Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
physical memory over 85% always
Message
<blockquote data-quote="cristian25" data-source="post: 427230" data-attributes="member: 40687"><p>my system runs very very slow and i have always physical memory over 85% normal more than 90% even when i start the computer. and 5-6 or more chrome.exe*32 when i stat google chrome. i've downloaded FRST64 and i've scaned my computer. here i paste what was the result</p><p> this is FRST</p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)</p><p>U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)</p><p>R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)</p><p>R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)</p><p>R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-19] (NVIDIA Corporation)</p><p>S3 VGPU; System32\drivers\rdvgkmd.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-08-28 14:24 - 2015-08-28 14:25 - 00012405 _____ C:\Users\Cristi\Desktop\FRST.txt</p><p>2015-08-28 14:24 - 2015-08-28 14:24 - 00000000 ____D C:\FRST</p><p>2015-08-28 14:23 - 2015-08-28 14:23 - 02186752 _____ (Farbar) C:\Users\Cristi\Desktop\FRST64.exe</p><p>2015-08-04 17:57 - 2015-08-04 17:58 - 00001361 _____ C:\Users\Cristi\Desktop\crs bewerbung.txt</p><p>2015-08-04 11:32 - 2015-08-04 18:28 - 00000000 ____D C:\Users\Cristi\Desktop\poze gza</p><p>2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\TuneUp Software</p><p>2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Cristi\AppData\Local\TuneUp Software</p><p>2015-07-31 18:28 - 2015-07-31 18:31 - 00000000 ____D C:\ProgramData\TuneUp Software</p><p>2015-07-31 18:18 - 2015-07-31 18:18 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\Opera Software</p><p>2015-07-31 18:18 - 2015-07-31 18:18 - 00000000 ____D C:\Users\Cristi\AppData\Local\Opera Software</p><p>2015-07-31 18:10 - 2015-07-31 18:33 - 00000000 ____D C:\Program Files (x86)\Opera</p><p>2015-07-31 18:10 - 2015-07-31 18:10 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\RPEng</p><p>2015-07-31 18:09 - 2015-07-31 18:37 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\DVDVideoSoft</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-08-28 13:56 - 2014-03-27 12:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a.job</p><p>2015-08-28 13:50 - 2014-03-07 07:16 - 01439876 _____ C:\Windows\WindowsUpdate.log</p><p>2015-08-28 13:37 - 2009-07-14 07:45 - 00009968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-08-28 13:37 - 2009-07-14 07:45 - 00009968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-08-28 13:12 - 2014-03-07 10:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-08-28 13:11 - 2014-03-07 20:26 - 00000000 ____D C:\ProgramData\NVIDIA</p><p>2015-08-28 13:11 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2015-08-28 13:11 - 2009-07-14 07:51 - 00081855 _____ C:\Windows\setupact.log</p><p>2015-08-27 23:38 - 2014-03-07 08:45 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5009B9CA-E780-4D10-B4C3-0675F403153B}</p><p>2015-08-26 12:06 - 2015-01-23 18:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-08-05 23:47 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\LiveKernelReports</p><p>2015-08-01 17:48 - 2010-11-21 06:47 - 00010906 _____ C:\Windows\PFRO.log</p><p>2015-07-31 18:33 - 2014-03-07 07:41 - 00001413 _____ C:\Users\Cristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\Cristi\AppData\Local\Temp\DseShExt-x64.dll</p><p>C:\Users\Cristi\AppData\Local\Temp\DseShExt-x86.dll</p><p>C:\Users\Cristi\AppData\Local\Temp\InstHelper.exe</p><p>C:\Users\Cristi\AppData\Local\Temp\SDShelEx-win32.dll</p><p>C:\Users\Cristi\AppData\Local\Temp\SDShelEx-x64.dll</p><p>C:\Users\Cristi\AppData\Local\Temp\SkypeSetup.exe</p><p>C:\Users\Cristi\AppData\Local\Temp\sqlite3.exe</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-08-26 16:23</p><p></p><p>==================== End of FRST.txt ============================</p><p></p><p></p><p> <strong>and now addition</strong></p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015</p><p>Ran by Cristi (2015-08-28 14:25:44)</p><p>Running from C:\Users\Cristi\Desktop</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-136308382-4104694535-3507628671-500 - Administrator - Disabled)</p><p>Cristi (S-1-5-21-136308382-4104694535-3507628671-1000 - Administrator - Enabled) => C:\Users\Cristi</p><p>Guest (S-1-5-21-136308382-4104694535-3507628671-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-136308382-4104694535-3507628671-1002 - Limited - Enabled)</p><p>UpdatusUser (S-1-5-21-136308382-4104694535-3507628671-1003 - Limited - Enabled) => C:\Users\UpdatusUser</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}</p><p>AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Reader XI (11.0.12) - Romanian (HKLM-x32\...\{AC76BA86-7AD7-1048-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)</p><p>Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )</p><p>ESET NOD32 Antivirus (HKLM\...\{EA5BAA25-4103-4DBD-8DE9-5162280DF1D8}) (Version: 8.0.304.1 - ESET, spol s r. o.)