 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32com.shell.shell.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00023040 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32event.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00136192 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32security.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00058368 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_sqlite3.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00535040 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\sqlite3.dll 2014-05-14 20:10 - 2014-05-14 20:10 - 00041984 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_psutil_mswindows.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00149504 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32file.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00044032 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32process.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00166912 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_elementtree.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00164352 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\pyexpat.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00031744 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_multiprocessing.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00053760 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32service.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00020992 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\_yappi.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00021504 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32clipboard.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00223232 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\win32gui.pyd 2014-05-14 20:10 - 2014-05-14 20:10 - 00068096 _____ () C:\Users\Marcus\AppData\Local\Temp\_MEI76762\SystemWrapper.dll 2014-05-12 18:55 - 2014-05-12 18:55 - 00031328 _____ () c:\Program Files\Box\Box Sync\BoxSyncMonitor.exe 2014-05-13 18:02 - 2014-05-13 18:02 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051303\algo.dll 2014-05-15 17:43 - 2014-05-15 17:43 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051502\algo.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00196312 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00220888 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00171736 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00257752 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00368344 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00057048 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00167640 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00245464 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00073432 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00093912 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll 2013-12-08 10:29 - 2013-08-26 18:15 - 00043736 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll 2013-12-08 00:32 - 2013-12-08 00:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-04-14 14:17 - 2014-04-14 14:17 - 00433664 _____ () C:\Users\Marcus\AppData\Local\Apps\Evernote\Evernote\libxml2.dll 2014-04-14 14:17 - 2014-04-14 14:17 - 00315392 _____ () C:\Users\Marcus\AppData\Local\Apps\Evernote\Evernote\libtidy.dll 2014-03-18 20:11 - 2014-04-29 13:21 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-01-20 01:04 - 2014-05-04 11:22 - 00463360 _____ () C:\Users\Marcus\AppData\Local\MEGAsync\ShellExtX32.dll 2014-04-28 05:28 - 2013-07-05 08:12 - 02236928 _____ () C:\Program Files (x86)\Trustedbird\mozjs.dll 2014-04-28 05:28 - 2013-07-05 08:13 - 00150528 _____ () C:\Program Files (x86)\Trustedbird\NSLDAP32V60.dll 2014-04-28 05:28 - 2013-07-05 08:13 - 00014848 _____ () C:\Program Files (x86)\Trustedbird\NSLDAPPR32V60.dll 2014-05-15 22:08 - 2014-05-15 22:08 - 00041984 _____ () c:\users\marcus\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4etysa.dll 2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Marcus\AppData\Roaming\Dropbox\bin\libcef.dll 2014-05-13 19:10 - 2014-05-13 19:10 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Marcus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/15/2014 09:36:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (05/14/2014 00:11:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2014 00:11:58 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (05/13/2014 09:58:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2014 09:58:30 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (05/13/2014 06:47:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: AsusLaptop) Description: Product: Fresco Logic USB3.0 Host Controller -- A more recent version of Fresco Logic USB3.0 Host Controller is already installed on this computer. Error: (05/11/2014 08:18:22 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005). Error: (05/11/2014 09:14:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 09:14:36 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (05/10/2014 06:35:31 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (05/15/2014 10:25:37 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 5NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C} Error: (05/15/2014 05:43:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (05/15/2014 05:43:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (05/15/2014 05:43:23 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (05/15/2014 05:43:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (05/15/2014 05:43:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (05/15/2014 05:43:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error: (05/15/2014 05:43:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error: (05/15/2014 05:43:20 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (05/15/2014 05:43:20 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Microsoft Office Sessions: ========================= Error: (05/15/2014 09:36:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Marcus\Downloads\esetsmartinstaller_enu.exe Error: (05/14/2014 00:11:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2014 00:11:58 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Vectir\Plugins\Hardware\btwapi.dll Error: (05/13/2014 09:58:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2014 09:58:30 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Vectir\Plugins\Hardware\btwapi.dll Error: (05/13/2014 06:47:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: AsusLaptop) Description: Product: Fresco Logic USB3.0 Host Controller -- A more recent version of Fresco Logic USB3.0 Host Controller is already installed on this computer.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/11/2014 08:18:22 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005) Error: (05/11/2014 09:14:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 09:14:36 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Vectir\Plugins\Hardware\btwapi.dll Error: (05/10/2014 06:35:31 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Vectir\Plugins\Hardware\btwapi.dll ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 14260.55 MB Available physical RAM: 10999.58 MB Total Pagefile: 28519.27 MB Available Pagefile: 25098.21 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (Primary) (Fixed) (Total:122.07 GB) (Free:27.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Secondary) (Fixed) (Total:78.12 GB) (Free:70.86 GB) NTFS Drive e: () (Fixed) (Total:23.37 GB) (Free:23.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 224 GB) (Disk ID: 00095699) Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=23 GB) - (Type=07 NTFS) Partition 4: (Active) - (Size=122 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.