Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

csrss.exe or csrss.exe.mui virus taking over


  • Please log in to reply
2 replies to this topic

#1 codyg1738

codyg1738

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 16 April 2016 - 10:39 AM

i have found multiple csrss.exe files, along with some csrss.exe.mui files, malwarebites doesnt detect anything wrong, spyhunter would not even install.

then i found this forum with people posting similar problems as i have, and i have seen the first thing ill be instructed to do is download the farbar recover scan tool, after downloading the FRST, i attempted to install it, but was given an error, it reads as followed:

AutoIt Error
                   Line 18555 (File ""):

                  Error: This keyword cannot be used after a "Then" keyword.

 

so now im posting here to hopefully figure this out. i read somewhere theres an email notification option for when theres a reply on the forum, ill try and see if i can find that again and set that, and ill link my email to my tablet so i can try to reply as fast and often as i can, im highly motivated to fix this problem, and will be extreamly appreciative for any and all help. thanks in advance for your time and effort.

 

i run 64bit windows 7
 

-Cody

attached is a screenshot of the error.

Attached Files


Edited by hamluis, 16 April 2016 - 11:56 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 codyg1738

codyg1738
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 16 April 2016 - 05:32 PM

ok i have had some progress, i got malwarebytes to install, it resulted nothing in search, got spyhunter 4 to install as well, it yielded 57 results, but couldnt remove, the program wanted me to pay for it, then i finally got the frst64.exe to run, i did a scan and got these 2 files i think is what are needed for diagnosing?

 

noty sure how to upload these, not seeing the options for it now...ill try adding it to the original post.






i cannot upload for some reason cant find how to....i posted as plain text and im sorry, i know you prefer if be in file format, im trying so hard to figure this out, any help much appreciated.


Edited by codyg1738, 16 April 2016 - 05:43 PM.


#3 codyg1738

codyg1738
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 16 April 2016 - 05:41 PM

