Momadice

Member
  • Content Count

    105
  • Joined

  • Last visited

Everything posted by Momadice

  1. Okay. They are external drives and flash drives which I use for back up of data. I didn't know I could create a partition on a flash drive. I learned something new. FF was uninstalled using the control panel and then I reinstalled it. There is no change in behaviour. All freezing and mouse and trackpad problems have stopped. Redirects have gone down a lot, I still get some but I think they are ligitimate. But I am still using FF private, I don't know if the problem is solved using the regular mode of FF. Overall the computer is running a lot better than it was.
  2. Fixlog 1Dec2015.txt Read and noted all the responses to my editorial. LOL. I will uninstall and re-install FF in the am. I have already done this a few times, but not since you have been investigating and tweaking. So I'll update you on that as soon as I do it.
  3. Kevin, I am looking for forums on santizing external hard drives and flash drives. I know emsisoft automatically scans things when they are newly attached to my laptop. I am not sure why I am getting problems on my laptop (aka how I screwed it up LOL) and I am nervous of creating another problem by pulling pictures etc from old backups and files saved on flash. Can I start another thread in the forums for this or should I wait until we are done here?
  4. I forgot: I am unable to post programs to the task bar like notepad. I am unable to remove some of the apps I do not use, that I have been able to remove in the past.
  5. So how is it running? ... 1) I noticed on the FRBR reports there are many profiles. Is this normal? 2) Emsisoft is still working like a charm on surf protection. I love this feature. 4) I sill have partitions on my hard drive that I didn't make, that I tried to format and now have storage on them that I cannot see. 5) I was finally able to use the behaviour blocker feature to capture that rundll32.exe that kept flickering. I asked for it to be blocked and now: a) Number pad is working as good as new. b) the working in the back ground annoying mouse pointer has stopped running. c) The screen freezinng and loss of mouse or track pad funtion that required a hard boot has also stopped. d) when it is unblocked the background pointer indicator runs almost non stop, and the computer behaves poorly. 6) The scans do not include this run32dll.exe being blocked, however It is very difficut and annoying to use the computer while the file is being fully trusted and white listed by Emsisoft by default. 7) FF is still closing down when used in regular mode, I need to use the private mode. This particular line I notice in the FRST logs, was addressed in previous malware subbmissions on the emsi forums and was determined to be a 'false positive'. I am bringing ths to your attention only because It is on the report and perhaps there is still a problem. Or not. I do not know. I figure it is better to mention it than not to mention it. HKU\S-1-5-21-1252109065-3782222669-2188073236-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES" Using the edge browser I find that a lot of the websites that I want to go to are highlighted as malicious. There is no opportunity to "copy the link" and have virust total look at it to test the URL first, I can only do it after the page has loaded in the browser, so I have stopped using edge and went back to private mode in FF, as I can at least have the links checked by virus total before I click on them.EEK scan_151201-142358.txtAddition.txtFRST.txt
  6. The information you highlighted as not normal - what is all that in laymans terms? Thinking to myself, I wonder if that explains the strange computer name and or strange credentials in control panel. I have started making a list of settings and or programs I normally use frequently that have changed or exibiting bad behaviour. I wont post them to you as there is a good chance you already know about them as you are an expert tech person. If and when you would like to know I will post them here. I suspect that any trouble shooting may even take care of these conerns. Which, at the moment I am quite concerend, and I am acting needlessly paranoid. LOL
  7. I am doing this now. I noticed there is no request to turn off any programs, run this in any special mode, so I am running this program exactly as I did the first EEK & FRST. If you require a different method of operation, please advise. I do not use social media sites, I don't even have a facebook act., I do not twitter. I do not messenger either. I use very very few cloud docs, only for cooberating and unimportant. okay here is the log file: virusinfo_syscheck.zip
  8. I just want to say, I know that you know what can or could be malware related, and I don't. The symptoms are things that I have not experienced before, all new to me. I am happy for any links you may know of in addressing non malware issues that don't qualify for assistance in this forum. All I can say regarding the above, as I have already said, is they are all new since my last attempt to solve my AV issues with a clean install of win 10 by trying to format everything. I only had 10 gigs of data to back up to a flash drive anyway. So I am good with any thing I need to do with this laptop including a complete reinstall of win 10 and then emsisoft and zemena. What ever it takes.
