Jump to content

Recommended Posts

Hi folks

 

Well my computer is acting oddly and after scanning with both Mbytes and Norton's I'm throwing my hands in the air and asking some experts. :)

 

So here is my problem:

 

Lately I've been getting the occasional error message completely at random on my computer (see attached word document) and the other night when I was shutting down my internet (Google Chrome on sandboxie) my computer decided to give me the BSOD, the text said something about disk memory (it was gone before I could properly read it) and crashed!

 

Other than that and the occasional strange Windows Application Error message the computer is running fine, if a bit slow, but that can possibly be attributed to other background programs like Secunia PSI which run when the computer boots up. Either way, its weird and I'm trying to nip it in the bud before it becomes serious.

 

Does anyone have any advice or wisdom to add?

 

 

windows application error message.docx

 

Share this post


Link to post
Share on other sites

Hi:
 
Please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

On the other hand, if you think you might be infected, then I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

Share this post


Link to post
Share on other sites

Hi -

 

The BSOD mini kernel dump files + system info would be helpful here.

 

Please run the BSOD Posting Instructions - http://www.sysnative.com/forums/bsod-crashes-kernel-debugging/68-blue-screen-of-death-bsod-posting-instructions-windows-10-8-1-8-7-vista.html

 

Then zip up the entire minidump folder & attach it to your next post here at Malwarebytes.

 

For info all blue screens say something like "...writing memory to disk...." -- meaning that it is writing kernel memory to disk (page file).  It has nothing necessarily to do with "bad memory" or  "bad RAM"; however, RAM failure can never be ruled out when a BSOD occurs.

 

Regards. . .

 

jcgriff2

Microsoft MVP

Windows Experience Expert

 

Share this post


Link to post
Share on other sites

"Then zip up the entire minidump folder & attach it to your next post here at Malwarebytes."

 

I meant to say -

 

"Attach the zi file(s) to your next post here at Malwarebytes.

Share this post


Link to post
Share on other sites

Just FYI - the status 0x40000015 is merely a status saying the program had a fatal exit.

Please follow jcgriff2's posting instructions and one of us will get back to you with an analysis

 

- John

Microsoft MVP - Windows Experience

If I haven't replied w/in 48 hours, please send me a message.

Share this post


Link to post
Share on other sites

Durned thing won't let me edit my post (the trials of being a new member :0)

 

I'd also like to see this report in order to start looking at the error reports:

Please do the following:
- open Event Viewer (run eventvwr.msc from the "Run" dialog)
- expand the Custom Views category (left click on the > next to the words "Custom Views")
- right click on Administrative Events
- select "Save all Events in Custom View as..."
- save the file as Admin.evtx
- zip up the file (right click on it, select "Send to", select "Compressed (zipped) folder")
- upload it with your next post (if it's too big, then upload it to a free file-hosting service and post a link here).

FYI - If we're looking for Event ID 41 errors (unexplained shutdowns), there's more info on that here:  http://support.microsoft.com/kb/2028504

While waiting for a reply, please monitor your temps with this free utility:  http://www.cpuid.com/softwares/hwmonitor.html

 

Share this post


Link to post
Share on other sites

I have requested to move this topic to the BSOD section since it pains my heart not to see a single thread in that section :lol:

 

 

-Pranav

Share this post


Link to post
Share on other sites

Topic was moved. All Experts should be able to edit posts in this forum. If not let me know and I'll see if I can correct that issue.

 

@kladyelf

 

Please follow the direction from jcgriff2's posting instructions and they'll work on getting it resolved for you.

 

Thanks

Share this post


Link to post
Share on other sites

Um, Hi

 

Sorry I have not got on to this sooner, RL has been kicking my butt lately - will do all the diagnostics and post them one at a time OK?

Share this post


Link to post
Share on other sites

This is the FRST one:

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2015
Ran by Kathy (administrator) on KATHY-PC on 10-07-2015 22:57:11
Running from C:\Users\Kathy\Desktop
Loaded Profiles: Kathy & UpdatusUser (Available Profiles: Kathy & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM\...\Run: [YouCam Mirage] => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM\...\Run: [YouCam Tray] => C:\Program Files\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [116056 2010-02-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\Run: [steam] => C:\Program Files\Steam\Steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [634504 2015-06-24] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-06-20]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-24] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1099725507-4057469664-453529901-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1099725507-4057469664-453529901-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1099725507-4057469664-453529901-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-02] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{15EAAB30-77F8-42F1-B75D-59654459DD29}: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-11]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11]
CHR Extension: (Google Search) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-11]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-24] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-24] (Avast Software)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134792 2015-06-24] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-27] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-24] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-01-25] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [162952 2015-06-24] (Sandboxie Holdings, LLC)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-24] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Kathy\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-10 22:57 - 2015-07-10 22:58 - 00014756 _____ C:\Users\Kathy\Desktop\FRST.txt
2015-07-10 22:56 - 2015-07-10 22:57 - 00000000 ____D C:\FRST
2015-07-10 22:22 - 2015-07-10 22:22 - 01682416 _____ (Malwarebytes Corporation) C:\Users\Kathy\Desktop\mbam-check-2.1.1.1001.exe
2015-07-10 22:16 - 2015-07-10 22:17 - 01636352 _____ (Farbar) C:\Users\Kathy\Desktop\FRST.exe
2015-07-09 10:29 - 2015-07-09 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-07-07 23:59 - 2015-07-07 23:59 - 00143664 _____ C:\Windows\Minidump\Mini070715-01.dmp
2015-06-23 23:34 - 2015-06-23 23:34 - 00139552 _____ C:\Windows\Minidump\Mini062315-01.dmp
2015-06-20 17:40 - 2015-06-20 17:40 - 01528320 _____ C:\Users\Kathy\Desktop\msxml6 (2).msi
2015-06-20 17:22 - 2015-06-20 17:22 - 00000824 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-06-20 17:18 - 2015-06-20 17:18 - 01754456 _____ (Secunia) C:\Users\Kathy\Desktop\PSI2Setup.exe
2015-06-16 23:36 - 2015-06-16 23:36 - 00143664 _____ C:\Windows\Minidump\Mini061615-01.dmp
2015-06-10 21:21 - 2015-05-21 23:52 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 21:21 - 2015-05-09 08:38 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 21:21 - 2015-04-25 01:24 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 21:15 - 2015-05-05 08:21 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 21:15 - 2015-05-05 08:20 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 21:15 - 2015-05-05 08:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 21:15 - 2015-05-05 08:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 21:15 - 2015-05-05 06:51 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 18:09 - 2015-05-31 09:33 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 18:09 - 2015-05-31 09:25 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 