frst.txt
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by cody (administrator) on CODY-PC (16-04-2016 15:27:08)
Running from C:\Users\cody\Downloads
Loaded Profiles: cody (Available Profiles: cody)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FinalWire Ltd.) C:\apps\AIDA64 Extreme\aida64.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SecurityXploded) C:\Program Files (x86)\SecurityXploded\ProcNetMonitor\ProcNetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\cody\Downloads\FRST64THISONE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-26] (Realtek Semiconductor)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{89825573-332A-4175-A1AB-1DD82C29379D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{92E98328-2CB1-4BDA-B0F0-103886DB4751}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\cody\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-19]
CHR Extension: (YouTube) - C:\Users\cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-19]
CHR Extension: (Google Search) - C:\Users\cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-04-16] (Enigma Software Group USA, LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AIDA64Driver; C:\apps\AIDA64 Extreme\kerneld.x64 [34136 2014-12-08] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-04-16] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-16 15:27 - 2016-04-16 15:27 - 00006060 _____ C:\Users\cody\Downloads\FRST.txt
2016-04-16 15:17 - 2016-04-16 15:27 - 00000000 ____D C:\FRST
2016-04-16 15:17 - 2016-04-16 15:17 - 02375168 _____ (Farbar) C:\Users\cody\Downloads\FRST64THISONE.exe
2016-04-16 13:36 - 2016-04-16 13:36 - 00012448 _____ C:\Users\cody\Desktop\ProcNetMonitorReportWINNING.html
2016-04-16 13:33 - 2016-04-16 13:33 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-16 13:31 - 2016-04-16 13:31 - 00000000 _____ C:\autoexec.bat
2016-04-16 13:30 - 2016-04-16 13:34 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-04-16 13:30 - 2016-04-16 13:34 - 00001087 _____ C:\Users\cody\Desktop\SpyHunter.lnk
2016-04-16 13:30 - 2016-04-16 13:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-04-16 13:30 - 2016-04-16 13:30 - 00000000 ____D C:\Users\cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-04-16 13:30 - 2016-04-16 13:30 - 00000000 ____D C:\Users\cody\AppData\Roaming\Enigma Software Group
2016-04-16 13:30 - 2016-04-16 13:30 - 00000000 ____D C:\sh4ldr
2016-04-16 08:18 - 2016-04-16 08:18 - 02375168 _____ (Farbar) C:\Users\cody\Downloads\FRST64.exe
2016-04-16 07:26 - 2016-04-16 14:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-16 07:24 - 2016-04-16 07:24 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-16 07:24 - 2016-04-16 07:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-16 07:24 - 2016-04-16 07:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-16 07:24 - 2016-04-16 07:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-16 07:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-16 07:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-16 07:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-16 07:22 - 2016-04-16 07:22 - 00008140 _____ C:\Users\cody\Desktop\ProcNetMonitorReport2.html
2016-04-16 07:21 - 2016-04-16 07:21 - 00021424 _____ C:\Users\cody\Desktop\ProcNetMonitorReport.html
2016-04-16 07:20 - 2016-04-16 07:20 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\cody\Desktop\SpyHunter-Installer.exe
2016-04-16 07:18 - 2016-04-16 07:19 - 22851472 _____ (Malwarebytes ) C:\Users\cody\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-16 07:16 - 2016-04-16 11:53 - 00007633 _____ C:\Users\cody\AppData\Local\Resmon.ResmonCfg
2016-04-16 06:26 - 2016-04-16 10:24 - 00000000 ____D C:\Users\cody\Desktop\network fixing
2016-04-16 00:28 - 2016-04-16 02:04 - 00000000 ____D C:\Users\cody\Desktop\network problems
2016-04-15 23:32 - 2016-04-15 23:32 - 00303112 _____ C:\Users\cody\Desktop\netbios-ns - Google Search.html
