Jump to content

High GPU usage - csrss.exe


Recommended Posts

Hi there, I have a problem that I cannot solve.

 

Around 10-15 minutes after startup, my GPU usage skyrockets to 99% and even web browsing becomes very slow. Through process explorer I see that it is csrss.exe that is spiking. It is showing around 30%-46% GPU usage in Process Explorer when this happens, but using a program like EVGA Precision X shows me that my GPU is at 99% usage. I also have 2 instances of csrss.exe for some reason, one of which always remains idle. A system restarts solves the problem temporarily, but it always starts again after 10-15 minutes. I have looked in the msconfig startup list and there is nothing suspicious.

 

I have done a full scan with Malwarebytes, Avast and Spybot, and they all return 100% clean result...so I am at a loss.

 

Here are the DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Aviram at 22:19:40 on 2014-03-02
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16331.12547 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\PROCEX\PROCEXP.EXE
C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SafeIP\SafeIPs.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Aviram\AppData\Local\Temp\PROCEXP64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Aviram\AppData\Roaming\Awesomium\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\Users\Aviram\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
LSP: C:\Windows\System32\SafeIPs.dll
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2AC39552-7259-4B12-9B86-952CE05AA4E5} : DHCPNameServer = 82.102.139.20 82.102.139.10
TCP: Interfaces\{CBBD140F-28A0-41A7-A0C3-D2AD86944E58} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-2 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-2 207904]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-3-23 20024]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-6 70296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-3-2 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-3-2 421704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-6 270912]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-4-1 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-4-1 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-4-1 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [2013-4-1 324608]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-2 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-2 50344]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-1 166720]
R2 SafeIPS;SafeIPS;C:\Program Files (x86)\SafeIP\SafeIPS.exe [2013-11-4 3860480]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-2 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-2 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-2 171416]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-1 365376]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-2-26 13242960]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-8-20 138568]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-8-20 416072]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-4-1 26136]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-23 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-3-23 791608]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-18 15176]
R3 SaiK0CD7;SaiK0CD7;C:\Windows\System32\drivers\SaiK0CD7.sys [2012-9-20 180544]
R3 SaiU0CD7;SaiU0CD7;C:\Windows\System32\drivers\SaiU0CD7.sys [2012-9-20 47168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-1 160768]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-11 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-11-27 115272]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-28 19456]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-3-28 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-28 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
.
=============== Created Last 30 ================
.
2014-03-02 19:25:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-02 19:25:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 19:12:29 -------- d-----w- C:\procex
2014-03-02 18:59:10 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-03-02 18:59:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-02 18:55:01 -------- d-----w- C:\Users\Aviram\AppData\Roaming\AVAST Software
2014-03-02 18:54:19 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-02 18:54:19 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-02 18:54:19 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-02 18:54:19 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-02 18:54:18 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-02 18:54:12 -------- d-----w- C:\Program Files\AVAST Software
2014-03-02 10:07:19 -------- d-----w- C:\Users\Aviram\AppData\Roaming\NVIDIA
2014-03-02 09:44:30 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-03-01 22:23:25 943043 ----a-w- C:\Windows\SysWow64\scrypt130511GeForce GTX 660 Tiglg2tc4032w256l4.bin
2014-03-01 17:14:11 -------- d-----w- C:\Users\Aviram\AppData\Local\MercurySteam
2014-03-01 17:14:11 -------- d-----w- C:\Users\Aviram\AppData\Local\EMU
2014-03-01 00:05:36 -------- d--h--w- C:\Windows\PIF
2014-02-28 19:04:37 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2DC4D9E1-1811-43EC-8DCC-1E5486D4D922}\mpengine.dll
2014-02-26 07:30:46 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-26 07:30:46 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-25 08:21:09 17268616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-24 13:43:12 -------- d-----w- C:\Users\Aviram\AppData\Local\Black_Tree_Gaming
2014-02-22 08:22:23 249856 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp092.dll
2014-02-22 08:21:27 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2014-02-22 08:21:27 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2014-02-22 08:21:24 -------- d-----w- C:\Windows\hpoj4500g510n-z
2014-02-22 08:21:18 136704 ----a-w- C:\Windows\System32\hpf3l092.dll
2014-02-22 08:21:16 -------- d-----w- C:\Program Files (x86)\HP
2014-02-22 08:20:47 902656 ----a-w- C:\Windows\System32\hpwwiax9.dll
2014-02-22 08:20:47 742912 ----a-w- C:\Windows\System32\hpwtscl5.dll
2014-02-22 08:20:47 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2014-02-22 08:20:47 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2014-02-22 08:20:47 503296 ----a-w- C:\Windows\System32\hpwvst01.dll
2014-02-21 17:10:14 -------- d-----w- C:\Program Files (x86)\RadeonPro
2014-02-17 09:28:21 -------- d-----w- C:\Users\Aviram\AppData\Roaming\Origin
2014-02-11 18:01:47 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-06 03:58:08 -------- d-----w- C:\ProgramData\Elder Scrolls Online
.
==================== Find3M  ====================
.
2014-02-25 08:21:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-25 08:21:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-23 14:05:00 1683112 ----a-w- C:\Windows\System32\FM20.DLL
2014-01-18 13:32:34 242663 ----a-w- C:\ProgramData\1390051910.bdinstall.bin
2014-01-18 12:53:18 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2014-01-18 12:53:18 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2014-01-18 12:52:39 464628 ----a-w- C:\ProgramData\1390049373.bdinstall.bin
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-18 19:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 04:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 22:19:47.29 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 28/03/2013 22:34:34
System Uptime: 02/03/2014 21:20:44 (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | P8Z77-V LE PLUS
Processor: Intel® Core i7-3770 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 210 GiB total, 94.927 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 356.194 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Digital Editions 2.0
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
avast! Free Antivirus
Bonjour
BufferChm
Castlevania: Lords of Shadow - Ultimate Edition
CCleaner
CDisplayEx 1.9.15
CopyTrans Suite Remove Only
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Dishonored  Game of the Year Edition
EVGA Precision X 4.2.1
FINAL FANTASY XIV - A Realm Reborn
Fraps
Google Chrome
Google Update Helper
HP Officejet 4500 G510n-z
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Intel® Watchdog Timer Driver (Intel® WDT)
iTunes
Java 7 Update 51
Java Auto Updater
K-Lite Codec Pack 9.8.0 (Basic)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Word MUI (English) 2013
Microsoft Xbox 360 Accessories 1.2
MPC-HC 1.7.3 (64-bit)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Network64
NVIDIA Control Panel 332.21
NVIDIA Graphics Driver 332.21
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
Outils de vérification linguistique 2013 de Microsoft Office - Français
Realtek High Definition Audio Driver
SafeIP
Samsung Magician
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
SES Driver
Smart Technology Programming Software 7.0.24.8
Spotify
Spybot - Search & Destroy
Steam
TeamSpeak 3 Client
The Walking Dead: Season Two
The Wolf Among Us
TL-WN951N Driver
Toolbox
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Visual CertExam Suite
VMware Workstation
WebReg
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)
WinRAR 4.20 (64-bit)
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
02/03/2014 21:20:54, Error: Service Control Manager [7000]  - The STEC3 service failed to start due to the following error:  The system cannot find the file specified.
02/03/2014 21:20:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8010d9eb30, 0xfffffa8010d9ee10, 0xfffff800033d37b0). A dump was saved in: C:\Windows\Minidump\030214-6864-01.dmp. Report Id: 030214-6864-01.
02/03/2014 21:18:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800d70aa90, 0xfffffa800d70ad70, 0xfffff800033947b0). A dump was saved in: C:\Windows\Minidump\030214-6645-01.dmp. Report Id: 030214-6645-01.
02/03/2014 20:13:10, Error: Service Control Manager [7034]  - The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
02/03/2014 20:13:00, Error: Service Control Manager [7031]  - The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
02/03/2014 01:02:23, Error: nvlddmkm [14]  - 
.
==== End Of File ===========================
 
Will appreciate any help.
 
Thank you :)

 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for this.

 

While I was waiting for an answer I used emsisoft emergency scan and it did find some things. I cleaned them and now the problem is solved, so it must have been some maleware that no other program was detecting.

 

Thanks anyway, this can be closed :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.