  9. Under Behaviour Blocker in the Emsisoft Activate behaviour blocker there is a tick box that says hide fully trusted applications. When this box is unchecked all the applications show up. My mouse pointer is blinking on and off like crazy indicating background stuff is happening, but at the same time there is a flickering of trusted applications. What I mean is there is one rundll32.exe (it flickers fast) that shows up then dissappears. I cannot click on it. All the other appications I can click on and make modifications if I want. However this one shows up then dissappears. I thought I would try and do a screen capture to show you, but the minute I press down on the alt key, it stops altogether and so I don't get to alt / printscreen, to show you. I did however take a screen shot and diagramed the incident in case it is something. If that is normal behaviour for the program I apologize for bringing it up, but I haven't seen this behaviour before. In addition all the screen freezing and mouse freezing has stopped. I don't know why, but it has stopped.
  10. EEK 25Nov2015.txtFRST.txtAddition.txt After the new hard drive and the win 10 upgrade it seemed happy until a couple weekends ago. Maybe I simply bought a dud computer. So how is it running? ... I wish I knew the correct component words to tell you, but I do not, so excuse me for this, I can only describe the symptoms. They are not in any particular order, but they are all new as of a couple weeks ago. Please know I have a special needs child that crushes on a carly shay and has learned how to google and doesn't understand bad sites or the WOT symbols. I normally set him up with what he wants to listen to, but now I have just discovered he is browsing on his own. I will have to learn to set him up a good child's profile. Speaking about profiles, I noticed on the FRBR reports there are many profiles. Is this normal? I backed up and formatted my D; drive before this session commenced. Now there is over 2 gigs of storage in use. This shows up on the mini partition wizard I have for the purpose to find out about all the partitions on the pc. I thought I only needed two partitions C: and D: but apparantly I have six partitions. I am fairly positive that when I formatted D: partition it was empty. I formatted it three times to make sure, twice using the tool and once using the windows os tools. I had removed (back up and transfered) my files to a flash drive and then formatted the drive all in the name of troubleshooting the pc, aagain before the commencement of this session. One oddly strange thing is with my mouse pointer. for instance when i right click a file and select the properties option, the hour glass blinks on and off. Now I know the hourglass pointer comes on when the system is busy and it is a visual reminder to wait for the command to complete. This however is completely different, It blinks on and off at various speeds the entire time certain windows (such as I mentioned above) as long as the mouse is hovering over it. Having used every (windows) opertating system there is and using win 10 since it's release, this is a new strange behaviour. Wierd or what? ******Update... I discovered that this is the mouse property that tells you something is running in the background, and it is the edge browser. I guess the edge browse is always busy when ever you make any adjustments. When I close the browser or close any windows that make system adjustments the blinking stops. So this is a new behaviour. Here is one walk through that is completely strange and out of my control for the first time ever. When I open control panel, then choose internet options then select the pograms tab, the top option is Opening Internet Explorer - choose how you open links. I have no access to this. The only option is a hyperink that says Make Internet Explorer the default brower. Before recently I have been able to change this to firefox or even chrome. Choose how you open links is greyed out and a check mark is in the box open internet explorer tiles on the desktop. I cannot change this. Internet options is a control panel item I use from time to time to make sure the internet settings for cookies, and remote accessa etc are set to the way I want them. After doing what I thought was a clean install of win 10 I navigated here and haven't been able to adjust some of these settings. Is this a win 10 update thing? Before recently I have not had this issue. Another strange behaviour which I have never experienced before is my number pad being switched off. The numlock key. I use numberpad all the time, and it is turned on at the outset to enter my password. and I do not adjust it as I use it all the time. It is getting turned off all the time. FF is buggered, I have uninstalled it and reinstalled it (before our session started). Constant redirects, and when it is reinstalled it is all set up the way it was before like I never uninstalled it to begin with. I have even deleted the original .exe and downloaded a new one to no avail. By experimenting it is discovered I cannot use it in regular mode, only private mode. When I select a new tab the browser shuts down with a popup warning wanting to know if I want to quit FF (which has already closed on its own) and send off an error report. Private mode works until ? ... the laptop just freezes and/or the mouse dissappears. Hardboot has been the only solution. The redirects have not dissappeared, but have calmed down since your fix.txt manouver. But . . .There is a new behaviour where my pc freezes, no mouse control no keyboard control and it requires a hard boot to use it. I'm having to hard boot a few times a day. The mouse often just stops working all together and the trackpad. The pointer simply disappears until a reboot. Emsisoft and Zemena were both turned off (not by me) and it took a little doing to get Emsisoft working again. Actually I couldn't get Emsisoft under my control which is why I did a clean install (before this troubleshooting session, not while you have been helping me). This is what promted trouble shooting and these problems were the first signs that something was a muck. These two programs were changed not to start up with windows, and this was not my doing. I also was not allowed to make any changes to Emsi. Now it is working. At least I think it is. They are both starting with windows again and working as they should. I can use the edge browser. I dont like it, but it works. Emsisoft surf protection is my saviour here as it has warned me about a couple malicious sites over the last two weeks.