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)</p><p>Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden</p><p>Intel PROSet Wireless (x32 Version: - ) Hidden</p><p>Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)</p><p>Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)</p><p>Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)</p><p>Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)</p><p>Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)</p><p>Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)</p><p>NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)</p><p>NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)</p><p>Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)</p><p>Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)</p><p>Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)</p><p>Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden</p><p>Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)</p><p>Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p>12-08-2015 23:35:39 Scheduled Checkpoint</p><p>14-08-2015 03:49:59 Windows Update</p><p>26-08-2015 16:30:14 Scheduled Checkpoint</p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {10DE56E7-A504-4218-87E7-60DF9926FD32} - System32\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)</p><p>Task: {24A055E0-E4AB-4770-BEED-EC7D6F327797} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)</p><p>Task: {7428199A-FA2A-466B-9B7E-3E6BD732CEAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2014-03-07 20:25 - 2013-10-23 11:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll</p><p>2011-07-28 07:07 - 2011-07-28 07:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll</p><p>2014-03-07 08:12 - 2012-11-15 13:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll</p><p>2011-07-28 07:07 - 2011-07-28 07:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll</p><p>2015-08-26 12:06 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll</p><p>2015-08-26 12:06 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p>AlternateDataStreams: C:\Users\Cristi\Desktop\Image (2).jpg:3or4kl4x13tuuug3Byamue2s4b</p><p>AlternateDataStreams: C:\Users\Cristi\Desktop\Image (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}</p><p>AlternateDataStreams: C:\Users\Cristi\Desktop\Image.jpg:3or4kl4x13tuuug3Byamue2s4b</p><p>AlternateDataStreams: C:\Users\Cristi\Desktop\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}</p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-136308382-4104694535-3507628671-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cristi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p>DNS Servers: 192.168.1.254</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\Services: c2cautoupdatesvc => 2</p><p>MSCONFIG\Services: c2cpnrsvc => 2</p><p>MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [{3D0F589C-2507-4AC0-AFF7-5083DDBD4ABB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe</p><p>FirewallRules: [{7CA2EC29-0E3F-4F15-B33A-10DC599FBC96}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe</p><p>FirewallRules: [{04320337-620E-4C55-A0BD-BB0DA97CE5E0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe</p><p>FirewallRules: [{ADACC422-62F8-46F2-8DC9-9C05172A2C72}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe</p><p>FirewallRules: [{F2238367-2260-4BDE-A459-B451649EE62A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe</p><p>FirewallRules: [{E2F144E1-845D-45F9-BCE8-9CE8D68C5F5D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>FirewallRules: [{2AA73F33-59F2-421C-87BB-789AA0ECB5CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</p><p>FirewallRules: [{3D16A5BF-A51F-4B9C-A9B2-3414D06E0B61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</p><p>FirewallRules: [{4FBBBFD8-EA34-41B0-AE07-50F91688DD41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (08/28/2015 01:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/27/2015 11:59:07 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/27/2015 10:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/27/2015 06:42:08 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/27/2015 05:26:53 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/27/2015 12:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/26/2015 12:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/26/2015 11:30:27 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/17/2015 09:57:02 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (08/16/2015 09:04:19 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 698</p><p></p><p>Start Time: 01d0d7f67bf54d0b</p><p></p><p>Termination Time: 2761</p><p></p><p>Application Path: C:\Windows\Explorer.EXE</p><p></p><p>Report Id: 317ae4c6-4441-11e5-a0ea-4c80934996fb</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (08/28/2015 02:23:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (08/28/2015 02:13:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (08/28/2015 02:03:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (08/28/2015 01:53:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (08/28/2015 01:43:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (08/28/2015 01:33:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (08/28/2015 01:24:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )</p><p>Description: The Windows Defender service hung on starting.</p><p></p><p>Error: (08/28/2015 01:23:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (08/28/2015 01:21:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )</p><p>Description: The Software Protection service hung on starting.</p><p></p><p>Error: (08/28/2015 01:19:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )</p><p>Description: The NVIDIA Update Service Daemon service hung on starting.</p><p></p><p></p><p>Microsoft Office:</p><p>=========================</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz</p><p>Percentage of memory in use: 85%</p><p>Total physical RAM: 1955.17 MB</p><p>Available physical RAM: 280.18 MB</p><p>Total Virtual: 3910.34 MB</p><p>Available Virtual: 1434.31 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:97.86 GB) (Free:72.06 GB) NTFS</p><p>Drive d: () (Fixed) (Total:198.24 GB) (Free:169.19 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0C7A859B)</p><p>Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)</p><p>Partition 2: (Active) - (Size=2 GB) - (Type=0B)</p><p>Partition 3: (Not Active) - (Size=97.9 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=198.2 GB) - (Type=07 NTFS)</p><p></p><p>==================== End of Addition.txt ============================</p></blockquote><p></p>
[QUOTE="cristian25, post: 427230, member: 40687"] my system runs very very slow and i have always physical memory over 85% normal more than 90% even when i start the computer. and 5-6 or more chrome.exe*32 when i stat google chrome. i've downloaded FRST64 and i've scaned my computer. here i paste what was the result this is FRST ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-19] (NVIDIA Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-28 14:24 - 2015-08-28 14:25 - 00012405 _____ C:\Users\Cristi\Desktop\FRST.txt 2015-08-28 14:24 - 2015-08-28 14:24 - 00000000 ____D C:\FRST 2015-08-28 14:23 - 2015-08-28 14:23 - 02186752 _____ (Farbar) C:\Users\Cristi\Desktop\FRST64.exe 2015-08-04 17:57 - 2015-08-04 17:58 - 00001361 _____ C:\Users\Cristi\Desktop\crs bewerbung.txt 2015-08-04 11:32 - 2015-08-04 18:28 - 00000000 ____D C:\Users\Cristi\Desktop\poze gza 2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\TuneUp Software 2015-07-31 18:30 - 2015-07-31 18:30 - 00000000 ____D C:\Users\Cristi\AppData\Local\TuneUp Software 2015-07-31 18:28 - 2015-07-31 18:31 - 00000000 ____D C:\ProgramData\TuneUp Software 2015-07-31 18:18 - 2015-07-31 18:18 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\Opera Software 2015-07-31 18:18 - 2015-07-31 18:18 - 00000000 ____D C:\Users\Cristi\AppData\Local\Opera Software 2015-07-31 18:10 - 2015-07-31 18:33 - 00000000 ____D C:\Program Files (x86)\Opera 2015-07-31 18:10 - 2015-07-31 18:10 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\RPEng 2015-07-31 18:09 - 2015-07-31 18:37 - 00000000 ____D C:\Users\Cristi\AppData\Roaming\DVDVideoSoft ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-28 13:56 - 2014-03-27 12:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a.job 2015-08-28 13:50 - 2014-03-07 07:16 - 01439876 _____ C:\Windows\WindowsUpdate.log 2015-08-28 13:37 - 2009-07-14 07:45 - 00009968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-28 13:37 - 2009-07-14 07:45 - 00009968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-28 13:12 - 2014-03-07 10:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-28 13:11 - 2014-03-07 20:26 - 00000000 ____D C:\ProgramData\NVIDIA 2015-08-28 13:11 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-28 13:11 - 2009-07-14 07:51 - 00081855 _____ C:\Windows\setupact.log 2015-08-27 23:38 - 2014-03-07 08:45 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5009B9CA-E780-4D10-B4C3-0675F403153B} 2015-08-26 12:06 - 2015-01-23 18:24 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-05 23:47 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\LiveKernelReports 2015-08-01 17:48 - 2010-11-21 06:47 - 00010906 _____ C:\Windows\PFRO.log 2015-07-31 18:33 - 2014-03-07 07:41 - 00001413 _____ C:\Users\Cristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Some files in TEMP: ==================== C:\Users\Cristi\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Cristi\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Cristi\AppData\Local\Temp\InstHelper.exe C:\Users\Cristi\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Cristi\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Cristi\AppData\Local\Temp\SkypeSetup.exe C:\Users\Cristi\AppData\Local\Temp\sqlite3.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-26 16:23 ==================== End of FRST.txt ============================ [B]and now addition[/B] Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-08-2015 Ran by Cristi (2015-08-28 14:25:44) Running from C:\Users\Cristi\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-136308382-4104694535-3507628671-500 - Administrator - Disabled) Cristi (S-1-5-21-136308382-4104694535-3507628671-1000 - Administrator - Enabled) => C:\Users\Cristi Guest (S-1-5-21-136308382-4104694535-3507628671-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-136308382-4104694535-3507628671-1002 - Limited - Enabled) UpdatusUser (S-1-5-21-136308382-4104694535-3507628671-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.12) - Romanian (HKLM-x32\...