Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System performance slowly deteriorating - freezes, crashes and work is


  • Please log in to reply

#1
StudentMarket123

StudentMarket123

    New Member

  • Member
  • Pip
  • 4 posts

Hi guys,

 

My computer isn't exactly new, but I know it is capable of running much quicker and more smoothly than it already is. I have ESET anti-virus installed, which updates regularly, and I run CCleaner quite regularly (just the cleaning, not the registry fixes), but I am noticing that my computer is slowly becoming more and more uncooperative.

 

It often freezes, forcing me to manually shut it down. Very often are programs "Non-responsive", freezing up the whole system for a while, and it takes a couple of minutes for the system to get back to functioning correctly.

 

I'm not completely sure it's a virus issues, but I'd like to be sure.

 

I'm attaching the OTL log below. Many thanks for your help!

 

OTL logfile created on: 23. 1. 2015 10:22:14 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zuzana\Desktop\Apps
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
 
3,75 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 43,01% Memory free
7,49 Gb Paging File | 4,37 Gb Available in Paging File | 58,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 61,45 Gb Free Space | 13,20% Space Free | Partition Type: NTFS
 
Computer Name: PETERSULEK | User Name: Zuzana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/14 17:21:11 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Users\Zuzana\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/09/03 12:29:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zuzana\Desktop\Apps\OTL.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/01/15 04:42:40 | 000,238,160 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2013/03/25 18:08:28 | 004,015,112 | ---- | M] (Nitro PDF) -- C:\Program Files (x86)\Nitro\Pro 8\NitroPDF.exe
PRC - [2012/12/06 11:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/09/18 04:10:08 | 000,248,704 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2012/07/04 10:17:42 | 000,999,704 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/09 01:35:56 | 014,913,352 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
MOD - [2015/01/09 01:35:54 | 009,009,480 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
MOD - [2015/01/09 01:35:51 | 001,077,064 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
MOD - [2015/01/09 01:35:49 | 000,211,272 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll
MOD - [2015/01/09 01:35:48 | 001,677,128 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
MOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2013/03/25 18:08:44 | 002,673,672 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_core_vc_pro8.dll
MOD - [2013/03/25 18:08:44 | 000,481,288 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_xrc_vc_pro8.dll
MOD - [2013/03/25 18:08:44 | 000,450,056 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_html_vc_pro8.dll
MOD - [2013/03/25 18:08:42 | 001,145,864 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxbase28u_vc_pro8.dll
MOD - [2013/03/25 18:08:42 | 000,682,504 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_adv_vc_pro8.dll
MOD - [2013/03/25 18:08:42 | 000,123,400 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxbase28u_xml_vc_pro8.dll
MOD - [2013/03/25 18:07:50 | 000,824,840 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\idrskrn14.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/22 03:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/25 18:08:30 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012/07/04 10:18:44 | 000,190,208 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe -- (ESHASRV)
SRV:64bit: - [2012/07/04 10:18:26 | 000,035,720 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2012/07/04 10:17:42 | 000,999,704 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/04/07 14:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2010/03/02 22:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/02 13:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/02/01 00:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/20 13:16:20 | 000,513,536 | ---- | M] (Vivid Document Imaging Technologies) [Auto | Stopped] -- C:\Program Files\PDF Printer for Windows 7\Win7PDFPrinting.exe -- (Win7PDFPrinting)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe -- (AESTFilters)
SRV - [2015/01/14 14:30:20 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/14 12:45:42 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/10/05 19:51:56 | 000,179,200 | ---- | M] (Company) [Auto | Stopped] -- C:\Program Files (x86)\Popcorn Time\Updater.exe -- (Update service)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/15 04:42:44 | 000,351,824 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2013/10/26 10:45:14 | 000,651,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2012/09/18 04:10:08 | 000,248,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/06/28 03:10:34 | 000,381,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 00:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\STacSV64.exe -- (STacSV)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/13 03:02:24 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/06/11 04:52:54 | 000,124,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_cdcacm.sys -- (hwusb_cdcacm)
DRV:64bit: - [2014/05/04 11:56:10 | 000,379,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_wwanecm.sys -- (hwusb_wwanecm)
DRV:64bit: - [2013/11/30 12:40:22 | 000,091,648 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2013/01/25 04:46:40 | 000,109,568 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/12/24 06:53:24 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2012/12/22 05:16:12 | 000,014,976 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/18 18:19:55 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 10:36:52 | 000,055,776 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/07/10 10:16:32 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/29 11:03:56 | 000,140,752 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/29 11:03:54 | 000,152,136 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/26 13:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/02 22:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/02 22:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 21:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/01 09:42:32 | 000,340,512 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 13:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 13:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/01 00:29:34 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/28 08:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/04 16:38:54 | 000,237,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/24 02:25:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...97DHP&dt=071613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 63 E6 18 C6 B0 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9B44A380-BBC4-4FA5-9544-4765E5DD7815}: "URL" = http://websearch.ask...AB-FE4C26884835
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.3
FF - prefs.js..extensions.enabledAddons: webmaster%40keep-tube.com:1.2
FF - prefs.js..extensions.enabledAddons: mp4downloader%40jeff.net:1.3.3
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:6.9.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cnw.com/cnwplugin: C:\Program Files (x86)\AnyMeeting\npcnwplugin.dll (AnyMeeting, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Zuzana\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Zuzana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Zuzana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Zuzana\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zuzana\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zuzana\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET ENDPOINT ANTIVIRUS\MOZILLA THUNDERBIRD [2013/02/28 15:05:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013/02/28 15:05:07 | 000,000,000 | ---D | M]
 
