Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Memory Being Eaten


  • This topic is locked This topic is locked
2 replies to this topic

#1 urdadinatoaster

urdadinatoaster

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 11 May 2015 - 07:37 PM

Hello. Over the past few weeks my PC seems to be suffering from unexplainably high memory usage.  The PC starts fine and, for the most part, remains fine while in use, but allowing it to sit for long periods of time with no activity will cause memory to be eaten and unable to be released. I've found some very interesting information over the course of my investigations. After running RAMMAP I've found that conhost.exe and powercfg.exe are running as thousands of zombie processes. I've monitored Task Manager and, sure enough, have noticed both programs will appear and disappear immediately, although it doesn't seem like they actually disappear. It will eventually get to the point where enough memory is being used that my video driver doesn't have enough to work with and my display cannot show. Fortunately the issue is temporarily resolved if the PC is restarted.

 

Broni has been helping me troubleshoot the issue. As a result I have downloaded many programs and posted the various logs here: http://www.bleepingcomputer.com/forums/t/573586/system-memory-being-eaten/

 

Fresh FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) 
 
(x64) Version: 09-05-2015
Ran by Will (administrator) on DERPADOO on 11-05-
 
2015 19:32:22
Running from C:\Users\Will\Downloads
Loaded Profiles: Will (Available profiles: Will & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS 
 
Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) 
 
=================
 
(If an entry is included in the fixlist, the process will be 
 
closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD
 
\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple
 
\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour
 
\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype
 
\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype
 
\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios
 
\HiPatchService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through
 
\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS
 
\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices
 
\Razer Surround\Driver
 
\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files 
 
(x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Belkin
 
\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Common 
 
Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common 
 
Files\Microsoft Shared\Windows Live
 
\WLIDSVCM.EXE
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI 
 
UASP Utility\usb3Monitor.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse
 
\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common 
 
Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files 
 
(x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD
 
\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows
 
\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam
 
\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin
 
\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin
 
\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin
 
\steamwebhelper.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Will\AppData\Local\Google
 
\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows
 
\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) 
 
==================
 
(If an entry is included in the fixlist, the registry item will 
 
be restored to default or removed. The file will not be 
 
moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA 
 
XHCI UASP Utility\usb3Monitor
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files 
 
(x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe 
 
[767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program 
 
Files (x86)\Razer\Synapse\RzSynapse.exe [590144 
 
2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:
 
\Program Files (x86)\Common Files\Java\Java Update
 
\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1193129655-1466855322-3122330668-
 
1000\...\MountPoints2: {5eee9c99-f0df-11e3-bc67-
 
806e6f6e6963} - E:\install.EXE id= ver=1.0.0.0
 
==================== Internet (Whitelisted) 
 
====================
 
(If an item is included in the fixlist, if it is a registry item 
 
it will be removed or restored to default.)
 
HKU\S-1-5-21-1193129655-1466855322-3122330668-
 
1000\Software\Microsoft\Internet Explorer\Main,Start 
 
HKU\S-1-5-21-1193129655-1466855322-3122330668-
 
1000\Software\Microsoft\Internet Explorer\Main,Start 
 
Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-
 
4E3D-8FC4-E6A520C3D928} -> C:\Program Files
 
\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] 
 
(Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-
 
D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program 
 
Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-06] (Oracle 
 
Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-
 
4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files
 
\Common Files\Microsoft Shared\Windows Live
 
\WindowsLiveLogin.dll [2009-08-18] (Microsoft 
 
Corporation)
BHO: Skype Click to Call for Internet Explorer -> 
 
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:
 
\Program Files (x86)\Skype\Toolbars\Internet Explorer 
 
x64\skypeieplugin.dll [2014-07-14] (Microsoft 
 
Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-
 
A445-435b-BC74-9C25C1C588A9} -> C:\Program Files
 
\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-06] (Oracle 
 
Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-
 
655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files 
 
(x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] 
 
(Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> 
 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:
 
\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-
 
05-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> 
 
{9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:
 
\Program Files (x86)\Common Files\Microsoft Shared
 
\Windows Live\WindowsLiveLogin.dll [2009-08-18] 
 
(Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> 
 
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:
 
\Program Files (x86)\Skype\Toolbars\Internet Explorer
 
\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> 
 
{DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:
 
\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll 
 
[2015-05-06] (Oracle Corporation)
DPF: HKLM-x32 {99CAAA27-FA0C-4FA4-B88A-
 
4AB1CC7A17FE} 
 
 
ab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-
 
444553540000} 
 
 
/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-
 
9458-1830C7DD7F5D} - C:\Program Files 
 
(x86)\Common Files\Skype\Skype4COM.dll [2014-05-
 
02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-
 
07617B9B86A8} - C:\Program Files (x86)\Skype
 
\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014
 
-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-
 
07617B9B86A8} - C:\Program Files (x86)\Skype
 
\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07
 
-14] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-
 
C65810F9E489} - C:\Program Files\AMD\SteadyVideo
 
\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro 
 
Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-
 
C65810F9E489} - C:\Program Files (x86)\amd
 
\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] 
 
(Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-
 
C65810F9E489} - C:\Program Files\AMD\SteadyVideo
 
\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro 
 
Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-
 
C65810F9E489} - C:\Program Files (x86)\amd
 
\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] 
 
(Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1E14E7DC-6973-457B-BCC1-
 
19EA63FD92EB}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming
 
\Mozilla\Firefox\Profiles\b4v2k21z.default
FF Homepage: hxxp://www.bing.com/?
 
pc=U154&form=U154HP
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows
 
\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll 
 
[2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:
 
\Program Files\Java\jre1.8.0_45\bin\dtplugin
 
\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:
 
\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll 
 
[2015-05-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No 
 
File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:
 
\Program Files\Microsoft Silverlight
 
\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft 
 
Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows
 
\SysWOW64\Macromed\Flash
 
\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:
 
\Windows\SysWOW64\Adobe\Director
 
\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, 
 
Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:
 
\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll 
 
[2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:
 
\Program Files (x86)\Battlelog Web Plugins
 
\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:
 
\Program Files (x86)\Battlelog Web Plugins
 
\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:
 
\Program Files (x86)\Battlelog Web Plugins
 
\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions 
 
CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> 
 
C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin
 
\npDeployJava1.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 
 
-> C:\Program Files (x86)\Java\jre1.8.0_45\bin
 
\plugin2\npjp2.dll [2015-05-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled 
 
No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> 
 
c:\Program Files (x86)\Microsoft Silverlight
 
\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft 
 
Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:
 
\ProgramData\NexonUS\NGM\npNxGameUS.dll No 
 
File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin 
 
-> C:\Program Files (x86)\Pando Networks\Media 
 
Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:
 
\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04
 
-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:
 
\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04
 
-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files 
 
(x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014
 
-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: 
 
@onlive.com/OnLiveGameClientDetector,version=1.0.0 
 
-> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No 
 
File
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: @tools.google.com/Google 
 
Update;version=3 -> C:\Users\Will\AppData\Local
 
\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02
 
-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: @tools.google.com/Google 
 
Update;version=9 -> C:\Users\Will\AppData\Local
 
\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02
 
-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: 
 
@unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Will
 
\AppData\LocalLow\Unity\WebPlayer\loader
 
\npUnity3D32.dll [2014-03-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: 
 
thehappycloud.com/HappyCloudPlugin -> C:
 
\ProgramData\HappyCloud\Application
 
\npHappyCloudPlugin.dll [2013-01-03] (The Happy 
 
Cloud)
FF Plugin HKU\S-1-5-21-1193129655-1466855322-
 
3122330668-1000: ubisoft.com/uplaypc -> C:\Program 
 
Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll 
 
[2014-05-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\NPMFireLauncher.dll 
 
[2009-11-09] (MGame)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] 
 
(Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-27] 
 
(Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files 
 
(x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] 
 
(Nullsoft, Inc.)
FF Extension: Reddit Enhancement Suite - C:\Users
 
\Will\AppData\Roaming\Mozilla\Firefox\Profiles
 
\b4v2k21z.default\Extensions\jid1-
 
xUfzOsOFlzSOXg@jetpack [2013-02-15]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Will
 
\AppData\Roaming\Mozilla\Firefox\Profiles
 
\b4v2k21z.default\Extensions\{1BC9BA34-1EED-
 
42ca-A505-6D2F1A935BBB} [2014-05-19]
FF Extension: IE Tab - C:\Users\Will\AppData\Roaming
 
\Mozilla\Firefox\Profiles\b4v2k21z.default\Extensions
 
\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-05-21]
FF Extension: Reddit Enhancement Suite - C:\Users
 
\Will\AppData\Roaming\Mozilla\Firefox\Profiles
 
\b4v2k21z.default\Extensions\jid1-
 
xUfzOsOFlzSOXg@jetpack.xpi [2013-02-15]
FF Extension: Web Developer - C:\Users\Will\AppData
 
\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default
 
\Extensions\{c45c406e-ab73-11d8-be73-
 
000a95be3b12}.xpi [2012-12-12]
FF Extension: Adblock Plus - C:\Users\Will\AppData
 
\Roaming\Mozilla\Firefox\Profiles\b4v2k21z.default
 
\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-
 
2b9879e08c5d}.xpi [2012-12-11]
FF Extension: Skype Click to Call - C:\Program Files 
 
(x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-
 
6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Will\AppData\Local\Google
 
\Chrome\User Data\Default
CHR Extension: (Reverse Youtube Playlist) - C:\Users
 
\Will\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi 
 
[2014-08-07]
CHR Extension: (Angry Birds) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\aknpkdffaafgjchaibgeefbgmgeghloj [2012-05-19]
CHR Extension: (Language Immersion for Chrome) - 
 
