Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE11 consuming all available memory with only one tab open

Started by LuisG , Dec 03 2015 08:43 AM
IE11 Win7 memory consumption

  • Please log in to reply

#1
LuisG
Posted 03 December 2015 - 08:43 AM

LuisG

    New Member

  • Member
  • Pip
  • 9 posts

Hi,

 

 I am not certain if this is a virus, adware or spyware issue but I have a problem with IE11. It is consuming all the available memory with only one page/tab open without  doing anything else.

 

 In more detail, I have found that the iexplore.exe process starts at about 200mb when opening this particular webpage and within 30min it will be up at over 1.6gb memory usage and rising - browsing becomes painfully slow as well.

 I have tried opening the same page on Chrome and it will use around 200mb and stop, no matter how long it is open for. I have additionally tried the same page using IE11 on a different machine and have found that it uses a little over 200mb and stops, no matter how long I leave it open.

 

 Browsing on Chrome seems to be fast enough but it still feels short of the performance I use to get out of this machine.

 

 Additionally, performance on some installed programs with animated graphics seems to slow down extremely. Otherwise it works well enough.

 

 I have followed the tutorial and am posting the logs below. I would really appreciate some help as I have been toying with this for quite sometime and I have almost given up on it...

 

1st log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by Luis (administrator) on ASUS-1201N (03-12-2015 14:20:08)
Running from C:\Users\Luis\Desktop
Loaded Profiles: Luis (Available Profiles: Luis)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\AsusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-11-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-16] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-08-03] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{92A0B498-0DF5-4EDA-8D70-C2CE24512D9A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E7320AB0-1CFF-456F-BED7-765959A54252}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
 