[2012/07/23 11:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\Extensions
[2015/01/22 14:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\Firefox\Profiles\h93azb4q.default\extensions
[2015/01/14 11:20:24 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube HD Download [4K]") -- C:\Users\Zuzana\AppData\Roaming\mozilla\Firefox\Profiles\h93azb4q.default\extensions\[email protected]
[2014/12/04 15:54:46 | 000,217,023 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\[email protected]
[2013/12/03 20:24:47 | 000,066,667 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\[email protected]
[2013/11/20 14:30:56 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\[email protected]
[2013/12/03 20:19:58 | 000,031,748 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\[email protected]
[2015/01/22 14:53:02 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/14 14:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/14 14:30:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\39.0.2171.99\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Zuzana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjlfogfpagepnaojhfbdlhjhildeaem\1.0_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.16.3_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.6.222_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhahganeobopkelbdeljamclomlhhjg\1.91_0\
CHR - Extension: Prvý používateľ = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca\0.40.2_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\6.5.1_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/10/02 13:54:11 | 000,000,130 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 23.23.201.236 appinstalled.anymeeting.com #removing this line will break the AnyMeeting Application
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe (Vivid Document Imaging Technologies)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Zuzana\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Zuzana\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{467EC41F-84EA-46CD-88AF-4CB24D1C7311}: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B32E33E4-A8D7-4E05-B179-129400BBE82C}: DhcpNameServer = 212.54.40.25 212.54.44.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCCCCAE3-FCE4-4901-BD0F-6E47AF7A760C}: NameServer = 213.151.222.34 85.237.225.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB40A22C-5CA4-4CA0-98B5-0F54AE63633E}: DhcpNameServer = 195.146.132.58 195.146.128.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/14 14:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/14 13:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2015/01/13 21:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2015/01/13 21:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2015/01/13 21:40:54 | 000,379,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_wwanecm.sys
[2015/01/13 21:40:54 | 000,246,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2015/01/13 21:40:54 | 000,124,800 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_cdcacm.sys
[2015/01/13 21:40:54 | 000,110,592 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2015/01/13 21:40:54 | 000,091,648 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2015/01/13 21:40:54 | 000,077,312 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2015/01/13 21:40:54 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2015/01/13 21:40:54 | 000,030,720 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2015/01/13 21:40:54 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys
[2015/01/13 21:40:53 | 000,457,728 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbwwan.sys
[2015/01/13 21:40:53 | 000,226,176 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2015/01/13 21:40:53 | 000,109,568 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2015/01/13 21:40:53 | 000,014,976 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2015/01/13 21:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2015/01/13 21:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2015/01/08 16:18:49 | 000,000,000 | ---D | C] -- C:\Users\Zuzana\Desktop\Microdosing Playlist
[2015/01/08 15:26:29 | 000,000,000 | ---D | C] -- C:\Users\Zuzana\Desktop\The Combine EP
[2014/12/27 17:25:37 | 000,000,000 | ---D | C] -- C:\Users\Zuzana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2014/12/27 17:24:31 | 000,000,000 | ---D | C] -- C:\KMPlayer
[2014/12/25 22:43:37 | 000,000,000 | ---D | C] -- C:\Windows\sk
[2014/12/25 22:43:18 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/12/25 22:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2014/12/25 22:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[3 C:\Users\Zuzana\Desktop\*.tmp files -> C:\Users\Zuzana\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/23 10:26:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA.job
[2015/01/23 10:25:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/23 10:17:01 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2625221743-1896352500-3224387153-1000.job
[2015/01/23 10:12:24 | 000,782,902 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/23 10:12:24 | 000,655,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/23 10:12:24 | 000,121,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/23 10:05:52 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/23 10:05:07 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-PC107-Zuzana.job
[2015/01/23 09:58:27 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core.job
[2015/01/23 09:46:40 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA.job
[2015/01/23 09:46:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/23 09:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/22 17:26:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core.job
[2015/01/22 10:59:49 | 000,103,764 | ---- | M] () -- C:\Users\Zuzana\Desktop\couplets.pdf
[2015/01/22 10:34:11 | 000,023,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/22 10:34:11 | 000,023,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/22 10:26:04 | 3018,412,032 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/21 20:32:53 | 005,074,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/21 11:40:10 | 000,768,814 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/01/20 21:39:43 | 000,053,364 | ---- | M] () -- C:\Users\Zuzana\Desktop\Friends_TN.pdf
[2015/01/15 10:05:31 | 000,002,124 | ---- | M] () -- C:\Users\Zuzana\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2015/01/13 21:42:09 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2015/01/13 21:41:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2014/12/27 17:25:37 | 000,000,616 | ---- | M] () -- C:\Users\Zuzana\Desktop\KMPlayer.lnk
[3 C:\Users\Zuzana\Desktop\*.tmp files -> C:\Users\Zuzana\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/22 10:59:47 | 000,103,764 | ---- | C] () -- C:\Users\Zuzana\Desktop\couplets.pdf
[2015/01/21 20:30:56 | 005,074,648 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/21 10:23:16 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2015/01/20 21:39:41 | 000,053,364 | ---- | C] () -- C:\Users\Zuzana\Desktop\Friends_TN.pdf
[2015/01/13 21:42:09 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2015/01/13 21:41:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2014/12/27 17:25:37 | 000,000,616 | ---- | C] () -- C:\Users\Zuzana\Desktop\KMPlayer.lnk
[2014/12/25 22:43:00 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2014/12/25 22:42:30 | 000,001,384 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2014/09/08 08:32:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/09/08 08:32:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/09/08 08:32:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/09/08 08:32:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/09/08 08:32:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/09/05 19:07:10 | 000,002,243 | ---- | C] () -- C:\Windows\SysWow64\mswhostctre.dll
[2014/03/01 09:12:49 | 000,004,096 | -H-- | C] () -- C:\Users\Zuzana\AppData\Local\keyfile3.drm
[2014/01/22 20:09:57 | 000,174,519 | ---- | C] () -- C:\Windows\hpoins43.dat
[2014/01/22 20:09:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2014/01/22 18:05:29 | 000,173,837 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2014/01/22 18:05:29 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2013/09/13 13:14:15 | 000,000,130 | ---- | C] () -- C:\Users\Zuzana\AppData\Roaming\WB.CFG
[2013/05/22 21:32:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/05/22 21:32:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/05/21 07:29:17 | 000,003,729 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/02/21 12:32:28 | 000,003,584 | ---- | C] () -- C:\Users\Zuzana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/12 16:25:50 | 000,027,520 | ---- | C] () -- C:\Users\Zuzana\AppData\Local\dt.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/06 15:18:51 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Ableton
[2012/10/01 12:42:58 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\BitComet
[2014/12/27 17:19:33 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\BSplayer PRO
[2013/02/28 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Canon
[2014/06/14 14:24:53 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\DAEMON Tools Lite
[2013/05/27 10:49:46 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Downloaded Installations
[2014/08/24 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Dropbox
[2013/05/27 10:46:38 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\FileOpen
[2014/02/27 10:20:32 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Foxit Software
[2013/02/28 18:13:50 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\GHISLER
[2013/01/20 13:55:05 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\IrfanView
[2012/07/23 10:53:00 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\LibreOffice
[2012/09/19 17:07:33 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\LiveSoftware
[2014/11/26 12:55:21 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Nitro
[2014/12/03 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Nitro PDF
[2012/12/05 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Ohax
[2014/11/22 14:33:48 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\PandoraRecovery
[2014/04/30 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\PDAppFlex
[2012/11/19 19:45:42 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\PDF Writer
[2012/07/25 09:07:20 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\PeaZip
[2014/04/30 21:24:41 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/05/05 14:33:14 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Steinberg
[2012/10/15 08:45:49 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Thunderbird
[2013/02/28 14:17:45 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\TuneUp Software
[2015/01/23 10:01:53 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\uTorrent
[2014/05/05 14:33:02 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Waves Audio
[2014/06/11 07:10:39 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\webex
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Looks like you still have some avg left.  Download:

 

http://download.avg....6_2011_1184.exe

 

Save and then right click and Run As Admin.  Reboot.

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
     
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.  Uninstall Speccy.
     
     
     
     
     
     

    • 0

    #3
    StudentMarket123

    StudentMarket123

      New Member

    • Topic Starter
    • Member
    • Pip
    • 4 posts

    Hi there,

    Thanks for the reply (I meant to reply earlier but it seems it didn't post for some reason).

    I'll post the logs below, Just a couple of things:

    1.) The Vino Russo Event Viewer would not work on my PC (Said it has not been coded for my language (Slovak))
    2.) The Command Prompt function that I ran reported an issue, but fixed it as well, so I did not do the 2nd step
    3.) There were multiple logs that AdwCleaner saved, so I am posting the one that popped up when the scan was finished (s2)

     

    The logs are attached (I'm trying it this way, since I have been unable to post when pasting logs into the reply)

     

    Attached File  FRST.txt   53.05KB   110 downloadsAttached File  JRT.txt   1.19KB   42 downloadsAttached File  PETERSULEK.txt   248.64KB   117 downloadsAttached File  System Idle Process.txt   9.42KB   135 downloadsAttached File  AdwCleanerS2.txt   1.35KB   89 downloadsAttached File  Addition.txt   29.94KB   96 downloads


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP
    Let's try NirSoft's MyEventViewer instead of VEW.  
     
     
    You want: Download MyEventViewer for x64
     
    Download, Save and Right click and Extract All.  Then right click on MyEventViewer.exe and Run As Admin
     
    once it loads, go into Options, Event Type Filter and uncheck Information then repeat for Audit Success
     
    Do Ctrl + A to select all logs then File, Save Selected Items, (change it to your desktop) call it logs and Save
     
    Then Copy and Paste or Attach the file logs.txt
     
     
    It's running hotter than I like.  Get speedfan
     
    Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
     
    It will tell you your temps in real time.  We want it under 55 C.
     
    Make sure you are using the laptop on a hard surface and not blocking any of the air vents.
     
     
    I see some hard drive errors too so let's:
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, then reboot.  The disk check will run and may take a few hours to complete.
     
     

    • 0

    #5
    StudentMarket123

    StudentMarket123

      New Member

    • Topic Starter
    • Member
    • Pip
    • 4 posts

    Hi!

     

    I ran the disk check after a reboot and it took a couple of hours to complete. The temperature of my system seems to be 60 C (I'm careful to not block ventilation and use the PC on a hard surface).

     

    Here's a log of the event viewer:Attached File  logs.txt   380.01KB   96 downloads


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Uninstall Bonjour.  It's not working.

     

    Run MyEventViewer for x64 again as before.  Let's see if there are any new controller errors.

     

    Run Process Explorer again as before and post the log.


    • 0

    #7
    StudentMarket123

    StudentMarket123

      New Member

    • Topic Starter
    • Member
    • Pip
    • 4 posts

    Hi!

