Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost with strange audio and random sound.


  • Please log in to reply
6 replies to this topic

#1 DougB714

DougB714

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 11 March 2014 - 06:33 PM

I'm using Windows 7 Home Premium, SP1, on an HP desktop, Intel quad, with a 64 bit OS.

 

So my sound card or audio driver or something is possessed. 

 

When I turn on my computer, even before I start any programs, I have very laggy broken ads, almost understandable, often too broken to be recognized.  I've heard someone talking about a movie, like a review.  I've heard an Olive Garden advertisement.  I've heard a segment from "Who Knew".  Sometimes it sounds like there might be two (or more) sound bytes overlapping, but it's so unclear to make out.

 

Looking at my task manager, under processes, I'll have svchost.exe that starts climbing very rapidly in the Memory column. It will get to 900,000 k.  If I end that process, then the sound goes away, and the performance improves.  But this will only last for 5 to 10 minutes. 

 

There are about 16 listings of svchost, 8 under Local Service, 6 under System, and 2 under Network Service.  There's also a svchost.exe *32.  The one that seems to be the problem is one of the ones under System.

 

Monitoring it right now, it went up to 650,000 k, then slowly went back down to about 400,000 k, and back up.  So it isn't just a climb, but seems to be hovering around 400-700.

 

Ideas??? 

 

Thanks,

Doug B.



BC AdBot (Login to Remove)

 


m

#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 11 March 2014 - 06:36 PM

Download Minitoolbox - http://www.bleepingcomputer.com/download/minitoolbox/

Start the application.Set ticks everywhere.Click GO button.After scan is done a log will appear.Save and attach it here.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:29 PM

Posted 11 March 2014 - 08:11 PM

Hello, In addition you can also try

Pressing Ctrl+Shift+Esc, opens Task Manager.

Highlight and End all processes with a series of numbers in them.
 

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Restart the computer
 
 
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware. -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 DougB714

DougB714
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 11 March 2014 - 08:42 PM

Download Minitoolbox - http://www.bleepingcomputer.com/download/minitoolbox/

Start the application.Set ticks everywhere.Click GO button.After scan is done a log will appear.Save and attach it here.

 

Hello Alex and Vanko,

 

Below is the log from the minitoolbox.

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Doug (administrator) on 11-03-2014 at 18:36:03
Running from "C:\Users\Doug\Documents\installables"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Doug-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 90-E6-BA-95-16-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::85cd:7a70:9886:2306%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 11, 2014 10:53:12 AM
   Lease Expires . . . . . . . . . . : Wednesday, March 12, 2014 10:53:12 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 244377274
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-AB-B4-DB-90-E6-BA-95-16-28
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{DE974B45-2083-4C2D-8C40-93EDAB2459D4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:282d:1f37:3f57:fef7(Preferred)
   Link-local IPv6 Address . . . . . : fe80::282d:1f37:3f57:fef7%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4000:809::1003
   173.194.115.73
   173.194.115.78
   173.194.115.64
   173.194.115.65
   173.194.115.66
   173.194.115.67
   173.194.115.68
   173.194.115.69
   173.194.115.70
   173.194.115.71
   173.194.115.72

Pinging google.com [173.194.46.8] with 32 bytes of data:
Reply from 173.194.46.8: bytes=32 time=45ms TTL=52
Reply from 173.194.46.8: bytes=32 time=44ms TTL=52

Ping statistics for 173.194.46.8:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 44ms, Maximum = 45ms, Average = 44ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=112ms TTL=50
Reply from 98.138.253.109: bytes=32 time=93ms TTL=50

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 112ms, Average = 102ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...90 e6 ba 95 16 28 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.8     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.8    276
      192.168.1.8  255.255.255.255         On-link       192.168.1.8    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.8    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.8    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.8    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:5ef5:79fb:282d:1f37:3f57:fef7/128
                                    On-link
 10    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::282d:1f37:3f57:fef7/128
                                    On-link
 10    276 fe80::85cd:7a70:9886:2306/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
1Click DVD Copy 5.9.0.3
3100_3200_3300_Help (Version: 82.0.242.000)
3100_3200_3300trb (Version: 82.0.242.000)
3200 (Version: 130.0.421.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Activate Norton Online Backup (Version: 1.1.20.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Actron Scanning Suite (Version: 4.000.0025)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Advanced System Protector (Version: 2.1.1000.12594)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Akamai NetSession Interface
Audacity 2.0.2 (Version: 2.0.2)
AutoHotkey 1.1.05.06 (Version: 1.1.05.06)
BovadaPoker (Version:  )
Brother HL-5370DW (Version: 1.00)
BufferChm (Version: 130.0.331.000)
C7200 (Version: 130.0.365.000)
C7200_Help (Version: 100.0.206.000)
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 130.0.428.000)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
CutePDF Writer 3.0 (Version:  3.0)
CyberLink DVD Suite Deluxe (Version: 6.0.3101)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DocProc (Version: 13.0.0.0)
Dropbox (Version: 2.4.11)
Fax (Version: 130.0.418.000)
FileZilla Client 3.7.4.1 (Version: 3.7.4.1)
Google Chrome (Version: 33.0.1750.146)
Google Drive (Version: 1.14.6059.644)
Google Update Helper (Version: 1.3.22.5)
GPBaseService2 (Version: 130.0.371.000)
H&R Block California 2011 (Version: 1.11.5001)
H&R Block California 2012 (Version: 1.12.7501)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.7102)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7803)
Hardware Diagnostic Tools (Version: 6.0.5205.31)
HP Advisor (Version: 3.2.8946.3086)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Odometer (Version: 2.10.0000)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Remote Solution (Version: 1.1.9.0)
HP Setup (Version: 1.2.3220.3079)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Support Assistant (Version: 4.1.11.3)
HP Support Information (Version: 10.1.0002)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000)
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
hpphotosmartdisclabelplugin (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
join.me (Version: 1.10.1.258)
LabelPrint (Version: 2.5.1901)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Premium - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MZ-Tools 3.0 for VBA
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
Norton Internet Security (Version: 21.1.1.7)
Notepad++ (Version: 5.9.8)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Paint.NET v3.5.10 (Version: 3.60.0)
Paltalk Messenger  11.3 (Version: 11.3.0)
PDF Split And Merge Basic (Version: 2.2.2)
PDF24 Creator 6.1.0
PDFill PDF Editor with FREE Writer and FREE Tools (Version: 11.0)
pdfsam (Version: 2.2.1)
PictureMover (Version: 3.3.1.19)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1931)
PS_AIO_02_ProductContext (Version: 130.0.365.000)
PS_AIO_02_Software (Version: 130.0.365.000)
PS_AIO_02_Software_Min (Version: 130.0.365.000)
Realtek High Definition Audio Driver (Version: 6.0.1.5898)
RegClean Pro (Version: 6.21)
Remote Control USB Driver (Version: 2.3.2.317)
Sansa Updater (Version: 1.313)
Scan (Version: 13.0.0.0)
SciTE4AutoHotkey v3.0.00 (Release Candidate) (Version: v3.0.00 (rc1))
Security Task Manager 1.8g (Version: 1.8g)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Status (Version: 130.0.469.000)
TeamViewer 9 (Version: 9.0.26297)
TiVo Desktop 2.8.3 (Version: 2.8.412.370)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Web Deployment Tool (Version: 1.1.0618)
WebReg (Version: 130.0.132.017)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (Version: 07/12/2010 2.08.02)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports  (01/07/2010 2.0.0) (Version: 01/07/2010 2.0.0)
Windows Mobile Device Center (Version: 6.1.6965.0)
Yahoo! Messenger

========================= Devices: ================================

Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart 3200 series
Description: Photosmart 3200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 74%
Total physical RAM: 4086.23 MB
Available physical RAM: 1056.98 MB
Total Pagefile: 8170.63 MB
Available Pagefile: 4377.83 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.27 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:253.67 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:0.89 GB) NTFS

========================= Users: ========================================

User accounts for \\DOUG-PC

Administrator            Doug                     Guest                   
OutLookOwner            

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

26-02-2014 11:00:12 Windows Update
27-02-2014 11:00:19 Windows Update
28-02-2014 11:00:14 Windows Update
01-03-2014 11:00:11 Windows Update
02-03-2014 11:00:16 Windows Update
03-03-2014 11:00:11 Windows Update
04-03-2014 11:00:18 Windows Update
04-03-2014 18:44:52 Windows Update
04-03-2014 22:32:37 Restore Operation
04-03-2014 22:51:19 Windows Update
05-03-2014 11:00:11 Windows Update
06-03-2014 11:00:17 Windows Update
07-03-2014 11:00:10 Windows Update
08-03-2014 11:00:11 Windows Update
09-03-2014 11:00:11 Windows Update
10-03-2014 10:00:11 Windows Update
11-03-2014 10:00:12 Windows Update
11-03-2014 16:16:08 Removed Google Talk Plugin
11-03-2014 16:21:59 Windows Update
11-03-2014 17:23:18 Removed Google Talk Plugin
11-03-2014 17:25:43 Removed Skype™ 6.11
11-03-2014 17:41:35 Removed LightScribe System Software.
11-03-2014 19:29:30 RegClean Pro Tue, Mar 11, 14  12:29

**** End of log ****

 

Please advise what I should do next.

 

Thanks,

Doug B



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:29 PM

Posted 13 March 2014 - 10:09 AM

Hello as A&V has not responded to what the were looking for in the Mini log...Please run my post.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 AM

Posted 13 March 2014 - 12:58 PM

I agree with boopme.I also use TFC,ATF.



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:29 AM

Posted 13 March 2014 - 04:31 PM

Hi,

This sounds like Zekos, so perhaps you may want to run a tool which would show this (rkill, unsigned file). Just a suggestion.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users