FireFox:
========
FF ProfilePath: C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\d38w5889.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-19]
CHR Extension: (Google Docs) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-19]
CHR Extension: (Google Drive) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Google Sheets) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-19]
CHR Extension: (Google Docs Offline) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-19]
CHR Extension: (Gmail) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2015-08-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-03 14:20 - 2015-12-03 14:21 - 00008037 _____ C:\Users\Luis\Desktop\FRST.txt
2015-12-03 14:19 - 2015-12-03 14:20 - 00000000 ____D C:\FRST
2015-12-03 14:18 - 2015-12-03 14:18 - 01721344 _____ (Farbar) C:\Users\Luis\Desktop\FRST.exe
2015-12-02 21:49 - 2015-12-02 22:06 - 00000000 ____D C:\AVG_Remover
2015-12-02 21:47 - 2015-12-02 21:49 - 07807272 _____ ( ) C:\Users\Luis\Downloads\AVG_Remover.exe
2015-11-30 23:08 - 2015-11-30 23:22 - 00000000 ____D C:\Users\Luis\AppData\Roaming\vlc
2015-11-30 23:07 - 2015-11-30 23:08 - 00000000 ____D C:\Program Files\VLC
2015-11-30 23:07 - 2015-11-30 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-11-30 23:04 - 2015-11-30 23:05 - 28849904 _____ C:\Users\Luis\Downloads\vlc-2.2.1-win32.exe
2015-11-29 20:12 - 2015-08-05 17:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-11-29 20:11 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-29 20:11 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-29 20:11 - 2015-10-20 00:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-29 20:11 - 2015-10-20 00:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-29 20:11 - 2015-10-20 00:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-29 20:11 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-29 20:11 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-29 20:11 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-29 20:11 - 2015-10-20 00:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-29 20:11 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-29 20:11 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-29 20:11 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-29 20:11 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-29 20:11 - 2015-10-19 23:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-29 20:11 - 2015-10-19 23:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-29 20:11 - 2015-10-19 23:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-29 20:11 - 2015-10-13 16:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-29 20:11 - 2015-10-13 16:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-29 20:10 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-29 20:10 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-29 20:10 - 2015-10-30 22:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-29 20:10 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-29 20:10 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-29 20:10 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-29 20:10 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-29 20:10 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-29 20:10 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-29 20:10 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-29 20:10 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-29 20:10 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-29 20:10 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-29 20:10 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-29 20:10 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-29 20:10 - 2015-10-30 22:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-29 20:10 - 2015-10-30 22:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-29 20:10 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-29 20:10 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-29 20:10 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-29 20:10 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-29 20:10 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-29 20:10 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-29 20:10 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-29 20:10 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-29 20:10 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-29 20:10 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-29 20:10 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-29 20:10 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-29 20:10 - 2015-10-30 22:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-29 20:10 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-29 20:10 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-29 20:10 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-29 20:10 - 2015-10-13 04:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-29 20:10 - 2015-09-02 02:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-11-29 20:10 - 2015-09-02 02:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-11-29 20:10 - 2015-09-02 02:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-11-29 20:10 - 2015-09-02 02:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-11-29 20:10 - 2015-09-02 01:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-11-29 20:09 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-29 20:08 - 2015-11-03 17:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-29 20:08 - 2015-10-01 17:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-29 20:08 - 2015-10-01 17:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-29 20:08 - 2015-10-01 17:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-29 20:08 - 2015-10-01 17:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-29 20:08 - 2015-10-01 17:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-29 20:08 - 2015-10-01 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-29 20:08 - 2015-08-06 17:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-11-29 20:08 - 2015-08-06 17:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-29 20:07 - 2015-10-20 17:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-29 20:07 - 2015-10-20 17:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-29 20:07 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-29 20:07 - 2015-10-20 17:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-29 20:07 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-29 20:07 - 2015-09-23 13:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-29 20:07 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-29 20:05 - 2015-07-15 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-11-29 18:42 - 2015-12-02 22:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 18:42 - 2015-11-29 18:42 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-29 18:42 - 2015-11-29 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-29 18:41 - 2015-11-29 18:42 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-29 18:41 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-29 18:41 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-29 18:41 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-29 18:37 - 2015-11-29 18:39 - 22908888 _____ (Malwarebytes ) C:\Users\Luis\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-29 18:13 - 2015-11-29 18:13 - 00002154 _____ C:\Windows\epplauncher.mif
2015-11-29 18:13 - 2015-11-29 18:13 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-11-29 18:13 - 2015-11-29 18:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-11-22 13:39 - 2015-11-22 13:39 - 04831744 _____ (Geza Kovacs) C:\Users\Luis\Downloads\unetbootin-windows-613.exe
2015-11-22 12:47 - 2015-11-22 14:09 - 1172111360 ____R C:\Users\Luis\Downloads\ubuntu-mate-15.10-desktop-i386.iso
2015-11-22 11:59 - 2015-11-22 12:03 - 00000000 ____D C:\Users\Luis\Desktop\Kingston 4gb pen
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 ____D C:\Users\Luis\Tracing
2015-11-17 21:04 - 2015-11-22 20:32 - 00000000 ____D C:\Users\Luis\AppData\Roaming\Skype
2015-11-17 21:04 - 2015-11-17 21:04 - 00000000 ____D C:\Users\Luis\AppData\Local\Skype
2015-11-17 21:03 - 2015-11-17 21:04 - 00000000 ____D C:\ProgramData\Skype
2015-11-17 21:03 - 2015-11-17 21:03 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-17 21:03 - 2015-11-17 21:03 - 00000000 ___RD C:\Program Files\Skype
2015-11-17 21:03 - 2015-11-17 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-17 21:03 - 2015-11-17 21:03 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-11-15 16:34 - 2015-11-15 16:34 - 00000000 ____D C:\Users\Luis\AppData\Local\LEGO
2015-11-15 16:19 - 2015-11-15 16:19 - 00000000 ____D C:\ProgramData\IVI Foundation
2015-11-15 16:19 - 2015-11-15 16:19 - 00000000 ____D C:\Program Files\IVI Foundation
2015-11-15 16:17 - 2015-11-15 16:17 - 00002054 _____ C:\Users\Public\Desktop\LEGO MINDSTORMS EV3 Home Edition.lnk
2015-11-15 16:16 - 2015-11-15 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MINDSTORMS EV3 Home Edition
2015-11-15 16:16 - 2015-11-15 16:16 - 00000000 ____D C:\Users\Luis\Documents\LEGO Creations
2015-11-15 16:16 - 2015-11-15 16:16 - 00000000 ____D C:\Program Files\LEGO Software
2015-11-15 16:15 - 2015-11-16 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-15 16:14 - 2015-11-17 07:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-15 16:13 - 2015-11-15 16:15 - 00000000 ____D C:\Program Files\National Instruments
2015-11-15 16:13 - 2015-11-15 16:13 - 00000000 ____D C:\ProgramData\LEGO MINDSTORMS EV3
2015-11-15 15:57 - 2015-11-15 16:19 - 00000000 ____D C:\ProgramData\National Instruments
2015-11-15 13:28 - 2015-11-15 14:07 - 659595736 _____ (The LEGO Group) C:\Users\Luis\Downloads\LMS-EV3-WIN32-ENUS-01-01-01-full-setup.exe
2015-11-08 10:08 - 2015-11-08 10:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-11-08 08:56 - 2015-11-08 09:00 - 00000000 ____D C:\Users\Luis\Downloads\Inside Out (2015) [1080p]
2015-11-08 08:55 - 2015-11-22 14:22 - 00000000 ____D C:\Users\Luis\AppData\LocalLow\uTorrent
2015-11-08 08:55 - 2015-11-08 08:55 - 00002636 _____ C:\Users\Luis\Desktop\µTorrent.lnk
2015-11-08 08:53 - 2015-11-22 14:22 - 00000000 ____D C:\Users\Luis\AppData\Roaming\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-03 14:21 - 2009-07-14 02:37 - 00000000 ____D C:\Windows
2015-12-03 13:57 - 2009-07-14 04:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 13:57 - 2009-07-14 04:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 13:55 - 2015-08-03 19:15 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 13:55 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf
2015-12-03 13:54 - 2015-09-19 13:18 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 13:50 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-03 10:23 - 2015-09-19 13:18 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 22:05 - 2015-08-05 08:31 - 00000000 ____D C:\Users\Luis\AppData\Local\Avg
2015-12-02 21:58 - 2015-09-26 23:21 - 00000000 ____D C:\Users\Luis\AppData\Roaming\AVG
2015-11-30 23:03 - 2015-10-04 14:56 - 00000000 ____D C:\Users\Luis\Downloads\Personal
2015-11-30 17:49 - 2009-07-14 04:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-30 04:37 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache
2015-11-30 04:00 - 2009-07-14 04:33 - 00285808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-30 03:57 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-30 01:23 - 2015-08-03 22:51 - 00000000 ____D C:\Windows\system32\MRT
2015-11-29 22:45 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\Help
2015-11-29 18:26 - 2015-08-03 19:12 - 00000000 ____D C:\Users\Luis\AppData\Local\VirtualStore
2015-11-17 21:05 - 2015-08-03 19:12 - 00000000 ____D C:\Users\Luis
 
==================== Files in the root of some directories =======
 
2015-08-09 12:33 - 2015-09-27 14:51 - 0007600 _____ () C:\Users\Luis\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Luis\AppData\Local\Temp\avguirn_081278628554.exe
C:\Users\Luis\AppData\Local\Temp\avguirn_081597636079.exe
C:\Users\Luis\AppData\Local\Temp\avguirn_081797861361.exe
C:\Users\Luis\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-30 04:29
 
==================== End of FRST.txt ============================
 
 
2nd log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by Luis (administrator) on ASUS-1201N (03-12-2015 14:20:08)
Running from C:\Users\Luis\Desktop
Loaded Profiles: Luis (Available Profiles: Luis)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\AsusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-11-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-11-19] (Synaptics Incorporated)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-16] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-10-26] (ASUSTeK Computer Inc.)
HKLM\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-08-03] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{92A0B498-0DF5-4EDA-8D70-C2CE24512D9A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E7320AB0-1CFF-456F-BED7-765959A54252}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
 
FireFox:
========
FF ProfilePath: C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\d38w5889.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-19]
CHR Extension: (Google Docs) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-19]
CHR Extension: (Google Drive) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Google Search) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Google Sheets) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-19]
CHR Extension: (Google Docs Offline) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-19]
CHR Extension: (Gmail) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11448 2015-08-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-03 14:20 - 2015-12-03 14:21 - 00008037 _____ C:\Users\Luis\Desktop\FRST.txt
2015-12-03 14:19 - 2015-12-03 14:20 - 00000000 ____D C:\FRST
2015-12-03 14:18 - 2015-12-03 14:18 - 01721344 _____ (Farbar) C:\Users\Luis\Desktop\FRST.exe
2015-12-02 21:49 - 2015-12-02 22:06 - 00000000 ____D C:\AVG_Remover
2015-12-02 21:47 - 2015-12-02 21:49 - 07807272 _____ ( ) C:\Users\Luis\Downloads\AVG_Remover.exe
2015-11-30 23:08 - 2015-11-30 23:22 - 00000000 ____D C:\Users\Luis\AppData\Roaming\vlc
2015-11-30 23:07 - 2015-11-30 23:08 - 00000000 ____D C:\Program Files\VLC
2015-11-30 23:07 - 2015-11-30 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-11-30 23:04 - 2015-11-30 23:05 - 28849904 _____ C:\Users\Luis\Downloads\vlc-2.2.1-win32.exe
2015-11-29 20:12 - 2015-08-05 17:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-11-29 20:11 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-29 20:11 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-29 20:11 - 2015-10-20 00:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-29 20:11 - 2015-10-20 00:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-29 20:11 - 2015-10-20 00:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-29 20:11 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-29 20:11 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-29 20:11 - 2015-10-20 00:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-29 20:11 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-29 20:11 - 2015-10-20 00:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-29 20:11 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-29 20:11 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-29 20:11 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-29 20:11 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-29 20:11 - 2015-10-19 23:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-29 20:11 - 2015-10-19 23:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-29 20:11 - 2015-10-19 23:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-29 20:11 - 2015-10-13 16:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-29 20:11 - 2015-10-13 16:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-29 20:10 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-29 20:10 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-29 20:10 - 2015-10-30 22:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-29 20:10 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-29 20:10 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-29 20:10 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-29 20:10 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-29 20:10 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-29 20:10 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-29 20:10 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-29 20:10 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-29 20:10 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-29 20:10 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-29 20:10 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-29 20:10 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-29 20:10 - 2015-10-30 22:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-29 20:10 - 2015-10-30 22:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-29 20:10 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-29 20:10 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-29 20:10 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-29 20:10 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-29 20:10 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-29 20:10 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-29 20:10 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-29 20:10 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-29 20:10 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-29 20:10 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-29 20:10 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-29 20:10 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-29 20:10 - 2015-10-30 22:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-29 20:10 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-29 20:10 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-29 20:10 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-29 20:10 - 2015-10-13 04:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-29 20:10 - 2015-09-02 02:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-11-29 20:10 - 2015-09-02 02:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-11-29 20:10 - 2015-09-02 02:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-11-29 20:10 - 2015-09-02 02:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-11-29 20:10 - 2015-09-02 01:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-11-29 20:09 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-29 20:08 - 2015-11-03 17:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-29 20:08 - 2015-10-01 17:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-29 20:08 - 2015-10-01 17:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-29 20:08 - 2015-10-01 17:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-29 20:08 - 2015-10-01 17:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-29 20:08 - 2015-10-01 17:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-29 20:08 - 2015-10-01 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-29 20:08 - 2015-08-06 17:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-11-29 20:08 - 2015-08-06 17:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-29 20:07 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-29 20:07 - 2015-10-20 17:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-29 20:07 - 2015-10-20 17:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-29 20:07 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-29 20:07 - 2015-10-20 17:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-29 20:07 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-29 20:07 - 2015-09-23 13:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-29 20:07 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-29 20:05 - 2015-07-15 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-11-29 18:42 - 2015-12-02 22:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 18:42 - 2015-11-29 18:42 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-29 18:42 - 2015-11-29 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-29 18:41 - 2015-11-29 18:42 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-29 18:41 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-29 18:41 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-29 18:41 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-29 18:37 - 2015-11-29 18:39 - 22908888 _____ (Malwarebytes ) C:\Users\Luis\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-29 18:13 - 2015-11-29 18:13 - 00002154 _____ C:\Windows\epplauncher.mif
2015-11-29 18:13 - 2015-11-29 18:13 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-11-29 18:13 - 2015-11-29 18:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-11-22 13:39 - 2015-11-22 13:39 - 04831744 _____ (Geza Kovacs) C:\Users\Luis\Downloads\unetbootin-windows-613.exe
2015-11-22 12:47 - 2015-11-22 14:09 - 1172111360 ____R C:\Users\Luis\Downloads\ubuntu-mate-15.10-desktop-i386.iso
2015-11-22 11:59 - 2015-11-22 12:03 - 00000000 ____D C:\Users\Luis\Desktop\Kingston 4gb pen
2015-11-17 21:05 - 2015-11-17 21:05 - 00000000 ____D C:\Users\Luis\Tracing
2015-11-17 21:04 - 2015-11-22 20:32 - 00000000 ____D C:\Users\Luis\AppData\Roaming\Skype
2015-11-17 21:04 - 2015-11-17 21:04 - 00000000 ____D C:\Users\Luis\AppData\Local\Skype
2015-11-17 21:03 - 2015-11-17 21:04 - 00000000 ____D C:\ProgramData\Skype
2015-11-17 21:03 - 2015-11-17 21:03 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-17 21:03 - 2015-11-17 21:03 - 00000000 ___RD C:\Program Files\Skype
2015-11-17 21:03 - 2015-11-17 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-17 21:03 - 2015-11-17 21:03 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-11-15 16:34 - 2015-11-15 16:34 - 00000000 ____D C:\Users\Luis\AppData\Local\LEGO
2015-11-15 16:19 - 2015-11-15 16:19 - 00000000 ____D C:\ProgramData\IVI Foundation
2015-11-15 16:19 - 2015-11-15 16:19 - 00000000 ____D C:\Program Files\IVI Foundation
2015-11-15 16:17 - 2015-11-15 16:17 - 00002054 _____ C:\Users\Public\Desktop\LEGO MINDSTORMS EV3 Home Edition.lnk
2015-11-15 16:16 - 2015-11-15 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MINDSTORMS EV3 Home Edition
2015-11-15 16:16 - 2015-11-15 16:16 - 00000000 ____D C:\Users\Luis\Documents\LEGO Creations
2015-11-15 16:16 - 2015-11-15 16:16 - 00000000 ____D C:\Program Files\LEGO Software
2015-11-15 16:15 - 2015-11-16 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-15 16:14 - 2015-11-17 07:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-15 16:13 - 2015-11-15 16:15 - 00000000 ____D C:\Program Files\National Instruments
2015-11-15 16:13 - 2015-11-15 16:13 - 00000000 ____D C:\ProgramData\LEGO MINDSTORMS EV3
2015-11-15 15:57 - 2015-11-15 16:19 - 00000000 ____D C:\ProgramData\National Instruments
2015-11-15 13:28 - 2015-11-15 14:07 - 659595736 _____ (The LEGO Group) C:\Users\Luis\Downloads\LMS-EV3-WIN32-ENUS-01-01-01-full-setup.exe
2015-11-08 10:08 - 2015-11-08 10:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-11-08 08:56 - 2015-11-08 09:00 - 00000000 ____D C:\Users\Luis\Downloads\Inside Out (2015) [1080p]
2015-11-08 08:55 - 2015-11-22 14:22 - 00000000 ____D C:\Users\Luis\AppData\LocalLow\uTorrent
2015-11-08 08:55 - 2015-11-08 08:55 - 00002636 _____ C:\Users\Luis\Desktop\µTorrent.lnk
2015-11-08 08:53 - 2015-11-22 14:22 - 00000000 ____D C:\Users\Luis\AppData\Roaming\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-03 14:21 - 2009-07-14 02:37 - 00000000 ____D C:\Windows
2015-12-03 13:57 - 2009-07-14 04:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-03 13:57 - 2009-07-14 04:34 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-03 13:55 - 2015-08-03 19:15 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 13:55 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\inf
2015-12-03 13:54 - 2015-09-19 13:18 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 13:50 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-03 10:23 - 2015-09-19 13:18 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 22:05 - 2015-08-05 08:31 - 00000000 ____D C:\Users\Luis\AppData\Local\Avg
2015-12-02 21:58 - 2015-09-26 23:21 - 00000000 ____D C:\Users\Luis\AppData\Roaming\AVG
2015-11-30 23:03 - 2015-10-04 14:56 - 00000000 ____D C:\Users\Luis\Downloads\Personal
2015-11-30 17:49 - 2009-07-14 04:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-30 04:37 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache
2015-11-30 04:00 - 2009-07-14 04:33 - 00285808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-30 03:57 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-30 01:23 - 2015-08-03 22:51 - 00000000 ____D C:\Windows\system32\MRT
2015-11-29 22:45 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\Help
2015-11-29 18:26 - 2015-08-03 19:12 - 00000000 ____D C:\Users\Luis\AppData\Local\VirtualStore
2015-11-17 21:05 - 2015-08-03 19:12 - 00000000 ____D C:\Users\Luis
 
==================== Files in the root of some directories =======
 
2015-08-09 12:33 - 2015-09-27 14:51 - 0007600 _____ () C:\Users\Luis\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Luis\AppData\Local\Temp\avguirn_081278628554.exe
C:\Users\Luis\AppData\Local\Temp\avguirn_081597636079.exe
C:\Users\Luis\AppData\Local\Temp\avguirn_081797861361.exe
C:\Users\Luis\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-30 04:29
 
==================== End of FRST.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 03 December 2015 - 10:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,454 posts
  • MVP
You posted the FRST log twice.  Did you not get an Addition.txt log?
 
 
Copy the next line:
 
"C:\Program Files\Internet Explorer\iexplore" -extoff 
 
 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter.  Internet Explorer should open with add-ons disabled.  Tell it to go to the site that gives you problems.  Does it still eat up all the memory?

  • 0

#3
LuisG
Posted 04 December 2015 - 03:54 AM

LuisG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hello and thank you for helping me with this.

 

Here is the Addition.txt log. I thought I had copied it.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by Luis (2015-12-03 14:22:34)
Running from C:\Users\Luis\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2015-08-03 19:09:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-726760090-3925153946-3979053295-500 - Administrator - Disabled)
Guest (S-1-5-21-726760090-3925153946-3979053295-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-726760090-3925153946-3979053295-1002 - Limited - Enabled)
Luis (S-1-5-21-726760090-3925153946-3979053295-1000 - Administrator - Enabled) => C:\Users\Luis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-726760090-3925153946-3979053295-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.03.04 - ASUSTeK Computer Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Command & Conquer Red Alert 2 (HKLM\...\Red Alert 2) (Version:  - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.15 - AsusTek Computer)
LEGO MINDSTORMS EV3 (HKLM\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (Version: 1.1.50 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (Version: 1.1.50 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home English Support (Version: 1.1.50 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT Driver (HKLM\...\{FA2B75F7-6037-4C34-9F3B-3E4320C4CC61}) (Version: 1.20.111.0 - LEGO)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
NI .NET Framework 4 (Version: 4.00.49152 - National Instruments) Hidden
NI EulaDepot (Version: 3.20.363 - National Instruments) Hidden
NI MDF Support (Version: 3.20.363 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (Version: 3.20.363 - National Instruments) Hidden
NI VC2008MSMs x86 (Version: 9.0.401 - National Instruments) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5948 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0130 - REALTEK Semiconductor Corp.)
Skype™ 7.14 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.105 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1800 - SRS Labs, Inc.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.10 - AsusTek Computer)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.16.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-726760090-3925153946-3979053295-1000_Classes\CLSID\{B45A4A81-86DA-11D1-B706-00A024DDAFD1}\InprocServer32 -> C:\RA2\game.exe (Westwood Studios)
 
==================== Restore Points =========================
 
27-10-2015 07:50:18 Scheduled Checkpoint
08-11-2015 11:18:11 Scheduled Checkpoint
15-11-2015 16:01:07 Windows Update
22-11-2015 20:56:48 Scheduled Checkpoint
29-11-2015 18:01:44 Removed AVG
29-11-2015 18:04:44 Removed AVG 2016
29-11-2015 18:38:07 Windows Update
30-11-2015 00:00:51 Windows Update
30-11-2015 03:00:11 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1BBB3FE9-E9C3-4A76-AB15-B6080F024193} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {3E352B4F-FC71-43AE-9E63-B1AA907C3D4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
Task: {49BD6CC6-3753-4159-9B80-EF9BBDFA3A10} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B4FB1EEE-30B4-44E3-ADF8-9BF13D5199C9} - System32\Tasks\{086EDC21-318C-4104-9628-CFE971284C93} => pcalua.exe -a C:\Users\Luis\AppData\Local\Temp\Temp2_Lan-A8132-1_0_0_23.zip\Lan-A8132-1_0_0_23\setup.exe
Task: {ED4ADAB6-0B7C-4DAB-85AD-DB8DDB1EE839} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-01 11:55 - 2015-08-17 23:28 - 00106800 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-08-05 20:17 - 2009-08-18 16:35 - 00219136 _____ () C:\Windows\System32\AsusService.exe
2015-11-13 20:06 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-13 20:06 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-726760090-3925153946-3979053295-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{299D7D09-59A3-4640-AB4E-2CE51024DFE1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DE56A03A-79FA-4161-872B-96D4711D1369}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{463F0596-2871-4CED-92CF-A40BF11F46B8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{68838358-3DBB-477C-A053-14564D23778F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{56D5AD32-DCFC-4779-8199-533C7694DCC8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{415E26B7-4D2D-4EA6-BAA5-153E127E4C98}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1C4C4490-9C55-4596-965F-649733197BB0}] => (Allow) C:\Users\Luis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1B7634E6-EF4B-473A-8486-4B1BF891E69F}] => (Allow) C:\Users\Luis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4029C39B-E955-4217-B498-ADE68E312DCC}] => (Allow) C:\Users\Luis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C80F86DA-1246-4C81-8790-B7D0A69D9CA1}] => (Allow) C:\Users\Luis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EAEFED14-FAC2-422A-8BA0-7491CC96F253}] => (Allow) C:\Users\Luis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{58F1A5CE-DEC6-48F8-B7A6-134C8ABEDB4E}] => (Allow) C:\Users\Luis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E713BB3E-E3C0-4482-8FED-3E8E982ADE4A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{49BD6237-6E7F-4A71-8682-2D716774E4DD}C:\program files\teamviewer\teamviewer.exe] => (Block) C:\program files\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{CF42FCAD-C8DD-4556-8D74-EF688D87CC61}C:\program files\teamviewer\teamviewer.exe] => (Block) C:\program files\teamviewer\teamviewer.exe
FirewallRules: [{E409FC80-912B-403A-9D7D-E535ABED17C8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [UDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe
FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe
FirewallRules: [{560DB1D1-D4BD-4268-B286-10C2D6CEEEE9}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2015 10:33:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WORDPAD.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9d8
 
Start Time: 01d12d504c113608
 
Termination Time: 20
 
Application Path: C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
 
Report Id: a75e2921-9944-11e5-a6c5-485b3959b9e6
 
Error: (11/29/2015 11:54:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/29/2015 11:54:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/29/2015 11:54:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/29/2015 11:54:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/29/2015 11:54:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/29/2015 11:54:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/29/2015 10:49:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 828
 
Start Time: 01d12af7c664c2e0
 
Termination Time: 32
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 629a8961-96eb-11e5-8a07-485b3959b9e6
 
Error: (11/29/2015 06:04:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (11/22/2015 07:38:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.5592" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (12/03/2015 02:00:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (12/03/2015 02:00:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (12/03/2015 01:50:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/03/2015 11:29:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/03/2015 08:44:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/02/2015 10:08:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/02/2015 10:08:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/02/2015 10:07:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/02/2015 10:07:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/02/2015 10:06:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU 330 @ 1.60GHz
Percentage of memory in use: 32%
Total physical RAM: 3327.18 MB
Available physical RAM: 2243.06 MB
Total Virtual: 6652.67 MB
Available Virtual: 5454.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:190.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BED268C1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
LuisG
Posted 04 December 2015 - 04:00 AM

LuisG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I have just run IE without add-ons and the memory still keeps climbing steadily.


  • 0

#5
LuisG
Posted 04 December 2015 - 04:04 AM

LuisG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I am not sure what it means, but I just noticed that if IE window is not visible, the process memory starts to decrease but will reverse and increase again if the page is visible... I have just noticed this and can't say whether its always doing this...


  • 0

#6
LuisG
Posted 04 December 2015 - 04:07 AM

LuisG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I have just been monitoring the iexplore.exe process memory usage and havefound that contrarily to what I mentioned previously, memory consumption keeps rising even when IE window is not visible.


  • 0

#7
RKinner
Posted 04 December 2015 - 07:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,454 posts
  • MVP
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 
 
 
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
Close all browsers.and comeback to Process Explorer
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
Open IE and then go back to process Explorer
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
Wait another minute or two and do it one more time.

  • 0

#8
LuisG
Posted 04 December 2015 - 03:56 PM

LuisG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I cleared the logs, rebooted and scanned the critical files. The scan came back ok. No issues detected.

 

Here are the VEW logs:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/12/2015 21:38:27
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/12/2015 21:08:02
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/12/2015 21:07:10
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/12/2015 21:40:07
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#9
LuisG
Posted 04 December 2015 - 03:58 PM

LuisG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Here are the Process Explorer logs:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 94.59 0 K 24 K 0
procexp.exe 4.78 20,004 K 35,356 K 3020 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MsMpEng.exe 0.18 94,292 K 89,472 K 892 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
Interrupts 0.15 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.12 48 K 632 K 4
csrss.exe 0.09 29,080 K 18,540 K 500 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.04 25,328 K 42,144 K 2132 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 17,416 K 26,432 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 6,128 K 8,628 K 1816 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,232 K 11,588 K 1072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 11,776 K 11,316 K 1312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 9,576 K 11,508 K 3220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,652 K 8,268 K 1704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe < 0.01 7,124 K 10,464 K 2348 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
HotKeyMon.exe < 0.01 724 K 2,592 K 2728 HotkeyMon ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
svchost.exe < 0.01 70,632 K 78,680 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe < 0.01 3,764 K 10,020 K 1284 NVIDIA Driver Helper Service, Version 341.81 NVIDIA Corporation (Verified) NVIDIA Corporation
WmiPrvSE.exe 2,088 K 5,368 K 2796 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,208 K 5,804 K 712 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,012 K 3,508 K 492 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UI0Detect.exe 1,780 K 5,572 K 2832 Interactive services detection Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 712 K 2,604 K 3096 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 2,836 K 5,796 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 10,552 K 10,928 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,680 K 15,672 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,916 K 6,956 K 680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,156 K 4,200 K 1904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SuperHybridEngine.exe 1,592 K 5,336 K 2756 Eee Super Hybrid Engine ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
spoolsv.exe 4,816 K 9,032 K 1544 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 320 K 844 K 284 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,816 K 9,132 K 552 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtHDVCpl.exe 7,532 K 8,880 K 2336 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
nvxdsync.exe 5,544 K 15,124 K 1276 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 1,940 K 5,864 K 788 NVIDIA Driver Helper Service, Version 341.81 NVIDIA Corporation (Verified) NVIDIA Corporation
NisSrv.exe 9,644 K 4,776 K 2400 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 4,712 K 11,480 K 2580 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
lsm.exe 1,380 K 3,224 K 572 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 3,856 K 9,320 K 560 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
HotkeyService.exe 2,952 K 7,340 K 2744 Asus Eee PC Hotkey Service ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
dwm.exe 1,504 K 5,132 K 2072 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,308 K 3,704 K 412 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
AsusService.exe 848 K 3,040 K 1668 (No signature was present in the subject)
 
 
After opening IE:
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 40.10 0 K 24 K 0
iexplore.exe 30.76 141,172 K 137,656 K 3592 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
lsass.exe 14.19 4,112 K 9,644 K 560 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 6.47 20,784 K 36,960 K 3020 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MsMpEng.exe 3.26 94,860 K 101,904 K 892 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
Interrupts 1.67 0 K 0 K n/a Hardware Interrupts and DPCs
taskhost.exe 1.58 11,724 K 12,656 K 1816 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.57 12,244 K 11,528 K 1312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.45 48 K 636 K 4
iexplore.exe 0.38 6,108 K 18,976 K 3676 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe 0.31 28,976 K 18,060 K 500 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe 0.17 9,656 K 5,000 K 2400 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
explorer.exe 0.06 25,820 K 42,888 K 2132 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 6,512 K 12,240 K 1072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 16,792 K 25,644 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HotKeyMon.exe < 0.01 724 K 2,592 K 2728 HotkeyMon ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
svchost.exe < 0.01 4,652 K 8,268 K 1704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,308 K 3,708 K 412 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe < 0.01 7,124 K 10,492 K 2348 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe < 0.01 70,940 K 79,260 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe < 0.01 1,504 K 5,132 K 2072 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 2,900 K 5,876 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
nvvsvc.exe < 0.01 3,764 K 10,020 K 1284 NVIDIA Driver Helper Service, Version 341.81 NVIDIA Corporation (Verified) NVIDIA Corporation
wininit.exe < 0.01 1,012 K 3,508 K 492 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,088 K 5,368 K 2796 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,208 K 5,804 K 712 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
UI0Detect.exe 1,780 K 5,572 K 2832 Interactive services detection Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 712 K 2,604 K 3096 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 9,552 K 11,508 K 3220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 10,552 K 10,940 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,620 K 16,476 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,964 K 7,060 K 680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,156 K 4,200 K 1904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SuperHybridEngine.exe 1,592 K 5,336 K 2756 Eee Super Hybrid Engine ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
spoolsv.exe 4,772 K 9,024 K 1544 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 320 K 844 K 284 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,956 K 9,180 K 552 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtHDVCpl.exe 7,532 K 8,880 K 2336 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
nvxdsync.exe 5,544 K 15,124 K 1276 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 1,940 K 5,864 K 788 NVIDIA Driver Helper Service, Version 341.81 NVIDIA Corporation (Verified) NVIDIA Corporation
msseces.exe 4,712 K 11,480 K 2580 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
lsm.exe 1,380 K 3,224 K 572 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
HotkeyService.exe 2,936 K 7,328 K 2744 Asus Eee PC Hotkey Service ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
FlashUtil32_19_0_0_226_ActiveX.exe 3,932 K 10,304 K 2996 Adobe® Flash® Player Installer/Uninstaller 19.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
audiodg.exe 16,528 K 16,064 K 3304 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
AsusService.exe 848 K 3,040 K 1668 (No signature was present in the subject)
 
 
 
After 1 min with IE open:
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 49.21 0 K 24 K 0
iexplore.exe 18.23 280,276 K 273,456 K 3592 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
FlashUtil32_19_0_0_226_ActiveX.exe 8.89 3,924 K 10,316 K 2996 Adobe® Flash® Player Installer/Uninstaller 19.0 r0 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
procexp.exe 6.85 20,792 K 37,036 K 3020 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
audiodg.exe 4.91 29,816 K 29,168 K 3304 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 2.26 94,932 K 89,764 K 892 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
Interrupts 1.57 0 K 0 K n/a Hardware Interrupts and DPCs
System 1.04 48 K 640 K 4
iexplore.exe 0.72 11,204 K 25,860 K 3676 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.45 4,652 K 8,264 K 1704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.31 28,920 K 17,508 K 500 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.14 4,172 K 9,704 K 560 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.12 16,764 K 25,636 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 0.09 11,872 K 13,552 K 1816 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.08 2,868 K 5,848 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.06 25,208 K 42,228 K 2132 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe 0.01 9,660 K 5,052 K 2400 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 9,576 K 11,516 K 3220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,480 K 12,244 K 1072 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 12,012 K 11,428 K 1312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HotKeyMon.exe < 0.01 724 K 2,592 K 2728 HotkeyMon ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
SynTPEnh.exe < 0.01 7,124 K 10,492 K 2348 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
nvvsvc.exe < 0.01 3,764 K 10,020 K 1284 NVIDIA Driver Helper Service, Version 341.81 NVIDIA Corporation (Verified) NVIDIA Corporation
svchost.exe < 0.01 70,888 K 79,180 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,168 K 5,388 K 2796 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,208 K 5,804 K 712 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,012 K 3,508 K 492 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UI0Detect.exe 1,780 K 5,572 K 2832 Interactive services detection Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 712 K 2,604 K 3096 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 1,156 K 4,200 K 1904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 15,560 K 16,424 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,964 K 7,064 K 680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,996 K 10,884 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SuperHybridEngine.exe 1,592 K 5,336 K 2756 Eee Super Hybrid Engine ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
spoolsv.exe 4,860 K 9,048 K 1544 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 320 K 844 K 284 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,788 K 9,120 K 552 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtHDVCpl.exe 7,532 K 8,880 K 2336 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
nvxdsync.exe 5,540 K 15,128 K 1276 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 1,936 K 5,860 K 788 NVIDIA Driver Helper Service, Version 341.81 NVIDIA Corporation (Verified) NVIDIA Corporation
msseces.exe 4,712 K 11,480 K 2580 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
lsm.exe 1,380 K 3,196 K 572 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
HotkeyService.exe 2,936 K 7,332 K 2744 Asus Eee PC Hotkey Service ASUSTeK Computer Inc. (Verified) ASUSTeK Computer Inc.
dwm.exe 1,504 K 5,132 K 2072 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,308 K 3,708 K 412 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
AsusService.exe 848 K 3,040 K 1668 (No signature was present in the subject)
 

  • 0

#10
LuisG
Posted 04 December 2015 - 04:00 PM

LuisG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I have also captured the process logs after a longer period with IE open if you would like to have them?


  • 0

#11
RKinner
Posted 04 December 2015 - 09:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,454 posts
  • MVP

Have you tried resetting IE?

 

In IE, Click on the Gear or go Alt + x and then on Internet Options.  Advanced then Reset.  Close and restart IE.  Run Process Explorer.


  • 0

#12
LuisG
Posted 08 December 2015 - 09:55 AM

LuisG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Sorry for the delayed reply but I have taken an unforseen detour into hospital for the last 3 days...

 

 I have reset explorer (which I had done anyway before all your debugging had started) and restarted the pc. I then ran IE and Process Explorer noting that the rising memory issue has stopped, also on the "known" problem page.

 

 I have saved some logs but am not sure whether you still want to look at them? If so, let me know and I'll post.

 

 What I have noticed is that the problem page now is not running a particular advert with a video playing automatically. I have reloaded the page several times and different ads come up with slightly different memory consumption which do seem to stabilize anywhere between 220 and 280mb. Even though this is ok on this end, the page still takes a good 30 seconds to load before I can even scroll it. I feel that my problem may be related to all the active content running on the page, in particular the elusive video advert.


  • 0

#13
RKinner
Posted 08 December 2015 - 10:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,454 posts
  • MVP
get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program you have to download and install for IE)..  This should get rid of most ads.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP