Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TRO/ROOT KIT?


  • Please log in to reply

#91
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP

Error - 1/25/2012 11:08:20 AM | Computer Name = 975-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4.


Not sure what HarddiskVolumeShadowCopy4 is but it is not happy.

Neither is your Avast install:

Error - 1/25/2012 9:55:52 AM | Computer Name = 975-PC | Source = Service Control Manager | ID = 7038
Description = The avast! Firewall service was unable to log on as NT AUTHORITY\SYSTEM
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).


If the firewall doesn't work then you are vulnerable to reinfection from other infected systems.

NVIDIA drivers will not install from update

Not unusual. I never install Hardware drivers from Update because they seldom work. Get the latest from you PC maker's website or from Nvidia's.

Your Windows install is just not all that happy:

Error - 1/25/2012 11:19:57 AM | Computer Name = 975-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 1/25/2012 11:19:57 AM | Computer Name = 975-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 1/25/2012 11:30:21 AM | Computer Name = 975-PC | Source = Application Error | ID = 1000
Description = Faulting application name: consent.exe, version: 6.1.7601.17514, time
stamp: 0x4ce79e79 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000007ff7d1503a4 Faulting process id: 0xf44 Faulting
application start time: 0x01ccdb763eef034b Faulting application path: C:\Windows\system32\consent.exe
Faulting
module path: unknown Report Id: 7d931d48-4769-11e1-a3ee-485b396c298e


Could there be a problem with the CD/DVD reader you are using? Could there be a memory problem? Could the DVD itself be bad?

Zip up and attach one of your .png files and let me look at it.
  • 0

Advertisements


#92
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron, thanks. The DVD is new on this computer from last load. I switched it out to make sure it was not a problem. The PNG file can be read from XPSP3. MS teck support already gave me a PNG file fix that had no effect, because I do not think it is the file, just Win. Memory chips are also just checked by Kingston? and they certify them. Also memory checks and burn checks of computer all pass. Temp stays in the 40's.. (I uploaded that png file, but I do not see it. Do you?)

Edited by DAV2, 25 January 2012 - 12:37 PM.

  • 0

#93
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Try this one.

Attached Thumbnails

  • ibt975.PNG

  • 0

#94
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ron, the original load here had "0" errors. What produced all those errors was connecting to the net and downloading updates. I did the original install before today.

Attached Thumbnails

  • winerror.PNG

  • 0

#95
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I think this is the first Win error after good "0" error load and the Trojan did not show until I connected to the net.

I have no other computers attached and running on this network/router before/during or after updates and Win is configured not to share files.

SFC scanned and still scans clean. All drivers are digitally signed

Win FW that is compatible with Avast and Avast says keep it running, did not give an error message.

Attached Thumbnails

  • winerror2.PNG

Edited by DAV2, 25 January 2012 - 02:16 PM.

  • 0

#96
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
The 0xC0000188 error is just a minor Windows bug:
http://support.micro....com/kb/2001347

Lot easier to read these logs with VEW:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




I talked to our Avast expert about pagefile.sys and he told me this:

I have seen two like this - they were both resolved by clearing pagefile at shutdown. For some reason we needed to do it several times.. I do not think it is an FP as there are so few occurrences of it


Not sure I agree that it is not a false positive.

As for your .png. Does it not open .png files?

Control Panel, Default Programs, Associate a File... then scroll down to .png

What is it set to use? Double click on it and try one of the other programs.

Does it not work in IE? Try Firefox or Chrome. Do they work? I can see it with all three and I have the latest of each on my Win 7. What I do not have is the 64 bit IE. Does that work for you?
  • 0

#97
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/01/2012 3:23:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/01/2012 3:17:44 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/01/2012 6:10:53 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\Volume{6c709e0d-4696-11e1-a004-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A2D6DFED-792F-40D5-9EF0-AD5F05DDDEBC}' was corrupted and it has been recovered. Some data might have been lost.

Log: 'System' Date/Time: 25/01/2012 3:16:28 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070103: nVidia - Display, Other hardware - NVIDIA GeForce 9600 GT.

Log: 'System' Date/Time: 25/01/2012 3:10:37 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Log: 'System' Date/Time: 25/01/2012 3:08:34 PM
Type: Error Category: 0
Event: 5 Source: Microsoft-Windows-Kernel-General
{Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT' was corrupted and it has been recovered. Some data might have been lost.

Log: 'System' Date/Time: 25/01/2012 3:08:20 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy4.

Log: 'System' Date/Time: 25/01/2012 1:57:43 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

Log: 'System' Date/Time: 25/01/2012 1:57:43 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2632503).

Log: 'System' Date/Time: 25/01/2012 1:57:43 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).

Log: 'System' Date/Time: 25/01/2012 1:57:09 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 25/01/2012 1:55:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The avast! Firewall service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 25/01/2012 1:55:52 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The avast! Firewall service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 25/01/2012 1:55:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The avast! Antivirus service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 25/01/2012 1:55:52 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The avast! Antivirus service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 25/01/2012 1:55:47 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The avast! Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/01/2012 1:55:47 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/01/2012 1:32:40 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The requested name is valid, but no data of the requested type was found. (0x80072AFC)
  • 0

#98
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/01/2012 3:26:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/01/2012 7:12:06 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d Faulting module name: aswWebRepIE.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ed3cc4d Exception code: 0xc0000005 Fault offset: 0x72a26fa0 Faulting process id: 0xd08 Faulting application start time: 0x01ccdb952844b629 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: aswWebRepIE.dll Report Id: 77f40a7c-4788-11e1-a480-485b396c298e

Log: 'Application' Date/Time: 25/01/2012 6:43:02 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d Faulting module name: SHELL32.dll, version: 6.1.7601.17678, time stamp: 0x4e5c6371 Exception code: 0xc0000005 Fault offset: 0x001f1c23 Faulting process id: 0xc54 Faulting application start time: 0x01ccdb819972fd74 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\syswow64\SHELL32.dll Report Id: 6878a05f-4784-11e1-a480-485b396c298e

Log: 'Application' Date/Time: 25/01/2012 4:37:19 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-946091478-2187240114-3839668730-1001.bak). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {6d443a8f-ce4c-4942-bdf5-97f0117c200b}

Log: 'Application' Date/Time: 25/01/2012 3:32:04 PM
Type: Error Category: 3
Event: 1019 Source: Microsoft-Windows-Search
Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80070002, "iehistory://{S-1-5-21-946091478-2187240114-3839668730-1000}/">.