  11. I am able to post to this forum from the laptop being troubleshooted using the private window in FF now.
  12. FYI: FF is misbhaving. It crashes unless run in private mode. It has been uninstalled and reinstalled and still does the same thing. When it is suitable will you let me know when it is okay for me find assistance with this in an appropriate browser forum?
  13. FRST.txtAddition.txtEEK scan_151120-142706.txt
  14. I do not know if this is related, and/or if I need to address it in another forum. Emsisoft is behaving differently. The curser when hovering over the over or anyother part of the program is always blinking on and off, very steady. I wanted to make sure all the settings were proper due to the fact that I am having issues, and there is one application with no name and it is selected as block silently under application rules. I opened it up as I do not recall making a behaviour modification on something blank and I was surprised to see the default action was "Don't Block" (the main menu says "Block Silently") even after I selected a different option from the drop down list such as block and notify. As your program version was modified recentlly to your 11; I am not sure if these are normal occurances or not. I have become quite reliant on Emsisoft and have established a familiar interaction with it, however your updated version is so new to me that I do not know if these behaviours are normal with the new release or symptoms of a problem. Generally any time I have been promted to get help from your forums by the program itself; the issues have been cleared up quite easily and quickly, so perhaps this is nothing to worry about.
  15. This pc is a brand new hard drive from early summer. Everything has been running decent with very few hiccups. The emsisoft team has aided in a few false positives, and that's about it. I started noticing troubles last weekend with massive browser redirects. I ran some other security programs in safe mode and there were some issues. Once everything seemed to be okay I followed the suggestions in the Emsisoft Blog, backed up my files and did a clean sweep full format reinstall of Windows 10. Emsisoft was having a hard time installing. I could not turn on file protection and got constant errors about important compents missing. I tried to put a post onto the Emsisoft support forum and I am denied the ability to do anything other than type in the title bar. I cannot type into the box below. So I did another clean install. Now emsisoft was working. However, I am still having problems. All the antivirus etc has turned up squeaky clean. I tried to put a post onto the Emsisoft support forum and I am denied the ability to do anything other than type in the title bar. I cannot type into the box below. I ran Rkill in an effort to boost emsisoft chance of finding any possible infection, if there was infact and infection and Rkill came up with a few problems. I researched one in particular and found that others have had a problem with this file too. They labled it a Bootkit. * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [incorrect ImagePath] Is there any chance of fixing this or do I need to buy another hard drive? I have had to use a different pc to post this to the forum as Emsisoft is still being blocked by something that only lets me type in the subject line and not the box below.
  16. As requested: https://www.virustotal.com/en/file/293d25d572c10312f4ac850870976360f7c3ff8274c7091a3cf14fb2f2e1bf4c/analysis/ I hope this is what you were after. If it is not, let me know and I will try again.
  17. I cannot locate the file. I am not sure why. I started the application called "sticky notes" - the windows app and that is when I received the warning. I'm not sure if it is relevant but I was having significant problems loggg into and posting to this site using edge, so I switched for firefox. I was also having significant problems downloading farbar. Anyway, its a warning that I have never received before, and I was following the instructions. I did upload the exe file of stiky notes and virus total gave it a thumbs up. As I cannot find the file (runtime file) upload to virus total do you have any other suggestions?
