Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Both GMer and aswMBR are bsoding me, what should I do?


  • This topic is locked This topic is locked
17 replies to this topic

#1 aviza12

aviza12

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 12 September 2015 - 04:21 AM

Hi guys,

So after failing to install a WIN10 update, I've got all suspicious and tried to find whether or not i'm infected.

I've tried so far Roguekiller, Malwarebyte antirootkit, gmer, kaspersky's tdskiller, and aswmbr.

also, my antivirus is eset nod32.

 

anyway, most of these tests passed with flying colours, but both aswmbr and gmer consistently bsod'ed my computer.

 

Can anyone help me? Thanks a bunch!

Attached File  Addition.txt   46.89KB   3 downloads

Attached File  FRST.txt   26.76KB   3 downloads



BC AdBot (Login to Remove)

 


#2 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 12 September 2015 - 04:22 AM

also - here's  Roguekiller's log:

{
    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "10.10.4.0",
            "x64": false,
            "date": "Sep  4 2015",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.com/software/roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows 10 (10.0.10240) 64 bits version",
            "boot": 0,
            "winpe": false,
            "user": "avishay",
            "user_admin": true,
            "program_location": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe",
            "x64": true
        },
        "report": {
            "type": 1,
            "aborted": false,
            "date": "09/11/2015 17:17:22",
            "switches": 0,
            "debug": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 468,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "",
                "pid_parent": 4,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 656,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 640,
                "path_parent": ""
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 752,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "",
                "pid_parent": 640,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 768,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 744,
                "path_parent": ""
            },
            {
                "name": "services.exe",
                "name_parent": "",
                "pid": 824,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "",
                "pid_parent": 752,
                "path_parent": ""
            },
            {
                "name": "lsass.exe",
                "name_parent": "",
                "pid": 844,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "C:\\WINDOWS\\system32\\lsass.exe",
                "pid_parent": 752,
                "path_parent": ""
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 868,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "winlogon.exe",
                "pid_parent": 744,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 984,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 424,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 820,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "dwm.exe",
                "name_parent": "winlogon.exe",
                "pid": 952,
                "path": "C:\\Windows\\System32\\dwm.exe",
                "command_line": "\"dwm.exe\"",
                "pid_parent": 868,
                "path_parent": "C:\\Windows\\System32\\winlogon.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 500,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1036,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1128,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1228,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1396,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "spoolsv.exe",
                "name_parent": "",
                "pid": 1668,
                "path": "C:\\Windows\\System32\\spoolsv.exe",
                "command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1788,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2024,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "Everything.exe",
                "name_parent": "",
                "pid": 1908,
                "path": "D:\\Program Files\\Everything\\Everything.exe",
                "command_line": "\"D:\\Program Files\\Everything\\Everything.exe\" -svc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "ekrn.exe",
                "name_parent": "",
                "pid": 1628,
                "path": "D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe",
                "command_line": "\"D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\x86\\ekrn.exe\"",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SkypeC2CAutoUpdateSvc.exe",
                "name_parent": "",
                "pid": 2052,
                "path": "C:\\Program Files (x86)\\Skype\\Toolbars\\AutoUpdate\\SkypeC2CAutoUpdateSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Skype\\Toolbars\\AutoUpdate\\SkypeC2CAutoUpdateSvc.exe\" /service",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SkypeC2CPNRSvc.exe",
                "name_parent": "",
                "pid": 2068,
                "path": "C:\\Program Files (x86)\\Skype\\Toolbars\\PNRSvc\\SkypeC2CPNRSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Skype\\Toolbars\\PNRSvc\\SkypeC2CPNRSvc.exe\" /service",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2076,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2268,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2568,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "dasHost.exe",
                "name_parent": "svchost.exe",
                "pid": 2432,
                "path": "C:\\Windows\\System32\\dasHost.exe",
                "command_line": "dashost.exe {0adc4f5c-ec9d-4424-9679fec09ea303c5}",
                "pid_parent": 500,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "WUDFHost.exe",
                "name_parent": "svchost.exe",
                "pid": 1844,
                "path": "C:\\Windows\\System32\\WUDFHost.exe",
                "command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a935fc12-d456-4190-9337-2f970b19ad12 -SystemEventPortName:HostProcess-c2c678c1-fc3b-45d1-8ac3-208b7f4669c2 -IoCancelEventPortName:HostProcess-39620178-d21c-40c9-8df3-73d1bbab3c89 -NonStateChangingEventPortName:HostProcess-25ca914c-ee13-4b4e-b94b-066465eb0c32 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3a7f9938-4a53-42c4-8f0f-ddaeef2bd6a4 -DeviceGroupId:WpdFsGroup",
                "pid_parent": 500,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "GoogleCrashHandler.exe",
                "name_parent": "",
                "pid": 4084,
                "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler.exe\"",
                "pid_parent": 4024,
                "path_parent": ""
            },
            {
                "name": "GoogleCrashHandler64.exe",
                "name_parent": "",
                "pid": 2736,
                "path": "C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler64.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.28.13\\GoogleCrashHandler64.exe\"",
                "pid_parent": 4024,
                "path_parent": ""
            },
            {
                "name": "SearchIndexer.exe",
                "name_parent": "",
                "pid": 3512,
                "path": "C:\\Windows\\System32\\SearchIndexer.exe",
                "command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "sihost.exe",
                "name_parent": "svchost.exe",
                "pid": 3920,
                "path": "C:\\Windows\\System32\\sihost.exe",
                "command_line": "sihost.exe",
                "pid_parent": 820,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "taskhostw.exe",
                "name_parent": "svchost.exe",
                "pid": 4060,
                "path": "C:\\Windows\\System32\\taskhostw.exe",
                "command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
                "pid_parent": 820,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "explorer.exe",
                "name_parent": "",
                "pid": 3464,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\WINDOWS\\Explorer.EXE",
                "pid_parent": 3332,
                "path_parent": ""
            },
            {
                "name": "ShellExperienceHost.exe",
                "name_parent": "svchost.exe",
                "pid": 3800,
                "path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "RuntimeBroker.exe",
                "name_parent": "svchost.exe",
                "pid": 3092,
                "path": "C:\\Windows\\System32\\RuntimeBroker.exe",
                "command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchUI.exe",
                "name_parent": "svchost.exe",
                "pid": 2280,
                "path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "RtkNGUI64.exe",
                "name_parent": "explorer.exe",
                "pid": 4372,
                "path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe",
                "command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe\" -s",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "Everything.exe",
                "name_parent": "explorer.exe",
                "pid": 4428,
                "path": "D:\\Program Files\\Everything\\Everything.exe",
                "command_line": "\"D:\\Program Files\\Everything\\Everything.exe\" -startup",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "LCore.exe",
                "name_parent": "explorer.exe",
                "pid": 4584,
                "path": "D:\\Program Files\\Logitech Gaming Software\\LCore.exe",
                "command_line": "\"D:\\Program Files\\Logitech Gaming Software\\LCore.exe\" /minimized",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "egui.exe",
                "name_parent": "explorer.exe",
                "pid": 4592,
                "path": "D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe",
                "command_line": "\"D:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "explorer.exe",
                "pid": 4612,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4740,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=watcher --on-initialized-event-handle=568 --parent-handle=572",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4928,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5032,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.1.1006871769\\536966030\" --font-cache-shared-handle=1972 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5044,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.2.1893880529\\1311953059\" --font-cache-shared-handle=2320 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5052,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5072,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.4.1057517664\\1366989628\" --font-cache-shared-handle=2400 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5080,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.5.951974702\\67155271\" --font-cache-shared-handle=2436 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5088,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.6.485908669\\1047236694\" --font-cache-shared-handle=2728 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5096,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.7.99809228\\892429395\" --font-cache-shared-handle=2748 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5104,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.8.182588015\\376360884\" --font-cache-shared-handle=2748 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 5112,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.9.541083784\\158949466\" --font-cache-shared-handle=2744 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4148,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --lang=en-GB --force-fieldtrials=\"AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/AutofillEnabled/Default/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A4/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledTimeLossDetection/*RefreshTokenDeviceId/Enabled/RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Enabled/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_94/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_19/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/\" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel=\"4612.10.1085887080\\464376633\" --font-cache-shared-handle=3156 /prefetch:673131151",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 3632,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "Steam.exe",
                "name_parent": "explorer.exe",
                "pid": 5496,
                "path": "D:\\Program Files (x86)\\Steam\\Steam.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "steamwebhelper.exe",
                "name_parent": "Steam.exe",
                "pid": 5524,
                "path": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe",
                "command_line": "",
                "pid_parent": 5496,
                "path_parent": "D:\\Program Files (x86)\\Steam\\Steam.exe"
            },
            {
                "name": "SteamService.exe",
                "name_parent": "",
                "pid": 5648,
                "path": "C:\\Program Files (x86)\\Common Files\\Steam\\SteamService.exe",
