Unable to recover

[Mushi]

I'm using my phone to type this so if I missed typed things I'm very sorry.

I'm a gamer, today I got on my laptop and everything was working fine tell my game I was playing on it started loading slow so slow I had to hit the kill switch on my laptop. When starting back up I noticed after the first 30 seconds it again started running slow. I cannot open the start menu nor my desktop files or it will just freeze the computer. Iv already ran in safe mode and it's working fine there, backup my files and tried System Recovery but when doing so it just restarted my computer back to its normal nonsafe mode desktop where it's gonna crash again.

This is pretty serious if I can't do a full pc reboot. Iv tried F11 for the reboot but it failed to pop up. What did pop up was this "F11....System recovery" which I have never seen before many times iv done a recovery which is telling me that someone is saying NO to my reboot.

I have 0 clues on what to do here and the virus scan has 0 infection found so far. It seems that someone has got me good and locked on this.

Is it anyway at all I can get thus reboot done? Maybe in commands?

[kevinf80]

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

If your PC will boot into safe mode, try "Safe mode with Networking" if successful run the following and post the logs:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  (Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.)
• Press Scan button to run the tool....
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
• Post back the report which should also be located here:
  

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP
 

Let me see those logs in your reply. If you cannot run tools do you have access to another PC and a USB flash drive....

 

Cheers,

 

Kevin....

[Mushi]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015

Ran by Mushi (2015-08-11 06:22:17)

Running from C:\Users\Mushi\Downloads

Boot Mode: Safe Mode (with Networking)

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-628196938-3290942755-3686984199-500 - Administrator - Disabled)

Guest (S-1-5-21-628196938-3290942755-3686984199-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-628196938-3290942755-3686984199-1003 - Limited - Enabled)

Mushi (S-1-5-21-628196938-3290942755-3686984199-1001 - Administrator - Enabled) => C:\Users\Mushi

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

???? & ?? (HKLM-x32\...\InstallShield_{2D6AA12F-6925-45C0-AD48-F54333781705}) (Version: 2.4.0.2748 - NCSOFT)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AMD System Monitor (HKLM-x32\...\{4144F415-7434-4501-97DE-CED4FAF64E7D}) (Version: 1.0.6 - Advanced Micro Devices, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blade & Soul (HKLM-x32\...\InstallShield_{37EEA701-C7E3-4DC9-BCFB-39C89A6998AD}) (Version: 2.02.0000 - NCTAIWAN)

Blade & Soul (x32 Version: 2.02.0000 - NCTAIWAN) Hidden

Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)

Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)

Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

GoldWave v6.10 (HKLM\...\GoldWave v6.10) (Version: 6.10 - GoldWave Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software)

HP Documentation (HKLM-x32\...\{25F3EC6C-BB03-4CEB-B36C-E656A9DD149E}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)

HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}) (Version: 2.4.3 - Hewlett-Packard Company)

HP QuickWeb (HKLM-x32\...\{999164B6-5B78-4DD3-BACE-7292640AD0DD}) (Version: 3.1.0.9760 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6319.0 - IDT)

iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)

Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden

Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

NCLauncher (plaync) (HKLM-x32\...\NCLauncher_plaync) (Version:  - NCSOFT)

Neffy 1,2,5,0 (HKLM-x32\...\Neffy) (Version: 1,2,5,0 - CDNetworks)

NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)

SageThumbs 2.0.0.22 (HKLM\...\SageThumbs) (Version: 2.0.0.22 - Cherubic Software)

saver_black (HKLM-x32\...\saver_black) (Version:  - )

saver_white (HKLM-x32\...\saver_white) (Version:  - )

Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)

Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden

Sonic Foundry Preset Manager 1.0 (HKLM-x32\...\{7266C898-F9CB-4122-9452-2AA1DACE245E}) (Version: 1.0.73 - Sonic Foundry)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden

Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)

Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

10-08-2015 22:42:41 ??? ???? & ??

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {14B916B4-2911-4422-933E-F7A6A7E44393} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)

Task: {2E02B4C2-4BA9-401F-923F-127741F1DAF6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {562B0582-83D1-47ED-9AC9-78E2B088FBE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)

Task: {6EF4EA06-A0A9-42BC-8C8A-C52ED43F4CE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)

Task: {70279D74-659E-4BAD-A1E8-7D6BADC96C24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)

Task: {A11EE47F-402D-4C4F-A12D-350C9120A6A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)

Task: {B7E7273C-6385-4EA2-B5BB-1E53AD7F74D3} - \Microsoft\Windows Defender\MP Scheduled Scan -> No File <==== ATTENTION

Task: {EE746822-C3FB-463B-A0EB-E86655B4A5BA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-04-19 22:11 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Mushi\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2015-04-19 22:11 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Mushi\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

2015-08-05 22:48 - 2015-07-30 23:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Mushi\Cookies:28Hs0vTKg3uE5Xt7ayN8

AlternateDataStreams: C:\Users\Mushi\Cookies:qarXax1f6SolWQoJ1gu

AlternateDataStreams: C:\Users\Mushi\AppData\Local\Temp:K5mgH46p7TOdRJXTh7bCCSBmgqI

AlternateDataStreams: C:\Users\Mushi\AppData\Local\Temp:TNuz0ShGRhxux5vs5zJmfb

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-628196938-3290942755-3686984199-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mushi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AMD External Events Utility => 2

MSCONFIG\Services: AMD FUEL Service => 2

MSCONFIG\Services: Apple Mobile Device Service => 2

MSCONFIG\Services: BBSvc => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: FreemakeVideoCapture => 2

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: HP Support Assistant Service => 2

MSCONFIG\Services: HPAuto => 2

MSCONFIG\Services: HPClientSvc => 2

MSCONFIG\Services: HPDrvMntSvc.exe => 2

MSCONFIG\Services: hpqwmiex => 3

MSCONFIG\Services: HPWMISVC => 2

MSCONFIG\Services: IconMan_R => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: RoxioNow Service => 2

MSCONFIG\Services: STacSV => 2

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: Google Update => "C:\Users\Mushi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup

MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{8E01F157-649C-4F40-B621-D7531B20A8FA}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe

FirewallRules: [{70174A77-01E1-4857-87D5-1EA3D823A097}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe

FirewallRules: [{EE12189A-3AA1-43F7-A06E-89C7AC914702}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe

FirewallRules: [{59CA5D7D-E4E0-42F7-822F-AC4DCCEC19C3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe

FirewallRules: [{BD68C36E-A25B-4D40-954F-39B9F9CA3EFE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{0716D938-603E-4BC6-AB60-CB34DB910CC4}] => (Allow) LPort=2869

FirewallRules: [{4950ED03-3633-4551-9527-8C9592DC7A8E}] => (Allow) LPort=1900

FirewallRules: [{4C30B963-AD91-4355-A144-400FB336D383}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{72C0F6FA-2E35-42D8-BFEA-13ECB3770889}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{26C4CC1C-BE07-44C4-B7DC-9FF28F3ED051}] => (Allow) C:\Users\Mushi\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{96D2F4C2-99E3-4687-818B-1039A68BBFD9}] => (Allow) C:\Users\Mushi\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{1AAA7B0C-1B44-47A6-AD28-55163A938044}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{61F4593B-1966-44D4-BBF7-08B0CFB0D556}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{71F57D98-4F18-4696-A066-064322B53395}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1E852E82-5F40-41E7-9444-E99B75627649}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{93D65BB5-5BB1-4DA7-A0CE-84D1196DADDD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{DCB99DAC-0975-4E7C-B126-EC302A79F535}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{B590AA59-B670-4481-BEFB-313A44C486F9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{FF0C9CB5-58A1-468B-B215-B6C1E7A5749B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{19A219B9-C96D-43BC-9F06-FD450A6C7C57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elsword\ESSTEAM.exe

FirewallRules: [{3C0F2482-7C48-4E5B-9999-A122684EF3C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elsword\ESSTEAM.exe

FirewallRules: [TCP Query User{7E9825BC-7556-46A0-A0B4-C41D3288713C}C:\program files (x86)\nctaiwan\blade & soul\bin\nctalk.exe] => (Allow) C:\program files (x86)\nctaiwan\blade & soul\bin\nctalk.exe

FirewallRules: [uDP Query User{F0550C6F-4913-46D7-8AAD-82284725957F}C:\program files (x86)\nctaiwan\blade & soul\bin\nctalk.exe] => (Allow) C:\program files (x86)\nctaiwan\blade & soul\bin\nctalk.exe

FirewallRules: [{07029A88-0C9A-434A-8285-9E0C4DF6E4CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elsword\data\x2.exe

FirewallRules: [{FEAB52DC-5B6C-4A39-89F4-54A0614DA422}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elsword\data\x2.exe

FirewallRules: [{26CBD3DE-64A5-458D-B9AE-1565FC194BCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe

FirewallRules: [{007F6734-B76D-47BE-B96C-1F0754EE4C08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe

FirewallRules: [TCP Query User{90961794-DD17-4430-8DD8-D34D55FBAA62}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe

FirewallRules: [uDP Query User{7BCE189C-0FDB-4CF6-98AA-3F433D1C6AEC}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe

FirewallRules: [{F1AA3DCC-242D-4E00-B492-E19F31196B67}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{09E07E55-D438-498F-8408-172ACBF51072}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\nxsteam.exe

FirewallRules: [{4A8061D7-EF2D-4FB9-A3C3-795ACAC30715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\nxsteam.exe

FirewallRules: [{61D4FF5A-764A-4E3C-A78A-A82E1CF1C8F0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{2ABBF243-1D59-492F-AC87-6588D52E2533}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{1E9282D6-07D2-4F75-86D5-9BE0FAD2D8FF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{1C0ADC9A-56ED-48EF-99F7-135DA6DBA7EA}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{EE60B5E9-B4EA-4DD2-AC84-4B29848785C5}] => (Allow) C:\Users\Mushi\AppData\Roaming\NCSoft\ncDownloader\ncDownload.exe

FirewallRules: [{6224433C-9249-449E-9EE4-3153682BF356}] => (Allow) C:\Users\Mushi\AppData\Roaming\NCSoft\ncDownloader\ncDownload.exe

FirewallRules: [TCP Query User{EC30BD8A-C65E-4517-8B7D-5F16B8E5F9A6}C:\program files (x86)\plaync\nclauncher\nclauncherr.exe] => (Allow) C:\program files (x86)\plaync\nclauncher\nclauncherr.exe

FirewallRules: [uDP Query User{70AEB8CA-3215-4B17-81A4-DBBE54AE90EC}C:\program files (x86)\plaync\nclauncher\nclauncherr.exe] => (Allow) C:\program files (x86)\plaync\nclauncher\nclauncherr.exe

FirewallRules: [{E5B5059E-665F-4B59-A1F3-53C08115D57A}] => (Allow) C:\Users\Mushi\AppData\Local\Temp\QQGameDownloader\bns_1429866144_16471\MiniQQDL.exe

FirewallRules: [{AC11C5A0-498C-4086-9413-0CB3C6352095}] => (Allow) C:\Users\Mushi\AppData\Local\Temp\QQGameDownloader\bns_1429866144_16471\MiniQQDL.exe

FirewallRules: [TCP Query User{DD78D102-4DB6-46DB-A024-B432BB5CF4DC}C:\users\mushi\appdata\local\temp\qqgamedownloader\bns_1429866144_16471\teniodl.exe] => (Allow) C:\users\mushi\appdata\local\temp\qqgamedownloader\bns_1429866144_16471\teniodl.exe

FirewallRules: [uDP Query User{F0B7D022-AA63-4793-97EF-E87751D64C42}C:\users\mushi\appdata\local\temp\qqgamedownloader\bns_1429866144_16471\teniodl.exe] => (Allow) C:\users\mushi\appdata\local\temp\qqgamedownloader\bns_1429866144_16471\teniodl.exe

FirewallRules: [{DF855B86-4421-4030-8662-309ED05215E6}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe

FirewallRules: [{606560A8-C193-446A-B268-0B61C53A07E4}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\tcls_core.exe

FirewallRules: [{E44159B2-F996-4E47-A23A-61DBB39467BC}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe

FirewallRules: [{A81B7444-7F38-448D-8CBB-053E460C45C7}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tcls\Tenio\TenioDL\TenioDL.exe

FirewallRules: [{00A30413-927A-4957-8BBA-1546EE069F51}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe

FirewallRules: [{0EBB92DD-AD86-4E75-A740-95BFBFDA2EBF}] => (Allow) C:\Program Files (x86)\Tencent\TGP\tgp_daemon.exe

FirewallRules: [TCP Query User{57E6D101-F781-4EAC-BBF0-C159817CD8E9}C:\program files\bns\bns\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\bns\bns\tcls\tenprotect\tensafe_1.exe

FirewallRules: [uDP Query User{ABDCC68E-BF5B-4ABD-BED5-55BC7B0281CA}C:\program files\bns\bns\tcls\tenprotect\tensafe_1.exe] => (Allow) C:\program files\bns\bns\tcls\tenprotect\tensafe_1.exe

FirewallRules: [{00B60AAF-B66B-4882-81A6-9760CF101D03}] => (Allow) c:\users\mushi\appdata\roaming\tencent\剑灵\44cbc03e3f3832868f4e24073a117903\teniodl\teniodl.exe

FirewallRules: [{CEA018D6-6D8B-4988-882F-D357B2A9930D}] => (Allow) c:\users\mushi\appdata\roaming\tencent\剑灵\44cbc03e3f3832868f4e24073a117903\teniodl\teniodl.exe

FirewallRules: [TCP Query User{2CB881B2-EF02-4037-B171-B151F3CE652A}C:\program files\bns\bns\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\bns\bns\tcls\tenprotect\taslogin.exe

FirewallRules: [uDP Query User{6FC77DCF-A90F-4875-9C57-BBD956304C2B}C:\program files\bns\bns\tcls\tenprotect\taslogin.exe] => (Allow) C:\program files\bns\bns\tcls\tenprotect\taslogin.exe

FirewallRules: [{F6060A34-34EE-40E5-9DAC-2EBD52A4DCB2}] => (Allow) C:\Program Files\bns\bns\bin\Cross\CrossProxy.exe

FirewallRules: [{C36E735C-BE1F-4047-A2EF-AD39986B8BC6}] => (Allow) C:\Program Files\bns\bns\bin\Cross\CrossProxy.exe

FirewallRules: [{F491CDBA-E804-463F-890E-1FE60B78A200}] => (Allow) C:\Program Files\bns\bns\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe

FirewallRules: [{647286E2-C206-4995-86D5-531F44860052}] => (Allow) C:\Program Files\bns\bns\bin\Cross\Apps\CQS\QTalk\Bin\miniQTalk.exe

FirewallRules: [{2E9DB027-864E-4CAB-85B9-B398D7182595}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe

FirewallRules: [{6BC5D6E9-5B9A-4C56-BCD0-CFD62BDAB9E6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe

FirewallRules: [TCP Query User{6E4F6B36-059D-4DF0-AE85-169D6525897D}C:\program files\bns\bns\bin\client.exe] => (Allow) C:\program files\bns\bns\bin\client.exe

FirewallRules: [uDP Query User{93F724E7-51C8-4C27-BD47-C10CCB0A18E1}C:\program files\bns\bns\bin\client.exe] => (Allow) C:\program files\bns\bns\bin\client.exe

FirewallRules: [{4FB75E26-7836-4D1B-98B0-8ECAB271D9FB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe

FirewallRules: [{74240B94-F9ED-4B03-B963-824AEB7D6A1D}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe

FirewallRules: [TCP Query User{8F2F08F3-3910-415A-BDAA-A86F537AE132}C:\program files (x86)\dolphin x86\dolphin.exe] => (Allow) C:\program files (x86)\dolphin x86\dolphin.exe

FirewallRules: [uDP Query User{CE8184C8-E13B-40B0-BF71-AA028ECE3D22}C:\program files (x86)\dolphin x86\dolphin.exe] => (Allow) C:\program files (x86)\dolphin x86\dolphin.exe

FirewallRules: [TCP Query User{FD2E6F5B-7A4A-485F-8919-FE3EA43D7956}C:\program files (x86)\halo combat evolved\halo.exe] => (Block) C:\program files (x86)\halo combat evolved\halo.exe

FirewallRules: [uDP Query User{F294E9CA-6668-4988-8005-CAD7D15E9160}C:\program files (x86)\halo combat evolved\halo.exe] => (Block) C:\program files (x86)\halo combat evolved\halo.exe

FirewallRules: [TCP Query User{4BEBB137-065C-430D-8B99-CDB23DC6EEC9}C:\program files (x86)\ncsoft\blade&soul\bin\nctalk.exe] => (Allow) C:\program files (x86)\ncsoft\blade&soul\bin\nctalk.exe

FirewallRules: [uDP Query User{7D2397AF-5884-4392-AC66-339192624D6F}C:\program files (x86)\ncsoft\blade&soul\bin\nctalk.exe] => (Allow) C:\program files (x86)\ncsoft\blade&soul\bin\nctalk.exe

FirewallRules: [TCP Query User{07905DB2-8757-44E8-8F95-82CEAA558FA9}C:\users\mushi\downloads\dn_v233_downloader.exe] => (Allow) C:\users\mushi\downloads\dn_v233_downloader.exe

FirewallRules: [uDP Query User{50993378-63ED-4A83-AA54-1C08721D94A3}C:\users\mushi\downloads\dn_v233_downloader.exe] => (Allow) C:\users\mushi\downloads\dn_v233_downloader.exe

FirewallRules: [TCP Query User{0D0FEC9D-4015-46B6-9F49-DBD2D3FFB0FF}C:\users\mushi\desktop\bns_fullclient.zip.torrent.exe] => (Allow) C:\users\mushi\desktop\bns_fullclient.zip.torrent.exe

FirewallRules: [uDP Query User{5F39EBAF-EEE1-4615-8D68-0A301149BB6D}C:\users\mushi\desktop\bns_fullclient.zip.torrent.exe] => (Allow) C:\users\mushi\desktop\bns_fullclient.zip.torrent.exe

FirewallRules: [{A52F336D-0F7F-4361-9EAD-5B7B022DCCE9}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{9544F43A-96F2-481F-B62C-CD58D6B1B3AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{08E72185-228B-4838-BC28-8D4BF8E108B0}] => (Allow) C:\HanPurple\DragonNest_Trial\DragonNest_Trial.exe

FirewallRules: [{A6BA955E-8E3E-4256-8F5F-BAB9D1BCC58B}] => (Allow) C:\HanPurple\DragonNest_Trial\DragonNest_Trial.exe

 

==================== Faulty Device Manager Devices =============

 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/11/2015 06:14:17 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 10:40:22 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 10:37:08 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 09:53:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 09:46:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )

Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

 

Details:

Could not query the status of the EventSystem service.

 

System Error:

A system shutdown is in progress.

.

 

Error: (08/10/2015 09:07:51 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 08:57:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 08:54:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 08:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WinRAR.exe, version: 5.21.0.0, time stamp: 0x54e05207

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00690074

Faulting process id: 0x694

Faulting application start time: 0xWinRAR.exe0

Faulting application path: WinRAR.exe1

Faulting module path: WinRAR.exe2

Report Id: WinRAR.exe3

 

Error: (08/10/2015 08:29:44 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (08/11/2015 06:21:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:21:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:21:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:18:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:18:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:18:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:18:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:18:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:18:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (08/11/2015 06:16:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

 

Microsoft Office:

=========================

Error: (08/11/2015 06:14:17 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 10:40:22 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 10:37:08 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 09:53:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 09:46:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )

Description: Details:

Could not query the status of the EventSystem service.

 

System Error:

A system shutdown is in progress.

 

Error: (08/10/2015 09:07:51 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 08:57:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 08:54:47 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/10/2015 08:30:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: WinRAR.exe5.21.0.054e05207unknown0.0.0.000000000c00000050069007469401d0d3e61218cebaC:\Program Files (x86)\WinRAR\WinRAR.exeunknown5d5b1407-3fd9-11e5-87ef-9baa4037f808

 

Error: (08/10/2015 08:29:44 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Processor: AMD A4-3300M APU with Radeon HD Graphics

Percentage of memory in use: 29%

Total physical RAM: 3562.91 MB

Available physical RAM: 2501.1 MB

Total Virtual: 7124.01 MB

Available Virtual: 6188.67 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:446.77 GB) (Free:342.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Recovery) (Fixed) (Total:14.83 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 533D6125)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=446.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14.8 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

 

==================== End of log ============================

 

Um..embarrassing  question but how do I attach the file? Iv never done that before on any forums.

[kevinf80]

I need to see the main log from FRST, also the log from RogueKiller...

 

To attach, use the "More Reply Options" bottom right of reply box, In the new window use "Browse" to find the file, then "Attach this File" to do that..

[Mushi]

Here's Addition but it won't allow me to send the RKreport.

 

Thank you by the way.

Addition.txt

[kevinf80]

You already posted Addition.txt, I need to see the primary log FRST.txt.... Logs are save here: C:\FRST\Logs

[Mushi]

Ahhh i'm very sorry, here you go.

 

 

FRST_11-08-2015_06-22-35.txt

[Mushi]

Forgot the other Attachede file from your above post too, again sorry ha.

 

I still for some reason cannot upload the RK report. Maybe cause it's , .json?

Addition_11-08-2015_06-22-35.txt

[kevinf80]

Leave RogueKiller for now...

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

After a re-boot see if you`re will work in Normal mode..
 

Fixlist.txt

[Mushi]

I can boot it in normal but everything is still slow, loading pages, clicking icons, start menu, all of it so I'm going back into safemode. I'll attach the file after cause due to me having to hit the kill switch too many times I now have to wait for the CHKDSK to finish doing what it's doing.

BTW thank you again for helping me, be back with the file after.

[Mushi]

Alright here you go.

Fixlog.txt

[kevinf80]

Thanks for the reply/log, at least we have made some progress. Continue as follows;

 

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
  
          'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish. Follow the instructions above....
  

 
Next,
 
Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on Scan
• Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
• You will get a prompt asking to close all programs. Click OK.
• Click OK again to reboot your computer.
• A text file will open after the restart. Please post the content of that logfile in your reply.
• You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number
  

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts. (re-enable when done)
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Let me see those logs, also give an update on any remaining issues or concerns... I do not see an Anti-virus program installed, is that correct?

 

Thank you,

 

Kevin...

[Mushi]

Looks like it's game over for me. While doing the scan my laptop just randomly shut down. On reboot I got nothing but annoying beeping sounds while it slow booted.

I guess that's it time to buy a desktop *sigh* no big deal I guess I had this crappy laptop for I don't know how long and 90% of its keys were disabled with a broken fan.

Welp. Thanks anyway buddy sorry for wasting our time.

[kevinf80]

I would expect that your hard drive just died, there were indicative files in your logs from auto chkdsk inputs:

 

C:\found.002
C:\found.003

 

Such entries are usually found pre HD failure, I guess we can close out....

 

Thank you,

 

Kevin...

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.