C:\Users\Will\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions
 
\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-12-25]
CHR Extension: (WiBit) - C:\Users\Will\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\bejaaogemoligmkbmeafkhnaegkggihf [2012-05-19]
CHR Extension: (YouTube) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-19]
CHR Extension: (Honey) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-05-05]
CHR Extension: (Razer II The New Form) - C:\Users
 
\Will\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\cabeahcoigimgpgcjakhbbmpjcmhgapf [2013
 
-10-15]
CHR Extension: (Google Search) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-
 
19]
CHR Extension: (Google+) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\dlppkpafhbajpcmmoheippocdidnckmm [2012-05-19]
CHR Extension: (Google Calendar) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-
 
05-19]
CHR Extension: (Tonematrix) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\enpfehkomaakbncdddjkoffacajcglha [2012-08-13]
CHR Extension: (Full Screen Weather) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2012-
 
05-19]
CHR Extension: (AdBlock) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2012-05-19]
CHR Extension: (No Name) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-05]
CHR Extension: (Bookmark Manager) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-
 
03]
CHR Extension: (TinEye Reverse Image Search) - C:
 
\Users\Will\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl 
 
[2013-12-31]
CHR Extension: (Gun Blood) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\ifphbghhodpimajnjejgjlfcjmnnkhci [2012-08-13]
CHR Extension: (Dropbox) - C:\Users\Will\AppData
 
\Local\Google\Chrome\User Data\Default\Extensions
 
\ioekoebejdcmnlefjiknokhhafglcjdl [2012-05-19]
CHR Extension: (Reddit Enhancement Suite) - C:
 
\Users\Will\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb 
 
[2012-05-20]
CHR Extension: (Little Alchemy) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-02-
 
02]
CHR Extension: (Chrome Hotword Shared Module) - 
 
C:\Users\Will\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions
 
\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\nmmhkkegccagdldgiimedpiccmgmieda 
 
[2013-08-23]
CHR Extension: (Outlook.com) - C:\Users\Will
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2012-
 
05-19]
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-19]
CHR HKLM-x32\...\Chrome\Extension: 
 
[lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files 
 
(x86)\Skype\Toolbars\ChromeExtension
 
\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - C:\Users\Will
 
\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) 
 
=================
 
(If an entry is included in the fixlist, the service will be 
 
removed from the registry. The file will not be moved 
 
unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD
 
\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] 
 
(Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files
 
\Common Files\Apple\Mobile Device Support
 
\AppleMobileDeviceService.exe [77128 2015-01-20] 
 
(Apple Inc.)
S3 BRSptSvc; C:\ProgramData\BitRaider
 
\BRSptSvc.exe [476936 2013-09-09] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype
 
\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe 
 
[1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars
 
\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] 
 
(Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows
 
\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] 
 
(EasyAntiCheat Ltd)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez 
 
Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez 
 
Studios) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des 
 
[4702744 2012-05-14] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin
 
\OriginClientService.exe [1931632 2015-04-19] 
 
(Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC
 
\Internet Pass-Through\PassThruSvr.exe [166912 2013
 
-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe 
 
[76888 2014-05-24] ()
R2 Razer Game Scanner Service; C:\Program Files 
 
(x86)\Razer\Razer Services\GSS
 
\GameScannerService.exe [187072 2015-02-04] ()
R2 RzSurroundVADStreamingService; C:\ProgramData
 
\Razer\Synapse\Devices\Razer Surround\Driver
 
\RzSurroundVADStreamingService.exe [4250624 2015-
 
02-03] (A-Volute) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender
 
\mpsvc.dll [1011712 2013-05-27] (Microsoft 
 
Corporation)
R2 WLANBelkinService; C:\Program Files 
 
(x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-
 
28] () [File not signed]
 
==================== Drivers (Whitelisted) 
 
====================
 
(If an entry is included in the fixlist, the service will be 
 
removed from the registry. The file will not be moved 
 
unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE
 
\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] 
 
(Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS
 
\dtsoftbus01.sys [283064 2014-02-09] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows
 
\System32\DRIVERS\evolve.sys [21656 2015-02-25] 
 
(Echobit, LLC)
S3 hidkmdf; C:\Windows\System32\DRIVERS
 
\hidkmdf.sys [8704 2014-10-30] (Windows ® Win 7 
 
DDK provider) [File not signed]
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS
 
\HtcUsbMdmV64.sys [121800 2010-03-08] 
 
(QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS
 
\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM 
 
Incorporated)
S3 MotioninJoyXFilter; C:\Windows
 
\System32\DRIVERS\MijXfilt.sys [115272 2011-11-10] 
 
(MotioninJoy) [File not signed]
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys 
 
[129088 2013-09-14] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS
 
\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows
 
\System32\drivers\RzMaelstromVAD.sys [32768 2014-
 
05-23] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys 
 
[37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys 
 
[129600 2014-10-23] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows
 
\System32\drivers\RzSurroundVAD.sys [40640 2015-02
 
-09] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS
 
\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush 
 
Productions)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys 
 
[38912 2014-10-30] (SteelSeries ApS) [File not signed]
S3 tapSF0901; C:\Windows\System32\DRIVERS
 
\tapSF0901.sys [39104 2013-05-28] (Spotflux, Inc.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS
 
\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, 
 
Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS
 
\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, 
 
Inc.)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI 
 
Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider
 
\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers
 
\EagleX64.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 KBFiltr; System32\Drivers\KBFiltr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer
 
\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) 
 
===================
 
(If an item is included in the fixlist, it will be removed 
 
from the registry. Any associated file could be listed 
 
separately to be moved.)
 
 
==================== One Month Created Files 
 
and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be 
 
moved.)
 
2015-05-11 16:57 - 2015-05-11 16:57 - 00008755 _____ () 
 
C:\Users\Will\Desktop\Procexp.txt
2015-05-06 21:41 - 2015-03-09 14:48 - 02508440 _____ 
 
(Sysinternals - www.sysinternals.com) C:\Users\Will
 
\Desktop\procexp.exe
2015-05-06 21:41 - 2014-06-28 16:47 - 00002028 _____ 
 
() C:\Users\Will\Desktop\Eula.txt
2015-05-06 21:41 - 2012-10-15 06:23 - 00072154 _____ 
 
() C:\Users\Will\Desktop\procexp.chm
2015-05-06 21:40 - 2015-05-06 21:40 - 01190415 _____ 
 
() C:\Users\Will\Downloads\ProcessExplorer (1).zip
2015-05-06 19:56 - 2015-05-06 19:56 - 00000000 _____ 
 
() C:\Windows\SysWOW64\RENC6A9.tmp
2015-05-06 19:53 - 2015-05-06 19:52 - 00110688 _____ 
 
(Oracle Corporation) C:\Windows
 
\system32\WindowsAccessBridge-64.dll
2015-05-06 19:52 - 2015-05-06 19:53 - 37328992 _____ 
 
(Oracle Corporation) C:\Users\Will\Downloads\jre-8u45
 
-windows-i586.exe
2015-05-06 19:47 - 2015-05-06 19:49 - 43189344 _____ 
 
(Oracle Corporation) C:\Users\Will\Downloads\jre-8u45
 
-windows-x64.exe
2015-05-06 19:47 - 2015-05-06 19:47 - 00000000 ____D 
 
() C:\Program Files (x86)\Mozilla Firefox
2015-05-05 00:19 - 2015-05-05 00:19 - 00000000 ____D 
 
() C:\ProgramData\Sophos
2015-05-05 00:17 - 2015-05-05 00:17 - 00002759 _____ 
 
() C:\Users\Public\Desktop\Sophos Virus Removal 
 
Tool.lnk
2015-05-05 00:17 - 2015-05-05 00:17 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Sophos
2015-05-05 00:17 - 2015-05-05 00:17 - 00000000 ____D 
 
() C:\Program Files (x86)\Sophos
2015-05-05 00:16 - 2015-05-05 00:16 - 119275136 _____ 
 
(Sophos Limited) C:\Users\Will\Downloads\Sophos Virus 
 
Removal Tool.exe
2015-05-05 00:15 - 2015-05-05 00:15 - 00002593 _____ 
 
() C:\Users\Will\Desktop\AdwCleaner[S1].txt
2015-05-05 00:14 - 2015-05-05 00:14 - 00001639 _____ 
 
() C:\Users\Will\Desktop\JRT.txt
2015-05-05 00:12 - 2015-05-05 00:12 - 00000207 _____ 
 
() C:\Windows\tweaking.com-regbackup-
 
DERPADOO-Windows-7-Ultimate-(64-bit).dat
2015-05-05 00:11 - 2015-05-05 00:11 - 02716306 _____ 
 
(Thisisu) C:\Users\Will\Downloads\JRT.exe
2015-05-05 00:11 - 2015-05-05 00:11 - 00000000 ____D 
 
() C:\RegBackup
2015-05-05 00:00 - 2015-05-05 00:01 - 02204160 _____ 
 
() C:\Users\Will\Downloads\adwcleaner_4.203.exe
2015-05-04 23:54 - 2015-05-04 23:54 - 00448512 _____ 
 
(OldTimer Tools) C:\Users\Will\Downloads\TFC.exe
2015-05-04 23:18 - 2015-05-04 23:18 - 00002444 _____ 
 
() C:\Users\Will\Desktop\The Great War 1918.lnk
2015-05-04 23:01 - 2015-05-04 23:16 - 363079291 _____ 
 
() C:\Users\Will\Downloads\TGW1918_v1_2.exe
2015-04-29 00:26 - 2015-04-29 00:26 - 00005288 _____ 
 
() C:\Users\Will\Desktop\score20150429002533.txt
2015-04-29 00:13 - 2015-05-03 23:28 - 00007309 _____ 
 
() C:\Users\Will\Desktop\ffxivbenchmarklauncher.ini
2015-04-28 23:36 - 2015-04-22 10:36 - 00000000 ____D 
 