  18. Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-10-2015 Ran by Cindy (2015-10-08 12:36:01) Running from C:\Users\Cindy\Desktop Windows 10 Home (X64) (2015-09-23 11:05:41) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-289153866-87266423-1255115157-500 - Administrator - Disabled) Cindy (S-1-5-21-289153866-87266423-1255115157-1001 - Administrator - Enabled) => C:\Users\Cindy DefaultAccount (S-1-5-21-289153866-87266423-1255115157-503 - Limited - Disabled) Guest (S-1-5-21-289153866-87266423-1255115157-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9} AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 10.0 - Emsisoft Ltd.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Watchtower Library 2013 - English (HKLM-x32\...\{004E8ED2-315C-4473-A934-032D5D7B3A02}) (Version: 15.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.17.116 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 23-09-2015 07:03:49 Windows Modules Installer 25-09-2015 12:19:16 Installed Microsoft Office Ultimate 2007 30-09-2015 08:35:13 Windows Modules Installer 06-10-2015 03:01:42 JRT Pre-Junkware Removal ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 07:04 - 2015-07-10 07:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {5738E21C-808A-42FB-AD76-964848B19321} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {A7F80A41-5CB1-46C9-9FB0-960E245FBBDE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Loaded Modules (Whitelisted) ============== 2015-09-23 09:36 - 2015-07-14 22:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-09-23 09:37 - 2015-08-11 05:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll 2015-10-02 13:03 - 2015-09-17 02:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll 2015-10-02 13:03 - 2015-09-17 02:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll 2015-09-30 15:13 - 2015-09-30 15:13 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2015-10-02 13:02 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-02 13:03 - 2015-09-17 01:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-02 13:02 - 2015-09-17 01:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-02 13:02 - 2015-09-17 01:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-02 13:03 - 2015-09-17 01:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-10-03 13:01 - 2015-10-03 13:02 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2015-10-03 13:01 - 2015-10-03 13:02 - 10814464 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2015-09-23 07:57 - 2015-09-23 07:57 - 03495936 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-09-30 14:16 - 2015-09-30 14:16 - 08395776 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.25.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2015-09-30 14:16 - 2015-09-30 14:16 - 02311680 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.25.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App AlternateDataStreams: C:\Program Files (x86)\Emsisoft Anti-Malware:Win32App AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App AlternateDataStreams: C:\Program Files (x86)\MSBuild:Win32App AlternateDataStreams: C:\Program Files (x86)\Zemana AntiLogger Free:Win32App AlternateDataStreams: C:\Program Files (x86)\Zemana AntiMalware:Win32App AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AutorunsDisabled => "AlternateShell"="cmd.exe" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18799763.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41428810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77693921.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89222781.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93810413.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18799763.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41428810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77693921.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89222781.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93810413.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-289153866-87266423-1255115157-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 10.0.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{B88F38E6-04E3-4D1B-9ACE-64B185A54A86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{82ACE307-42F6-4D91-A29F-FF83BF5B8E8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3BFCD5E2-3BD3-47D2-97FD-C9E487BC1858}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{19DFC7DA-3E73-4624-B2BE-56EFDB947434}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{945ABB44-FDD9-4F03-AEBB-EF1418051547}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FE97FAE0-4328-4266-A07E-370DB409116D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0ACAA892-275F-4FF9-A494-141C69BEAE4C}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/08/2015 12:14:13 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest. Error: (10/08/2015 12:14:06 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest. Error: (10/08/2015 12:09:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.10240.16384, time stamp: 0x559f39c2 Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3 Exception code: 0xe06d7363 