\{AC76BA86-7AD7-1048-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - ) ESET NOD32 Antivirus (HKLM\...\{EA5BAA25-4103-4DBD-8DE9-5162280DF1D8}) (Version: 8.0.304.1 - ESET, spol s r. o.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 12-08-2015 23:35:39 Scheduled Checkpoint 14-08-2015 03:49:59 Windows Update 26-08-2015 16:30:14 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10DE56E7-A504-4218-87E7-60DF9926FD32} - System32\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.) Task: {24A055E0-E4AB-4770-BEED-EC7D6F327797} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.) Task: {7428199A-FA2A-466B-9B7E-3E6BD732CEAF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf499b4efe002a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-03-07 20:25 - 2013-10-23 11:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-07-28 07:07 - 2011-07-28 07:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-03-07 08:12 - 2012-11-15 13:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-07-28 07:07 - 2011-07-28 07:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2015-08-26 12:06 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll 2015-08-26 12:06 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Cristi\Desktop\Image (2).jpg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Cristi\Desktop\Image (2).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Cristi\Desktop\Image.jpg:3or4kl4x13tuuug3Byamue2s4b AlternateDataStreams: C:\Users\Cristi\Desktop\Image.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-136308382-4104694535-3507628671-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cristi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: c2cautoupdatesvc => 2 MSCONFIG\Services: c2cpnrsvc => 2 MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3D0F589C-2507-4AC0-AFF7-5083DDBD4ABB}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe FirewallRules: [{7CA2EC29-0E3F-4F15-B33A-10DC599FBC96}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe FirewallRules: [{04320337-620E-4C55-A0BD-BB0DA97CE5E0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe FirewallRules: [{ADACC422-62F8-46F2-8DC9-9C05172A2C72}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe FirewallRules: [{F2238367-2260-4BDE-A459-B451649EE62A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{E2F144E1-845D-45F9-BCE8-9CE8D68C5F5D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{2AA73F33-59F2-421C-87BB-789AA0ECB5CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{3D16A5BF-A51F-4B9C-A9B2-3414D06E0B61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{4FBBBFD8-EA34-41B0-AE07-50F91688DD41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/28/2015 01:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2015 11:59:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2015 10:58:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2015 06:42:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2015 05:26:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2015 12:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/26/2015 12:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/26/2015 11:30:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/17/2015 09:57:02 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/16/2015 09:04:19 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 698 Start Time: 01d0d7f67bf54d0b Termination Time: 2761 Application Path: C:\Windows\Explorer.EXE Report Id: 317ae4c6-4441-11e5-a0ea-4c80934996fb System errors: ============= Error: (08/28/2015 02:23:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/28/2015 02:13:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/28/2015 02:03:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/28/2015 01:53:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/28/2015 01:43:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/28/2015 01:33:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/28/2015 01:24:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Defender service hung on starting. Error: (08/28/2015 01:23:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/28/2015 01:21:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Software Protection service hung on starting. Error: (08/28/2015 01:19:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The NVIDIA Update Service Daemon service hung on starting. Microsoft Office: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentage of memory in use: 85% Total physical RAM: 1955.17 MB Available physical RAM: 280.18 MB Total Virtual: 3910.34 MB Available Virtual: 1434.31 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.86 GB) (Free:72.06 GB) NTFS Drive d: () (Fixed) (Total:198.24 GB) (Free:169.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0C7A859B) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=2 GB) - (Type=0B) Partition 3: (Not Active) - (Size=97.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=198.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