                "command_line": "",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "flux.exe",
                "name_parent": "explorer.exe",
                "pid": 5788,
                "path": "C:\\Users\\zarad\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "Skype.exe",
                "name_parent": "explorer.exe",
                "pid": 5840,
                "path": "C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "BorderlessGaming.exe",
                "name_parent": "explorer.exe",
                "pid": 6000,
                "path": "D:\\Program Files (x86)\\Steam\\steamapps\\common\\Borderless Gaming\\BorderlessGaming.exe",
                "command_line": "",
                "pid_parent": 3464,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 6948,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 824,
                "path_parent": ""
            },
            {
                "name": "SettingSyncHost.exe",
                "name_parent": "svchost.exe",
                "pid": 4812,
                "path": "C:\\Windows\\System32\\SettingSyncHost.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "ApplicationFrameHost.exe",
                "name_parent": "svchost.exe",
                "pid": 5668,
                "path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "Video.UI.exe",
                "name_parent": "svchost.exe",
                "pid": 3984,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.ZuneVideo_3.6.12711.0_x64__8wekyb3d8bbwe\\Video.UI.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "Calculator.exe",
                "name_parent": "svchost.exe",
                "pid": 4508,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsCalculator_10.1508.14010.0_x64__8wekyb3d8bbwe\\Calculator.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "WinStore.Mobile.exe",
                "name_parent": "svchost.exe",
                "pid": 6492,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\\WinStore.Mobile.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "steamwebhelper.exe",
                "name_parent": "steamwebhelper.exe",
                "pid": 4772,
                "path": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe",
                "command_line": "",
                "pid_parent": 5524,
                "path_parent": "D:\\Program Files (x86)\\Steam\\bin\\steamwebhelper.exe"
            },
            {
                "name": "SystemSettingsBroker.exe",
                "name_parent": "svchost.exe",
                "pid": 244,
                "path": "C:\\Windows\\System32\\SystemSettingsBroker.exe",
                "command_line": "",
                "pid_parent": 984,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7488,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7576,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 7672,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 8104,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "audiodg.exe",
                "name_parent": "svchost.exe",
                "pid": 7680,
                "path": "C:\\Windows\\System32\\audiodg.exe",
                "command_line": "",
                "pid_parent": 1036,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchProtocolHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 8096,
                "path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
                "command_line": "",
                "pid_parent": 3512,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 1836,
                "path": "",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 1144,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "SearchFilterHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 2264,
                "path": "C:\\Windows\\System32\\SearchFilterHost.exe",
                "command_line": "",
                "pid_parent": 3512,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 3988,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "RogueKiller.exe",
                "name_parent": "chrome.exe",
                "pid": 7040,
                "path": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe",
                "command_line": "",
                "pid_parent": 4612,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "RogueKiller.exe",
                "pid": 792,
                "path": "",
                "command_line": "",
                "pid_parent": 7040,
                "path_parent": "D:\\Users\\Avishay\\Downloads\\RogueKiller.exe"
            }
        ]
    },
    "results": {
        "processes": [],
        "modules": [],
        "services": [],
        "registry": [
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{040e884e-073e-4896-8c6e-ec5b32e88eb3}",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            },
            {
                "scan_what": 1,
                "scan_how": [
                    10
                ],
                "scan_how_trigger": 10,
                "vendors": [
                    "PUM.Dns"
                ],
                "rule_name": "DNS",
                "view": 256,
                "value": "DhcpNameServer",
                "subkey": "",
                "value_old_data": "",
                "value_data": "10.0.0.138",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\Tcpip\\Parameters\\Interfaces\\{040e884e-073e-4896-8c6e-ec5b32e88eb3}",
                "extra": "[(Private Address) (XX)]",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Found",
                "status_choice": 1,
                "status_removed": 0
            }
        ],
        "tasks": [],
        "filesystem": [],
        "hosts": {
            "is_too_big": false,
            "lines": []
        },
        "antirootkit": {
            "is_driver_loaded": false,
            "driver_error": 3221226347,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [],
            "mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 +++++\n--- User ---\n[MBR] 51b4d0c5e5acb640dc59e60c6a807543\n[BSP] 74d742046bc444cb70b21fae801c88ff : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210124800 | Size: 851268 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: OCZ-VECTOR +++++\n--- User ---\n[MBR] ffb2903729cfd68863114b3214d6b091\n[BSP] 1355176df99763ba7a578ad6f13844ec : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 208896 | Size: 122002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive2: Hitachi HDS722020ALA330 USB Device +++++\n--- User ---\n[MBR] c3bda938fbd1e66173d2de573859336a\n[BSP] 5b25dfbe3d5390bb93643748fbea9334 : Empty|VT.Unknown MBR Code\nPartition table:\n0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nError reading LL2 MBR! ([32] The request is not supported. )\n\n"
        }
    }
}


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 13 September 2015 - 07:49 PM

Greetings aviza12 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I don't see any evidence of malicious software on your computer. However, we will look at some reports to see if we can identify the cause of your BSOD.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-07-30 01:46 - 2015-07-30 01:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
cmd: md %userprofile%\Desktop\Minidump
cmd: copy C:\WINDOWS\Minidump\091115-17906-01.dmp %userprofile%\Desktop\Minidump
cmd: copy C:\WINDOWS\Minidump\090915-12531-01.dmp %userprofile%\Desktop\Minidump
cmd: copy C:\WINDOWS\Minidump\090815-15937-01.dmp %userprofile%\Desktop\Minidump
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • The tool will also create a Minidump folder on your Desktop. Please zip and upload the file here.
  • Let me know when the file has been uploaded
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Uploaded zipped Minidump folder
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 14 September 2015 - 03:58 AM

Hi gary, thank's a lot for your reply!

You can call me avishay if you'd please.

 

 
Attached File  Summary.zip   83.35KB   0 downloads
and I've uploaded the minidump to the site you've requested

here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by avishay (2015-09-14 11:47:38) Run:1
Running from C:\Users\zarad\Desktop
Loaded Profiles: avishay (Available Profiles: avishay)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-07-30 01:46 - 2015-07-30 01:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
cmd: md %userprofile%\Desktop\Minidump
cmd: copy C:\WINDOWS\Minidump\091115-17906-01.dmp %userprofile%\Desktop\Minidump
cmd: copy C:\WINDOWS\Minidump\090915-12531-01.dmp %userprofile%\Desktop\Minidump
cmd: copy C:\WINDOWS\Minidump\090815-15937-01.dmp %userprofile%\Desktop\Minidump
*****************
 
3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] => Error: No automatic fix found for this entry.
C:\ProgramData\DP45977C.lfl => moved successfully
 
=========  md %userprofile%\Desktop\Minidump =========
 
 
========= End of CMD: =========
 
 
=========  copy C:\WINDOWS\Minidump\091115-17906-01.dmp %userprofile%\Desktop\Minidump =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
=========  copy C:\WINDOWS\Minidump\090915-12531-01.dmp %userprofile%\Desktop\Minidump =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
=========  copy C:\WINDOWS\Minidump\090815-15937-01.dmp %userprofile%\Desktop\Minidump =========
 
        1 file(s) copied.
 
========= End of CMD: =========
 
 
==== End of Fixlog 11:47:38 ====
 


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 14 September 2015 - 01:38 PM

Greetings Avishay,
 

but both aswmbr and gmer consistently bsod'ed my computer.

Has your computer crashed (BSOD) any other time when not running gmer or aswMBR?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 14 September 2015 - 03:01 PM

Nope.

 

Also - when I try to install windows updates, it downloads them and restarts. after that - it gives the whole "windows is configuring your updates... X%", and then restarts again, giving me the message "We could not finish installing updates". It happens consistently 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 14 September 2015 - 03:17 PM

It looks like your BSOD issue is program specific so I wouldn't worry about it unless it happens at other times.

Is there an error code with the failed update notice?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 14 September 2015 - 03:25 PM

Idk... i've used GMER for a while and it has never BSODed me before, same with the other anti-rootkits.

now it consistently crashes after scanning the same file (ahcache.sys, with the exception code of "violating previlages, writing to protected memory", or something like that...)

 

Anyway, there is no error code with the failed update notice.

 

When it first happened to me, I tried to look for the WU logs (typing Get-WIndowsUpdateLog on powershell should do the trick) but whenever I try that it raises the exception

"Copy-Item : Cannot find path 'D:\Program Files\Windows Defender\SymSrv.dll' because it does not exist."



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 14 September 2015 - 03:44 PM

The Minidump reports did not point to that file. There is a known issue with that file but on Windows 8. It may be the same for Windows 10. It is not a malware issue but rather it seems to be a compatibility issue. For that you will need to post in the Windows 10 Forum once we are done here.

Please do this.

===================================================

Obtaining Windows Update Log

--------------------
  • Please browse to the following location

C:\Windows\WindowsUpdate.log

  • Please zip and upload the file here.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uploaded file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 14 September 2015 - 03:55 PM

Well, here are the contents of the logfile:

 

Windows Update logs are now generated using ETW (Event Tracing for Windows).
Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.
 
 
For more information, please visit http://go.microsoft.com/fwlink/?LinkId=518345
 
 
also, there are some files under C:\Windows\Logs\WindowsUpdate. those are etl files, would them be of interest for you?


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 14 September 2015 - 04:20 PM

Sorry, I checked my own computer and found a Windows Update log in that location but now I see that was before upgrading to Windows 10.

Please attach the last 2 logs in the following folder. You may have to zip them because of the file extension.

C:\Windows\Logs\WindowsUpdate

 

I will be away from my computer for awhile.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 14 September 2015 - 04:26 PM

No problem, here are the logs

 

Attached File  WUlogs.zip   10.65KB   1 downloads



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 14 September 2015 - 08:43 PM

Please click Start, Control Panel, then Troubleshooting. Under System and Security click Fix problems with Windows Update. Follow the prompts.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 aviza12

aviza12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 15 September 2015 - 08:10 AM

Didn't work, still getting the same notification.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:25 PM

Posted 15 September 2015 - 04:35 PM

Let's do this.

===================================================

Clearing Windows Update Software Distribution Folder

--------------------
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • An Administrator Command Prompt window should open
  • Type net stop wuauserv then hit Enter
  • Type rename c:\windows\SoftwareDistribution softwaredistribution.old then hit Enter
  • Type net start wuauserv then hit Enter
  • Type Exit then hit Enter
  • Navigate to c:\windows\SoftwareDistribution and verify a folder was just created
  • Restart your computer and attempt Windows Update
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does Windows Update?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users