() C:\Users\Will\Desktop\launcher_dxgi
2015-04-28 23:36 - 2015-04-22 10:31 - 00000000 ____D 
 
() C:\Users\Will\Desktop\launcher
2015-04-28 23:35 - 2015-04-29 00:26 - 00000000 ____D 
 
() C:\Users\Will\Desktop\data
2015-04-28 23:35 - 2015-04-28 23:12 - 1706252571 
 
_____ () C:\Users\Will\Desktop\ffxiv-heavensward-
 
bench.zip
2015-04-28 23:35 - 2015-04-22 10:26 - 00000000 ____D 
 
() C:\Users\Will\Desktop\game
2015-04-28 23:35 - 2015-04-22 10:25 - 12395248 _____ 
 
(SQUARE ENIX CO.,LTD.) C:\Users\Will\Desktop
 
\ffxiv-heavensward-bench.exe
2015-04-28 23:35 - 2015-04-06 13:04 - 00000000 ____D 
 
() C:\Users\Will\Desktop\asset
2015-04-28 22:52 - 2015-04-28 23:12 - 1706252571 
 
_____ () C:\Users\Will\Downloads\ffxiv-heavensward-
 
bench.zip
2015-04-27 18:52 - 2015-05-03 22:36 - 00000000 ____D 
 
() C:\Users\Will\Documents\Survarium-Steam
2015-04-26 20:09 - 2015-04-26 20:09 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\dvdcss
2015-04-24 20:23 - 2015-04-24 20:24 - 00000000 ____D 
 
() C:\Users\Will\Documents\Heroes of the Storm
2015-04-24 20:00 - 2015-04-24 20:00 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Heroes of the Storm
2015-04-24 19:22 - 2015-04-24 20:23 - 00000000 ____D 
 
() C:\Program Files (x86)\Heroes of the Storm
2015-04-24 19:18 - 2015-04-24 19:22 - 00000000 ____D 
 
() C:\Program Files (x86)\Hearthstone
2015-04-24 19:18 - 2015-04-24 19:18 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Hearthstone
2015-04-19 10:41 - 2015-05-03 12:22 - 00000892 _____ 
 
() C:\Windows\DirectX.log
2015-04-18 21:06 - 2015-04-18 21:06 - 01943800 _____ 
 
(Bleeping Computer, LLC) C:\Users\Will\Downloads
 
\rkill.exe
2015-04-18 20:38 - 2015-04-18 21:04 - 00000000 ____D 
 
() C:\ProgramData\Malwarebytes' Anti-Malware 
 
(portable)
2015-04-18 20:36 - 2015-04-18 20:36 - 16502728 _____ 
 
(Malwarebytes Corp.) C:\Users\Will\Downloads\mbar-
 
1.09.1.1004.exe
2015-04-18 20:04 - 2015-04-18 20:05 - 00051115 _____ () 
 
C:\Users\Will\Downloads\Result.txt
2015-04-18 20:04 - 2015-04-18 20:04 - 00402944 _____ 
 
(Farbar) C:\Users\Will\Downloads\MiniToolBox.exe
2015-04-18 20:03 - 2015-04-18 20:03 - 00415232 _____ 
 
(Farbar) C:\Users\Will\Downloads\FSS.exe
2015-04-18 20:03 - 2015-04-18 20:03 - 00002482 _____ 
 
() C:\Users\Will\Downloads\FSS.txt
2015-04-18 20:02 - 2015-05-11 19:31 - 00000000 ____D 
 
() C:\Users\Will\Downloads\FRST-OlderVersion
2015-04-18 20:01 - 2015-04-18 20:01 - 00852616 _____ 
 
() C:\Users\Will\Downloads\SecurityCheck.exe
2015-04-17 21:05 - 2015-04-17 21:05 - 00045402 _____ 
 
() C:\Users\Will\Downloads\Addition.txt
2015-04-17 21:04 - 2015-05-11 19:32 - 00023379 _____ 
 
() C:\Users\Will\Downloads\FRST.txt
2015-04-17 20:28 - 2015-04-17 20:42 - 00000000 ____D 
 
() C:\ProgramData\RogueKiller
2015-04-17 20:28 - 2015-04-17 20:28 - 00037624 _____ 
 
() C:\Windows\system32\Drivers\TrueSight.sys
2015-04-17 20:27 - 2015-05-11 19:32 - 00000000 ____D 
 
() C:\FRST
2015-04-17 20:27 - 2015-05-11 19:31 - 02102784 _____ 
 
(Farbar) C:\Users\Will\Downloads\FRST64.exe
2015-04-17 20:26 - 2015-05-05 00:07 - 00000000 ____D 
 
() C:\AdwCleaner
2015-04-17 20:26 - 2015-04-17 20:26 - 02217984 _____ 
 
() C:\Users\Will\Downloads\adwcleaner_4.201.exe
2015-04-17 20:26 - 2015-04-17 20:26 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\RogueKiller
2015-04-17 20:26 - 2015-04-17 20:26 - 00000000 ____D 
 