2016-04-15 23:32 - 2016-04-15 23:32 - 00000000 ____D C:\Users\cody\Desktop\netbios-ns - Google Search_files
2016-04-15 23:16 - 2016-04-15 23:16 - 00001263 _____ C:\Users\cody\Desktop\ProcNetMonitor.lnk
2016-04-15 23:16 - 2016-04-15 23:16 - 00000000 ____D C:\Users\cody\Desktop\ProcNetMonitor
2016-04-15 23:16 - 2016-04-15 23:16 - 00000000 ____D C:\Program Files (x86)\SecurityXploded
2016-04-14 20:14 - 2016-04-14 20:14 - 00000000 ____D C:\Users\cody\AppData\LocalLow\Adobe
2016-04-14 19:59 - 2016-04-14 19:59 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-04-14 19:58 - 2016-04-14 20:15 - 00000000 ____D C:\ProgramData\Adobe
2016-04-14 19:58 - 2016-04-14 19:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-14 19:58 - 2016-04-14 19:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-14 19:57 - 2016-04-14 20:14 - 00000000 ____D C:\Users\cody\AppData\Local\Adobe
2016-04-14 19:55 - 2016-04-14 19:56 - 00009033 _____ C:\Windows\system32\activity.txt
2016-04-14 19:52 - 2016-04-14 19:55 - 00002305 _____ C:\Windows\system32\activity.exe
2016-04-12 05:16 - 2016-04-12 05:16 - 00002294 _____ C:\Users\cody\Desktop\Google Chrome.lnk
2016-04-12 04:22 - 2016-04-12 04:22 - 00000359 _____ C:\Users\cody\Desktop\Recycle Bin.lnk
2016-04-10 21:32 - 2016-04-16 00:23 - 00000000 ____D C:\Users\cody\Desktop\cvzxnzvc
2016-04-08 03:16 - 2016-04-08 03:16 - 00000082 _____ C:\Users\cody\Desktop\So you want to go live in the woods for a year- - Survivalist Forum.url
2016-04-06 04:36 - 2016-04-16 08:01 - 00223974 _____ C:\Windows\ntbtlog.txt
2016-04-04 17:04 - 2016-04-04 17:05 - 00000000 ____D C:\Users\cody\Desktop\brookes whore post
2016-03-19 13:30 - 2016-03-19 13:30 - 00000075 _____ C:\Users\cody\Desktop\Live Audio.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-16 12:02 - 2009-07-13 22:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-16 12:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-04-16 11:57 - 2009-07-13 21:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-16 11:57 - 2009-07-13 21:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-16 11:54 - 2015-12-19 17:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-16 11:54 - 2015-10-14 13:13 - 00003152 _____ C:\Windows\System32\Tasks\AIDA64 AutoStart
2016-04-16 11:54 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-16 11:53 - 2009-07-13 22:08 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-16 11:03 - 2015-12-19 20:48 - 00000000 ____D C:\Users\cody\AppData\Local\Battle.net
2016-04-16 06:08 - 2015-12-19 17:17 - 00000000 ____D C:\Users\cody\AppData\Local\Deployment
2016-04-16 06:06 - 2016-03-12 20:09 - 00000000 ____D C:\Users\cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-16 06:04 - 2015-10-14 13:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2016-04-16 02:34 - 2015-12-27 22:04 - 00000000 ____D C:\Users\cody\AppData\Roaming\iSpy
2016-04-15 14:52 - 2015-12-21 23:58 - 00000000 ____D C:\Users\cody\AppData\Roaming\Spotify
2016-04-15 14:52 - 2015-12-21 23:58 - 00000000 ____D C:\Users\cody\AppData\Local\Spotify
2016-04-14 20:14 - 2015-10-14 13:02 - 00000000 ____D C:\Users\cody\AppData\Roaming\Adobe
2016-04-11 13:32 - 2015-12-19 17:19 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 13:32 - 2015-12-19 17:19 - 00000000 ____D C:\Users\cody\AppData\Local\Google
2016-04-10 22:44 - 2011-04-12 01:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-10 22:44 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-10 22:22 - 2016-01-11 14:37 - 00000000 ____D C:\Users\cody\AppData\Local\ElevatedDiagnostics
2016-04-01 18:50 - 2016-03-12 01:32 - 00000000 ____D C:\Users\cody\AppData\Local\NXEPassportClient
2016-04-01 18:50 - 2016-03-12 00:41 - 00000000 ____D C:\Users\cody\AppData\Local\NexonLauncher
2016-03-29 10:38 - 2015-12-19 20:48 - 00000000 ____D C:\Users\cody\AppData\Local\Blizzard Entertainment
2016-03-21 22:33 - 2015-12-19 23:48 - 00000000 ____D C:\Users\cody\Documents\StarCraft II
 
==================== Files in the root of some directories =======
 
2016-03-02 23:49 - 2016-03-02 23:49 - 0000218 _____ () C:\Users\cody\AppData\Local\recently-used.xbel
2016-04-16 07:16 - 2016-04-16 11:53 - 0007633 _____ () C:\Users\cody\AppData\Local\Resmon.ResmonCfg
2015-12-19 17:38 - 2015-12-19 17:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\cody\AppData\Local\Temp\545b5db6e86538fb20a0d4b42e48f185.dll
C:\Users\cody\AppData\Local\Temp\6a246669c4722113966d0cbd29442eb9.dll
C:\Users\cody\AppData\Local\Temp\nvStInst.exe
C:\Users\cody\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-08 05:06
 
==================== End of FRST.txt ============================

addition.txt
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by cody (2016-04-16 15:27:31)
Running from C:\Users\cody\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-10-14 20:02:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2713047803-3773949990-1505566570-500 - Administrator - Disabled)
cody (S-1-5-21-2713047803-3773949990-1505566570-1000 - Administrator - Enabled) => C:\Users\cody
Guest (S-1-5-21-2713047803-3773949990-1505566570-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2713047803-3773949990-1505566570-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
iSpy (64 bit) (HKLM\...\{4FCF8BB1-9CDE-432A-ACDF-FD7184463FAF}) (Version: 6.4.9.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{dc02f0d2-ce7d-46ef-97ad-ea16ed93a624}) (Version: 6.4.9.0 - DeveloperInABox)
LibreOffice 5.0.3.2 (HKLM-x32\...\{D61E7AA0-0380-49B9-8DDD-7685E2306176}) (Version: 5.0.3.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ProcNetMonitor v5.0 (HKLM-x32\...\ProcNetMonitor) (Version: 5.0 - SecurityXploded)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2713047803-3773949990-1505566570-1000\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A84F559-E363-468A-A263-473151383D8D} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-04-16] (Enigma Software Group USA, LLC.)
Task: {5FD274CB-FCFB-447A-94B5-F90F97E8C13F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-19] (Google Inc.)
Task: {78DE7F7F-84AB-4539-9252-3CB48E480023} - System32\Tasks\AIDA64 AutoStart => C:\apps\AIDA64 Extreme\aida64.exe [2014-12-08] (FinalWire Ltd.)
Task: {D0D952C2-BF15-4596-90F2-597EA337B3F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-19] (Google Inc.)
Task: {FE1B079E-6CFD-42C1-83B0-C845415056DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-19 17:45 - 2015-10-13 10:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\cody:Heroes & Generals [38]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2713047803-3773949990-1505566570-1000\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2713047803-3773949990-1505566570-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\cody\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{820C4B7E-61CA-47A2-8104-6C3A052FCA22}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{62FC5B4F-1C22-4238-9C2F-0EB72728F355}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{60917E55-43E7-443C-A44F-42ED952556AF}C:\users\cody\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cody\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E0B5D872-328F-44CE-A062-2F3F3692A86D}C:\users\cody\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cody\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3FC5D267-3A88-4020-A18B-112ACD0AD6F3}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{0514C84B-3F0A-43C8-9597-5C6FD8A96791}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{16FEB11B-49C7-461D-AAF4-6ACA6F363F4B}C:\users\cody\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cody\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{85E65DE5-DE38-4AB2-8395-2466D3D21B67}C:\users\cody\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\cody\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8A56F114-8078-4AFD-A61E-FF8F7D538A2D}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{A9575488-BB07-4129-8FE8-662E50018578}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{0A6B35FF-4F4C-4FC4-9B55-5E3C8D0D12A2}C:\apps\hearthstone\hearthstone.exe] => (Allow) C:\apps\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{C83EEDC9-CEE0-4B09-A9B7-9D7ED6E042F3}C:\apps\hearthstone\hearthstone.exe] => (Allow) C:\apps\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{5BE0111B-B062-4F0F-BF4E-B4F9226D5247}C:\apps\hearthstone\hearthstone.exe] => (Allow) C:\apps\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{76772172-9BBA-4A9F-A49F-E24D12BC2E63}C:\apps\hearthstone\hearthstone.exe] => (Allow) C:\apps\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{D3B28E3D-F10E-4278-96C8-36C22F473FA8}C:\apps\diablo iii\diablo iii.exe] => (Allow) C:\apps\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{A2C7D3D8-D0DB-4AFF-B312-FA608D9C3469}C:\apps\diablo iii\diablo iii.exe] => (Allow) C:\apps\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{CC267355-D30E-4411-9DC4-C3BEF62589AC}C:\apps\diablo iii\diablo iii.exe] => (Block) C:\apps\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{B495B714-C945-4D0C-A8C7-ACA54D852AA8}C:\apps\diablo iii\diablo iii.exe] => (Block) C:\apps\diablo iii\diablo iii.exe
FirewallRules: [{6094F97F-D770-4002-BBC8-4DB91AE2A9BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8966289B-DB8B-41D1-8629-77D7E7B1BA66}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7A955FF1-CC74-4D5B-834F-230402F6216C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{A5BF0B23-1E5E-485E-9D7F-296367662094}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{ADB878BE-6C22-47BC-A31C-FD0BC0EB13D0}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{F19D0CD0-3252-46BF-BD3D-8B17B8316403}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{0FE9AF5A-29F0-4918-99F9-D59B3C17E6F3}] => (Allow) C:\Nexon\Library\combatarms\appdata\NMService.exe
FirewallRules: [{F9FF0656-8841-4353-82A7-CF592361555F}] => (Allow) C:\Nexon\Library\combatarms\appdata\NMService.exe
FirewallRules: [{5F49A180-450C-41EA-A5D9-B462A2B03596}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{F9A91355-A532-4123-B61E-ECD798159F40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{4EDBB71A-5B33-4CDB-9ED8-041788198915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{8FDB26AA-AF75-452B-BBB2-A281C1228D13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{38AD3F00-BBF0-40DD-97F8-81EA54DC8C20}C:\users\cody\documents\warcraft iii reign of chaos\warcraft iii\war3.exe] => (Allow) C:\users\cody\documents\warcraft iii reign of chaos\warcraft iii\war3.exe
FirewallRules: [UDP Query User{DB92E643-6721-4F92-817D-779754465111}C:\users\cody\documents\warcraft iii reign of chaos\warcraft iii\war3.exe] => (Allow) C:\users\cody\documents\warcraft iii reign of chaos\warcraft iii\war3.exe
FirewallRules: [TCP Query User{5FF23F45-A5A7-4455-BF7C-E4D6E449BF9C}C:\apps\diablo iii public test\diablo iii.exe] => (Allow) C:\apps\diablo iii public test\diablo iii.exe
FirewallRules: [UDP Query User{648C729E-497E-4A60-8227-CC0562AFEFF3}C:\apps\diablo iii public test\diablo iii.exe] => (Allow) C:\apps\diablo iii public test\diablo iii.exe
FirewallRules: [TCP Query User{374C6D5C-0DBF-454A-853F-F703B41C8DDE}C:\apps\diablo iii public test\diablo iii.exe] => (Allow) C:\apps\diablo iii public test\diablo iii.exe
FirewallRules: [UDP Query User{4ADAFBE5-2E61-4CD8-8DA8-AEB54FA103A1}C:\apps\diablo iii public test\diablo iii.exe] => (Allow) C:\apps\diablo iii public test\diablo iii.exe
FirewallRules: [{92DD9E61-3C73-4553-96BA-979C3272AE7A}] => (Allow) C:\Nexon\Library\combatarms\appdata\NMService.exe
FirewallRules: [{F3685E06-2D08-446A-B900-990E82313320}] => (Allow) C:\Nexon\Library\combatarms\appdata\NMService.exe
FirewallRules: [{CED396B5-F50C-4C7C-AD51-D26AEBEB8EA2}] => (Allow) C:\apps\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{B45791F2-A0A6-468B-990E-A2A5E9BD0916}] => (Allow) C:\apps\StarCraft II\Versions\Base39576\SC2_x64.exe
FirewallRules: [{A0F4EB37-893B-4D42-9EE8-F8F379D0FD38}] => (Allow) C:\apps\StarCraft II\Versions\Base41743\SC2_x64.exe
FirewallRules: [{2E64821A-5592-4713-87C0-80CD7C86CE0C}] => (Allow) C:\apps\StarCraft II\Versions\Base41743\SC2_x64.exe
FirewallRules: [TCP Query User{3FEF5698-F32A-4232-A633-BD1F2EEBD30C}C:\apps\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\apps\starcraft ii\versions\base41743\sc2_x64.exe
FirewallRules: [UDP Query User{86A7D654-9457-408A-92E8-08ADA8D60D44}C:\apps\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\apps\starcraft ii\versions\base41743\sc2_x64.exe
FirewallRules: [{3817CC19-5144-481D-BA39-9E5A4AEE6C50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{C0251F1D-4953-49A1-AB5B-68F4722A930C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{1975B306-9DF2-471E-970F-CA686AACC51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{7036DAEE-4C6B-4D3D-85DE-49037B4921A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{66BD77EE-B4F2-48A3-8633-36F67D046B5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FD61E182-620F-4D07-A7AE-B9545D866634}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{596FB3F3-1510-4266-8E06-FF5F051B8530}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{05C45D20-414C-4318-97BA-515536E6A3B0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{51DA2CEC-61D7-42A7-9925-8308A77E9A15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0C2BCC3E-5928-4DC3-AE39-1CDEE5592928}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{44BFAE06-AD6D-4DF7-891A-6ED885E70972}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{63056B48-4763-4902-901E-6242EE75D8B2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{99DED9ED-3340-4D1E-9B8E-028E46D9711B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{18E08F0E-8E8B-4D03-B043-217EF9BC9EE2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{946A6AB1-EAAD-440E-8C13-6B2D202213D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{41C4B5AB-E4F3-43FF-8392-F36A4FF870D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{FAD75F3E-8406-4EDD-BCFD-0A9631523C06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/16/2016 11:58:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/16/2016 02:20:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (04/16/2016 02:19:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (04/16/2016 11:53:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (04/16/2016 11:53:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (04/16/2016 11:53:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/16/2016 11:53:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/16/2016 11:53:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (04/16/2016 11:53:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/16/2016 11:53:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (04/16/2016 11:53:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 50%
Total physical RAM: 4095.43 MB
Available physical RAM: 2014.1 MB
Total Virtual: 8189.07 MB
Available Virtual: 5901.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.09 GB) (Free:191.34 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users