- Aug 28, 2015
- 13
my system runs very very slow and i have always physical memory over 85% normal more than 90% even when i start the computer. and 5-6 or more chrome.exe*32 when i stat google chrome. i've downloaded FRST64 and i've scaned my computer. here i paste what was the result
this is FRST
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-19] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-28 14:24 - 2015-08-28 14:25 - 00012405 _____ C:\Users\Cristi\Desktop\FRST.txt
2015-08-28 14:24 - 2015-08-28 14:24 - 00000000 ____D C:\FRST
2015-08-28 14:23 - 2015-08-28 14:23 - 02186752 _____ (Farbar) C:\Users\Cristi\Desktop\FRST64.exe
2015-08-04 17:57 - 2015-08-04 17:58 - 00001361 _____ C:\Users\Cristi\Desktop\crs bewerbung.txt
2015-08-04 11:32 - 2015-08-04 18:28 - 00000000 ____D C:\Users\Cristi\Desktop\poze gza
2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\TuneUp Software
2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Cristi\AppData\Local\TuneUp Software
2015-07-31 18:28 - 2015-07-31 18:31 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-07-31 18:18 - 2015-07-31 18:18 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\Opera Software
2015-07-31 18:18 - 2015-07-31 18:18 - 00000000 ____D C:\Users\Cristi\AppData\Local\Opera Software
2015-07-31 18:10 - 2015-07-31 18:33 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-31 18:10 - 2015-07-31 18:10 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\RPEng
2015-07-31 18:09 - 2015-07-31 18:37 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\DVDVideoSoft
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-28 13:56 - 2014-03-27 12:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a.job
2015-08-28 13:50 - 2014-03-07 07:16 - 01439876 _____ C:\Windows\WindowsUpdate.log
2015-08-28 13:37 - 2009-07-14 07:45 - 00009968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 13:37 - 2009-07-14 07:45 - 00009968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 13:12 - 2014-03-07 10:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 13:11 - 2014-03-07 20:26 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-28 13:11 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 13:11 - 2009-07-14 07:51 - 00081855 _____ C:\Windows\setupact.log
2015-08-27 23:38 - 2014-03-07 08:45 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5009B9CA-E780-4D10-B4C3-0675F403153B}
2015-08-26 12:06 - 2015-01-23 18:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 23:47 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-01 17:48 - 2010-11-21 06:47 - 00010906 _____ C:\Windows\PFRO.log
2015-07-31 18:33 - 2014-03-07 07:41 - 00001413 _____ C:\Users\Cristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Some files in TEMP:
====================
C:\Users\Cristi\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Cristi\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Cristi\AppData\Local\Temp\InstHelper.exe
C:\Users\Cristi\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Cristi\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Cristi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cristi\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-26 16:23
==================== End of FRST.txt ============================
and now addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Cristi (2015-08-28 14:25:44)
Running from C:\Users\Cristi\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-136308382-4104694535-3507628671-500 - Administrator - Disabled)
Cristi (S-1-5-21-136308382-4104694535-3507628671-1000 - Administrator - Enabled) => C:\Users\Cristi
Guest (S-1-5-21-136308382-4104694535-3507628671-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-136308382-4104694535-3507628671-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-136308382-4104694535-3507628671-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.12) - Romanian (HKLM-x32\...\{AC76BA86-7AD7-1048-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{EA5BAA25-4103-4DBD-8DE9-5162280DF1D8}) (Version: 8.0.304.1 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
12-08-2015 23:35:39 Scheduled Checkpoint
14-08-2015 03:49:59 Windows Update
26-08-2015 16:30:14 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10DE56E7-A504-4218-87E7-60DF9926FD32} - System32\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)
Task: {24A055E0-E4AB-4770-BEED-EC7D6F327797} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)
Task: {7428199A-FA2A-466B-9B7E-3E6BD732CEAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-03-07 20:25 - 2013-10-23 11:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-28 07:07 - 2011-07-28 07:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-07 08:12 - 2012-11-15 13:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-28 07:07 - 2011-07-28 07:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-08-26 12:06 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-26 12:06 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Cristi\Desktop\Image (2).jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cristi\Desktop\Image (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cristi\Desktop\Image.