Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe Taking Up Memory


  • Please log in to reply
12 replies to this topic

#1 ao3

ao3

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 09 October 2014 - 02:57 AM

Hello. While I was uninstalling a printer from my computer, I had to restart my computer to completely remove it. Since then, my computer has been slow. Everything loads longer than usual. I already tried a number of scans for infections. My browser is especially affected, as I didn't close it before restarting, and a video was playing while it restarted. I already tried re-installing it too.

 

The only thing I find that is abnormal is that svchost.exe is taking up more memory than usual in the task manager. 


Edited by hamluis, 09 October 2014 - 07:25 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,863 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:20 PM

Posted 09 October 2014 - 10:41 AM

May be of some value to you:  How to determine what services are running under a SVCHOST.EXE process - http://www.bleepingcomputer.com/tutorials/tutorial129.html .

 

Louis



#3 ao3

ao3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 09 October 2014 - 12:58 PM

Should I post which services are running under the process? I'm not sure which service is causing the problem.



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 54,863 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:20 PM

Posted 09 October 2014 - 01:11 PM

Did you read through the entire guide?

 

Louis


Edited by hamluis, 09 October 2014 - 01:12 PM.


#5 ao3

ao3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 09 October 2014 - 01:38 PM

I did. I've already determined the services that are running under it. 

 

Are you referring to the 'Advanced Information' section? I don't really understand all that.



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 54,863 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:20 PM

Posted 09 October 2014 - 04:41 PM

Well...if the guide doesn't tell you what to do, I certainly cannot :).

 

I've never played with svchost processes for any reason  (never saw a reason to bother with such).

 

Hang tight for one of our more knowledgeable members to chime in :).

 

It might be useful if you provide the following requested data.

 

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 

Louis


Edited by hamluis, 09 October 2014 - 04:43 PM.


#7 ao3

ao3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 09 October 2014 - 06:24 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Abin (administrator) on 09-10-2014 at 18:18:47
Running from "C:\Users\Abin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/08/2014 05:22:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/05/2014 11:20:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/05/2014 04:00:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (10/04/2014 03:13:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (10/09/2014 08:35:06 AM) (Source: DCOM) (User: OommenHP)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}OommenHPGuestS-1-5-21-1663178125-4035939000-1347949975-501LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (10/08/2014 05:22:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/05/2014 11:20:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (10/05/2014 04:00:35 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Abin\Desktop\esetsmartinstaller_enu.exe
 
Error: (10/04/2014 03:13:43 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Abin\Desktop\esetsmartinstaller_enu.exe
 
 
 
=========================== Installed Programs ============================
4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60512.1804 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0512.1812.30806 - ATI) Hidden
Angel's Vox 1.7 (HKLM-x32\...\Angel's Vox) (Version: 1.7 - SuperUtils.com Software)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{85A5A208-1A5A-A736-170E-AA826BC19B2A}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0512.1812.30806 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0512.1812.30806 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0512.1812.30806 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help English (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help French (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help German (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0512.1811.30806 - ATI) Hidden
ccc-utility64 (Version: 2011.0512.1812.30806 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DriverUpdate (HKLM-x32\...\{C67F5282-3EB4-4FE2-A5C7-ABEE4BE42F6D}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKCU\...\Flux) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 1.0.057 - Hewlett-Packard) Hidden
HP Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 15.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0.1 (x86 en-US)) (Version: 15.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 15.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NTREGOPT 1.1j (HKLM-x32\...\NTREGOPT_is1) (Version:  - Lars Hederer)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Smart-X7 7.80 (HKLM\...\WheelMouse) (Version:  - )
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 62%
Total physical RAM: 2662.55 MB
Available physical RAM: 990.19 MB
Total Pagefile: 7268.73 MB
Available Pagefile: 3651.1 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.9 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:454.29 GB) (Free:51.27 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.37 GB) (Free:1.36 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\OOMMENHP
 
Abin                     Administrator            Guest                    
 
 
**** End of log ****
 


#8 hamluis

hamluis

    Moderator


  • Moderator
  • 54,863 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:20 PM

Posted 09 October 2014 - 07:24 PM

You are running 3GB of RAM, that doesn't leave any RAM to be wasted on unnecessary programs, IMO.
 
Your errors reflected in Event Viewer do not tell me a lotl since many are routine and not commanding any action by users.
 
Your wondering about svchost processes...well, you seem to have a number of candidates that could be running said processes, with the most obvious being MS Office and all of the Windows Live entries.
 
Other candidates that I can see:
  Driver Update
  ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
  Google Update Helper
  HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
  Malwarebytes Anti-Malware
  Yahoo! Toolbar
 
I would also consider the possibility of malware, which you seem to have done, looking at the overload of security apps you have installed.  You don't mention any specific symptoms of malware (other than the slowdown) but your installs indicate that it's on your mind.
 
I included the Yahoo Toolbar on the above because I'm convinced that most people who install toolbars have not the slightest idea of just what traffic is going back and for the between the system and whoever/whatever.
 
I will move this to the Am I Infected forum, where the more knowledgeable can advise you of the malware possibility.
 
Louis


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:20 PM

Posted 09 October 2014 - 10:15 PM

Hello as you are here run these please\\\


Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • As you have this run it so we can see if here is anything.
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 ao3

ao3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 10 October 2014 - 12:58 AM

00:56:08.0976 0x15a4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
00:56:13.0698 0x15a4  ============================================================
00:56:13.0698 0x15a4  Current date / time: 2014/10/10 00:56:13.0698
00:56:13.0698 0x15a4  SystemInfo:
00:56:13.0698 0x15a4  
00:56:13.0698 0x15a4  OS Version: 6.1.7601 ServicePack: 1.0
00:56:13.0698 0x15a4  Product type: Workstation
00:56:13.0700 0x15a4  ComputerName: OOMMENHP
00:56:13.0700 0x15a4  UserName: Abin
00:56:13.0700 0x15a4  Windows directory: C:\Windows
00:56:13.0700 0x15a4  System windows directory: C:\Windows
00:56:13.0700 0x15a4  Running under WOW64
00:56:13.0700 0x15a4  Processor architecture: Intel x64
00:56:13.0700 0x15a4  Number of processors: 2
00:56:13.0700 0x15a4  Page size: 0x1000
00:56:13.0700 0x15a4  Boot type: Normal boot
00:56:13.0700 0x15a4  ============================================================
00:56:13.0979 0x15a4  KLMD registered as C:\Windows\system32\drivers\97045187.sys
00:56:14.0929 0x15a4  System UUID: {97D2D9AF-C7DB-B2B0-D7DF-C9372CDBC71A}
00:56:17.0106 0x15a4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:56:17.0122 0x15a4  ============================================================
00:56:17.0122 0x15a4  \Device\Harddisk0\DR0:
00:56:17.0123 0x15a4  MBR partitions:
00:56:17.0123 0x15a4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:56:17.0123 0x15a4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38C97000
00:56:17.0123 0x15a4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38CC9800, BlocksNum 0x16BC000
00:56:17.0123 0x15a4  ============================================================
00:56:17.0148 0x15a4  C: <-> \Device\Harddisk0\DR0\Partition2
00:56:17.0203 0x15a4  D: <-> \Device\Harddisk0\DR0\Partition3
00:56:17.0204 0x15a4  ============================================================
00:56:17.0204 0x15a4  Initialize success
00:56:17.0204 0x15a4  ============================================================
00:56:32.0718 0x0538  ============================================================
00:56:32.0718 0x0538  Scan started
00:56:32.0718 0x0538  Mode: Manual; TDLFS; 
00:56:32.0718 0x0538  ============================================================
00:56:32.0718 0x0538  KSN ping started
00:56:35.0759 0x0538  KSN ping finished: true
00:56:36.0890 0x0538  ================ Scan system memory ========================
00:56:36.0890 0x0538  System memory - ok
00:56:36.0896 0x0538  ================ Scan services =============================
00:56:37.0079 0x0538  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:56:37.0093 0x0538  1394ohci - ok
00:56:37.0220 0x0538  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:56:37.0239 0x0538  ACPI - ok
00:56:37.0265 0x0538  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:56:37.0268 0x0538  AcpiPmi - ok
00:56:37.0376 0x0538  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:56:37.0382 0x0538  AdobeARMservice - ok
00:56:37.0508 0x0538  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:56:37.0526 0x0538  AdobeFlashPlayerUpdateSvc - ok
00:56:37.0625 0x0538  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:56:37.0657 0x0538  adp94xx - ok
00:56:37.0723 0x0538  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:56:37.0742 0x0538  adpahci - ok
00:56:37.0776 0x0538  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:56:37.0788 0x0538  adpu320 - ok
00:56:37.0831 0x0538  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:56:37.0837 0x0538  AeLookupSvc - ok
00:56:37.0918 0x0538  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
00:56:37.0947 0x0538  AFD - ok
00:56:37.0978 0x0538  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
00:56:37.0983 0x0538  agp440 - ok
00:56:38.0015 0x0538  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
00:56:38.0021 0x0538  ALG - ok
00:56:38.0065 0x0538  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:56:38.0068 0x0538  aliide - ok
00:56:38.0128 0x0538  [ B5E2434FC851698C1F119CF1C3935A50, 857C9208BB9292E2221E1685833A35E4144A4E121555880A4AA391ADE1B0325F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:56:38.0145 0x0538  AMD External Events Utility - ok
00:56:38.0176 0x0538  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:56:38.0179 0x0538  amdide - ok
00:56:38.0216 0x0538  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:56:38.0221 0x0538  AmdK8 - ok
00:56:39.0034 0x0538  [ 9E3B4946F7E1BCA0B763E19D81EDBF2C, 413602EEAFD4320132C9B794D6C1A4F3CB829A2F93AD4027C52ED086D40E3D60 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:56:39.0682 0x0538  amdkmdag - ok
00:56:39.0815 0x0538  [ B9E1C7B7F1865F99B16FF2E1BB94EDB6, A38BD19BAFDC3470758F463942294DFE925A2EFE5251F7A69245DCFB9E53AE85 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:56:39.0842 0x0538  amdkmdap - ok
00:56:39.0884 0x0538  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
00:56:39.0889 0x0538  AmdPPM - ok
00:56:39.0927 0x0538  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:56:39.0935 0x0538  amdsata - ok
00:56:39.0984 0x0538  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:56:39.0995 0x0538  amdsbs - ok
00:56:40.0024 0x0538  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:56:40.0028 0x0538  amdxata - ok
00:56:40.0074 0x0538  [ 352476C98EF3952563A14F767491BBA9, 386EE7663E04479465145CF41A9226446E4C0473EB31FBC9A81D0500166B812A ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
00:56:40.0080 0x0538  amd_sata - ok
00:56:40.0122 0x0538  [ F4805C309FE48D6939147FE5CCDB1AD4, 2F6C95401A38448460E4B0902A9026B416B2D4133239E04787E4F77152F2DE41 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
00:56:40.0126 0x0538  amd_xata - ok
00:56:40.0231 0x0538  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:56:40.0260 0x0538  AntiVirSchedulerService - ok
00:56:40.0329 0x0538  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:56:40.0354 0x0538  AntiVirService - ok
00:56:40.0440 0x0538  [ D62CB48F2FA06D7A243928F2D09470D7, 650618F397C2C20C4C00B3BC2A3A1DABBFB20818B365CEDBA7D04353F97FE001 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
00:56:40.0521 0x0538  AntiVirWebService - ok
00:56:40.0584 0x0538  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
00:56:40.0589 0x0538  AppID - ok
00:56:40.0621 0x0538  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:56:40.0625 0x0538  AppIDSvc - ok
00:56:40.0672 0x0538  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
00:56:40.0687 0x0538  Appinfo - ok
00:56:40.0761 0x0538  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:56:40.0766 0x0538  Apple Mobile Device - ok
00:56:40.0820 0x0538  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
00:56:40.0826 0x0538  arc - ok
00:56:40.0871 0x0538  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:56:40.0878 0x0538  arcsas - ok
00:56:40.0995 0x0538  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:56:41.0000 0x0538  aspnet_state - ok
00:56:41.0039 0x0538  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:56:41.0042 0x0538  AsyncMac - ok
00:56:41.0081 0x0538  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:56:41.0085 0x0538  atapi - ok
00:56:41.0175 0x0538  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:56:41.0215 0x0538  AudioEndpointBuilder - ok
00:56:41.0287 0x0538  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:56:41.0324 0x0538  AudioSrv - ok
00:56:41.0373 0x0538  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
00:56:41.0382 0x0538  avgntflt - ok
00:56:41.0438 0x0538  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
00:56:41.0447 0x0538  avipbb - ok
00:56:41.0493 0x0538  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
00:56:41.0496 0x0538  avkmgr - ok
00:56:41.0583 0x0538  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:56:41.0592 0x0538  AxInstSV - ok
00:56:41.0696 0x0538  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:56:41.0727 0x0538  b06bdrv - ok
00:56:41.0777 0x0538  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:56:41.0796 0x0538  b57nd60a - ok
00:56:41.0856 0x0538  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:56:41.0864 0x0538  BDESVC - ok
00:56:41.0898 0x0538  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:56:41.0900 0x0538  Beep - ok
00:56:41.0990 0x0538  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
00:56:42.0039 0x0538  BFE - ok
00:56:42.0121 0x0538  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
00:56:42.0181 0x0538  BITS - ok
00:56:42.0225 0x0538  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
00:56:42.0230 0x0538  blbdrive - ok
00:56:42.0317 0x0538  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:56:42.0348 0x0538  Bonjour Service - ok
00:56:42.0401 0x0538  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:56:42.0408 0x0538  bowser - ok
00:56:42.0445 0x0538  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:56:42.0448 0x0538  BrFiltLo - ok
00:56:42.0474 0x0538  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:56:42.0476 0x0538  BrFiltUp - ok
00:56:42.0530 0x0538  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
00:56:42.0541 0x0538  Browser - ok
00:56:42.0585 0x0538  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:56:42.0603 0x0538  Brserid - ok
00:56:42.0635 0x0538  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:56:42.0650 0x0538  BrSerWdm - ok
00:56:42.0694 0x0538  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:56:42.0697 0x0538  BrUsbMdm - ok
00:56:42.0728 0x0538  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:56:42.0731 0x0538  BrUsbSer - ok
00:56:42.0766 0x0538  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:56:42.0773 0x0538  BTHMODEM - ok
00:56:42.0827 0x0538  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
00:56:42.0835 0x0538  bthserv - ok
00:56:42.0889 0x0538  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:56:42.0896 0x0538  cdfs - ok
00:56:42.0949 0x0538  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:56:42.0962 0x0538  cdrom - ok
00:56:43.0005 0x0538  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:56:43.0013 0x0538  CertPropSvc - ok
00:56:43.0052 0x0538  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
00:56:43.0057 0x0538  circlass - ok
00:56:43.0133 0x0538  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\EEK\bin\cleanhlp64.sys
00:56:43.0138 0x0538  cleanhlp - ok
00:56:43.0199 0x0538  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
00:56:43.0237 0x0538  CLFS - ok
00:56:43.0307 0x0538  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:56:43.0318 0x0538  clr_optimization_v2.0.50727_32 - ok
00:56:43.0378 0x0538  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:56:43.0385 0x0538  clr_optimization_v2.0.50727_64 - ok
00:56:43.0515 0x0538  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:56:43.0525 0x0538  clr_optimization_v4.0.30319_32 - ok
00:56:43.0563 0x0538  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:56:43.0572 0x0538  clr_optimization_v4.0.30319_64 - ok
00:56:43.0660 0x0538  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
00:56:43.0663 0x0538  CmBatt - ok
00:56:43.0730 0x0538  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:56:43.0733 0x0538  cmdide - ok
00:56:43.0812 0x0538  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
00:56:43.0849 0x0538  CNG - ok
00:56:43.0892 0x0538  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:56:43.0896 0x0538  Compbatt - ok
00:56:43.0942 0x0538  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:56:43.0946 0x0538  CompositeBus - ok
00:56:43.0970 0x0538  COMSysApp - ok
00:56:44.0058 0x0538  [ 3CA734CE373E5675FBC15CA2C45228E5, A6C6E9FABDE5EA18D266DB71C0CC6B51D682116D1898CCB4E9BA730F15C44B32 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
00:56:44.0063 0x0538  cpudrv64 - ok
00:56:44.0097 0x0538  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:56:44.0102 0x0538  crcdisk - ok
00:56:44.0199 0x0538  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:56:44.0229 0x0538  CryptSvc - ok
00:56:44.0391 0x0538  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:56:44.0442 0x0538  cvhsvc - ok
00:56:44.0527 0x0538  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:56:44.0560 0x0538  DcomLaunch - ok
00:56:44.0614 0x0538  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:56:44.0632 0x0538  defragsvc - ok
00:56:44.0674 0x0538  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:56:44.0682 0x0538  DfsC - ok
00:56:44.0725 0x0538  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:56:44.0748 0x0538  Dhcp - ok
00:56:44.0799 0x0538  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
00:56:44.0804 0x0538  discache - ok
00:56:44.0846 0x0538  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
00:56:44.0853 0x0538  Disk - ok
00:56:44.0904 0x0538  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:56:44.0919 0x0538  Dnscache - ok
00:56:44.0967 0x0538  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:56:44.0984 0x0538  dot3svc - ok
00:56:45.0033 0x0538  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
00:56:45.0044 0x0538  Dot4 - ok
00:56:45.0093 0x0538  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:56:45.0097 0x0538  Dot4Print - ok
00:56:45.0121 0x0538  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
00:56:45.0126 0x0538  dot4usb - ok
00:56:45.0161 0x0538  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
00:56:45.0175 0x0538  DPS - ok
00:56:45.0219 0x0538  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:56:45.0222 0x0538  drmkaud - ok
00:56:45.0325 0x0538  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:56:45.0383 0x0538  DXGKrnl - ok
00:56:45.0418 0x0538  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
00:56:45.0428 0x0538  EapHost - ok
00:56:45.0764 0x0538  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:56:46.0066 0x0538  ebdrv - ok
00:56:46.0095 0x0538  Scan was interrupted by user!
00:56:46.0096 0x0538  Waiting for KSN requests completion. In queue: 67
00:56:47.0096 0x0538  Waiting for KSN requests completion. In queue: 67
00:56:48.0096 0x0538  Waiting for KSN requests completion. In queue: 67
00:56:49.0096 0x0538  Waiting for KSN requests completion. In queue: 40
00:56:50.0096 0x0538  Waiting for KSN requests completion. In queue: 40
00:56:51.0237 0x0538  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
00:56:51.0280 0x0538  Win FW state via NFP2: enabled
00:56:54.0251 0x0538  ============================================================
00:56:54.0251 0x0538  Scan finished
00:56:54.0251 0x0538  ============================================================
00:56:54.0282 0x0d1c  Detected object count: 0
00:56:54.0283 0x0d1c  Actual detected object count: 0 
# AdwCleaner v3.311 - Report created 10/10/2014 at 00:11:29
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Abin - OOMMENHP
# Running from : C:\Users\Abin\Desktop\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Abin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Abin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Found : AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v15.0.1 (en-US)

[ File : C:\Users\Abin\AppData\Roaming\Mozilla\Firefox\Profiles\19ez7y7f.default-1375409858123\prefs.js ]


[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\2k94iq6u.default\prefs.js ]


[ File : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\rzx6zpi7.default\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Abin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4991 octets] - [04/10/2014 14:34:57]
AdwCleaner[R1].txt - [5051 octets] - [04/10/2014 14:43:13]
AdwCleaner[R2].txt - [1498 octets] - [10/10/2014 00:11:29]
AdwCleaner[S0].txt - [5199 octets] - [04/10/2014 14:45:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1618 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.8 (10.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Abin on Fri 10/10/2014 at  0:21:21.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/10/2014 at  0:54:40.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by ao3, 10 October 2014 - 02:59 PM.


#11 ao3

ao3
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 11 October 2014 - 03:24 AM

Anyone? Bueller?



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:20 PM

Posted 13 October 2014 - 12:49 AM

You did not post any result from ESET On Line scan as requested ..........

 

Untick Word Wrap from Format in Notepad ..............

 

Run these next programs in the order listed .......

 

:step1: Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
RKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.

Copy and Paste it in your next reply.
NOTE. RKill.txt log will also be present on your desktop.
Do NOT edit your reply to post additional logs. Create new reply if needed.

 

 

Do not reboot until you complete the next scan.

 

:step2:  Update and run Malwarebytes Anti-Malware then post the log.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

-- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

Thanks -



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:20 PM

Posted 16 October 2014 - 03:35 PM

Per your report

What info do you not want here? This is a public forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users