() C:\Program Files\RogueKiller
2015-04-17 20:25 - 2015-04-17 20:25 - 18883032 _____ 
 
(Adlice Software ) C:\Users\Will\Downloads\setup.exe
2015-04-12 00:34 - 2015-04-12 00:34 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\AMD
2015-04-11 20:25 - 2015-01-15 01:42 - 00977624 _____ 
 
(Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-04-11 20:25 - 2015-01-15 01:42 - 00073800 _____ 
 
(Realtek Semiconductor Corporation) C:\Windows
 
\system32\RtNicProp64.dll
2015-04-11 20:17 - 2015-04-11 20:17 - 00000000 ____D 
 
() C:\ProgramData\ATI
2015-04-11 20:16 - 2015-04-11 20:16 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\library_dir
2015-04-11 20:14 - 2015-04-11 20:19 - 00000000 ____D 
 
() C:\Program Files (x86)\Raptr
2015-04-11 20:14 - 2015-04-11 20:14 - 00000000 ____D 
 
() C:\Program Files (x86)\AMD AVT
2015-04-11 20:13 - 2015-04-11 20:13 - 00058610 _____ () 
 
C:\Windows
 
\SysWOW64\CCCInstall_201504112013542244.log
2015-04-11 20:13 - 2015-04-11 20:13 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\AMD Catalyst Control Center
2015-04-11 19:59 - 2015-04-11 19:59 - 05451464 _____ 
 
(Advanced Micro Devices, Inc.) C:\Users\Will
 
\Downloads\autodetectutility.exe
2015-04-11 19:59 - 2015-04-11 19:59 - 00000000 __SHD 
 
() C:\Users\Will\AppData\Local\EmieUserList
2015-04-11 19:59 - 2015-04-11 19:59 - 00000000 __SHD 
 
() C:\Users\Will\AppData\Local\EmieSiteList
2015-04-11 19:59 - 2015-04-11 19:59 - 00000000 __SHD 
 
() C:\Users\Will\AppData\Local\EmieBrowserModeList
2015-04-11 19:53 - 2015-04-11 19:53 - 00000000 ____H 
 
() C:\Windows\system32\Drivers
 
\Msft_Kernel_ViaHub3_01011.Wdf
2015-04-11 19:51 - 2015-04-11 19:51 - 00000000 ____H 
 
() C:\Windows\system32\Drivers
 
\Msft_Kernel_xhcdrv_01011.Wdf
2015-04-11 19:50 - 2015-04-11 19:53 - 00000000 ____D 
 
() C:\Program Files\VIA XHCI UASP Utility
2015-04-11 19:50 - 2015-04-11 19:50 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\VIA XHCI UASP Utility
2015-04-11 19:50 - 2015-04-11 19:50 - 00000000 ____D 
 
() C:\Program Files (x86)\VIA
2015-04-11 19:50 - 2013-03-19 17:04 - 00223744 _____ 
 
(VIA Technologies, Inc.) C:\Windows\system32\Drivers
 
\ViaHub3.sys
2015-04-11 19:50 - 2013-01-18 03:11 - 00086064 _____ 
 
(VIA Technologies, Inc.) C:\Windows\system32\Drivers
 
\vusbstor.sys
2015-04-11 19:49 - 2013-03-19 17:04 - 00295424 _____ 
 
(VIA Technologies, Inc.) C:\Windows\system32\Drivers
 
\xhcdrv.sys
2015-04-11 19:45 - 2015-04-11 19:45 - 00000000 ____D 
 
() C:\Users\Will\Documents\WPA Files
2015-04-11 19:45 - 2015-04-11 19:45 - 00000000 ____D 
 
() C:\Users\Will\AppData\Local\Windows Performance 
 
Analyzer
2015-04-11 19:40 - 2015-04-11 19:40 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Windows Kits
2015-04-11 19:40 - 2015-04-11 19:40 - 00000000 ____D 
 
() C:\Program Files (x86)\Windows Kits
2015-04-11 19:34 - 2015-04-11 19:34 - 00998040 _____ 
 
(Microsoft Corporation) C:\Users\Will\Downloads
 
\sdksetup (1).exe
2015-04-11 19:27 - 2015-04-11 19:27 - 00998040 _____ 
 
(Microsoft Corporation) C:\Users\Will\Downloads
 
\sdksetup.exe
2015-04-11 19:26 - 2015-04-11 19:26 - 03430408 _____ 
 
(Easeware ) C:\Users\Will\Downloads
 
\DriverEasy_Setup.exe
2015-04-11 19:26 - 2015-04-11 19:26 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\Easeware
2015-04-11 19:26 - 2015-04-11 19:26 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\DriverEasy
2015-04-11 19:26 - 2015-04-11 19:26 - 00000000 ____D 
 
() C:\Program Files\Easeware
2015-04-11 12:09 - 2015-04-11 12:09 - 00555672 _____ () 
 
C:\Users\Will\Downloads\VMMap.zip
2015-04-11 12:08 - 2015-04-11 12:09 - 00276267 _____ () 
 
C:\Users\Will\Downloads\RAMMap.zip
 
==================== One Month Modified Files 
 
and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be 
 
moved.)
 
2015-05-11 19:30 - 2015-04-01 19:30 - 00014364 _____ 
 
() C:\Windows\setupact.log
2015-05-11 19:20 - 2012-06-01 22:26 - 00000830 _____ 
 
() C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 18:57 - 2012-06-08 13:54 - 00000916 _____ 
 
() C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-
 
1193129655-1466855322-3122330668-1002UA.job
2015-05-11 18:48 - 2012-05-19 02:58 - 00000904 _____ 
 
() C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-
 
1193129655-1466855322-3122330668-1000UA.job
2015-05-11 17:17 - 2012-02-27 04:01 - 00000000 ____D 
 
() C:\Program Files (x86)\Steam
2015-05-11 17:04 - 2009-07-14 00:08 - 00000006 ____H 
 
() C:\Windows\Tasks\SA.DAT
2015-05-11 17:03 - 2015-04-01 19:34 - 01412894 _____ 
 
() C:\Windows\WindowsUpdate.log
2015-05-11 17:03 - 2012-05-19 02:58 - 00000852 _____ 
 
() C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-
 
1193129655-1466855322-3122330668-1000Core.job
2015-05-11 16:07 - 2012-05-20 22:12 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\Skype
2015-05-11 03:57 - 2012-06-08 13:54 - 00000864 _____ 
 
() C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-
 
1193129655-1466855322-3122330668-1002Core.job
2015-05-08 22:07 - 2009-07-13 23:45 - 00023680 ____H 
 
() C:\Windows\system32\7B296FB0-376B-497e-B012-
 
9C450E1B7327-5P-1.C7483456-A289-439d-8115-
 
601632D005A0
2015-05-08 22:07 - 2009-07-13 23:45 - 00023680 ____H 
 
() C:\Windows\system32\7B296FB0-376B-497e-B012-
 
9C450E1B7327-5P-0.C7483456-A289-439d-8115-
 
601632D005A0
2015-05-08 18:19 - 2012-05-25 21:09 - 00000000 ____D 
 
() C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 22:53 - 2013-10-26 01:05 - 00000000 ____D 
 
() C:\Users\Will\AppData\Local\CrashDumps
2015-05-06 23:45 - 2014-12-29 20:37 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\vlc
2015-05-06 19:56 - 2014-01-24 21:11 - 00000000 ____D 
 
() C:\ProgramData\Oracle
2015-05-06 19:55 - 2014-10-07 12:31 - 00000000 ____D 
 
() C:\Program Files (x86)\Java
2015-05-06 19:52 - 2012-08-13 21:02 - 00000000 ____D 
 
() C:\Program Files\Java
2015-05-05 00:08 - 2015-04-07 19:09 - 00018282 _____ 
 
() C:\Windows\PFRO.log
2015-05-03 12:15 - 2012-08-01 21:19 - 00000000 ____D 
 
() C:\ProgramData\Microsoft\Windows\Start Menu
 
\Programs\Hi-Rez Studios
2015-05-03 02:30 - 2012-06-07 11:16 - 00000000 ____D 
 
() C:\ProgramData\Skype
2015-04-30 18:22 - 2015-04-01 00:22 - 00000000 ____D 
 
() C:\ProgramData\Kaspersky Lab
2015-04-30 18:17 - 2009-07-13 23:45 - 00316496 _____ 
 
() C:\Windows\system32\FNTCACHE.DAT
2015-04-29 22:32 - 2012-05-19 02:57 - 00073424 _____ 
 
() C:\Users\Will\AppData\Local
 
\GDIPFONTCACHEV1.DAT
2015-04-29 00:14 - 2012-02-27 01:56 - 00000000 ____D 
 
() C:\Users\Will\Documents\my games
2015-04-27 18:24 - 2012-05-19 02:20 - 00000000 ____D 
 
() C:\Users\Will
2015-04-24 20:47 - 2013-11-17 18:31 - 00000000 ____D 
 
() C:\Users\Will\AppData\Local\Battle.net
2015-04-24 20:23 - 2012-05-25 11:59 - 00000000 ____D 
 
() C:\ProgramData\Blizzard Entertainment
2015-04-24 19:17 - 2013-11-17 18:31 - 00000000 ____D 
 
() C:\Program Files (x86)\Battle.net
2015-04-21 00:37 - 2014-03-26 01:21 - 00000000 ____D 
 
() C:\Users\Will\AppData\Roaming\Tera_Awesomium
2015-04-21 00:13 - 2014-09-09 15:04 - 00000000 ____D 
 
() C:\Program Files (x86)\TERA
2015-04-21 00:05 - 2014-11-26 14:50 - 00000000 ____D 
 
() C:\ProgramData\boost_interprocess
2015-04-19 10:31 - 2012-05-22 15:18 - 00000000 ____D 
 
() C:\ProgramData\Origin
2015-04-19 10:28 - 2012-02-27 03:37 - 00000000 ____D 
 
() C:\Program Files (x86)\Origin
2015-04-18 20:38 - 2014-11-21 23:03 - 00136408 _____ 
 
(Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\MBAMSwissArmy.sys
2015-04-18 20:38 - 2014-11-21 23:02 - 00107736 _____ 
 
(Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\mbamchameleon.sys
2015-04-17 21:06 - 2009-07-14 00:13 - 00797410 _____ 
 
() C:\Windows\system32\PerfStringBackup.INI
2015-04-14 23:20 - 2012-06-01 22:26 - 00778416 _____ 
 
(Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerApp.exe
2015-04-14 23:20 - 2012-06-01 22:26 - 00142512 _____ 
 
(Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 23:20 - 2012-06-01 22:26 - 00003768 _____ 
 
() C:\Windows\System32\Tasks\Adobe Flash Player 
 
Updater
2015-04-11 20:25 - 2012-05-19 02:56 - 00000000 ____D 
 
() C:\Program Files (x86)\Realtek
2015-04-11 20:14 - 2013-03-07 22:46 - 00000000 ____D 
 
() C:\Program Files\AMD
2015-04-11 20:14 - 2012-06-21 17:54 - 00000000 ____D 
 
() C:\Program Files (x86)\AMD
2015-04-11 20:14 - 2012-05-19 03:04 - 00000000 ____D 
 
() C:\ProgramData\AMD
2015-04-11 20:10 - 2012-05-19 03:03 - 00000000 ____D 
 
() C:\Program Files\ATI Technologies
2015-04-11 20:03 - 2013-10-01 21:47 - 00000000 ____D 
 
() C:\ProgramData\Package Cache
2015-04-11 20:01 - 2012-02-28 01:12 - 00000000 ____D 
 
() C:\AMD
2015-04-11 19:54 - 2012-05-19 02:56 - 00000000 ___HD 
 
() C:\Program Files (x86)\InstallShield Installation 
 
Information
 
==================== Files in the root of some 
 
directories =======
 
2014-06-22 12:01 - 2014-06-22 12:01 - 0000885 _____ () 
 
C:\Program Files (x86)\Program Files (x86) - 
 
Shortcut.lnk
2013-09-13 23:41 - 2013-09-13 23:19 - 0012005 _____ () 
 
C:\Users\Will\AppData\Roaming\alsoft.ini
2013-04-22 13:21 - 2013-10-22 03:06 - 0034816 _____ () 
 
C:\Users\Will\AppData\Roaming
 
\RZR_00203f354c53873a22a6188faec3.db
2013-05-17 19:11 - 2013-07-10 01:34 - 0009308 _____ () 
 
C:\Users\Will\AppData\Local\CleanupUninstall.txt
2013-03-29 02:23 - 2013-03-29 02:23 - 0003584 _____ () 
 
C:\Users\Will\AppData\Local\DCBC2A71-70D8-
 
4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-13 11:15 - 2012-06-13 11:15 - 0000092 _____ () 
 
C:\Users\Will\AppData\Local\fusioncache.dat
2014-05-20 22:15 - 2015-04-09 18:49 - 0007614 _____ () 
 
C:\Users\Will\AppData\Local\Resmon.ResmonCfg
2014-06-11 01:02 - 2014-06-11 01:02 - 0000000 ____H () 
 
C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Guest\CTX.DAT
C:\Users\Will\Minecraft.exe
C:\Users\Will\punkomatic2.exe
C:\Users\Will\TechnicLauncher.exe
 
 
Some content of TEMP:
====================
C:\Users\Will\AppData\Local\Temp\Quarantine.exe
C:\Users\Will\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check 
 
=================
 
(There is no automatic fix for files that do not pass 
 
verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally 
 
signed
C:\Windows\System32\wininit.exe => File is digitally 
 
signed
C:\Windows\SysWOW64\wininit.exe => File is digitally 
 
signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally 
 
signed
C:\Windows\System32\svchost.exe => File is digitally 
 
signed
C:\Windows\SysWOW64\svchost.exe => File is digitally 
 
signed
C:\Windows\System32\services.exe => File is digitally 
 
signed
C:\Windows\System32\User32.dll => File is digitally 
 
signed
C:\Windows\SysWOW64\User32.dll => File is digitally 
 
signed
C:\Windows\System32\userinit.exe => File is digitally 
 
signed
C:\Windows\SysWOW64\userinit.exe => File is digitally 
 
signed
C:\Windows\System32\rpcss.dll => File is digitally 
 
signed
C:\Windows\System32\Drivers\volsnap.sys => File is 
 
digitally signed
 
 
LastRegBack: 2015-05-04 04:48
 
==================== End Of Log 
 
============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 PM

Posted 16 May 2015 - 07:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575899 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 PM

Posted 16 May 2015 - 07:42 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users