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cristi\Desktop\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-136308382-4104694535-3507628671-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cristi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3D0F589C-2507-4AC0-AFF7-5083DDBD4ABB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{7CA2EC29-0E3F-4F15-B33A-10DC599FBC96}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{04320337-620E-4C55-A0BD-BB0DA97CE5E0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{ADACC422-62F8-46F2-8DC9-9C05172A2C72}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{F2238367-2260-4BDE-A459-B451649EE62A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E2F144E1-845D-45F9-BCE8-9CE8D68C5F5D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AA73F33-59F2-421C-87BB-789AA0ECB5CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D16A5BF-A51F-4B9C-A9B2-3414D06E0B61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4FBBBFD8-EA34-41B0-AE07-50F91688DD41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/28/2015 01:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 11:59:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 10:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 06:42:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 05:26:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 12:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 12:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 11:30:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/17/2015 09:57:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2015 09:04:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 698
Start Time: 01d0d7f67bf54d0b
Termination Time: 2761
Application Path: C:\Windows\Explorer.EXE
Report Id: 317ae4c6-4441-11e5-a0ea-4c80934996fb
System errors:
=============
Error: (08/28/2015 02:23:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 02:13:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 02:03:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:53:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:43:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:33:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:24:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.
Error: (08/28/2015 01:23:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:21:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.
Error: (08/28/2015 01:19:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 85%
Total physical RAM: 1955.17 MB
Available physical RAM: 280.18 MB
Total Virtual: 3910.34 MB
Available Virtual: 1434.31 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.86 GB) (Free:72.06 GB) NTFS
Drive d: () (Fixed) (Total:198.24 GB) (Free:169.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0C7A859B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=2 GB) - (Type=0B)
Partition 3: (Not Active) - (Size=97.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=198.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
this is FRST
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-19] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-28 14:24 - 2015-08-28 14:25 - 00012405 _____ C:\Users\Cristi\Desktop\FRST.txt
2015-08-28 14:24 - 2015-08-28 14:24 - 00000000 ____D C:\FRST
2015-08-28 14:23 - 2015-08-28 14:23 - 02186752 _____ (Farbar) C:\Users\Cristi\Desktop\FRST64.exe
2015-08-04 17:57 - 2015-08-04 17:58 - 00001361 _____ C:\Users\Cristi\Desktop\crs bewerbung.txt
2015-08-04 11:32 - 2015-08-04 18:28 - 00000000 ____D C:\Users\Cristi\Desktop\poze gza
2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\TuneUp Software
2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Cristi\AppData\Local\TuneUp Software
2015-07-31 18:28 - 2015-07-31 18:31 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-07-31 18:18 - 2015-07-31 18:18 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\Opera Software
2015-07-31 18:18 - 2015-07-31 18:18 - 00000000 ____D C:\Users\Cristi\AppData\Local\Opera Software
2015-07-31 18:10 - 2015-07-31 18:33 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-31 18:10 - 2015-07-31 18:10 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\RPEng
2015-07-31 18:09 - 2015-07-31 18:37 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\DVDVideoSoft
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-28 13:56 - 2014-03-27 12:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a.job
2015-08-28 13:50 - 2014-03-07 07:16 - 01439876 _____ C:\Windows\WindowsUpdate.log
2015-08-28 13:37 - 2009-07-14 07:45 - 00009968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 13:37 - 2009-07-14 07:45 - 00009968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 13:12 - 2014-03-07 10:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 13:11 - 2014-03-07 20:26 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-28 13:11 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 13:11 - 2009-07-14 07:51 - 00081855 _____ C:\Windows\setupact.log
2015-08-27 23:38 - 2014-03-07 08:45 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5009B9CA-E780-4D10-B4C3-0675F403153B}
2015-08-26 12:06 - 2015-01-23 18:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 23:47 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-01 17:48 - 2010-11-21 06:47 - 00010906 _____ C:\Windows\PFRO.log
2015-07-31 18:33 - 2014-03-07 07:41 - 00001413 _____ C:\Users\Cristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Some files in TEMP:
====================
C:\Users\Cristi\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Cristi\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Cristi\AppData\Local\Temp\InstHelper.exe
C:\Users\Cristi\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Cristi\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Cristi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Cristi\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-26 16:23
==================== End of FRST.txt ============================
and now addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015
Ran by Cristi (2015-08-28 14:25:44)
Running from C:\Users\Cristi\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-136308382-4104694535-3507628671-500 - Administrator - Disabled)
Cristi (S-1-5-21-136308382-4104694535-3507628671-1000 - Administrator - Enabled) => C:\Users\Cristi
Guest (S-1-5-21-136308382-4104694535-3507628671-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-136308382-4104694535-3507628671-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-136308382-4104694535-3507628671-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.12) - Romanian (HKLM-x32\...\{AC76BA86-7AD7-1048-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{EA5BAA25-4103-4DBD-8DE9-5162280DF1D8}) (Version: 8.0.304.1 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
12-08-2015 23:35:39 Scheduled Checkpoint
14-08-2015 03:49:59 Windows Update
26-08-2015 16:30:14 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10DE56E7-A504-4218-87E7-60DF9926FD32} - System32\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)
Task: {24A055E0-E4AB-4770-BEED-EC7D6F327797} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)
Task: {7428199A-FA2A-466B-9B7E-3E6BD732CEAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-03-07 20:25 - 2013-10-23 11:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-28 07:07 - 2011-07-28 07:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-07 08:12 - 2012-11-15 13:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-28 07:07 - 2011-07-28 07:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-08-26 12:06 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-26 12:06 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Cristi\Desktop\Image (2).jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cristi\Desktop\Image (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cristi\Desktop\Image.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cristi\Desktop\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-136308382-4104694535-3507628671-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cristi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{3D0F589C-2507-4AC0-AFF7-5083DDBD4ABB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{7CA2EC29-0E3F-4F15-B33A-10DC599FBC96}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{04320337-620E-4C55-A0BD-BB0DA97CE5E0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{ADACC422-62F8-46F2-8DC9-9C05172A2C72}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{F2238367-2260-4BDE-A459-B451649EE62A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E2F144E1-845D-45F9-BCE8-9CE8D68C5F5D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2AA73F33-59F2-421C-87BB-789AA0ECB5CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D16A5BF-A51F-4B9C-A9B2-3414D06E0B61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4FBBBFD8-EA34-41B0-AE07-50F91688DD41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/28/2015 01:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 11:59:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 10:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 06:42:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 05:26:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/27/2015 12:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 12:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/26/2015 11:30:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/17/2015 09:57:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2015 09:04:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 698
Start Time: 01d0d7f67bf54d0b
Termination Time: 2761
Application Path: C:\Windows\Explorer.EXE
Report Id: 317ae4c6-4441-11e5-a0ea-4c80934996fb
System errors:
=============
Error: (08/28/2015 02:23:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 02:13:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 02:03:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:53:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:43:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:33:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:24:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.
Error: (08/28/2015 01:23:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (08/28/2015 01:21:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.
Error: (08/28/2015 01:19:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 85%
Total physical RAM: 1955.17 MB
Available physical RAM: 280.18 MB
Total Virtual: 3910.34 MB
Available Virtual: 1434.31 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.86 GB) (Free:72.06 GB) NTFS
Drive d: () (Fixed) (Total:198.24 GB) (Free:169.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0C7A859B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=2 GB) - (Type=0B)
Partition 3: (Not Active) - (Size=97.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=198.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================