Fault offset: 0x000000000002a1c8 Faulting process id: 0x1d7c Faulting application start time: 0xSystemSettingsBroker.exe0 Faulting application path: SystemSettingsBroker.exe1 Faulting module path: SystemSettingsBroker.exe2 Report Id: SystemSettingsBroker.exe3 Faulting package full name: SystemSettingsBroker.exe4 Faulting package-relative application ID: SystemSettingsBroker.exe5 Error: (10/07/2015 11:57:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853 Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3898 Exception code: 0xc0000005 Fault offset: 0x000000000000b900 Faulting process id: 0x2f08 Faulting application start time: 0xmicrosoftedgecp.exe0 Faulting application path: microsoftedgecp.exe1 Faulting module path: microsoftedgecp.exe2 Report Id: microsoftedgecp.exe3 Faulting package full name: microsoftedgecp.exe4 Faulting package-relative application ID: microsoftedgecp.exe5 Error: (10/07/2015 11:56:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853 Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3898 Exception code: 0xc0000005 Fault offset: 0x000000000000b900 Faulting process id: 0x1458 Faulting application start time: 0xmicrosoftedgecp.exe0 Faulting application path: microsoftedgecp.exe1 Faulting module path: microsoftedgecp.exe2 Report Id: microsoftedgecp.exe3 Faulting package full name: microsoftedgecp.exe4 Faulting package-relative application ID: microsoftedgecp.exe5 Error: (10/07/2015 11:53:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853 Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3898 Exception code: 0xc0000005 Fault offset: 0x000000000000b900 Faulting process id: 0x23d8 Faulting application start time: 0xmicrosoftedgecp.exe0 Faulting application path: microsoftedgecp.exe1 Faulting module path: microsoftedgecp.exe2 Report Id: microsoftedgecp.exe3 Faulting package full name: microsoftedgecp.exe4 Faulting package-relative application ID: microsoftedgecp.exe5 Error: (10/07/2015 11:51:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853 Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3898 Exception code: 0xc0000005 Fault offset: 0x000000000000b900 Faulting process id: 0x2e08 Faulting application start time: 0xmicrosoftedgecp.exe0 Faulting application path: microsoftedgecp.exe1 Faulting module path: microsoftedgecp.exe2 Report Id: microsoftedgecp.exe3 Faulting package full name: microsoftedgecp.exe4 Faulting package-relative application ID: microsoftedgecp.exe5 Error: (10/07/2015 11:44:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853 Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3898 Exception code: 0xc0000005 Fault offset: 0x000000000000b900 Faulting process id: 0x31a8 Faulting application start time: 0xmicrosoftedgecp.exe0 Faulting application path: microsoftedgecp.exe1 Faulting module path: microsoftedgecp.exe2 Report Id: microsoftedgecp.exe3 Faulting package full name: microsoftedgecp.exe4 Faulting package-relative application ID: microsoftedgecp.exe5 Error: (10/07/2015 11:44:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10240.16384, time stamp: 0x559f3853 Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3898 Exception code: 0xc0000005 Fault offset: 0x000000000000b900 Faulting process id: 0x25a8 Faulting application start time: 0xmicrosoftedgecp.exe0 Faulting application path: microsoftedgecp.exe1 Faulting module path: microsoftedgecp.exe2 Report Id: microsoftedgecp.exe3 Faulting package full name: microsoftedgecp.exe4 Faulting package-relative application ID: microsoftedgecp.exe5 Error: (10/07/2015 06:09:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 19759469 System errors: ============= Error: (10/08/2015 01:36:20 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000)C:\Windows\Minidump\100815-20828-01.dmp100815-20828-01 Error: (10/08/2015 01:36:20 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:13:01 AM on ‎2015-‎10-‎08 was unexpected. Error: (10/08/2015 12:37:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 8 0x0 0x0 Error: (10/08/2015 12:37:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 4 0x0 0x0 Error: (10/08/2015 12:37:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 1 0xc 0x4 Error: (10/08/2015 12:15:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (10/08/2015 12:15:58 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Cindy\AppData\Local\Temp\ehdrv.sys Error: (10/08/2015 12:15:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (10/08/2015 12:15:58 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Cindy\AppData\Local\Temp\ehdrv.sys Error: (10/08/2015 12:15:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 CodeIntegrity: =================================== Date: 2015-10-06 14:00:21.692 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics Percentage of memory in use: 66% Total physical RAM: 3543.26 MB Available physical RAM: 1185.01 MB Total Virtual: 3991.26 MB Available Virtual: 1078.53 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:231.62 GB) (Free:205.75 GB) NTFS Drive d: (Back Up Partition) (Fixed) (Total:213.14 GB) (Free:204.55 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================