18:09 - 2015-05-31 09:24 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 18:09 - 2015-05-31 09:23 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 18:09 - 2015-05-31 09:20 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 18:09 - 2015-05-31 09:19 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 18:09 - 2015-05-31 09:19 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 18:09 - 2015-05-31 09:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 18:09 - 2015-05-31 09:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 18:09 - 2015-05-31 09:18 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 18:09 - 2015-05-31 09:18 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 18:09 - 2015-05-31 09:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 18:09 - 2015-05-31 09:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-10 18:09 - 2015-05-31 09:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 18:09 - 2015-05-31 09:18 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 18:09 - 2015-05-31 09:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 18:09 - 2015-05-31 09:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-10 18:09 - 2015-05-31 09:17 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 18:09 - 2015-05-31 09:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 18:09 - 2015-05-31 09:17 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 18:09 - 2015-05-31 09:17 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-10 18:09 - 2015-05-31 09:17 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-10 22:43 - 2015-05-04 19:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-10 22:31 - 2014-09-14 19:03 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-10 21:52 - 2006-11-02 22:15 - 00004096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-10 21:52 - 2006-11-02 22:15 - 00004096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-10 18:37 - 2014-05-12 12:02 - 00002587 _____ C:\Users\Kathy\Desktop\Microsoft Office Word 2007.lnk
2015-07-10 17:55 - 2008-01-21 11:08 - 01475820 _____ C:\Windows\WindowsUpdate.log
2015-07-10 17:52 - 2014-09-14 19:03 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-10 17:52 - 2014-05-30 22:45 - 00000000 ____D C:\Program Files\Steam
2015-07-10 17:52 - 2014-05-10 21:55 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-10 17:52 - 2006-11-02 22:28 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 11:41 - 2006-11-02 22:28 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-10 11:21 - 2014-06-16 23:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 09:53 - 2015-05-04 19:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-09 09:53 - 2015-05-04 19:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-08 12:34 - 2014-09-14 19:05 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 23:59 - 2014-05-20 15:44 - 00000000 ____D C:\Windows\Minidump
2015-07-07 23:58 - 2014-06-16 14:56 - 186523375 _____ C:\Windows\MEMORY.DMP
2015-07-06 22:49 - 2014-05-16 10:49 - 00001858 _____ C:\Windows\Sandboxie.ini
2015-07-05 14:27 - 2014-06-14 12:20 - 00006611 _____ C:\Windows\SecuniaPackage.log
2015-06-27 11:48 - 2014-06-28 15:00 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-25 17:47 - 2008-01-21 12:32 - 01011056 _____ C:\Windows\PFRO.log
2015-06-20 17:21 - 2014-06-07 18:04 - 00000000 ____D C:\Users\Kathy\AppData\Local\CrashDumps
2015-06-11 19:55 - 2006-11-02 20:48 - 00000000 ____D C:\Windows\rescache
2015-06-11 17:18 - 2006-11-02 22:14 - 00374120 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 21:21 - 2014-05-12 11:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 21:21 - 2014-05-11 12:41 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 21:16 - 2006-11-02 19:54 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
==================== Files in the root of some directories =======
 
2014-05-10 19:21 - 2015-01-13 16:49 - 0001356 _____ () C:\Users\Kathy\AppData\Local\d3d9caps.dat
2014-05-26 20:31 - 2014-12-07 13:45 - 0012288 _____ () C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-10 21:56 - 2014-05-11 19:59 - 0034895 _____ () C:\ProgramData\nvModes.001
2014-05-10 21:56 - 2014-05-11 19:59 - 0034895 _____ () C:\ProgramData\nvModes.dat
 
Some files in TEMP:
====================
C:\Users\Kathy\AppData\Local\Temp\SandboxieInstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-10 17:58
 
==================== End of log ============================

Share this post


Link to post
Share on other sites

Here is the Addition txt:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015
Ran by Kathy at 2015-07-10 22:58:35
Running from C:\Users\Kathy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1099725507-4057469664-453529901-500 - Administrator - Disabled)
Guest (S-1-5-21-1099725507-4057469664-453529901-501 - Limited - Disabled)
Kathy (S-1-5-21-1099725507-4057469664-453529901-1000 - Administrator - Enabled) => C:\Users\Kathy
UpdatusUser (S-1-5-21-1099725507-4057469664-453529901-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Chaos on Deponia (HKLM\...\Steam App 220740) (Version:  - Daedalic Entertainment)
CyberLink LabelPrint 2.5 (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5220 - CyberLink Corp.)
CyberLink Media Suite 8 (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)
CyberLink Power2Go 7 (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)
CyberLink PowerBackup 2.5 (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9729 - CyberLink Corp.)
CyberLink YouCam 3.1 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9621 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Rayman Origins (HKLM\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.02 - Ubisoft)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.2.965.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.20 (32-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Secunia PSI (2.0.0.4003) (HKLM\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SyncToy 2.1 (x86) (HKLM\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1099725507-4057469664-453529901-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kathy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
23-05-2015 20:00:07 Scheduled Checkpoint
24-05-2015 18:29:48 Scheduled Checkpoint
29-05-2015 12:48:22 Scheduled Checkpoint
31-05-2015 21:08:50 Scheduled Checkpoint
03-06-2015 13:02:13 Scheduled Checkpoint
06-06-2015 20:16:51 Scheduled Checkpoint
07-06-2015 21:10:14 Scheduled Checkpoint
10-06-2015 21:14:29 Windows Update
13-06-2015 20:55:49 Scheduled Checkpoint
15-06-2015 14:09:50 Scheduled Checkpoint
18-06-2015 21:05:13 Scheduled Checkpoint
19-06-2015 18:56:29 Windows Update
20-06-2015 16:29:41 trying to fix puter
24-06-2015 18:50:08 Scheduled Checkpoint
25-06-2015 10:52:53 Scheduled Checkpoint
27-06-2015 12:12:10 Scheduled Checkpoint
02-07-2015 22:05:01 Scheduled Checkpoint
03-07-2015 20:05:21 Scheduled Checkpoint
04-07-2015 19:58:52 Scheduled Checkpoint
05-07-2015 20:49:12 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 19:53 - 2006-09-19 07:11 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {191C3656-D941-4D41-9B6F-8B5742151ECD} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {1E67B0CF-4C5F-45AB-BAB2-24E21A452B93} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {2AD0EDB8-00EF-409E-90BF-1BCADEBAC122} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {84A2DEB2-5A39-4C2C-94E0-F6B7D1439170} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {9629BFA8-837F-40C9-90B7-D5C717D6954F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CD4C55D1-1160-479A-8E6C-AF2F510B4BDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {F42AC81F-EEDA-415D-A21E-277A43187007} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-18 11:45 - 2015-04-24 12:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-18 11:45 - 2015-04-24 12:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-10 10:26 - 2015-07-10 10:26 - 02955776 _____ () C:\Program Files\AVAST Software\Avast\defs\15070902\algo.dll
2015-07-10 17:53 - 2015-07-10 17:53 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071000\algo.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2015-03-14 12:18 - 2015-03-18 11:45 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-16 17:36 - 2015-04-17 03:10 - 00776192 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-21 16:57 - 2015-04-23 11:46 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2015-01-21 16:57 - 2015-04-23 11:46 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-21 16:57 - 2015-04-23 11:46 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2014-05-29 09:37 - 2015-06-05 04:26 - 02407104 _____ () C:\Program Files\Steam\video.dll
2014-08-29 21:50 - 2014-12-02 07:01 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 21:50 - 2014-12-02 07:01 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-29 21:50 - 2014-12-02 07:01 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 21:50 - 2014-12-02 07:01 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-08-29 21:50 - 2014-12-02 07:01 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2014-05-29 09:36 - 2015-06-05 04:26 - 00703168 _____ () C:\Program Files\Steam\bin\chromehtml.dll
2014-05-01 15:35 - 2015-05-12 04:31 - 36302728 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-05-11 19:50 - 2014-02-10 11:44 - 04592128 _____ () C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-05-11 19:50 - 2014-02-10 11:44 - 00112128 _____ () C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-07-08 12:34 - 2015-07-07 13:19 - 16285512 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1099725507-4057469664-453529901-1000\...\secunia.com -> hxxps://secunia.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1099725507-4057469664-453529901-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg
HKU\S-1-5-21-1099725507-4057469664-453529901-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 10.0.0.138
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: LGODDFU => C:\Program Files\lg_fwupdate\lgfw.exe blrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{B7576E69-0A69-463D-A64E-89568E5599BA}] => (Allow) LPort=80
FirewallRules: [{BF394DAE-4559-4A9B-A02B-2E307505B50A}] => (Allow) LPort=80
FirewallRules: [{CE999BF7-A578-4679-981B-01E9A5A2A149}] => (Allow) LPort=80
FirewallRules: [{27D483BC-CB51-44D2-BCF5-15025C73C447}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{17AD9D9B-EADB-486F-959C-9E8E5E750205}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7A96BD8E-6F33-4E86-9EA4-719962A56D2C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{7B0D0E3F-857D-487D-8D03-8839AB781B0D}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{9DB6C7E4-C990-4927-8652-64220F0D5BE4}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{B18681EC-E339-418B-B36F-8AC22B83B578}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{4B1E6DBB-B78E-4B11-82B2-7F355B763161}] => (Allow) C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{65343E54-70B6-4585-85D4-7A9A9787305E}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{FCDFB83E-7AB5-41B5-9962-D18304FCC812}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{5B437AAC-1791-4AB6-AA64-21504C6B027F}] => (Allow) C:\Program Files\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{387F8E83-80A9-4B39-877F-5CA352C94C07}] => (Allow) C:\Program Files\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{8BBC0277-CDF0-4E8B-AE95-A2DF562E6058}] => (Allow) C:\Program Files\Ubisoft\Rayman Origins\Rayman Origins.exe
FirewallRules: [{8F541F7B-5D05-486B-8D7D-79E1A2710D75}] => (Allow) C:\Program Files\Ubisoft\Rayman Origins\Rayman Origins.exe
FirewallRules: [{754BB017-EEEB-4C77-9290-04A3A26B25D0}] => (Allow) C:\Program Files\Ubisoft\Rayman Origins\gu.exe
FirewallRules: [{008555B0-D34C-4CCA-BFB9-542EF6B94E49}] => (Allow) C:\Program Files\Ubisoft\Rayman Origins\gu.exe
FirewallRules: [{9EB267BA-CF19-4737-9F45-B29F884B9323}] => (Allow) C:\Program Files\Steam\SteamApps\common\Chaos on Deponia\deponia2.exe
FirewallRules: [{4A3F32D8-E4BE-40B2-B519-631696BCE1B0}] => (Allow) C:\Program Files\Steam\SteamApps\common\Chaos on Deponia\deponia2.exe
FirewallRules: [{7994353D-1017-48DA-A9F6-6FCAC9979A32}] => (Allow) C:\Program Files\Steam\SteamApps\common\Chaos on Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{DCA58273-B5BD-45F7-9A27-530439148783}] => (Allow) C:\Program Files\Steam\SteamApps\common\Chaos on Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{0CD7AC78-CE10-41D7-B74D-DB06FCF13564}] => (Allow) C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{431D8C27-BA43-4788-8A92-4A2652FAD02D}] => (Allow) C:\Users\Kathy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{913408B5-EE03-4B57-8B2C-389265B9567B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{91128E80-6CE6-4AD6-9191-6DB2B702963D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E8482923-85A7-46CB-937D-21A6DBA43B13}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3445D7DA-2039-47DB-9172-3317BA4DA35A}] => (Allow) LPort=2869
FirewallRules: [{60E1FA19-4C8D-47B7-8CAE-8C23ACDD0A21}] => (Allow) LPort=1900
FirewallRules: [{C319FE60-7329-4438-BE2F-BB2A92FCC535}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1A3AC24D-8F1C-4CFD-9923-117762D8765D}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{1A058A8A-7AB9-4FC3-9D55-D22F2CE3B5F3}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{BE2C489D-F389-4E29-B132-21156B5602EA}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{BC0304B3-8522-48AD-A0BD-3D6AD88BF3C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6C3769BA-84DD-44E4-B426-8DB7D8E1EEA1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8B041C4D-5465-423D-9B48-5716048FAB00}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EDDA636D-B00C-49DD-A40D-15955CA84071}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/10/2015 05:52:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/10/2015 11:41:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.1.2.27, time stamp 0x55236809, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xefff0000,
process id 0x131c, application start time 0xiTunes.exe0.
 
Error: (07/10/2015 10:25:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/09/2015 05:25:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/09/2015 10:11:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/09/2015 09:32:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/08/2015 00:01:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2015 11:59:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2015 06:43:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2015 02:45:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 12.0.6720.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 12cc
Start Time: 01d0b85b2b47c237
Termination Time: 2997
 
 
System errors:
=============
Error: (07/10/2015 05:54:53 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.
The backup browser is stopping.
 
Error: (07/09/2015 11:53:31 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Group Policy Client
 
Error: (07/09/2015 05:40:06 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.
The backup browser is stopping.
 
Error: (07/07/2015 11:59:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:56:52 PM on 7/07/2015 was unexpected.
 
Error: (07/06/2015 04:31:46 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.
The backup browser is stopping.
 
Error: (07/05/2015 02:12:12 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.
The backup browser is stopping.
 
Error: (07/04/2015 00:27:09 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.
The backup browser is stopping.
 
Error: (07/03/2015 05:45:03 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.
The backup browser is stopping.
 
Error: (07/03/2015 01:00:27 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.
The backup browser is stopping.
 
Error: (07/02/2015 11:21:52 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{15EAAB30-77F8-42F1-B75D-59654459DD29}.
The backup browser is stopping.
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-10 22:58:06.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 22:58:06.126
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 22:58:05.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 22:58:05.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 22:58:00.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 22:58:00.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 22:58:00.720
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 22:58:00.447
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 11:25:36.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-10 11:25:36.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 96%
Total physical RAM: 2028.7 MB
Available physical RAM: 69.72 MB
Total Virtual: 4656.4 MB
Available Virtual: 1511.51 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:146.48 GB) (Free:78.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:400.39 GB) (Free:399.83 GB) NTFS
Drive e: (Spare) (Fixed) (Total:214.84 GB) (Free:172.71 GB) NTFS
Drive f: ( OS Back Up) (Fixed) (Total:169.79 GB) (Free:74.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 63836A9B)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=400.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=214.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=169.8 GB) - (Type=OF Extended)
 
==================== End of log ============================

Share this post


Link to post
Share on other sites

Hi. . .

Thank you for the info you have provided so far; however, we still need the output from the BSOD Posting Instructions. Please  run -
https://forums.malwarebytes.org/index.php?/topic/170037-blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

Also, please run SysInternals AutoRuns from Microsoft TechNet.  Download this EXE; save to Desktop - https://live.sysinternals.com/autoruns.exe

RIGHT-click on autoruns.exe - select "Run as Administrator"

 

Let AutoRuns scan the Registry (status info - lower-left of AutoRuns screen)

 

Save AutoRuns as an .ARN file (default file extension). 

 

Zip up and attach to your next post with the other zip file(s) from  the BSOD Posting Instructions.

 

Any ? - please let us know.

 

I see you are running Vista SP2 x86.  When is the last time, if ever, that you reinstalled Vista?

 

Regards. . .

 

jcgriff2

 

EDIT:  If any of your HDDs are in fact SSDs, please check for firmware upgrades.

 

Also, I see you have SandBoxie installed. 

 

Farbar lists total RAM at 2GB. 

 

How much total RAM do you allocate to SandBoxie?

 

Does system slowness occur when SandBoxie is not operational?

 

Do you use iTunes (i.e., have an iTunes library)?

 

2 GB total RAM would definitely in and of itself cause system slowness even with very few other apps running.  My guess at this time is that you are experiencing "excessive paging" -- where the HDD page file is being used as [a substitute for] RAM due to having an insufficient amount of installed physical RAM.

 

Windows OS' since and including Vista (Windows 7, Windows 8, Windows 8.1, Windows 10) really need a minimum of 4 GB physical RAM for the system to function properly and with all due speed.  Your x86 system will not be able to fully utilize 4 GB of RAM; probably about 3.2 GB at best.

 

Regardless, I would look into upgrading RAM to 2x2 GB sticks (assuming laptop) as laptops only come with 2 RAM slots.  If you wanted to save a little money, you can look into replacing only one of the 1 GB RAM sticks with a 2 GB stick bringing the total to 3 GB. I'm assuming your current RAM configuration is 2x1 GB sticks.

 

Share this post


Link to post
Share on other sites

OK here is the perfmon (see attachment)

 

My OS is Windows Vista, it is a Desktop computer.

it is 32 bit, genuine and came with the system (from memory) - I had the computer built and this is the software that came with it.

I can't remember the age of the system off the top of my head - probably got it between 2008 - 2010

I think I had reinstalled everything about a year ago when my computer had some other trouble

 

System information is as follows:

 

System is copyright 2007 and has service pack 2

 

System rating 1.0

 

Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz

 

RAM 2 GB

 

Video card: NVIDIA GeForce 9600 GT

 

Mother Board Intel DP35DP

 

Power Supply (brand and wattage)  - erm, couldn't tell you without opening up my computer, bit reluctant to do that at the moment. - is there some other way without opening her up?

 

Tried to get the System manufacturer name and Model number went into command prompt and all I got was "name" and "serial number" (unless this is something hard to get as it was a computer built from a shop instead of straight from a manufacturer?)

 

perfmon Jun 13 15.html

Share this post


Link to post
Share on other sites

I see usasma has requested some information too, so here 'tis in the next post.

 

I also am going to run the diagnostics suggested: HDD diagnosis, memtest, HW monitor, etc.

 

If it gives me anything to post I will put it up on this thread

 

admin13715.zip

Share this post


Link to post
Share on other sites

Hi. . .

 

The 4 recent BSODs.  .May 11 - 19, 2015 . Bugchecks:

 

(1) 0x50 = invalid memory referenced

(3) 0x8e (0xc0000005,,,) = kernel threw an exception; exception - 0xc5 = memory access violation

 

All listed win32k.sys as the probable cause, which is simply a default of sorts since it is a Microsoft Windows driver.

 

http://www.sysnative.com/drivers/driver.php?id=win32k.sys

 

The BSODs appear to be caused by unknown hardware failure.  The dumps are incapable of telling us the exact piece(s) of hardware that failed at the time the system crashed. 

 

May 19, 2015, was the last BSOD recorded.  If you encounter others, please be sure to let us know.

 

Your system slowness is being caused by excessive paging - the HDD page file is being used as RAM (HDD page file) to make up for an insufficient amount of installed physical RAM.

 

The following info is from the Sysnative files and was generated by Windows Management Instrumentation (WMI).  It tells us that at the time the app ran, your system was utilizing 1461 MB of virtual memory (3rd line down):

AllocatedBaseSize=2328Caption=C:\pagefile.sysCurrentUsage=1461Description=C:\pagefile.sysInstallDate=20140510183527.546875+570Name=C:\pagefile.sysPeakUsage=1678Status=TempPageFile=FALSE

This means that Windows paged out (used the HDD page file as RAM) ~1.5 GB of data that normally would have been loaded into RAM.

 

Virtual memory is much, much slower than physical memory; hence the #1 culprit for your system slowness.  Physical RAM is 1,000s of times faster than an HDD.  The HDD has moving parts; RAM does not.

 

My recommendation  is to upgrade your RAM to at least 3 GB; preferably 4 GB.  Since you have a desktop, there should be open slots in which you can probably just add 2 GB of MATCHED (very important) RAM.  Another WMI output tells us your current RAM configuration is 2x1GB - two 1 GB sticks.

 

The other bit of information found in the above code box is the "install date" -- it could refer to the last time that Windows Vista was reinstalled on your system or the last time the page file was reallocated.

 

5th line:

 

InstallDate=20140510183527

 

The numbers in RED = May 10, 2014

 

A physical RAM increase/upgrade would definitely improve your system's speed and performance.

 

Regards. . .

 

jcgriff2

Share this post


Link to post
Share on other sites

Actually I had a BSOD just the other night, just before I was going to turn in - but it happened so quickly I couldn't tell you what the text said

Share this post


Link to post
Share on other sites

Hi. . .

 

You should be able to find the mini kernel memory dump from the most recent BSOD in \windows\minidump folder.

 

The file names contain the date.

 

Copy the dump file from the other night from \windows\minidump to \Documents; zip it up & attach it to your next post.

 

I'll be glad to take a look at it to see if it yields any clues.  The RAM is still the #1 issue, IMHO.

 

For info, the dump must be copied out; you won't be able to zip the dump up while it resides in \windows\minidump folder due to permission settings.

 

Regards. . .

 

jcgriff2

Share this post


Link to post
Share on other sites

Looks like a bad user mode app with poor kernel mode programming.

APC execution problems more than anything.

 

Without documentation, and a good dump file, we won't know what those win32k functions are.
But my guess on the previous functions is that the special APC is for a callback routine after the thread has executed, which, when it exited, called the callback function. And of course, something went wrong.
 
Any chance we could get a larger dump from C:\Windows\MEMORY.dmp

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.