Log: 'Application' Date/Time: 25/01/2012 3:30:21 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: consent.exe, version: 6.1.7601.17514, time stamp: 0x4ce79e79 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x000007ff7d1503a4 Faulting process id: 0xf44 Faulting application start time: 0x01ccdb763eef034b Faulting application path: C:\Windows\system32\consent.exe Faulting module path: unknown Report Id: 7d931d48-4769-11e1-a3ee-485b396c298e

Log: 'Application' Date/Time: 25/01/2012 3:20:11 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-946091478-2187240114-3839668730-1001.bak). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a6f26100-3b3e-4794-8919-95788aec1ce1}

Log: 'Application' Date/Time: 25/01/2012 3:19:57 PM
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 25/01/2012 3:19:57 PM
Type: Error Category: 0
Event: 1515 Source: Microsoft-Windows-User Profiles Service
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/01/2012 3:38:10 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-946091478-2187240114-3839668730-1000_Classes:
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000_CLASSES
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000_CLASSES\Local Settings\MuiCache\D\52C64B7E


Log: 'Application' Date/Time: 25/01/2012 3:38:10 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 35 user registry handles leaked from \Registry\User\S-1-5-21-946091478-2187240114-3839668730-1000:
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7F99A3C8-2162-4797-84F3-6A58C5E6F52B}
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 3492 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
Process 3492 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\PrivacIE:
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Internet Explorer\SQM\FreezeUploads
Process 4036 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Avast Software\WRC\RatingStorage\update.microsoft.com
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}
Process 3492 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\iecompat
Process 4036 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Avast Software\WRC\RatingStorage\go.microsoft.com
Process 3492 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
Process 3492 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache
Process 3492 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\feedplat
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
Process 4036 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\AppDataLow\Software\Microsoft\RepService
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
Process 3492 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
Process 4036 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Avast Software\WRC\RatingStorage
Process 3492 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\UserData
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Process 2684 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Internet Explorer\International
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Internet Explorer\PhishingFilter
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Internet Explorer\SQM
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iedownload
Process 4056 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History


Log: 'Application' Date/Time: 25/01/2012 2:05:11 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Application Requested}.


Log: 'Application' Date/Time: 24/01/2012 12:46:54 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-946091478-2187240114-3839668730-1000:
Process 700 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000
Process 1356 (\Device\HarddiskVolume2\Windows\System32\dwm.exe) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000
Process 2644 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 24/01/2012 12:24:59 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
  • 0

#99
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ok, png open with media center but not with "photo viewer" default.

This usually resolves in a week or 2 or maybe with a new load of "0" error "clean" sfc Win load. Not with any hardware change.
  • 0

#100
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Errors like these are kind of interesting:

Process 4056 (<Unknown>)

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

tasklist  /m  >  \junk.txt

notepad  \junk.txt

Copy and paste the text from notepad. Let's see if we still have Unknown processes here.


Also Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

Advertisements


#101
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Image Name PID Modules
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 352 ntdll.dll
csrss.exe 508 ntdll.dll, CSRSRV.dll, basesrv.DLL,
winsrv.DLL, USER32.dll, GDI32.dll,
kernel32.dll, KERNELBASE.dll, LPK.dll,
USP10.dll, msvcrt.dll, sxssrv.DLL, sxs.dll,
RPCRT4.dll, CRYPTBASE.dll, ADVAPI32.dll,
sechost.dll
wininit.exe 576 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, USER32.dll, GDI32.dll,
LPK.dll, USP10.dll, msvcrt.dll, RPCRT4.dll,
sechost.dll, profapi.dll, IMM32.DLL,
MSCTF.dll, RpcRtRemote.dll, apphelp.dll,
CRYPTBASE.dll, WS2_32.dll, NSI.dll,
mswsock.dll, wshtcpip.dll, wship6.dll,
secur32.dll, SSPICLI.DLL, credssp.dll,
ADVAPI32.dll
csrss.exe 596 ntdll.dll, CSRSRV.dll, basesrv.DLL,
winsrv.DLL, USER32.dll, GDI32.dll,
kernel32.dll, KERNELBASE.dll, LPK.dll,
USP10.dll, msvcrt.dll, sxssrv.DLL, sxs.dll,
RPCRT4.dll, CRYPTBASE.dll, ADVAPI32.dll,
sechost.dll
services.exe 632 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, RPCRT4.dll,
SspiCli.dll, profapi.dll, sechost.dll,
CRYPTBASE.dll, scext.dll, USER32.dll,
GDI32.dll, LPK.dll, USP10.dll, Secur32.dll,
SCESRV.dll, srvcli.dll, IMM32.DLL,
MSCTF.dll, RpcRtRemote.dll, credssp.dll,
AUTHZ.dll, UBPM.dll, ADVAPI32.dll,
apphelp.dll, WTSAPI32.dll, WINSTA.dll,
WS2_32.dll, NSI.dll, mswsock.dll,
wshtcpip.dll, wship6.dll
lsass.exe 660 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, RPCRT4.dll,
SspiSrv.dll, lsasrv.dll, sechost.dll,
SspiCli.dll, ADVAPI32.dll, USER32.dll,
GDI32.dll, LPK.dll, USP10.dll, SAMSRV.dll,
cryptdll.dll, MSASN1.dll, wevtapi.dll,
IMM32.DLL, MSCTF.dll, cngaudit.dll,
AUTHZ.dll, ncrypt.dll, bcrypt.dll,
msprivs.DLL, netjoin.dll, negoexts.DLL,
Secur32.dll, cryptbase.dll, kerberos.DLL,
CRYPTSP.dll, WS2_32.dll, NSI.dll,
mswsock.dll, wship6.dll, msv1_0.DLL,
netlogon.DLL, DNSAPI.dll, logoncli.dll,
schannel.DLL, CRYPT32.dll, wdigest.DLL,
rsaenh.dll, tspkg.DLL, pku2u.DLL,
bcryptprimitives.dll, RpcRtRemote.dll,
efslsaext.dll, scecli.DLL, credssp.dll,
WINSTA.dll, IPHLPAPI.DLL, WINNSI.DLL,
netutils.dll, USERENV.dll, profapi.dll,
wshtcpip.dll, MPR.dll, dssenh.dll,
GPAPI.dll, pstorsvc.dll, psbase.dll,
certpoleng.dll, wkscli.dll, WLDAP32.dll
lsm.exe 668 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, SYSNTFY.dll, WMsgAPI.dll,
CRYPTBASE.dll, pcwum.dll, RpcRtRemote.dll,
secur32.dll, SSPICLI.DLL, credssp.dll,
ADVAPI32.dll
svchost.exe 780 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, umpnpmgr.dll, SPINF.dll,
USER32.dll, GDI32.dll, LPK.dll, USP10.dll,
DEVRTL.dll, IMM32.DLL, MSCTF.dll,
RpcRtRemote.dll, USERENV.dll, profapi.dll,
GPAPI.dll, CRYPTBASE.dll, umpo.dll,
WINSTA.dll, SETUPAPI.dll, CFGMGR32.dll,
ADVAPI32.dll, OLEAUT32.dll, ole32.dll,
DEVOBJ.dll, pcwum.DLL, rpcss.dll,
SspiCli.dll, credssp.dll, CLBCatQ.DLL,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
ntmarta.dll, WLDAP32.dll, wmidcprv.dll,
FastProx.dll, wbemcomn.dll, WS2_32.dll,
NSI.dll, NTDSAPI.dll, wbemprox.dll,
CRYPTSP.dll, rsaenh.dll, wbemsvc.dll,
wmiutils.dll, apphelp.dll, WTSAPI32.dll
nvvsvc.exe 864 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, RPCRT4.dll, WTSAPI32.dll,
msvcrt.dll, SHLWAPI.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll,
USERENV.dll, profapi.dll, SETUPAPI.dll,
CFGMGR32.dll, ADVAPI32.dll, sechost.dll,
OLEAUT32.dll, ole32.dll, DEVOBJ.dll,
IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,
SHELL32.dll, CLBCatQ.DLL, CRYPTSP.dll,
rsaenh.dll, RpcRtRemote.dll, apphelp.dll,
nvxdbat.dll, WINSTA.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll
svchost.exe 904 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, rpcepmap.dll, RpcRtRemote.dll,
secur32.dll, SSPICLI.DLL, credssp.dll,
CRYPTBASE.dll, rpcss.dll, ADVAPI32.dll,
CRYPTSP.dll, rsaenh.dll, WS2_32.dll,
NSI.dll, mswsock.dll, user32.dll,
GDI32.dll, LPK.dll, USP10.dll, IMM32.DLL,
MSCTF.dll, wshtcpip.dll, wship6.dll,
FirewallAPI.dll, VERSION.dll, CLBCatQ.DLL,
ole32.dll, OLEAUT32.dll, fwpuclnt.dll,
msi.dll, SHLWAPI.dll, msiltcfg.dll,
SFC.DLL, sfc_os.DLL
svchost.exe 964 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, ADVAPI32.dll,
wevtsvc.dll, RpcRtRemote.dll, secur32.dll,
SSPICLI.DLL, credssp.dll, WS2_32.dll,
NSI.dll, mswsock.dll, wshtcpip.dll,
wship6.dll, GPAPI.dll, audiosrv.dll,
POWRPROF.dll, SETUPAPI.dll, CFGMGR32.dll,
OLEAUT32.dll, DEVOBJ.dll, MMDevAPI.DLL,
PROPSYS.dll, AVRT.dll, CLBCatQ.DLL,
lmhsvc.dll, IPHLPAPI.DLL, WINNSI.DLL,
nrpsrv.DLL, dhcpcore.dll, DNSAPI.dll,
firewallapi.dll, VERSION.dll,
dhcpcore6.dll, WINSTA.dll, SHLWAPI.dll,