     

    I've uninstalled Bonjour and am attaching the 2 logs you mentioned (one is attached, the other is posted below, as it was saved as a 15 MB text file and could not attach for some reason). 

     

    Thanks!

     

     

    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 63.23 0 K 24 K 0
    audiodg.exe 9.28 22 332 K 20 940 K 960 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
    procexp64.exe 8.64 26 280 K 45 800 K 5516 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
    chrome.exe 4.65 113 536 K 119 016 K 5600 Google Chrome Google Inc. (Verified) Google Inc
    Interrupts 3.05 0 K 0 K n/a Hardware Interrupts and DPCs
    System 2.40 140 K 916 K 4
    dwm.exe 1.88 31 212 K 41 388 K 2076 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    NitroPDF.exe 1.34 70 096 K 105 828 K 3848 Nitro Pro 8 Nitro PDF (Verified) Nitro PDF Software
    csrss.exe 1.03 3 172 K 11 988 K 472 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1.00 138 588 K 139 676 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    chrome.exe 0.82 114 252 K 149 640 K 5052 Google Chrome Google Inc. (Verified) Google Inc
    Skype.exe 0.75 110 392 K 121 772 K 3412 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
    taskmgr.exe 0.37 4 212 K 12 048 K 5116 Windows Task Manager Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.32 25 396 K 20 172 K 884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    egui.exe 0.18 5 004 K 13 444 K 3120 ESET Main GUI ESET (Verified) ESET
    explorer.exe 0.13 44 684 K 59 708 K 3760 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.13 38 628 K 49 196 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    BCMWLTRY.EXE 0.12 43 824 K 31 460 K 4044 DW WLAN Card Wireless Network Controller Dell Inc. (No signature was present in the subject) Dell Inc.
    chrome.exe 0.12 20 684 K 21 340 K 2696 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 0.09 73 660 K 76 568 K 4476 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 0.06 96 472 K 102 648 K 5012 Google Chrome Google Inc. (Verified) Google Inc
    WLTRAY.EXE 0.06 41 804 K 28 976 K 3092 DW WLAN Card Wireless Network Tray Applet Dell Inc. (No signature was present in the subject) Dell Inc.
    taskhost.exe 0.04 8 404 K 11 584 K 1692 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
    AppleMobileDeviceService.exe 0.04 2 888 K 6 556 K 1672 MobileDeviceService Apple Inc. (Verified) Apple Inc.
    svchost.exe 0.03 3 676 K 7 044 K 5840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    CNMFSUT6.EXE 0.03 2 032 K 5 084 K 3112 Canon MF Network Scan Utility 64bit CANON INC. (Verified) CANON INC.
    ekrn.exe 0.03 109 768 K 106 912 K 1884 ESET Service ESET (Verified) ESET
    svchost.exe 0.02 4 908 K 8 552 K 756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    iPodService.exe 0.02 2 452 K 6 684 K 4812 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
    chrome.exe 0.02 49 476 K 55 508 K 5148 Google Chrome Google Inc. (Verified) Google Inc
    services.exe 0.02 6 788 K 9 324 K 496 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe 0.02 2 164 K 3 932 K 384 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    WINWORD.EXE 0.02 19 904 K 52 472 K 5724 Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
    chrome.exe 0.01 65 760 K 72 680 K 2456 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 0.01 65 696 K 71 336 K 3996 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 0.01 54 144 K 63 728 K 4556 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 0.01 48 664 K 56 316 K 4528 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 0.01 44 596 K 53 564 K 380 Google Chrome Google Inc. (Verified) Google Inc
    WLIDSVC.EXE < 0.01 7 160 K 10 336 K 2844 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
    SearchIndexer.exe < 0.01 38 656 K 29 408 K 4616 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 15 176 K 14 928 K 1204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 43 044 K 26 576 K 2820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SynoDrServicex64.exe < 0.01 1 880 K 3 596 K 2656 SynoDrService Application (Certificate expired)
    lsass.exe < 0.01 5 340 K 10 512 K 512 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    iTunesHelper.exe < 0.01 3 516 K 8 364 K 2788 iTunesHelper Apple Inc. (Verified) Apple Inc.
    stacsv64.exe < 0.01 6 612 K 6 428 K 388 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    spoolsv.exe < 0.01 12 984 K 14 032 K 1556 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe < 0.01 1 444 K 3 648 K 440 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 2 536 K 6 140 K 4052 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WLTRYSVC.EXE 1 188 K 2 772 K 1420 DW WLAN Card Wireless Network Service Dell Inc. (No signature was present in the subject) Dell Inc.
    WLIDSVCM.EXE 1 216 K 2 608 K 3016 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
    wlanext.exe 1 724 K 4 312 K 1408 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
    winlogon.exe 2 716 K 5 488 K 656 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    UsbClientService.exe 1 840 K 4 284 K 2752 (Certificate expired)
    Updater.exe 2 912 K 8 084 K 2728 Updater Company (No signature was present in the subject) Company
    taskeng.exe 1 916 K 5 900 K 5932 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 12 988 K 14 376 K 1352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 7 380 K 12 236 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 4 704 K 8 540 K 688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1 168 K 3 292 K 5212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2 152 K 5 480 K 3468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 11 984 K 9 524 K 2632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 2 172 K 5 532 K 4968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1 128 K 3 132 K 2548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 1 140 K 3 132 K 2468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    sttray64.exe 7 016 K 7 156 K 3104 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
    splwow64.exe 7 916 K 12 468 K 5308 Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
    smss.exe 440 K 988 K 272 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    SkypeC2CPNRSvc.exe 1 848 K 3 620 K 1800 Phone Number Recognition (PNR) module Microsoft Corporation (Verified) Skype Software Sarl
    SkypeC2CAutoUpdateSvc.exe 3 052 K 5 756 K 1764 Updates Skype Click to Call Microsoft Corporation (Verified) Skype Software Sarl
    procexp.exe 2 572 K 6 760 K 3484 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    ouc.exe 1 952 K 3 924 K 2436 (Verified) Huawei Technologies Co.
    NitroPDFDriverService8x64.exe 1 188 K 2 936 K 2504 Nitro PDF Spool Service Nitro PDF Software (Verified) Nitro PDF Software
    lsm.exe 2 576 K 3 872 K 520 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    chrome.exe 79 732 K 76 564 K 3144 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 29 936 K 30 200 K 3492 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 25 732 K 22 968 K 4344 Google Chrome Google Inc. (Verified) Google Inc
    HWDeviceService64.exe 2 152 K 5 052 K 1988 DCSHOST (Verified) Huawei Technologies Co.
    HPSIsvc.exe 1 572 K 3 628 K 1944 HP Smart-Install Service HP (Verified) Hewlett-Packard Company
    GoogleCrashHandler64.exe 1 716 K 528 K 3620 Google Crash Handler Google Inc. (Verified) Google Inc
    GoogleCrashHandler.exe 1 720 K 1 148 K 3608 Google Crash Handler Google Inc. (Verified) Google Inc
    dllhost.exe 2 000 K 5 732 K 5312 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
    DCSHelper.exe 1 552 K 5 668 K 2292 DataCardMonitor MFC Application Huawei Technologies Co., Ltd. (Verified) Huawei Technologies Co.
    conhost.exe 872 K 2 180 K 1428 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    atiesrxx.exe 1 456 K 3 448 K 812 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
    atieclxx.exe 2 164 K 5 144 K 1168 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
    AESTSr64.exe 988 K 2 136 K 1644 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
     
     

    Attached Files


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Which file was 15 Meg?  I don't see MyEventViewer.  Just two Process Explorer logs.

     

    Your process Explorer logs look ugly.  Probably a bad driver:

     

    audiodg.exe 9.28 22 332 K 20 940 K 960 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows <== This is normally very low.  See if your PC maker has a new audio driver for you.
    chrome.exe 4.65 113 536 K 119 016 K 5600 Google Chrome Google Inc. (Verified) Google Inc <==Also too high.
    Interrupts 3.05 0 K 0 K n/a Hardware Interrupts and DPCs  <== At least twice as high as it should be.  Usually indicates a bad driver but can also be caused by a worn out battery in a laptop.
     
    If the MyEventViewer log was 15 Meg then
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Then run MyEventViewer, once it stops reading logs, Options, Event Type Filter then check only Error and Warning.  It sounds like you may have Information checked which will make the logs too big.
     
     

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP