Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02 Ran by Administrator at 2015-05-17 12:31:08 Running from C:\Users\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3414367075-2761437599-2779418438-500 - Administrator - Enabled) => C:\Users\Administrator d (S-1-5-21-3414367075-2761437599-2779418438-1000 - Administrator - Enabled) => C:\Users\d Guest (S-1-5-21-3414367075-2761437599-2779418438-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3414367075-2761437599-2779418438-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA) REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM-x32\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.00.0000 - Realtek) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-05-2015 09:09:18 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-05-17 08:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3A3438CA-D7DC-48A5-9766-E3E0BCFA5A80} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {9AE6D5B5-A3B5-40D7-9736-13CDEC85D880} - System32\Tasks\Opera scheduled Autoupdate 1431768322 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software) Task: {9EC3D4C0-A108-4AD2-A2BC-4EED36DBBFC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {C74F7A58-041F-4382-8505-6EFFB62B3B7E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {CAFB812A-D83A-45CF-B8C4-04613267B804} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) ==================== Loaded Modules (Whitelisted) ============== 2015-05-16 11:25 - 2015-04-17 10:01 - 00479352 _____ () C:\Program Files (x86)\Opera\29.0.1795.47\opera_crashreporter.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Administrator\Downloads\biosagentplus_875.exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\ComboFix (1).exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\ComboFix.exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\cpu-z_1.72-en.exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\driveragent-setup-1213.exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\driveragent-setup-874 (1).exe.opdownload:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\driveragent-setup-874.exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\hw32_462.exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\HWVendorDetection.exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\kav15.0.2.361pl-pl.exe:BDU AlternateDataStreams: C:\Users\Administrator\Downloads\Opera_29.0.1795.47_Setup.exe:BDU ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3414367075-2761437599-2779418438-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 217.113.224.35 - 217.113.224.135 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: High Definition Audio Device Description: High Definition Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VIA 1394 OHCI Compliant Host Controller Description: VIA 1394 OHCI Compliant Host Controller Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f} Manufacturer: VIA Service: 1394ohci Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: High Definition Audio Device Description: High Definition Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/17/2015 11:27:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/17/2015 10:17:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/17/2015 08:49:36 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = zoek.exe restore point; Error = 0x81000101). Error: (05/17/2015 08:36:49 AM) (Source: MsiInstaller) (EventID: 10005) (User: d-PC) Description: Product: E-Peek -- E-Peek cannot be installed on systems with .NET Framework version lower than 4.0 Client Profile Error: (05/17/2015 08:30:07 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{63c7873e-faec-11e4-8ce3-806e6f6e6963} - 0000000000000190,0x0053c008,00000000003DFFA0,0,00000000003BC560,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired. . Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (05/17/2015 08:17:17 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x81000101). Error: (05/17/2015 08:10:04 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101). Error: (05/17/2015 08:10:03 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{63c7873e-faec-11e4-8ce3-806e6f6e6963} - 0000000000000144,0x0053c008,00000000003BC690,0,00000000003DFFD0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired. . Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (05/17/2015 07:59:57 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x81000101). Error: (05/17/2015 07:50:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/17/2015 11:50:25 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/17/2015 11:49:01 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/17/2015 11:26:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (05/17/2015 10:20:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/17/2015 10:19:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/17/2015 10:15:46 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (05/17/2015 10:15:29 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:13:42 on ‎2015-‎05-‎17 was unexpected. Error: (05/17/2015 10:14:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (05/17/2015 10:14:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (05/17/2015 10:14:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (05/17/2015 11:27:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/17/2015 10:17:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/17/2015 08:49:36 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\wbem\wmiprvse.exezoek.exe restore point0x81000101 Error: (05/17/2015 08:36:49 AM) (Source: MsiInstaller) (EventID: 10005) (User: d-PC) Description: Product: E-Peek -- E-Peek cannot be installed on systems with .NET Framework version lower than 4.0 Client Profile(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/17/2015 08:30:07 AM) (Source: VSS) (EventID: 12289) (User: ) Description: DeviceIoControl(\\?\Volume{63c7873e-faec-11e4-8ce3-806e6f6e6963} - 0000000000000190,0x0053c008,00000000003DFFA0,0,00000000003BC560,4096,[0])0x80070079, The semaphore timeout period has expired. Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (05/17/2015 08:17:17 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x81000101 Error: (05/17/2015 08:10:04 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x81000101 Error: (05/17/2015 08:10:03 AM) (Source: VSS) (EventID: 12289) (User: ) Description: DeviceIoControl(\\?\Volume{63c7873e-faec-11e4-8ce3-806e6f6e6963} - 0000000000000144,0x0053c008,00000000003BC690,0,00000000003DFFD0,4096,[0])0x80070079, The semaphore timeout period has expired. Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (05/17/2015 07:59:57 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x81000101 Error: (05/17/2015 07:50:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-05-17 08:03:20.403 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 08:03:20.372 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 07:26:49.181 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 07:26:49.161 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 07:26:49.131 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 07:26:49.101 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 07:26:49.081 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 07:26:49.051 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 07:26:49.031 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-17 07:26:49.001 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz Percentage of memory in use: 37% Total physical RAM: 3037.14 MB Available physical RAM: 1907.45 MB Total Pagefile: 6072.5 MB Available Pagefile: 4952.42 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:276.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9CFEE288) Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS) ==================== End Of Log ============================