CRYPTSP.dll, rsaenh.dll, audioses.dll,
dhcpcsvc6.DLL, dhcpcsvc.DLL, wscsvc.dll,
dbghelp.dll, wbemprox.dll, wbemcomn.dll,
wbemsvc.dll, fastprox.dll, NTDSAPI.dll,
CRYPT32.dll, MSASN1.dll, WINTRUST.DLL,
imagehlp.dll, ncrypt.dll, bcrypt.dll,
bcryptprimitives.dll, wuapi.dll,
Cabinet.dll, profapi.dll, USERENV.dll,
wkscli.dll, netutils.dll, RtkAPO64.dll,
WMALFXGFXDSP.dll, mfplat.DLL, NLAapi.dll,
napinsp.dll, pnrpnsp.dll, rasadhlp.dll,
fwpuclnt.dll, winrnr.dll
svchost.exe 1012 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, ADVAPI32.dll,
audiosrv.dll, POWRPROF.dll, SETUPAPI.dll,
CFGMGR32.dll, OLEAUT32.dll, DEVOBJ.dll,
MMDevAPI.DLL, PROPSYS.dll, AVRT.dll,
CLBCatQ.DLL, SHLWAPI.dll, cscsvc.dll,
USERENV.dll, profapi.dll, pcwum.dll,
PeerDist.dll, AUTHZ.dll, taskschd.dll,
SspiCli.dll, mstask.dll, COMCTL32.dll,
CRYPTSP.dll, rsaenh.dll, RpcRtRemote.dll,
WTSAPI32.dll, GPAPI.dll, WINSTA.dll,
uxsms.dll, wudfsvc.dll, WUDFPlatform.dll,
PSAPI.DLL, VERSION.dll, wevtapi.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
pcasvc.dll, apphelp.dll, AEPIC.dll,
sfc.dll, sfc_os.DLL, XmlLite.dll,
sysmain.dll, SHELL32.dll, trkwks.dll,
ntmarta.dll, WLDAP32.dll,
PortableDeviceApi.dll,
portabledeviceconnectapi.dll, netman.dll,
NSI.dll, WINNSI.DLL, netshell.dll,
IPHLPAPI.DLL, nlaapi.dll, RASDLG.dll,
MPRAPI.dll, RASAPI32.dll, rasman.dll,
WS2_32.dll, rtutils.dll, dsrole.dll,
netcfgx.dll, devrtl.DLL, hnetcfg.dll,
ATL.DLL, slc.dll, wbemprox.dll,
wbemcomn.dll, wbemsvc.dll, fastprox.dll,
NTDSAPI.dll, cscobj.dll, secur32.dll,
credssp.dll, tabsvc.dll, HID.DLL
svchost.exe 248 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, ADVAPI32.dll,
gpsvc.dll, GPAPI.dll, WLDAP32.dll,
Secur32.dll, SSPICLI.DLL, NSI.dll,
SYSNTFY.dll, nlaapi.dll, profsvc.dll,
OLEAUT32.dll, USERENV.dll, profapi.dll,
SHLWAPI.dll, ATL.DLL, RpcRtRemote.dll,
themeservice.dll, WINSTA.dll, CLBCatQ.DLL,
CRYPTSP.dll, dsrole.dll, slc.dll,
rsaenh.dll, sens.dll, WS2_32.dll,
shsvcs.dll, CFGMGR32.dll, SETUPAPI.dll,
DEVOBJ.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, SAMLIB.dll, wbemcomn.dll,
FVEAPI.dll, tbs.dll, FVECERTS.dll,
NETAPI32.dll, netutils.dll, srvcli.dll,
wkscli.dll, LOGONCLI.DLL, wiarpc.dll,
UxTheme.dll, schedsvc.dll, pcwum.dll,
SHELL32.dll, wevtapi.dll, AUTHZ.dll,
UBPM.dll, ktmw32.dll, XmlLite.dll,
credssp.dll, taskcomp.dll, VERSION.dll,
ntmarta.dll, mswsock.dll, wshtcpip.dll,
wship6.dll, netjoin.dll, WTSAPI32.dll,
comctl32.dll, PROPSYS.dll, wmisvc.dll,
iphlpsvc.dll, WINNSI.DLL, FirewallAPI.dll,
IPHLPAPI.DLL, fwpuclnt.dll, rtutils.dll,
sqmapi.dll, WDSCORE.dll, VSSAPI.DLL,
VssTrace.DLL, srvsvc.dll, browser.dll,
samcli.dll, devrtl.DLL, SSCORE.DLL,
CLUSAPI.DLL, cryptdll.dll, netprofm.dll,
RESUTILS.DLL, es.dll, NCI.dll, SPINF.dll,
wbemcore.dll, esscli.dll, FastProx.dll,
NTDSAPI.dll, wbemsvc.dll, wmiutils.dll,
repdrvfs.dll, dhcpcsvc.DLL, DNSAPI.dll,
dhcpcsvc6.DLL, wmiprvsd.dll, NCObjAPI.DLL,
wbemess.dll, rasadhlp.dll, npmproxy.dll,
SXS.DLL, appinfo.dll, apphelp.dll,
ncprov.dll, msxml3.dll, qmgr.dll,
bitsperf.dll, bitsigd.dll, upnp.dll,
WINHTTP.dll, webio.dll, SSDPAPI.dll,
MPR.dll, wuaueng.dll, ESENT.dll,
WINSPOOL.DRV, Cabinet.dll, mspatcha.dll,
psapi.dll, WMsgAPI.dll, wer.dll, msi.dll,
RasApi32.dll, rasman.dll, advpack.dll,
ncrypt.dll, bcrypt.dll,
bcryptprimitives.dll, schannel.DLL,
dssenh.dll, appmgmts.dll, adsldpc.dll,
qmgrprxy.dll, mmcss.dll, AVRT.dll
winlogon.exe 624 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, USER32.dll, GDI32.dll,
LPK.dll, USP10.dll, msvcrt.dll, WINSTA.dll,
RPCRT4.dll, IMM32.DLL, MSCTF.dll,
ADVAPI32.dll, sechost.dll, profapi.dll,
RpcRtRemote.dll, apphelp.dll, UXINIT.dll,
UxTheme.dll, CRYPTSP.dll, rsaenh.dll,
CRYPTBASE.dll, WindowsCodecs.dll,
ole32.dll, wkscli.dll, netjoin.dll,
netutils.dll, SspiCli.dll, slc.dll, MPR.dll
svchost.exe 1080 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, ADVAPI32.dll,
es.dll, OLEAUT32.dll, CRYPTSP.dll,
rsaenh.dll, RpcRtRemote.dll, CLBCatQ.DLL,
nsisvc.dll, NSI.dll, SXS.DLL, wdi.dll,
netprofm.dll, nlaapi.dll, perftrack.dll,
wer.dll, dwmapi.dll, Secur32.dll,
SSPICLI.DLL, AEPIC.dll, sfc.dll,
sfc_os.DLL, VERSION.dll, npmproxy.dll,
WS2_32.dll, IPHLPAPI.DLL, WINNSI.DLL,
GPAPI.dll, SHLWAPI.dll, credssp.dll,
DNSAPI.dll, napinsp.dll, pnrpnsp.dll,
mswsock.dll, winrnr.dll, wshtcpip.dll,
wship6.dll, rasadhlp.dll, fwpuclnt.dll,
dhcpcsvc6.DLL, dhcpcsvc.DLL,
sppuinotify.dll, urlmon.dll, iertutil.dll,
WININET.dll, Normaliz.dll, WTSAPI32.dll,
slc.dll, sppc.dll, sppcomapi.dll,
sppcext.dll, CRYPT32.dll, MSASN1.dll,
WinSCard.dll, WINHTTP.dll, webio.dll,
RASAPI32.dll, rasman.dll, SETUPAPI.dll,
CFGMGR32.dll, DEVOBJ.dll, TAPI32.dll,
msi.dll, slwga.dll, CRYPTUI.dll,
comctl32.dll, cryptdll.dll, USERENV.dll,
profapi.dll, dsrole.dll, msv1_0.DLL,
fthsvc.dll, apphelp.dll, wevtapi.dll
svchost.exe 1180 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, ADVAPI32.dll,
WS2_32.dll, NSI.dll, DNSAPI.dll,
WINNSI.DLL, Fwpuclnt.dll, USERENV.dll,
profapi.dll, GPAPI.dll, RpcRtRemote.dll,
mswsock.dll, iphlpapi.dll, wship6.dll,
dhcpcsvc6.DLL, dhcpcsvc.DLL, wshtcpip.dll,
wkssvc.dll, netutils.dll, netjoin.dll,
SspiCli.dll, cryptsvc.dll, CRYPT32.dll,
MSASN1.dll, nlasvc.dll, wevtapi.dll,
ncsi.dll, WINHTTP.dll, webio.dll,
CFGMGR32.dll, secur32.dll, credssp.dll,
VSSAPI.DLL, ATL.DLL, VssTrace.DLL,
ssdpapi.dll, OLEAUT32.dll, samcli.dll,
SAMLIB.dll, CRYPTSP.dll, wkscli.dll,
rsaenh.dll, CLBCatQ.DLL, es.dll,
PROPSYS.dll, WTSAPI32.dll, WINSTA.dll,
bcrypt.dll, bcryptprimitives.dll,
SHLWAPI.dll, rasadhlp.dll, ncrypt.dll,
ESENT.dll, psapi.dll, SXS.DLL, vss_ps.dll,
msxml3.dll, dnsrslvr.dll, dnsext.dll,
CRYPTNET.dll, WLDAP32.dll, SensApi.dll,
Cabinet.dll, DEVRTL.dll
AvastSvc.exe 1240 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
afwServ.exe 1324 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
nvxdsync.exe 1724 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, RPCRT4.dll, SHLWAPI.dll,
GDI32.dll, USER32.dll, LPK.dll, USP10.dll,
msvcrt.dll, ADVAPI32.dll, sechost.dll,
ole32.dll, OLEAUT32.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, CLBCatQ.DLL,
CRYPTSP.dll, rsaenh.dll, RpcRtRemote.dll,
nvxdapix.dll, NvUI.dll, gdiplus.dll,
VERSION.dll, WTSAPI32.dll, MSIMG32.dll,
USERENV.dll, profapi.dll, WINSPOOL.DRV,
dwmapi.dll, WINSTA.dll, Comctl32.dll,
nvapi64.dll, SHELL32.dll, SETUPAPI.dll,
CFGMGR32.dll, DEVOBJ.dll, nvxdbat.dll,
SspiCli.dll, apphelp.dll
nvvsvc.exe 1752 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, RPCRT4.dll, WTSAPI32.dll,
msvcrt.dll, SHLWAPI.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll,
USERENV.dll, profapi.dll, SETUPAPI.dll,
CFGMGR32.dll, ADVAPI32.dll, sechost.dll,
OLEAUT32.dll, ole32.dll, DEVOBJ.dll,
IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,
SHELL32.dll, NVSVC64.DLL, mscms.dll,
VERSION.dll, WINMM.dll, COMCTL32.dll,
MSIMG32.dll, POWRPROF.dll, PSAPI.DLL,
dwmapi.dll, COMDLG32.dll, nvapi64.dll,
NVSVCR.DLL, CLBCatQ.DLL, CRYPTSP.dll,
rsaenh.dll, RpcRtRemote.dll, WINSTA.dll,
SspiCli.dll, nvxdbat.dll, nvxdplcy.dll,
apphelp.dll
spoolsv.exe 2016 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
USP10.dll, POWRPROF.dll, SETUPAPI.dll,
CFGMGR32.dll, ADVAPI32.dll, OLEAUT32.dll,
ole32.dll, DEVOBJ.dll, DNSAPI.dll,
WS2_32.dll, NSI.dll, IMM32.DLL, MSCTF.dll,
CRYPTBASE.dll, slc.dll, RpcRtRemote.dll,
secur32.dll, SSPICLI.DLL, credssp.dll,
WTSAPI32.dll, WINSTA.dll, IPHLPAPI.DLL,
WINNSI.DLL, mswsock.dll, wshtcpip.dll,
wship6.dll, rasadhlp.dll, fwpuclnt.dll,
CLBCatQ.DLL, umb.dll, ATL.DLL,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
localspl.dll, SPOOLSS.DLL, srvcli.dll,
winspool.drv, PrintIsolationProxy.dll,
FXSMON.DLL, tcpmon.dll, snmpapi.dll,
wsnmp32.dll, msxml6.dll, SHLWAPI.dll,
usbmon.dll, wls0wndh.dll, WSDMon.dll,
wsdapi.dll, webservices.dll,
FirewallAPI.dll, VERSION.dll, FunDisc.dll,
fdPnp.dll, winprint.dll, USERENV.dll,
profapi.dll, GPAPI.dll, dsrole.dll,
win32spl.dll, DEVRTL.dll, SPINF.dll,
inetpp.dll, CRYPTSP.dll, cscapi.dll,
netutils.dll, rsaenh.dll
svchost.exe 288 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, ADVAPI32.dll,
bfe.dll, AUTHZ.dll, slc.dll, SspiCli.dll,
pcwum.dll, RpcRtRemote.dll, mpssvc.dll,
FirewallAPI.dll, VERSION.dll, fwpuclnt.dll,
NSI.dll, CFGMGR32.dll, SHLWAPI.dll,
secur32.dll, credssp.dll, USERENV.dll,
profapi.dll, GPAPI.dll, WS2_32.dll,
IPHLPAPI.DLL, WINNSI.DLL, dhcpcsvc6.DLL,
dhcpcsvc.DLL, dps.dll, mswsock.dll,
OLEAUT32.dll, wship6.dll, CLBCatQ.DLL,
wshtcpip.dll, taskschd.dll, wfapigp.dll,
ntmarta.dll, WLDAP32.dll, wdi.dll,
bcrypt.dll, netprofm.dll, nlaapi.dll,
CRYPTSP.dll, rsaenh.dll, npmproxy.dll,
wdiasqmmodule.dll, radardt.dll,
WTSAPI32.dll, SETUPAPI.dll, DEVOBJ.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
WINSTA.dll
dwm.exe 2848 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, GDI32.dll, USER32.dll,
LPK.dll, USP10.dll, msvcrt.dll,
UxTheme.dll, IMM32.dll, MSCTF.dll,
dwmredir.dll, dwmcore.dll, ADVAPI32.dll,
sechost.dll, RPCRT4.dll, WindowsCodecs.dll,
ole32.dll, d3d10_1.dll, d3d10_1core.dll,
dxgi.dll, VERSION.dll, dwmapi.dll,
PSAPI.DLL, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll
explorer.exe 2908 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, ADVAPI32.dll, msvcrt.dll,
sechost.dll, RPCRT4.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll,
SHLWAPI.dll, SHELL32.dll, ole32.dll,
OLEAUT32.dll, EXPLORERFRAME.dll, DUser.dll,
DUI70.dll, IMM32.dll, MSCTF.dll,
UxTheme.dll, POWRPROF.dll, SETUPAPI.dll,
CFGMGR32.dll, DEVOBJ.dll, dwmapi.dll,
slc.dll, gdiplus.dll, Secur32.dll,
SSPICLI.DLL, PROPSYS.dll, CRYPTBASE.dll,
comctl32.dll, WindowsCodecs.dll,
profapi.dll, apphelp.dll, CLBCatQ.DLL,
ashShA64.dll, msi.dll, EhStorShell.dll,
cscui.dll, CSCDLL.dll, CSCAPI.dll,
ntshrui.dll, srvcli.dll,
IconCodecService.dll, CRYPTSP.dll,
rsaenh.dll, RpcRtRemote.dll, SndVolSSO.DLL,
HID.DLL, MMDevApi.dll, timedate.cpl,
ATL.DLL, WINBRAND.dll, actxprxy.dll,
ntmarta.dll, WLDAP32.dll, shdocvw.dll,
LINKINFO.dll, USERENV.dll, SAMLIB.dll,
samcli.dll, netutils.dll, msls31.dll,
tiptsf.dll, authui.dll, CRYPTUI.dll,
CRYPT32.dll, MSASN1.dll, urlmon.dll,
iertutil.dll, WININET.dll, Normaliz.dll,
WINSTA.dll, XmlLite.dll, PSAPI.DLL,
NetworkExplorer.dll, gameux.dll, wer.dll,
WINMM.dll, wdmaud.drv, ksuser.dll,
AVRT.dll, AUDIOSES.DLL, msacm32.drv,
MSACM32.dll, midimap.dll, stobject.dll,
BatMeter.dll, WTSAPI32.dll, es.dll,
prnfldr.dll, WINSPOOL.DRV, dxp.dll,
Syncreg.dll, ehSSO.dll, netshell.dll,
IPHLPAPI.DLL, NSI.dll, WINNSI.DLL,
nlaapi.dll, AltTab.dll,
wpdshserviceobj.dll,
PortableDeviceTypes.dll,
PortableDeviceApi.dll, WINTRUST.dll,
mssprxy.dll, pnidui.dll, QUtil.dll,
wevtapi.dll, dhcpcsvc6.DLL, WS2_32.dll,
dhcpcsvc.DLL, credssp.dll, npmproxy.dll,
Wlanapi.dll, wlanutil.dll, wwanapi.dll,
wwapi.dll, QAgent.dll, cscobj.dll,
srchadmin.dll, bthprops.cpl, ieframe.dll,
OLEACC.dll, Actioncenter.dll,
SyncCenter.dll, imapi2.dll, hgcpl.dll,
provsvc.dll, SXS.DLL, wkscli.dll,
fxsst.dll, FXSAPI.dll, FXSRESM.DLL,
VERSION.dll, ieproxy.dll, MPR.dll,
dsrole.dll, StructuredQuery.dll,
DEVRTL.dll, wscinterop.dll, WSCAPI.dll,
wscui.cpl, werconcpl.dll, framedynos.dll,
wercplsupport.dll, msxml6.dll,
hcproviders.dll, msiltcfg.dll, msxml3.dll,
comsvcs.dll, SearchFolder.dll, SFC.DLL,
sfc_os.DLL, PhotoBase.dll, MLANG.dll,
ACLUI.dll, NTDSAPI.dll, zipfldr.dll,
MsftEdit.dll, thumbcache.dll, imagehlp.dll,
msutb.dll, twext.dll, syncui.dll,
SYNCENG.dll, acppage.dll, EhStorAPI.dll
taskhost.exe 2936 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, ole32.dll,
GDI32.dll, USER32.dll, LPK.dll, USP10.dll,
RPCRT4.dll, OLEAUT32.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, sechost.dll,
ADVAPI32.dll, CLBCatQ.DLL, PlaySndSrv.dll,
RpcRtRemote.dll, MsCtfMonitor.dll,
MSUTB.dll, WINSTA.dll, WTSAPI32.dll,
dimsjob.dll, SHLWAPI.dll, taskschd.dll,
SspiCli.dll, netprofm.dll, NSI.dll,
nlaapi.dll, CRYPTSP.dll, rsaenh.dll,
npmproxy.dll, dsrole.dll, WINMM.dll,
MMDevAPI.DLL, PROPSYS.dll, wdmaud.drv,
ksuser.dll, AVRT.dll, SETUPAPI.dll,
CFGMGR32.dll, DEVOBJ.dll, AUDIOSES.DLL,
msacm32.drv, MSACM32.dll, midimap.dll,
uxtheme.dll, dwmapi.dll
RAVCpl64.exe 3052 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, SETUPAPI.dll, CFGMGR32.dll,
msvcrt.dll, RPCRT4.dll, ADVAPI32.dll,
sechost.dll, GDI32.dll, USER32.dll,
LPK.dll, USP10.dll, OLEAUT32.dll,
ole32.dll, DEVOBJ.dll, WINMM.dll,
DSOUND.dll, POWRPROF.dll, VERSION.dll,
PROPSYS.dll, UxTheme.dll, gdiplus.dll,
IMM32.dll, MSCTF.dll, SHLWAPI.dll,
OPENGL32.dll, GLU32.dll, DDRAW.dll,
DCIMAN32.dll, dwmapi.dll, MSIMG32.dll,
COMDLG32.dll, COMCTL32.dll, SHELL32.dll,
WINSPOOL.DRV, oledlg.dll, CRYPTBASE.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
WindowsCodecs.dll, CLBCatQ.DLL,
MMDevApi.dll, AUDIOSES.DLL
nusb3mon.exe 2468 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
AvastUI.exe 2560 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
SearchIndexer.exe 3064 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, ADVAPI32.dll, msvcrt.dll,
sechost.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, LPK.dll, USP10.dll, ole32.dll,
OLEAUT32.dll, TQUERY.DLL, SHLWAPI.dll,
MSSRCH.DLL, ESENT.dll, IMM32.dll,
MSCTF.dll, psapi.dll, SHELL32.dll,
profapi.dll, CRYPTBASE.dll, secur32.dll,
SSPICLI.DLL, credssp.dll, CLBCatQ.DLL,
Msidle.dll, CRYPTSP.dll, rsaenh.dll,
RpcRtRemote.dll, mssprxy.dll, propsys.dll,
tQuery.dll.mui, ntmarta.dll, WLDAP32.dll,
VSSAPI.DLL, ATL.DLL, VssTrace.DLL,
WTSAPI32.dll, WINSTA.dll, samcli.dll,
SAMLIB.dll, netutils.dll, USERENV.dll,
es.dll, apphelp.dll, CFGMGR32.dll, SXS.DLL,
NaturalLanguage6.dll, CRYPT32.dll,
MSASN1.dll, comctl32.dll, SETUPAPI.dll,
DEVOBJ.dll, elscore.dll, ElsLad.dll,
vss_ps.dll, msxml3.dll
nvtray.exe 2584 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, NvUI.dll, gdiplus.dll,
msvcrt.dll, USER32.dll, GDI32.dll, LPK.dll,
USP10.dll, ole32.dll, RPCRT4.dll,
VERSION.dll, WTSAPI32.dll, SHLWAPI.dll,
MSIMG32.dll, USERENV.dll, profapi.dll,
WINSPOOL.DRV, ADVAPI32.dll, sechost.dll,
OLEAUT32.dll, COMCTL32.dll, IMM32.DLL,
MSCTF.dll, NvUpdt.dll, UxTheme.dll,
Comctl32.dll, NVUPDTR.DLL,
easyUpdatusAPIU64.dll, WS2_32.dll, NSI.dll,
mswsock.dll, wshtcpip.dll, NLAapi.dll,
napinsp.dll, pnrpnsp.dll, DNSAPI.dll,
winrnr.dll, IPHLPAPI.DLL, WINNSI.DLL,
fwpuclnt.dll, rasadhlp.dll, WINSTA.dll,
SHELL32.dll
svchost.exe 3872 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, ole32.dll, GDI32.dll,
USER32.dll, LPK.dll, USP10.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, ADVAPI32.dll,
ssdpsrv.dll, WS2_32.dll, NSI.dll,
FirewallAPI.dll, VERSION.dll, IPHLPAPI.DLL,
WINNSI.DLL, dhcpcsvc6.DLL, dhcpcsvc.DLL,
CRYPTSP.dll, rsaenh.dll, mswsock.dll,
wship6.dll, wshtcpip.dll, secur32.dll,
SSPICLI.DLL, credssp.dll, RpcRtRemote.dll,
fntcache.dll, ktmw32.dll, ntmarta.dll,
WLDAP32.dll, upnphost.dll, SHELL32.dll,
SHLWAPI.dll, SSDPAPI.dll, CLBCatQ.DLL,
OLEAUT32.dll, USERENV.dll, profapi.dll,
msxml3.dll, httpapi.dll, pcwum.dll
daemonu.exe 2100 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
sppsvc.exe 924 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, ADVAPI32.dll, msvcrt.dll,
sechost.dll, RPCRT4.dll, ole32.dll,
GDI32.dll, USER32.dll, LPK.dll, USP10.dll,
IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,
RpcRtRemote.dll, CRYPTSP.dll, rsaenh.dll,
sppwinob.dll, sppobjs.dll, DNSAPI.dll,
WS2_32.dll, NSI.dll, OLEAUT32.dll,
CLBCatQ.DLL, SspiCli.dll
svchost.exe 3496 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, mpsvc.dll, ADVAPI32.dll,
ole32.dll, GDI32.dll, USER32.dll, LPK.dll,
USP10.dll, WTSAPI32.dll, sfc.dll,
sfc_os.DLL, MpClient.dll, OLEAUT32.dll,
USERENV.dll, profapi.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, IMM32.DLL,
MSCTF.dll, GPAPI.dll, CRYPTSP.dll,
rsaenh.dll, CRYPTBASE.dll, imagehlp.dll,
bcrypt.dll, bcryptprimitives.dll,
ncrypt.dll, mprtp.dll, PSAPI.DLL, tdh.dll,
mpengine.dll, WS2_32.dll, NSI.dll,
secur32.dll, SSPICLI.DLL, credssp.dll,
ntmarta.dll, WLDAP32.dll, RpcRtRemote.dll,
wscapi.dll, urlmon.dll, iertutil.dll,
WININET.dll, Normaliz.dll, CLBCatQ.DLL,
XmlLite.dll, cryptnet.dll, Cabinet.dll,
DEVRTL.dll, offreg.dll, netapi32.dll,
netutils.dll, srvcli.dll, wkscli.dll,
apphelp.dll, SETUPAPI.dll, CFGMGR32.dll,
DEVOBJ.dll
iexplore.exe 3232 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
iexplore.exe 4084 ntdll.dll, wow64.dll, wow64win.dll,
wow64cpu.dll
taskhost.exe 3680 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, ole32.dll,
GDI32.dll, USER32.dll, LPK.dll, USP10.dll,
RPCRT4.dll, OLEAUT32.dll, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, sechost.dll,
ADVAPI32.dll, CLBCatQ.DLL, wdi.dll,
radarrs.dll, COMCTL32.dll, SHLWAPI.dll,
SHELL32.dll, RstrtMgr.DLL, ncrypt.dll,
bcrypt.dll, MSASN1.dll, wer.dll,
VERSION.dll, SensApi.dll, WINHTTP.dll,
webio.dll, WS2_32.dll, NSI.dll,
SspiCli.dll, credssp.dll, mswsock.dll,
IPHLPAPI.DLL, WINNSI.DLL, dhcpcsvc6.DLL,
dhcpcsvc.DLL, CFGMGR32.dll, DNSAPI.dll,
rasadhlp.dll, profapi.dll, WinSATAPI.dll,
dxgi.dll, dwmapi.dll, gdiplus.dll,
SETUPAPI.dll, DEVOBJ.dll, msxml6.dll,
urlmon.dll, iertutil.dll, WININET.dll,
Normaliz.dll, PROPSYS.dll, DEVRTL.dll,
SPINF.dll, WINTRUST.dll, CRYPT32.dll,
taskschd.dll, XmlLite.dll
audiodg.exe 3572 N/A
cmd.exe 3764 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, msvcrt.dll, WINBRAND.dll,
USER32.dll, GDI32.dll, LPK.dll, USP10.dll,
IMM32.DLL, MSCTF.dll, apphelp.dll
conhost.exe 3844 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, GDI32.dll, USER32.dll,
LPK.dll, USP10.dll, msvcrt.dll, IMM32.dll,
MSCTF.dll, ole32.dll, RPCRT4.dll,
OLEAUT32.dll, CRYPTBASE.dll, ADVAPI32.dll,
sechost.dll
tasklist.exe 3188 ntdll.dll, kernel32.dll, KERNELBASE.dll,
ADVAPI32.dll, msvcrt.dll, sechost.dll,
RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
USP10.dll, ole32.dll, VERSION.dll, MPR.dll,
OLEAUT32.dll, Secur32.dll, SSPICLI.DLL,
WS2_32.dll, NSI.dll, framedynos.dll,
WTSAPI32.dll, NETAPI32.dll, netutils.dll,
srvcli.dll, wkscli.dll, dbghelp.dll,
SHLWAPI.dll, IMM32.DLL, MSCTF.dll,
CRYPTBASE.dll, CLBCatQ.DLL, wbemprox.dll,
wbemcomn.dll, Winsta.dll, CRYPTSP.dll,
rsaenh.dll, RpcRtRemote.dll, wbemsvc.dll,
fastprox.dll, NTDSAPI.dll, wmiutils.dll
WmiPrvSE.exe 1252 ntdll.dll, kernel32.dll, KERNELBASE.dll,
snxhk64.dll, ADVAPI32.dll, msvcrt.dll,
sechost.dll, RPCRT4.dll, USER32.dll,
GDI32.dll, LPK.dll, USP10.dll,
wbemcomn.dll, OLEAUT32.dll, ole32.dll,
WS2_32.dll, NSI.dll, FastProx.dll,
NTDSAPI.dll, NCObjAPI.DLL, IMM32.DLL,
MSCTF.dll, CRYPTBASE.dll, ntmarta.dll,
WLDAP32.dll, CLBCatQ.DLL, wbemprox.dll,
CRYPTSP.dll, rsaenh.dll, RpcRtRemote.dll,
wbemsvc.dll, wmiutils.dll, cimwin32.dll,
framedynos.dll, SspiCli.dll, WTSAPI32.dll,
WINBRAND.dll
  • 0

#102
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 99.75 0 K 24 K
Interrupts n/a 0.07 0 K 0 K Hardware Interrupts and DPCs
csrss.exe 596 0.07 77,868 K 43,248 K Client Server Runtime Process Microsoft Corporation
procexp64.exe 3604 0.06 25,292 K 42,124 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System 4 0.02 184 K 3,724 K
svchost.exe 780 < 0.01 6,740 K 12,208 K Host Process for Windows Services Microsoft Corporation
explorer.exe 2908 < 0.01 49,392 K 67,120 K Windows Explorer Microsoft Corporation
AvastSvc.exe 1240 < 0.01 53,444 K 1,728 K avast! Service AVAST Software
AvastUI.exe 2560 < 0.01 18,012 K 8,364 K avast! Antivirus AVAST Software
iexplore.exe 4084 < 0.01 90,488 K 115,196 K Internet Explorer Microsoft Corporation
nusb3mon.exe 2468 < 0.01 2,208 K 5,428 K USB 3.0 Monitor NEC Electronics Corporation
iexplore.exe 3232 < 0.01 27,012 K 42,184 K Internet Explorer Microsoft Corporation
lsass.exe 660 < 0.01 6,560 K 13,492 K Local Security Authority Process Microsoft Corporation
svchost.exe 248 < 0.01 48,316 K 57,956 K Host Process for Windows Services Microsoft Corporation
daemonu.exe 2100 < 0.01 3,348 K 7,200 K NVIDIA Settings Update Manager NVIDIA Corporation
svchost.exe 1180 < 0.01 32,664 K 36,044 K Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 3064 < 0.01 27,808 K 25,348 K Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 1012 < 0.01 163,684 K 167,844 K Host Process for Windows Services Microsoft Corporation
nvvsvc.exe 1752 < 0.01 7,184 K 14,436 K NVIDIA Driver Helper Service, Version 275.33 NVIDIA Corporation
afwServ.exe 1324 < 0.01 15,316 K 16,788 K avast! firewall service AVAST Software
WmiPrvSE.exe 724 4,320 K 8,008 K WMI Provider Host Microsoft Corporation
winlogon.exe 624 5,196 K 9,540 K Windows Logon Application Microsoft Corporation
wininit.exe 576 3,040 K 6,268 K Windows Start-Up Application Microsoft Corporation
taskhost.exe 2936 9,036 K 10,004 K Host Process for Windows Tasks Microsoft Corporation
taskhost.exe 3680 8,744 K 12,996 K Host Process for Windows Tasks Microsoft Corporation
svchost.exe 904 7,596 K 11,824 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3496 88,860 K 41,600 K Host Process for Windows Services Microsoft Corporation
svchost.exe 964 26,412 K 25,744 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3872 6,868 K 16,204 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1080 9,660 K 16,392 K Host Process for Windows Services Microsoft Corporation
svchost.exe 288 13,412 K 15,324 K Host Process for Windows Services Microsoft Corporation
sppsvc.exe 924 7,528 K 9,792 K Microsoft Software Protection Platform Service Microsoft Corporation
spoolsv.exe 2016 8,256 K 13,324 K Spooler SubSystem App Microsoft Corporation
smss.exe 352 752 K 1,448 K Windows Session Manager Microsoft Corporation
services.exe 632 7,136 K 11,276 K Services and Controller app Microsoft Corporation
RAVCpl64.exe 3052 13,048 K 14,560 K Realtek HD Audio Manager Realtek Semiconductor
procexp.exe 1316 2,592 K 7,252 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
nvxdsync.exe 1724 10,780 K 20,304 K NVIDIA User Experience Driver Component NVIDIA Corporation
nvvsvc.exe 864 4,600 K 9,356 K NVIDIA Driver Helper Service, Version 275.33 NVIDIA Corporation
nvtray.exe 2584 8,748 K 14,192 K NVIDIA Settings NVIDIA Corporation
lsm.exe 668 4,104 K 6,028 K Local Session Manager Service Microsoft Corporation
dwm.exe 2848 3,212 K 7,056 K Desktop Window Manager Microsoft Corporation
csrss.exe 508 2,908 K 5,240 K Client Server Runtime Process Microsoft Corporation
audiodg.exe 3572 18,176 K 18,572 K Windows Audio Device Graph Isolation Microsoft Corporation
  • 0

#103
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

tasklist   >  \junk.txt

notepad  \junk.txt


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. Also give me the C:\junk.txt file

If we get unknowns this time then we can reference back the proc id to the taskhost list.

Ron
  • 0

#104
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/01/2012 4:22:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#105
DAV2

DAV2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/01/2012 4:23:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/01/2012 10:19:21 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-946091478-2187240114-3839668730-1000_Classes:
Process 3188 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Process 3156 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000_CLASSES\Local Settings\MuiCache\3C\52C64B7E


Log: 'Application' Date/Time: 25/01/2012 10:19:21 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-946091478-2187240114-3839668730-1000:
Process 2792 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\Shell
Process 2908 (\Device\HarddiskVolume2\Windows\explorer.exe) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c709e0d-4696-11e1-a004-806e6f6e6963}
Process 3156 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-946091478-2187240114-3839668730-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9741c7f6-4689-11e1-8e58-806e6f6e6963}
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP