Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netwatcher


  • This topic is locked This topic is locked
36 replies to this topic

#1 Galaxystarr

Galaxystarr

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 19 July 2015 - 10:26 AM

Hey fellas ^_^
 
I think i have a slight problem regarding to a startup exe called netwatcher. I can't disable it from msconfig startup. Tried normally disabling but once i reopened the window, i saw it was enabled again.
Malwarebytes and Windows security essentials found nothing REGARDING to this problem. There were couple so called trojans in my system that malwarebytes found but imo none of them were related. If necessary i am happy to provide the logs.
 
I might've deleted an unnecessary program or something along those lines that used netwatcher but don't quote me on that as my memory is hazy regarding this situation. All i remember is i tried getting rid of this thing before and i just forgot it existed.
 
I am willing to provide any information or install any recommended programs or follow your instructions.
 
http://imgur.com/a/kTcbt These might help.
 
Thanks for sticking around!

Edit: Moved topic from Anti-Virus and Anti-Malware Software to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:10 PM

Posted 19 July 2015 - 01:10 PM

Hello,

Google gives several hits on Netwatcher, including a software on SourceForge but I do not know if it is the one we are looking for.

MiniToolbox by Farbar

Avast users please disable your antivirus before downloading!
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (choose Errors only)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===

Security Check by screen317
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt. Please copy and paste the contents of the log in your next reply.

Regards,
Alex

#3 Galaxystarr

Galaxystarr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 19 July 2015 - 01:37 PM

Thanks for the reply. Good to know that i am in the hands of the life binder :)

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by Galaxystarr (administrator) on 19-07-2015 at 21:19:12
Running from "C:\Users\Galaxystarr\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: IPXSB-H61 Manufacturer: PEGATRON
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Local Area Connection 2 (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection 2" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Gaxos
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : E8-40-F2-DE-D1-74
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a855:a54c:6b75:4cdb%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.180(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19 Temmuz 2015 Pazar 18:11:44
   Lease Expires . . . . . . . . . . : 19 Temmuz 2015 Pazar 21:57:32
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 317210866
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B7-2C-B6-E8-40-F2-DE-D1-74
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   Primary WINS Server . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-8E-1E-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::198e:1e7a(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3d2c:415e:8c3f:9746%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.142.30.122(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : 19 Temmuz 2015 Pazar 18:11:32
   Lease Expires . . . . . . . . . . : 18 Temmuz 2016 Pazartesi 18:13:38
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 360347935
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B7-2C-B6-E8-40-F2-DE-D1-74
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{8A8DD0A0-1C60-40F0-98CF-BB65A7508897}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{7EA721B9-0415-42D6-92B3-B948A2F5AA8F}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1
 
Name:    google.com
Addresses:  2a00:1450:4017:803::200e
 216.58.209.14
 
 
Pinging google.com [216.58.209.14] with 32 bytes of data:
Reply from 216.58.209.14: bytes=32 time=31ms TTL=58
Reply from 216.58.209.14: bytes=32 time=29ms TTL=58
 
Ping statistics for 216.58.209.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 31ms, Average = 30ms
Server:  UnKnown
Address:  192.168.2.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=181ms TTL=47
Reply from 98.138.253.109: bytes=32 time=181ms TTL=47
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 181ms, Maximum = 181ms, Average = 181ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...e8 40 f2 de d1 74 ......Realtek PCIe FE Family Controller
 14...7a 79 19 8e 1e 7a ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1    25.142.30.122   9256
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.180     20
         25.0.0.0        255.0.0.0         On-link     25.142.30.122   9256
    25.142.30.122  255.255.255.255         On-link     25.142.30.122   9256
   25.255.255.255  255.255.255.255         On-link     25.142.30.122   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.180    276
    192.168.2.180  255.255.255.255         On-link     192.168.2.180    276
    192.168.2.255  255.255.255.255         On-link     192.168.2.180    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.180    276
        224.0.0.0        240.0.0.0         On-link     25.142.30.122   9256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.180    276
  255.255.255.255  255.255.255.255         On-link     25.142.30.122   9256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 14    276 2620:9b::/96             On-link
 14    276 2620:9b::198e:1e7a/128   On-link
 13    276 fe80::/64                On-link
 14    276 fe80::/64                On-link
 14    276 fe80::3d2c:415e:8c3f:9746/128
                                    On-link
 13    276 fe80::a855:a54c:6b75:4cdb/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
 14    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/19/2015 06:13:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2015 05:36:44 PM) (Source: NWService.exe) (User: )
Description: The service process could not connect to the service controller
 
Error: (07/19/2015 05:30:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2015 09:47:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/18/2015 00:29:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 07:36:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2015 00:39:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 08:32:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: ExpressTray.exe, version: 4.1.3.0, time stamp: 0x558887f1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x8ec
Faulting application start time: 0xExpressTray.exe0
Faulting application path: ExpressTray.exe1
Faulting module path: ExpressTray.exe2
Report Id: ExpressTray.exe3
 
Error: (07/13/2015 08:32:17 PM) (Source: .NET Runtime) (User: )
Description: Application: ExpressTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.<ThrowAsync>b__4(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Garmin.Omt.Express.TrayApplication.App.Main()
 
Error: (07/13/2015 08:30:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/18/2015 00:39:17 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (07/18/2015 00:38:10 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (07/18/2015 00:28:33 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Access is denied. 
 
Reason: %%892
 
Error: (07/18/2015 00:28:28 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (07/17/2015 07:46:23 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (07/17/2015 07:46:22 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (07/16/2015 08:40:51 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (07/16/2015 07:46:28 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (07/16/2015 07:46:22 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (07/15/2015 00:40:16 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (07/19/2015 06:13:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2015 05:36:44 PM) (Source: NWService.exe)(User: )
Description: The service process could not connect to the service controller
 
Error: (07/19/2015 05:30:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/19/2015 09:47:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/18/2015 00:29:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2015 07:36:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2015 00:39:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 08:32:18 PM) (Source: Application Error)(User: )
Description: ExpressTray.exe4.1.3.0558887f1KERNELBASE.dll6.1.7601.18869556363bce04343520000c42d8ec01d0bd918787b27dC:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exeC:\Windows\syswow64\KERNELBASE.dll1b605854-2985-11e5-bb32-e840f2ded174
 
Error: (07/13/2015 08:32:17 PM) (Source: .NET Runtime)(User: )
Description: Application: ExpressTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore.<ThrowAsync>b__4(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Garmin.Omt.Express.TrayApplication.App.Main()
 
Error: (07/13/2015 08:30:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F37C2975-92EA-59CA-59E6-50E56F0E76DD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android Data Recovery Pro  (HKLM-x32\...\Android Data Recovery Pro) (Version:  - Tenorshare, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARK Survival Evolved version 181.2 (HKLM-x32\...\ARK Survival Evolved_is1) (Version: 181.2 - GMT-MAX.ORG)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Batman Arkham Origins (HKLM-x32\...\{F9F98926-BC5F-41C3-A05A-2EB60300332E}) (Version: 6.0 - Black Box)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty® Advanced Warfare / RePack by Baracuda (HKLM\...\Call of Duty® Advanced Warfare_is1) (Version: 1.5.0.12818 - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chrome Remote Desktop Host (HKLM-x32\...\{FD6E648E-1378-467F-AD37-2B98B379B0DD}) (Version: 44.0.2403.25 - Google Inc.)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Souls II Scholar of the First Sin v.1.0.1 (HKLM-x32\...\Dark Souls II Scholar of the First Sin_is1) (Version:  - )
Deckadance 2 (HKLM-x32\...\Deckadance 2) (Version: 2.0 - Image-Line)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectWave (HKLM-x32\...\DirectWave) (Version:  - Image-Line)
Drumaxx (HKLM-x32\...\Drumaxx) (Version:  - Image-Line)
DX10 (HKLM-x32\...\DX10) (Version:  - Image-Line)
Dying Light (HKLM-x32\...\Dying Light_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Dying Light Update v1.2.1 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Edison (HKLM-x32\...\Edison) (Version:  - Image-Line)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FINAL FANTASY IV: THE AFTER YEARS (HKLM-x32\...\RklOQUxGQU5UQVNZSVZUSEVBRlRFUllFQVJT_is1) (Version: 1 - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Groove Machine (HKLM-x32\...\Groove Machine) (Version:  - Image-Line)
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line bvba)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotline Miami 2: Wrong Number (HKLM-x32\...\Hotline Miami 2: Wrong Number_is1) (Version:  - )
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.8.2414.748 - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL DrumSynth Live (HKLM-x32\...\IL DrumSynth Live) (Version:  - Image-Line)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version:  - Image-Line)
IL Harmless (HKLM-x32\...\IL Harmless) (Version:  - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version:  - Image-Line)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version:  - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version:  - Image-Line)
IL Ogun (HKLM-x32\...\IL Ogun) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version:  - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lemma (HKLM-x32\...\TGVtbWE=_is1) (Version: 1 - )
LG One Click Root (HKLM-x32\...\{5085AFF1-777B-4052-85D1-59140D26DB28}) (Version: 1.3.0.0 - avicohh software)
LG United Mobile Drivers (HKLM-x32\...\{F193D8D7-3D5E-4DB5-A74C-F8CD5378EE7B}) (Version: 3.12.3.0 - LG Electronics)
LogMeIn Hamachi (HKLM-x32\...\{B8E7EF80-9719-4EEB-944D-E68D1F3DFA7B}) (Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
Magicka 2 (HKLM-x32\...\TWFnaWNrYTI=_is1) (Version: 1 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maximus (HKLM-x32\...\Maximus) (Version:  - Image-Line)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-Earth: Shadow of Mordor (HKLM-x32\...\Middle-Earth: Shadow of Mordor_is1) (Version:  - )
Morphine (HKLM-x32\...\Morphine) (Version:  - Image-Line bvba)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MP3 Audio Editor v9.6.2 (HKLM-x32\...\MP3 Audio Editor_is1) (Version:  - Copyright© 2005-2014 MAESystems, Inc.)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.8 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{f58060e5-32c3-4f39-ac3b-2a13861b886a}) (Version: latest - ppy Pty Ltd)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22879 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games)
Sakura (HKLM-x32\...\Sakura) (Version:  - Image-Line)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimSynth (HKLM-x32\...\SimSynth) (Version:  - Image-Line)
SixaxisPairTool 0.3.0 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.3.0 - Dancing Pixel Studios)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version:  - )
Sytrus (HKLM-x32\...\Sytrus) (Version:  - Image-Line)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TOUKIDEN Kiwami (HKLM-x32\...\TOUKIDEN Kiwami_is1) (Version:  - )
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line bvba)
Turkcell Connect (HKLM-x32\...\Turkcell Connect) (Version: 11.300.05.10.170 - Huawei Technologies Co.,Ltd)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wondershare Dr.Fone for Android(Build 5.1.1.6) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 5.1.1.6 - Wondershare Software Co.,Ltd.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 27%
Total physical RAM: 8160.47 MB
Available physical RAM: 5944.95 MB
Total Virtual: 16319.14 MB
Available Virtual: 13846.29 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:1862.92 GB) (Free:975.95 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\GAXOS
 
Administrator            Galaxystarr              Guest                    
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\032915-20077-01.dmp
========================= Restore Points ==================================
 
16-07-2015 23:22:29 Scheduled Checkpoint
17-07-2015 00:00:10 Windows Update
 
**** End of log ****
 
 
-
-
-
-
-
 
Security Check 
 

 Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.209  
 Google Chrome (43.0.2357.132) 
 Google Chrome (43.0.2357.134) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:10 PM

Posted 19 July 2015 - 01:41 PM

Hello,

Let's rule out any remaining infections before we proceed.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
===

Please update Malwarebytes and perform a Threat Scan for me, then post the log here.

===

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Regards,
Alex

#5 Galaxystarr

Galaxystarr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 19 July 2015 - 03:56 PM

Malwarebytes was clean this time, but i did scan this evening in hopes of getting rid of this thing and it actually caught a couple of things. So here is this evenings logs

 

Scan: 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19.07.2015
Scan Time: 17:56
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.19.02
Rootkit Database: v2015.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Galaxystarr
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366256
Time Elapsed: 13 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [5b437a693f4b2d09d416484b5fa59a66], 
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [455919ca06845fd749a15043c24248b8], 
 
Registry Values: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [5b437a693f4b2d09d416484b5fa59a66]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [455919ca06845fd749a15043c24248b8]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
Trojan.Agent, C:\Users\Galaxystarr\AppData\Local\Temp\loop.exe, Quarantined, [adf127bcf99175c1303b977250b2a759], 
PUP.Optional.Multiplug.A, C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr], Quarantined, [019dd310b6d4c0762d802b66e51f8f71], 
PUP.Optional.Multiplug.A, C:\Windows\Tasks\Bidaily Synchronize Task[pr].job, Quarantined, [a2fc24bf9febab8bf4ba2f62857fb24e], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Protection:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Error, 19.07.2015 17:55, SYSTEM, GAXOS, Update, Bad md5 or size: akadomains, 11, 
Error, 19.07.2015 17:55, SYSTEM, GAXOS, Update, Bad md5 or size: akaips, 11, 
Update, 19.07.2015 17:55, SYSTEM, GAXOS, Manual, Rootkit Database, 2015.6.2.1, 2015.7.17.1, 
Update, 19.07.2015 17:55, SYSTEM, GAXOS, Manual, Domain Database, 0.0.0.0, 2015.6.12.1, 
Update, 19.07.2015 17:55, SYSTEM, GAXOS, Manual, Remediation Database, 2015.5.13.1, 2015.7.15.2, 
Update, 19.07.2015 17:55, SYSTEM, GAXOS, Manual, IP Database, 0.0.0.0, 2015.6.12.1, 
Update, 19.07.2015 17:55, SYSTEM, GAXOS, Manual, AKA IP Database, 0.0.0.0, 2015.7.15.1, 
Update, 19.07.2015 17:55, SYSTEM, GAXOS, Manual, AKA Domain Database, 0.0.0.0, 2015.7.16.1, 
Update, 19.07.2015 17:55, SYSTEM, GAXOS, Manual, Malware Database, 2015.6.3.3, 2015.7.19.2, 
Scan, 19.07.2015 18:10, SYSTEM, GAXOS, Manual, Start:19.07.2015 17:56, Duration:13 min 41 sec, Threat Scan, Completed, 1 Malware Detection, 6 Non-Malware Detections, 
Error, 19.07.2015 18:11, SYSTEM, GAXOS, Protection, IsLicensed, 13, 
Protection, 19.07.2015 18:11, SYSTEM, GAXOS, Protection, Malware Protection, Stopping, 
Protection, 19.07.2015 18:11, SYSTEM, GAXOS, Protection, Malware Protection, Stopped, 
Update, 19.07.2015 21:55, SYSTEM, GAXOS, Manual, AKA Domain Database, 2015.7.16.1, 2015.7.19.1, 
Scan, 19.07.2015 22:09, SYSTEM, GAXOS, Manual, Start:19.07.2015 21:55, Duration:13 min 55 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)
 
 
Emsisoft Emergency Kit:
 
I didn't realize it was gonna create the logs in Turkish so i didn't touch the language at the start. To help you, Kapalı means off and Açık means on. Let me know if you need translation.
 
 
Emsisoft Acil Çantası - Sürüm 10.0
En son güncelleme: 19.07.2015 22:18:10
Kullanıcı hesabı: Gaxos\Galaxystarr
 
Tarama ayarları:
 
Tarama türü: Malware Taraması
Nesneler: Rootkitler, Hafıza, İzler, Dosyalar
 
PİPs algılama: Kapalı
Tarama arşivi: Kapalı
ADS Tara: Açık
Dosya uzantısı filtresi: Kapalı
Gelişmiş önbelleğe alma: Açık
Doğrudan disk erişimi: Kapalı
 
Tarama başlangıcı: 19.07.2015 22:18:38
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 Algılandı: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS Algılandı: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Algılandı: Application.AdReg (A)
C:\Program Files (x86)\Breaking Point\Repair.exe Algılandı: Gen:Variant.Kazy.535019 ( B)
C:\Users\Galaxystarr\AppData\Local\Temp\DF4ATMP\my.apk -> classes.dex (BAD CRC) Algılandı: Android.Exploit.MasterKey.B ( B)
 
Tarandı 84159    (scanned)
Bulundu 5   (found)
 
Tarama sonu: 19.07.2015 22:22:28
Tarama süresi: 0:03:50
 
C:\Users\Galaxystarr\AppData\Local\Temp\DF4ATMP\my.apk Karantinaya alındı Android.Exploit.MasterKey.B ( B)
C:\Program Files (x86)\Breaking Point\Repair.exe Karantinaya alındı Gen:Variant.Kazy.535019 ( B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Karantinaya alındı Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS Karantinaya alındı Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 Karantinaya alındı Application.Win32.InstallExt (A)
 
Karantinaya alındı 5   (quarantined)
 
 
Also did the eset scan. 2 quarantined and deleted.
 
Edit: Found this log file in eset directory 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4f66fd18993ff148b97b184c93c03625
# end=init
# utc_time=2015-07-19 06:55:23
# local_time=2015-07-19 09:55:23 (+0200, Turkey Daylight Time)
# country="Turkey"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24878
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4f66fd18993ff148b97b184c93c03625
# end=updated
# utc_time=2015-07-19 07:06:13
# local_time=2015-07-19 10:06:13 (+0200, Turkey Daylight Time)
# country="Turkey"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=4f66fd18993ff148b97b184c93c03625
# engine=24878
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-19 07:06:17
# local_time=2015-07-19 10:06:17 (+0200, Turkey Daylight Time)
# country="Turkey"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4935315 60320371 0 0
# scanned=128
# found=0
# cleaned=0
# scan_time=4
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4f66fd18993ff148b97b184c93c03625
# end=init
# utc_time=2015-07-19 07:28:24
# local_time=2015-07-19 10:28:24 (+0200, Turkey Daylight Time)
# country="Turkey"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 24878
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4f66fd18993ff148b97b184c93c03625
# end=updated
# utc_time=2015-07-19 07:28:39
# local_time=2015-07-19 10:28:39 (+0200, Turkey Daylight Time)
# country="Turkey"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=4f66fd18993ff148b97b184c93c03625
# engine=24878
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-19 08:54:07
# local_time=2015-07-19 11:54:07 (+0200, Turkey Daylight Time)
# country="Turkey"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4941785 60326841 0 0
# scanned=346657
# found=2
# cleaned=2
# scan_time=5127
sh=77A83E3A55D31994C7B4FEFC1540D03A42CCA9F4 ft=1 fh=ac7b993b62149c11 vn="a variant of Win32/OpenCandy.C potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Galaxystarr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFKDY04Z\OCSetupHlp[1].dll"
sh=93050B79639E58BF31EDFDD10158EA2DF2577DFD ft=1 fh=5f0e75245e5a92f7 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Galaxystarr\AppData\Roaming\BitTorrent\updates\7.9.2_34026.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4f66fd18993ff148b97b184c93c03625
# end=init
# utc_time=2015-07-19 08:57:43
# local_time=2015-07-19 11:57:43 (+0200, Turkey Daylight Time)
# country="Turkey"
# osver=6.1.7601 NT Service Pack 1
 

Edited by Galaxystarr, 19 July 2015 - 03:59 PM.


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:10 PM

Posted 19 July 2015 - 04:02 PM

No need to translate, I'm familiar with the layout of the logs. :)

Download OldTimer's Temp File Cleaner and run it. The tool will clear out your temporary files.

Kaspersky Virus Removal Tool

4n7CEPj.jpgPlease download Kaspersky Virus Removal Tool from here.
  • Right click on NfpAe5Z.jpg and select Run as Administrator.
  • Read the EULA, then select Accept.
  • Wait for Kaspersky Virus Removal Tool to initialize.
  • In the main screen, select Change parameters, place a checkmark in System drive, then click OK.
  • Click Start scan.
  • Wait for Kaspersky Virus Removal Tool to complete scanning.
  • When the scan is finished, select Neutralize all for all detected objects.
  • Close Kaspersky Virus Removal Tool when done.
Let me know if it found anything.

===

Autoruns by Sysinternals

Please follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns from here.
  • Extract the content of the Autoruns.zip folder on the Desktop.
  • Open the Autoruns folder, right click on Autoruns.exe and click Run as Administrator.
  • Accept the EULA on opening, then wait for all the entries to load.
  • Click on File, then Save and save the file to your Desktop.
  • Go on ge.tt and upload the Autoruns file you saved.
  • Please copy and post the download URL of your uploaded file in your next reply.
Regards,
Alex

#7 Galaxystarr

Galaxystarr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 19 July 2015 - 05:33 PM

Here is the .arn file http://ge.tt/1i7OrgK2/v/0?c?c

 

Kaspersky scan is taking a long time, it's nearly finished but i can't open my eyes anymore as it's 1:32 am here.

 

I will post the results tomorrow but it already found 1 object, just fyi.



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:10 PM

Posted 19 July 2015 - 05:34 PM

Go to sleep and check in during the morning, I'm not going anywhere. :)

#9 Galaxystarr

Galaxystarr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 20 July 2015 - 02:02 AM

So Kaspersky found 2 danger sources

 

Here is the result http://imgur.com/rADVVVk

 

Also i don't know what happened to those files. When i woke up kaspersky was closed so i had to reopen. There is no object in quarantine. Should i rescan to get the delete prompt again?



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:10 PM

Posted 20 July 2015 - 02:04 AM

From the log it looks like Kaspersky did not do anything with the detected items. Also it is a heuristic detection, so it might or might not be malicious.

The items look related to Netwatcher. They could explain why you cannot disable its startup.

Download Revo Uninstaller from here, search for Netwatcher and uninstall it. Let me know how it goes.

Edit: The item detected by KVRT is indeed the same item that you are trying to disable, from your Autoruns log.

Regards,
Alex

Edited by Alexstrasza, 20 July 2015 - 02:07 AM.


#11 Galaxystarr

Galaxystarr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 20 July 2015 - 02:16 AM

Couldn't find Netwacther in Revo.

 

Should i do something about kaspersky? maybe a rescan and deletion?



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:10 PM

Posted 20 July 2015 - 02:24 AM

If you can, yes.

#13 Galaxystarr

Galaxystarr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 20 July 2015 - 02:31 AM

2 results were leading to the same file as you can see from the imgur image, so i waited till kaspersky found it, then stopped the scan and deleted it.



#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:10 PM

Posted 20 July 2015 - 02:34 AM

Okay, now right click on Autoruns and select Run as Administrator.

There should be an entry named "File not found: NWService.exe" (it's in yellow). Right click on that and select Delete, then confirm. The Netwatcher entry should be gone from your msconfig.

#15 Galaxystarr

Galaxystarr
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 20 July 2015 - 02:40 AM

I did and you were right. Deleted it, but NetWatcherHookService still persists. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users