Over 1 million tech questions and answers.

Handle Leak explorer.exe and memory leak firefox.exe

Q: Handle Leak explorer.exe and memory leak firefox.exe

I have no idea what may be causing a Handle leak or memory leak or what causes them.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016Ran by eric (administrator) on ERIC (24-01-2016 19:53:18)Running from C:\Users\eric\DownloadsLoaded Profiles: eric (Available Profiles: eric)Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Edge)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Webroot) C:\Program Files\Webroot\WRSA.exe(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe(DoD PKE Engineering) C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.22.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179040 2013-10-15] (TOSHIBA Corporation)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-21] (Synaptics Incorporated)HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-27] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-03-01] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-03-01] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)HKLM\...\Policies\Explorer: [NoViewOnDrive] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKLM\...\Policies\Explorer: [NoViewContextMenu] 0HKLM\...\Policies\Explorer: [NoShellSearchButton] 0HKLM\...\Policies\Explorer: [NoFind] 0HKLM\...\Policies\Explorer: [NoFile] 0HKLM\...\Policies\Explorer: [HideClock] 0HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKLM\...\Policies\Explorer: [NoSetFolders] 0HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0HKLM\...\Policies\Explorer: [NoSetTaskbar] 0HKLM\...\Policies\Explorer: [NoDeletePrinter] 0HKLM\...\Policies\Explorer: [NoDFSTab] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0HKLM\...\Policies\Explorer: [NoLogoff] 0HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 0HKLM\...\Policies\Explorer: [NoSaveSettings] 0HKLM\...\Policies\Explorer: [NoHardwareTab] 0HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKLM\...\Policies\Explorer: [NoDesktop] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [GoogleChromeAutoLaunch_6D4382F268C09BA9241DE79E98DCE3EC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748360 2016-01-12] (Google Inc.)HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\system: [DisableCMD] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\system: [NoDispAppearancePage] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\system: [NoDispBackgroundPage] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoViewOnDrive] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoViewContextMenu] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoShellSearchButton] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoFind] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoFile] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [HideClock] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoTrayContextMenu] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoSetFolders] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoSetTaskbar] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoDeletePrinter] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoDFSTab] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoChangeStartMenu] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoLogoff] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoWindowsUpdate] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoEncryptOnMove] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoResolveSearch] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoSaveSettings] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoHardwareTab] 0HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-15] (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-15] (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-15] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-15] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-15] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-15] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-18]ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-12-10]ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-12-10]ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)Startup: C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-09-27]ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)GroupPolicy: Restriction - Chrome <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer]\..\Interfaces\{2dec3e2e-ee6c-4ab7-8af6-f5a7bb2045a4}: [DhcpNameServer]\..\Interfaces\{cd4d1f10-fedb-4ad0-9a30-1076067c38af}: [DhcpNameServer] Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJBHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJBHKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJBHKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.comSearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> DefaultScope {DC04703F-CF46-447B-B34C-C89ABA216644} URL =SearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> {DC04703F-CF46-447B-B34C-C89ABA216644} URL =BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-12-18] (Webroot)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-12-18] (Webroot)BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)FireFox:========FF ProfilePath: C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\8sr1tste.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll [2014-07-24] (Skype)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-09] (Microsoft Corporation)FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll [2014-07-24] (Skype)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2013-08-06] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-12-18]FF Extension: Webroot Password Manager - C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\8sr1tste.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-12-18]FF Extension: Webroot Password Manager - C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\8sr1tste.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}.xpi [2015-08-21]FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServerChrome:=======CHR HomePage: Default -> hxxp://grantland.com/CHR StartupUrls: Default -> "hxxp://www.grantland.com/"CHR DefaultSearchURL: Default -> hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,202,0_0,Search,20140623,20034,0,31,0CHR DefaultSearchKeyword: Default -> yahooCHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&amp;command={searchTerms}CHR Profile: C:\Users\eric\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]CHR Extension: (Google Drive) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2015-04-22]CHR Extension: (YouTube) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]CHR Extension: (Google Search) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29]CHR Extension: (Google Play Music) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-05-14]CHR Extension: (Bookmark Manager) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]CHR Extension: (Crackle) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-05-24]CHR Extension: (Webroot Filtering Extension) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-02-27]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]CHR Extension: (Skype Click to Call) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-24]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11]CHR Extension: (Google Wallet) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-14]CHR Extension: (Webroot Password Manager) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-09-22]CHR Extension: (Gmail) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]CHR HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-09-22]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-15] (ABBYY)R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-06-15] (WildTangent)R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330144 2015-09-27] (Intel Corporation)R2 InstallRoot; C:\Program Files\DoD-PKE\InstallRoot\InstallRootService.exe [755320 2015-02-13] (DoD PKE Engineering)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2015-03-17] (The OpenVPN Project)R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-21] (Synaptics Incorporated)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840768 2015-12-29] (Webroot)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-01] (Symantec Corporation)S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-04-01] (Symantec Corporation) [File not signed]R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation )R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-21] (Synaptics Incorporated)R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-02] (Intel Corporation)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-15] (Webroot)R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [45104 2015-12-18] (Webroot)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-01-24 19:53 - 2016-01-24 19:54 - 00029551 _____ C:\Users\eric\Downloads\FRST.txt2016-01-24 19:53 - 2016-01-24 19:53 - 00000000 ____D C:\FRST2016-01-24 19:45 - 2016-01-24 19:52 - 02370560 _____ (Farbar) C:\Users\eric\Downloads\FRST64.exe2016-01-21 21:26 - 2016-01-21 21:26 - 04499648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe2016-01-16 22:15 - 2016-01-16 22:15 - 00000695 _____ C:\Users\eric\Downloads\sync2016-01-13 22:58 - 2016-01-05 03:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2016-01-13 22:58 - 2016-01-05 03:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll2016-01-13 22:58 - 2016-01-05 03:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll2016-01-13 22:58 - 2016-01-05 03:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2016-01-13 22:58 - 2016-01-05 03:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll2016-01-13 22:58 - 2016-01-05 03:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2016-01-13 22:58 - 2016-01-05 03:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe2016-01-13 22:58 - 2016-01-05 03:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2016-01-13 22:58 - 2016-01-05 03:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll2016-01-13 22:58 - 2016-01-05 03:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll2016-01-13 22:58 - 2016-01-05 03:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe2016-01-13 22:58 - 2016-01-05 03:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL2016-01-13 22:58 - 2016-01-05 02:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll2016-01-13 22:58 - 2016-01-05 02:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2016-01-13 22:58 - 2016-01-05 02:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2016-01-13 22:58 - 2016-01-05 02:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll2016-01-13 22:58 - 2016-01-05 02:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll2016-01-13 22:58 - 2016-01-05 02:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll2016-01-13 22:58 - 2016-01-05 02:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll2016-01-13 22:58 - 2016-01-05 02:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll2016-01-13 22:58 - 2016-01-05 02:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll2016-01-13 22:58 - 2016-01-05 02:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2016-01-13 22:58 - 2016-01-05 02:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll2016-01-13 22:58 - 2016-01-05 02:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2016-01-13 22:58 - 2016-01-05 02:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll2016-01-13 22:57 - 2016-01-05 03:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2016-01-13 22:57 - 2016-01-05 03:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2016-01-13 22:57 - 2016-01-05 03:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2016-01-13 22:57 - 2016-01-05 03:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2016-01-13 22:57 - 2016-01-05 03:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll2016-01-13 22:57 - 2016-01-05 03:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2016-01-13 22:57 - 2016-01-05 03:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll2016-01-13 22:57 - 2016-01-05 03:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll2016-01-13 22:57 - 2016-01-05 03:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll2016-01-13 22:57 - 2016-01-05 03:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll2016-01-13 22:57 - 2016-01-05 03:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll2016-01-13 22:57 - 2016-01-05 03:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll2016-01-13 22:57 - 2016-01-05 03:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll2016-01-13 22:57 - 2016-01-05 03:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll2016-01-13 22:57 - 2016-01-05 03:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll2016-01-13 22:57 - 2016-01-05 03:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll2016-01-13 22:57 - 2016-01-05 03:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2016-01-13 22:57 - 2016-01-05 03:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll2016-01-13 22:57 - 2016-01-05 03:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2016-01-13 22:57 - 2016-01-05 03:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL2016-01-13 22:57 - 2016-01-05 03:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll2016-01-13 22:57 - 2016-01-05 03:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL2016-01-13 22:57 - 2016-01-05 03:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL2016-01-13 22:57 - 2016-01-05 02:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll2016-01-13 22:57 - 2016-01-05 02:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll2016-01-13 22:57 - 2016-01-05 02:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe2016-01-13 22:57 - 2016-01-05 02:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe2016-01-13 22:57 - 2016-01-05 02:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx2016-01-13 22:57 - 2016-01-05 02:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2016-01-13 22:57 - 2016-01-05 02:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll2016-01-13 22:57 - 2016-01-05 02:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll2016-01-13 22:57 - 2016-01-05 02:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll2016-01-13 22:57 - 2016-01-05 02:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll2016-01-13 22:57 - 2016-01-05 02:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll2016-01-13 22:57 - 2016-01-05 02:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe2016-01-13 22:57 - 2016-01-05 02:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL2016-01-13 22:57 - 2016-01-05 02:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll2016-01-13 22:57 - 2016-01-05 02:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll2016-01-13 22:57 - 2016-01-05 02:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll2016-01-13 22:57 - 2016-01-05 02:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL2016-01-13 22:57 - 2016-01-05 02:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll2016-01-13 22:57 - 2016-01-05 02:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll2016-01-13 22:57 - 2016-01-05 02:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2016-01-13 22:57 - 2016-01-05 02:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax2016-01-13 22:57 - 2016-01-05 02:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2016-01-13 22:57 - 2016-01-05 02:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll2016-01-13 22:57 - 2016-01-05 02:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx2016-01-13 22:57 - 2016-01-05 02:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2016-01-13 22:57 - 2016-01-05 02:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe2016-01-13 22:57 - 2016-01-05 02:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll2016-01-13 22:57 - 2016-01-05 02:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL2016-01-13 22:57 - 2016-01-05 02:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll2016-01-13 22:57 - 2016-01-05 02:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL2016-01-13 22:57 - 2016-01-05 02:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll2016-01-13 22:57 - 2016-01-05 02:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll2016-01-13 22:57 - 2016-01-05 02:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax2016-01-13 22:57 - 2016-01-05 02:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2016-01-13 22:57 - 2016-01-05 02:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2016-01-13 22:57 - 2016-01-05 02:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2016-01-13 22:57 - 2016-01-05 02:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll2016-01-13 22:57 - 2016-01-05 02:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2016-01-13 22:57 - 2016-01-05 02:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll2016-01-07 10:27 - 2016-01-10 09:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2016-01-06 12:11 - 2016-01-06 12:11 - 00000000 ____D C:\Users\eric\Desktop\bgy72015-12-31 16:27 - 2015-12-31 19:26 - 00000000 ____D C:\Users\eric\Documents\MovieStudioBossTheSequel2015-12-30 15:37 - 2015-12-31 16:07 - 00000000 ____D C:\Users\eric\AppData\Roaming\Omerta2015-12-30 15:34 - 2016-01-01 10:30 - 00000000 ____D C:\Users\eric\AppData\Roaming\Kalypso Media2015-12-29 17:18 - 2015-12-29 17:18 - 00165040 _____ C:\Users\eric\Desktop\loan.pdf==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-01-24 19:54 - 2014-02-20 09:09 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2016-01-24 19:53 - 2015-10-30 07:28 - 00000000 ____D C:\Windows2016-01-24 19:41 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF2016-01-24 19:28 - 2014-09-22 08:57 - 00000000 ____D C:\ProgramData\WRData2016-01-24 19:26 - 2014-09-22 17:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2016-01-24 18:02 - 2014-04-01 20:49 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F66E3669-1BB9-44D6-A0D7-D5E6A803B97E}2016-01-24 16:06 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps2016-01-24 16:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness2016-01-23 03:54 - 2014-02-20 09:09 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2016-01-22 07:34 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2016-01-22 07:31 - 2014-04-03 16:56 - 00000000 ____D C:\Program Files\Microsoft Office 152016-01-21 04:40 - 2015-08-21 13:15 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI2016-01-20 22:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF2016-01-20 11:23 - 2014-09-19 16:48 - 00000000 ____D C:\Program Files (x86)\Steam2016-01-20 08:38 - 2013-12-03 13:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2016-01-20 08:27 - 2014-04-01 21:56 - 00000000 ___RD C:\Users\eric\Google Drive2016-01-20 07:50 - 2015-08-21 13:52 - 00000000 __SHD C:\Users\eric\IntelGraphicsProfiles2016-01-20 07:49 - 2015-12-02 19:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2016-01-20 07:49 - 2015-12-02 18:13 - 00000000 ____D C:\Users\eric2016-01-20 07:49 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI2016-01-20 07:42 - 2015-02-27 19:05 - 00000000 ____D C:\Users\eric\AppData\Local\Steam2016-01-18 01:27 - 2015-01-23 18:17 - 00000000 ___RD C:\Program Files (x86)\Skype2016-01-17 19:41 - 2014-05-19 14:28 - 00000000 ____D C:\Users\eric\AppData\LocalLow\Temp2016-01-15 10:03 - 2014-09-25 20:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight2016-01-15 10:03 - 2014-09-25 20:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2016-01-15 10:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser2016-01-13 23:20 - 2014-09-25 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2016-01-13 23:18 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp2016-01-13 23:17 - 2014-04-09 19:02 - 00000000 ____D C:\WINDOWS\system32\MRT2016-01-13 23:08 - 2014-04-09 19:02 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2016-01-13 14:13 - 2014-12-29 03:36 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task2016-01-10 09:38 - 2014-09-16 13:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2016-01-09 21:30 - 2014-04-01 20:40 - 00000000 ____D C:\Users\eric\AppData\Local\VirtualStore2016-01-08 21:11 - 2014-11-09 13:43 - 00000000 ____D C:\Users\eric\AppData\Roaming\Tropico 32016-01-03 02:40 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2016-01-03 02:40 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2016-01-01 10:30 - 2014-08-29 11:50 - 00000000 ____D C:\Users\eric\Documents\My Games2015-12-29 21:56 - 2014-09-22 08:57 - 00170760 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll2015-12-29 21:56 - 2014-09-22 08:57 - 00105888 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll2015-12-29 17:20 - 2014-04-01 20:40 - 00000000 ____D C:\Users\eric\AppData\Local\Packages2015-12-27 20:31 - 2014-04-03 01:11 - 00000000 ____D C:\Users\eric\AppData\Local\ElevatedDiagnostics==================== Files in the root of some directories =======2014-09-22 08:58 - 2015-12-18 12:06 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe2014-04-02 00:19 - 2014-04-02 00:19 - 0000017 _____ () C:\Users\eric\AppData\Local\resmon.resmoncfg2015-12-02 18:08 - 2015-12-02 18:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2015-10-29 11:06 - 2015-10-29 11:06 - 0011508 _____ () C:\ProgramData\wbmTycoon_WBMBarGraph_22015-10-29 11:06 - 2015-10-29 11:06 - 0006200 _____ () C:\ProgramData\wbmTycoon_WBMLineGraph_12015-10-29 11:06 - 2015-10-29 11:06 - 0006075 _____ () C:\ProgramData\wbmTycoon_WBMLineGraph_2==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-01-18 18:05==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016Ran by eric (2016-01-24 19:55:25)Running from C:\Users\eric\DownloadsWindows 10 Home (X64) (2015-12-02 19:08:42)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-4203953536-1566099970-3647134959-500 - Administrator - Disabled)DefaultAccount (S-1-5-21-4203953536-1566099970-3647134959-503 - Limited - Disabled)eric (S-1-5-21-4203953536-1566099970-3647134959-1001 - Administrator - Enabled) => C:\Users\ericGuest (S-1-5-21-4203953536-1566099970-3647134959-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-4203953536-1566099970-3647134959-1003 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Webroot SecureAnywhere (Enabled - Out of date) {66A6FE14-08CB-F415-3742-517201416109}AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Webroot SecureAnywhere (Enabled - Out of date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: - ABBYY)ABBYY FineReader 9.0 Sprint (x32 Version: - ABBYY) HiddenAdobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)Adobe Reader XI (11.0.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) HiddenApple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: - Apple Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: - Apple Inc.)Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3715.05 - CyberLink Corp.)Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)Elevated Installer (x32 Version: - Garmin Ltd or its subsidiaries) HiddenEncountering the Old Testament 2 (HKLM-x32\...\Encountering the Old Testament 2_is1) (Version: - )Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-2520 Series Printer Uninstall (HKLM\...\EPSON WF-2520 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: - Garmin Ltd or its subsidiaries) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)Google Update Helper (x32 Version: - Google Inc.) HiddenGoogle Update Helper (x32 Version: - Google Inc.) HiddenGrand Ages: Medieval (HKLM-x32\...\Steam App 310470) (Version: - Gaming Minds Studios)HMA! Pro VPN (HKLM-x32\...\HMA! Pro VPN) (Version: - Privax Ltd)InstallRoot (HKLM\...\{A765EB7C-8360-49B8-804D-E2FB6D613C1D}) (Version: 4.1 - DoD PKE)Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: - Intel)Intel® Driver Update Utility (x32 Version: - Intel) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: - Intel Corporation)iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: - Apple Inc.)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)King Oddball (x32 Version: - WildTangent) HiddenLTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)Medieval Battlefields (x32 Version: - WildTangent) HiddenMicrosoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version: - Microsoft)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: - Mozilla)MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) HiddenPlants vs. Zombies - Game of the Year (x32 Version: - WildTangent) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Prison Tycoon - Alcatraz (x32 Version: - WildTangent) HiddenQuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: - Apple Inc.)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) HiddenRome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly)Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: - Microsoft Corporation)Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: - Synaptics Incorporated)Synctunes Desktop (HKLM-x32\...\{4503D496-8D6B-4FC2-9A66-1CD6E12CD5DA}) (Version: 1.1.5 - The Bit Studio)Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: - Toshiba)TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: - Toshiba Corporation)Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: - Toshiba Corporation)TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: - Toshiba Corporation)TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: - Toshiba Corporation)TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.15 - Toshiba Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: - Toshiba Corporation)TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: - Toshiba Corporation)TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenWebroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: - Webroot)WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: - WildTangent)WildTangent Games App (Toshiba Games) (x32 Version: - WildTangent) HiddenWindows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 - Dynastream Innovations, Inc.)Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\eric\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {0466099F-13CC-42CD-A701-3474F037EB76} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\\SymErr.exeTask: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {0E0EC068-C8DB-46A1-80EE-EF71DF819B2C} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\\SymErr.exeTask: {0F6C3413-707B-4F2F-9CC0-7A759DE8DF97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {205D7DAD-D32E-4867-8CA7-F236EDFF2398} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)Task: {223213C4-AD2B-41CF-8C14-107921999346} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()Task: {29CAA92A-90D4-4D78-9335-90004DF4075C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)Task: {2B070727-E711-4C5D-8D26-DDF03C207554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTIONTask: {32574149-4F7E-46DF-97A8-3CD747BF6AA9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTIONTask: {343EB2C0-676B-4CB1-8D16-28ADD91C3757} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\\SymErr.exeTask: {37DF0FEA-FDF9-42D2-AD39-2354B1D4D17F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIONTask: {48DD5DB3-A8F5-489D-91B9-0EEC32EDF13B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)Task: {59091047-D05B-4F62-8FAD-56CB380BFDC5} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-21] (Synaptics Incorporated)Task: {5D23E7C1-10C9-464F-9DB9-A08907EB5015} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)Task: {65CBA688-50F6-45D9-AF57-582477EB7D86} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] ()Task: {6EC94B69-37B0-436E-8EB2-6A9E65E313D6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTIONTask: {6F1F5640-6234-4279-8F9E-4E7E28216C6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {7097F1AA-40DC-4286-9BE4-A5D847F43ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTIONTask: {70E89AEC-83B2-4872-B99B-8CB0F31E5BEA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTIONTask: {769298CA-81EE-4897-8ED8-D9F8C6E337CB} - System32\Tasks\{C645B6AB-3F97-4A62-B415-AC558FCDBE90} => pcalua.exe -a D:\setup.exe -d D:\ -c /autorunTask: {77B5832B-7A87-42F0-AFBE-0B7AF07384FF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)Task: {7D81F1B9-459B-42B0-A207-1B615A91F331} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {7E78221E-A7B2-4C84-BAB9-E95A6C845BE5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\\SymErr.exeTask: {80E21BBC-94DB-43A1-802E-B0221BB24C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTIONTask: {BFDF4B70-EF96-48FC-84D1-92F490C73B00} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)Task: {C1CCE66E-2374-4746-A97A-A92B3E158129} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)Task: {CD0BBCFF-DDE9-465D-A999-562CD73D9279} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated)Task: {DEA5B89E-4340-428E-99A3-12E2E61D6CD3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)Task: {E505AB6C-4407-4412-B064-F6A8E3AB5493} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {E64C82DE-DC98-4A63-A65C-AAF39AC1B995} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\\WSCStub.exeTask: {FD89EB38-DCD2-40CB-96E0-B9DD22B03F18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)

Preferred Solution: Handle Leak explorer.exe and memory leak firefox.exe

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Handle Leak explorer.exe and memory leak firefox.exe

Greetings Egyoung1 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.When you post your reply, use the button instead.In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.I would like to remind you to make no further changes to your computer unless I direct you to do so.===================================================Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.Thank you for your patience thus far.Are you or have you been in Germany?What information are you seeing regarding the leaks?Please do this.===================================================Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode--------------------Press the Windows key + r on your keyboard at the same time. Type in notepad and press EnterClick Format and check Word WrapPlease copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txtSearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> DefaultScope {DC04703F-CF46-447B-B34C-C89ABA216644} URL =
SearchScopes: HKU\S-1-5-21-4203953536-1566099970-3647134959-1001 -> {DC04703F-CF46-447B-B34C-C89ABA216644} URL =
Task: {0F6C3413-707B-4F2F-9CC0-7A759DE8DF97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2B070727-E711-4C5D-8D26-DDF03C207554} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {32574149-4F7E-46DF-97A8-3CD747BF6AA9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {37DF0FEA-FDF9-42D2-AD39-2354B1D4D17F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6EC94B69-37B0-436E-8EB2-6A9E65E313D6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6F1F5640-6234-4279-8F9E-4E7E28216C6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7097F1AA-40DC-4286-9BE4-A5D847F43ED8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70E89AEC-83B2-4872-B99B-8CB0F31E5BEA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {769298CA-81EE-4897-8ED8-D9F8C6E337CB} - System32\Tasks\{C645B6AB-3F97-4A62-B415-AC558FCDBE90} => pcalua.exe -a D:\setup.exe -d D:\ -c /autorun
Task: {80E21BBC-94DB-43A1-802E-B0221BB24C24} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E505AB6C-4407-4412-B064-F6A8E3AB5493} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD89EB38-DCD2-40CB-96E0-B9DD22B03F18} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-4203953536-1566099970-3647134959-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.===================================================System Summary Information--------------------Press the windows key + r on your keyboard at the same timeType msinfo32 and press EnterLeft click on System SummaryClick File, Save, and name the file SummaryZip and attach the file to your reply===================================================Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. Reply to questionsFixlogSystem Summary Information

Read other 6 answers

Just got on the computer now, and suddenly everything seems to be slow, I checked the memory and found out that some program is using 94% of the memory, when I was looking for the program I found out that no program is using that amount of memory, 200 at most.

I downloaded RAMmap to map out the memory, and found out that about 94% of the memory is Nonpaged Pool (unallocated?)
. Please see the image below:

As you can see the memory leak clearly.
This is a new PC with windows installed a few days ago.
Win8.1 64x (all up to date) intel i7 haswell, z87g45 Gaming, 8Gram, gtx650ti boost, 128G ssd.

A:RAM Leak Win8.1_64x (Memory Leak) + Picture.

Here is a second picture, after a computer restart, without firefox it gets to 15% although there is no application who is running on 15% (of 8G, is about 1,000MB of process, which in the picture you can see that it cant be). - maybe it's ok maybe not, in both cases there is a leak as you can see in the first post.

Read other 2 answers

I am experiencing a problem regarding ejecting USB devices that may indicate a more fundamental issue with Windows/Explorer within Windows 10.

In the last one to two weeks (possible updates?) it has become increasingly difficult to eject USB devices.

Process Explorer handle search reveals Explorer is keeping open directory handles and thus preventing the ejection of the USB devices. Killing Explorer (or deleting the handles) permits ejection (obviously).

A slightly deeper look into this reveals that browsing to a specific directory will result in handles being opened for all sub-directories. Moving away from that directory and/or closing Explorer does not close those handles, and thus prevents any removable media from being removed "safely".

One of the possible problems is Context Menu hooks, so I've disabled all of those as a precaution but the problem continues.

Is anybody aware of any problems and associated solutions?

As an aside I looked on the Microsoft community forums, with a view to posting there, and commentary around this kind of issue is being directed toward TechNet.

Read other answers

Yes, I know you've probably had several threads identical to this and I've read a whole lot different solutions over the internet, but they all said the same thing.... go into about:config, browser.cache. etc etc.... adjust it to 16MB (16384) and such, but it doesn't seem to even work for me. I still get memory usage between 50MB-75MB while using Firefox.

Are there any other methods of fixing this leak? I don't know what else can be done, but if there are I'd love to hear them.

A:Firefox Memory Leak....

Read other 9 answers


I recently upgraded my RAM from 256MB to 1.25 GB as my Acer Travelmate was running fairly slowly.

I am running Firefox 2.0 and have set up the about:config tweaks commonly discussed on this forum (pipelining, prefetching etc)

However, my laptop still slows down a lot from time to time. I suspect it might be a memory leak but when I open the Process part of Windows Task Manager, Firefox is the only program allocated large chunks of memory.

On different occasions I have checked and it has anywhere between 100MB to 600MB allocated. Whats more it seems to be constantly gradually increasing within each session. i.e. if I end Firefox and start again it starts with a small but steadily increasing memory allocation.

Does it sound like my Firefox has a memory leak? Or is it just all the prefetching etc that is causing sessions to end up utilising such large chunks of memory?

Many Thanks

PS I regularly run Spybot, Ad-Aware and AVG and am relatively confidant that my laptop is pretty clean of malware - so I dont think thats the problem.

A:Can Firefox have a memory leak


Firstly how many and which extensions/themes do you have installed?

How many tabs and which sites are you running when you get the high RAM usage?
How long do you run these sites for?
Do you clear your temps, history and downloads regularly?

BTW if your using Fasterfox, its a known issue with prefetching and its advised to turn it off as the result would be just as fast if not faster.

Do the sites have a lot of video content, pictures, java or flash content that you visit?

Do you get the same result if your run Firefox safe mode?

Memory leak can exist but I don't think one with the latest version has been known. The testing for a leak is pretty rigorous and you would have to take part in it to confirm anything of a bug or problem.

Also check Task Manager under the "Performance" tab -> Commit Charge (K) -- record the Total and Peak values and report them back. Do this after you've been running your daily activities and when you feel like shutting off your system.

Note that some sites don't allow pipelinning and multiple connctions per server so they'll take froever to laod if used that way.

Read other 4 answers

This morning I woke my computer up (sleep mode) and was astonished to see memory usage at 54%! I have 8GB RAM and I've never seen it this high.

I checked Task Manager and saw that Firefox was using 1.8GB and still climbing; about every second it increased by a few Bytes, like clockwork.

There were also three instances of that plugin-container process. Why 3?!

I thought Firefox v4.+ was supposed to have gotten rid of their memory (leak?) problems.

Here's a snapshot and I hope somebody can give me some idea of why it's doing this. TIA!

A:Firefox memory Leak?

Index page &bull; mozillaZine Forums

On the right side, there are two places to enter searches, Boards and Knowledge Base. Enter "Memory Leak" and "Plug-in Container" in each of the two search boxes to find information pertaining to your questions.

Read other 9 answers

I have firefox running on winxp. if i use firefox for about only 10 minutes with only two tabs open, it uses 128mb of memory. i have tried reinstalling and still the same problem. closing it out and reopening does little because it quickly goes back to the same memory usage. is this a memory leak problem or just how firefox is. it was never a problem in the older verion of ff.

A:Firefox Memory Leak.

What Operating System (windows XP, 98, Linux) do you have?

Read other 11 answers

Hi. Recently I copied my P2P download folder to a new, larger hard drive. I've noticed that whenever I open the folder, my computer starts running rather sluggishly (I have a 2.8 gigahertz celeron, and 1 gig of ram). This has never happened before. I look in the task manager, and explorer.exe is using near 100% of cpu power, what I believe is called a memory leak. This is solved by restarting explorer.exe, but it comes back every time I open the folder, whether it's from the shortcut on the desktop (which really is a shortcut to a Kazaa application that then opens the folder, or so it seems to me...) or from My Computer.

I'm anxious to solve this problem. Thanks!


A:Explorer memory leak?

Actually, a memory leak is where the application continually consumes more and more memory.

I think what you have is a spyware/malware infection. First step would be to get rid of Kazaa, since that's implicated in tons of these kinds of reports.

Read other 3 answers

I have a Vista computer. When I log onto a limited account (but not the admin account) explorer will have a memory leak. It will increase rapidly till it takes up about 2,000,000 kb of memory, at which point my computer will dump the physical memory and crash. I do not know what is causing it, or why it does not happen to the admin account. Starting in safe mode does not prevent the memory leak, but if I turn off explorer and run everything using cmd or taskmgr, then the computer runs normally.

Read other answers

Hey everyone. I am running Windows XP and I installed SP2 about a month ago. I just noticed a few days ago that under my processes, explorer.exe is getting out of control. When I start up, it is at the normal 20,000 K. However, it then continues to climb. For example, I restarted an hour ago and it is at 52,000 K already. It climbs to upwards of about 200,000 K. I'm assuming this is a memory leak of some kind, but not sure. Last night I did a virus scan, ad-aware scan, cleaned the files up, a defragged. While everything else is running great, i still have this "memory leak" with the explorer.exe. Any thoughts or suggestions would be greatly appreciated.

A:explorer.exe memory leak?

Hmm... I just checked mine, and it's using 52,380k, never checked it before. I haven't had any virus or spyware issues, so that may be normal.

Read other 1 answers

My laptop seems to have a memory leak with explorer.exe. What happens is this, I'll be reading a forum and eventually pictures will no longer be displayed. I look in the task manager and explorer.exe is around 100,000 K. I end the task (explorer.exe) and then restart it and it's around 10,000 K. Also, my CPU usage isn't out of the ordinary which is 0% to 5% when at idle. I have done virus scans, highjackThis scans, and malware scans in safe mode with nothing coming up. Does anyone know what might cause the memory leak? I'm running XP Home. Here is a highjackthis report.

Logfile of HijackThis v1.99.1
Scan saved at 7:26:45 AM, on 3/14/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {2... Read more

A:Memory leak with explorer.exe

As you see Filter: text/html - {A8981DB9-B2B3-47D7-A890-9C9D9F4C5552} - C:\WINDOWS\mf6A0F.dll this refer to a library file that is made to redirect the search enginese like google or yahoo to some sites that go to search.com finaly
Delete that file mf6A0F.dll and the registry key you can do that by start---run- write regedit and search with ctrl+f and enter this text A8981DB9-B2B3-47D7-A890-9C9D9F4C5552 and delete that key.
Sorry for my bad english

Read other 1 answers

I've seen poorly programmed apps before because I've made them. lol. And there is what it does

I have a dual core AMD Athlon 64 x2 and it will shoot my CPU up to max 50 and the memory will go from 70 to 80 to 90 to 110 all just keep accelerating up to about 350 until it finally comes down again and in the meantime, I'm unable to use the browser at all. When it finally comes down, I'm still unable to do anything on the browser. It happens mainly when I'm looking at live webcam feeds. I'm using a nvidia 7300 GT graphics card. Thanks

I'm using firefox 1.5 . should I upgrade?

A:My firefox browser acts like it has a memory leak


Originally Posted by theredpill99

I'm using firefox 1.5 . should I upgrade?

Oh Yes! Most extensions are compatible with FF 2.*, if not you can always 'bump' your favourite ones.

Once you've updated, if you're still experiencing memory leaks you could try the Leak Monitor extension.

The leak you are experiencing now sounds way over the top. I think there's more to it than just a leak but crack on with the update and that in itself may sort out your problems.


Read other 4 answers

I have a win 7 64, asus M4 a785 MB with 4 GB RAM

I am trying to identify a memory leak. After a reboot I am typically at 1638 MB used and it gradually rises over a few days to about 3000MB used.

Now my problem is that if I open "Process explorer" (the one from systernal) and dump the usage and compare them, they are not changing.
SVChost, system explorer , mbam... all stay approx the same for a total load of 1240MB.
There is another approx 400MB used that grows to 1700MB and that I cannot track.
any others tools to diagnose the total memory and where it is used.

tia, soso

A:Memory leak - not in process explorer


Nothing really new here in terms of what can be used, but rather detail explanations on how to use them.

Windows 7 memory usage: What&#039;s the best way to measure? | ZDNet

Read other 9 answers

Alright, I have two problems that have been bothering me for sometime.

Problem 1:
I'll start with the firefox deal. I have the latest version of FF2 (version but I have noticed that after about ten-fifteen minutes of browsing, firefox tends to take up an unbelievable amount of memory, as in over 100,000 K, and thats only after ten minutes. Pretty much any time I browse the internet, task manager lists it as the process that uses up the most resources. Hell, some games don't even use that much memory. I understand that browsers tend to use up more memory the longer they are run, but it shouldn't be that bad after ten minutes. Any specific ideas, or should I bring this to some firefox help support forum?

Problem 2:
As for the other issue, I have only ever noticed this after coming out of hibernation. Upon coming back to my desktop, one of the svchost.exe's that are running jumps way up in memory usage, to about the same numbers I listed above (between 80,000K-100,000K), and won't come back down. I have noticed that after ending that particular process I tend to lose any capabilities for my sound drivers to work (none of my media players can produce audio output, although I believe that Windows retains the various system beeps ), forcing me to reboot. Not that big of a deal, but this is more of a hassle than I would like to go through everyday. This sounds kind of like a virus has attached itself to that articular svchost.exe, although Symantec has never detec... Read more

A:Firefox memory leak and virus attached to svchost.exe?

problem 1 - nothing you can do about the memory leak - maybe turning off some of your addons will help, its a known problem with ff2. ff3 is supposed to solve the problem. It should be released in about a month. I have been running ff3 rc1 and it seems to be a whole lot better - just most of the addons dont work with it yet.

problem 2 - its tough to know what the svchost is working for. Maybe turn off your startup items one by one until you can determine whats causing it.

Read other 1 answers

To start, I have Windows 7, on Sony Vaio laptop.

I have been working on the issues with the malware removal team, but now machine looks clean, I am still having issues.

When starting the computer and going to the task manager, I can watch explorer.exe start at about 18K memory usage and then grow constantly until it is running with almost all of the computer's physical memory after about seven min. I cannot get the context menu to show up after a few min by right clicking on anything.

I had been experiencing "freezing" while playing Eden Eternal (an online role playing game) before that, which made me consider malware and seek help here at BleepingComputer. The freezing has ended, last time I played on that machine at least, but now there seems to be some issue with the explorer.exe taking all of the memory. I haven't been using the machine since I don't trust that there's not something running in the background that shouldn't be.

In resource monitor there were "connections" that had "-" for both the name and the PID, but I don't know if that was the malware of if that's normal somehow?

Issue with explorer.exe seems to be limited to only one user account, and not the other one. That is to say that if I log on one of the other accounts explorer.exe behaves normally, as far as memory usage.

Previous topic linked here,

Topic before linked here as well,... Read more

A:Windows 7 explorer.exe running at total memory after a few min. "memory leak?"

Please download MiniToolBox , save it to your desktop and run it.Checkmark the following checkboxes: List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and paste the content into your next post.Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 .Louis

Read other 12 answers

Ever since yesterday, I get instances of Explorer.exe randomly generating and sucking up CPU cycles, memory, and handles. I don't know where it's coming from. But it seems that a couple instances of ctfmon.exe always appear before it happens. I've run AVG, Spybot, and MBAM to try to track this down. I've tried starting the system with only Microsoft services. I'm no closer to a solution.
I can't troubleshoot this one on my own. Help.
Windows 7 64 bit, Gigabyte motherboard.
HJT log included. Mod Edit:  Removed HJT log, not used in this forum, not allowed, not needed for system issues - Hamluis.

A:Explorer.exe processes leak memory, handles, and CPU

Download Anvir Task manager free portable if you don`t want to install it - http://www.anvir.com/download.htm
Unzip it and double click on Anvir icon.It will start application.Click on tab - Processes.Select one of these randomly generating instances and with right click choose option check online.A webpage from VirusTotal will be opened.Post the link of this page.

Read other 16 answers

I have Windows 10When running Forefox version 45, 46 4nd 47, even in safe mode, the number of handles for Firefox coults up forever. I have the factory Intel HD Graphics driver version There is a much newer graphic driver available. 1. Does anyone else with Widnows 10 have a handle leak when running Firefox? 2. Has enyone solved it and how? 3. Has anyone upgraded to the latest Intel HD graphics deriver from Intel and it it working OK? Thanks 

Read other answers

Please help me figure out why winlogon.exe is leaking handles on my WinXP Pro SP3 x86 machine. About 12 hours after a reboot I'm already up to about 40,000 handles for winlogon.exe. The handle count continues to increase even while the machine sits idle. Eventually the machine begins behaving eratically and I have to reboot it, usually every 24 hours or so. The md5sum for my winlogon.exe matchines the md5sum for winlogon.exe on a properly working machine (ed0ef0a136dec83df69f04118870003e *C:\\WINDOWS\\SYSTEM32\\winlogon.exe) so I don't think I have a corrupt winlogon.exe. I think the problem is due to some interaction between winlogon.exe and another process, but I'm not sure which one. Can anyone help me to trouble shoot this further?

A:handle leak in winlogon.exe

What are you using to determine that it's leaking?Have you scanned the system with an independent malware scanner (in case yours is corrupted by malware)?Links to several free, online scanners are here: http://www.bleepingcomputer.com/blogs/usas...?showentry=1252

Read other 3 answers

Ever since yesterday, I get instances of Explorer.exe randomly generating and sucking up CPU cycles, memory, and handles. I don't know where it's coming from. But it seems that a couple instances of ctfmon.exe always appear before it happens. I've run AVG, Spybot, and MBAM to try to track this down. I've tried starting the system with only Microsoft services. I'm no closer to a solution.

I can't troubleshoot this one on my own. Help.

Windows 7 64 bit, Gigabyte motherboard.

HJT log included.

A:Solved: Explorer.exe processes leak memory, handles, and CPU

Looks like a got it. TDSSKiller found a Cidox rootkit.

Read other 1 answers

Hi, first of all thank you for making this type of forum since I mostly have problems with software conflicts and never really with malware.
Sometimes at random when I boot my pc, everything would freeze up so I would have to ctrl+alt+del then log off and back on again to fix it. This doesnt happen too often but enough to annoy me into fixing it.
The only event log I see around the time this happens are these:
"Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  
 1 user registry handles leaked from \Registry\User\S-1-5-21-3965548825-2285127440-1969352065-1000:
Process 884 (\Device\HarddiskVolume4\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3965548825-2285127440-1969352065-1000"
"Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  
 2 user registry handles leaked from \Registry\User\S-1-5-21-3965548825-2285127440-1969352065-1000:
Process 472 (\Device\HarddiskVolume4\Program Files\Sandboxie\SbieSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-3965548825-2285127440-1969352... Read more

A:Registry Handle Leak Hangs

Do you have the most recent version of Sandboxie installed?
What anti-virus, firewall are you using?  Any chance that you have an Internet Security Suite installed (Norton, McAfee, etc...)?
I've seen those types of entries many, many times - including in my own systems; on my systems at least, they were rather benign messages.
I would suspect freezing is due to "unknown hardware failure" - maybe RAM or HDD; possibly even heat.
Event Viewer logs primarily record OS, software & security related items.  About the closest think you'll find to hardware failure in the EVTX logs - I/O errors.
Be sure that all Windows Updates are installed as well.

Read other 2 answers

When I run Firefox 45, 46 or 47 even in safe mode, the number of handles for firefox coults up indefinitely (a handle leak) I have an Intel display driver: Does anyone know of a solution for stopping the handle leak?

Read other answers

I am tuning my brother's computer.   He is running Vista Service Pack 2, on a Notebook,  and I don't know when he installed Service Pack 2 .  
He said it was going bonkers, and he could only get it to boot into safe mode, and Norton was going bonkers.  He decided Norton was at fault and uninstalled it.    
I have been working on it all day; I cleaned off the hard drive, defragged it, ran antivirus and antimalware scans, didn't find a whole lot and no viruses; really didn't run into significant problems with this machine until now.
I installed and ran Avast.   The computer suddenly crashed in the middle.   It says that variously 27 and 4 registry handles leaked form \Registry\User\S-1-5-21-1400395204-12041-0-63-305893044-1000 and ditto, 1000_Classes, because Avast opened the keys, and that Windows detected your registry file is still in use by other applications or services.  The file will be unloaded now.   The applications or services that hold your registry file may not function properly afterwards.   
What has caused this, what does it mean, and what do I do about it?
Is failure to restart the system after deleting things or installing antivirus programs by any chance responsible?   I also installed Malwarebytes, and no other antivirus software was running at the time.   Avast had dowloaded Dropbox without asking me and I was trying unsuccessfully to stop the blasted th... Read more

A:Registry handle leak errors when running Avast

What is the make and model of this computer?
Does this computer boot into Windows normally or in Safe Mode?

Read other 1 answers

i got a very annoying prob.
when i using Internet Explorer 7 I've noticed that there seems to be a memory leak of some sort. Usually after an extended browsing session or having opened a lot of Internet Explorer windows.
sometime the browser becomes non-responsive and some time otomaticly restart.
more annoying is that after it happen i cant remove it from the task menu, end process cant help.
sometime when in happen i restart my firewall and the conectivity 2 internet is ok but stil cant close it normaly or with the task menu so ive got 2 restart windows.
there is other prob that sometime (most of the time) heppen and i think its connected,
when i start the computer in the morning after copple of minutes the computer freeze (usuely i start bitorrent or some other consuming software) then i do restart and everything is ok 2 the rest of the day.
(no spyware or viruses: checked it)
my system:
vista ultimate
Agnitum: Outpost Firewall Pro
PC duel core intel 2.4 Ghz
4gb ram
internet connection thru usb surfboard modem 3M connection

tnx in ahead
every help is much appreciated !!!!!

A:Internet Explorer Memory Leak + stuck + unable 2 rmve from task manu

welcom lets maybe check for any infections to start with Please run both of these and post the results for checking Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your Desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates".

(If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select ... Read more

Read other 1 answers

Hello Techies!

So I have a memory leak. It's an autocad app running on an xp machine. I know it's autocad generating the c++ error. There is a max of 4gb virtual memory.

All that being said I am at a loss as to how to FIX the memory leak. Do I uninstall and reinstall the app?

Any help would be greatly appreciated as I am drawing a total blank.

A:Memory Leak

can you post exact error message please?

Do you have Adobe PDFmaker installed - (i am not talking about Adobe Reader!)

Read other 3 answers

I recently formatted my hard drive on my laptop, and started FRESH. I have my D Drive mostly used for storage, and my C: drive as the main drive for Programs. D is in Fat32 format, C: is in NTFS. I recently am running into what seems to me to be numerous svchost.exe openings and they seem to be sucking up a lot of memory, even when I'm not online (disconnected from internet).

I have run Spybot Search & Destroy, and Ad-Aware SE (which I keep up to date) and have removed any problems. I have run an online scan at http://housecall.trendmicro.com/ and I have no viruses detected. I have done a full scan using my Norton Anti-Virus, which I keep up to date, and nothing. I have done all my Windows XP Service Pack updates (including SP2) and Critical and Security updates for all application software.

It just seems to be spiking, my CPU usage 38%-78%-100% and the only thing I can think of, after shutting down all unused applications, is that it may be a memory leak somewhere.

Any ideas? Here is my log attached....

Read other answers

We are facing a problem with IE memory leak. In our application (intranet), we are using Ajax, servlets and in our client we are using lots of Javascript, DOM components & XML processing. The problem we are facing is every time when a page is opened, around 10MB of memory is increased in IE process thread (in Task Manager). When the page is closed only 3 or 4MB alone released. So, if the application is used for, say, 1 hour then the IE memory is increased to whopping 600MB and system crashes (IE couldn?t handle further requests).

The strange facts are, this is happening only for the last couple of months or so. In our network domain the environment is Windows XP with SP2 & IE 6. We tested the application in Windows 2000 and found that there it is working fine (around 80MB alone used and memory usage is stable). And also in one of the Windows XP with SP2 machine also the memory usage is stable. The application works fine in a different network domain with the same Windows XP with SP2 environment.

We suspect that some recent Windows patch is causing this problem. We rolled back recent Windows patches and tried to get it resolve but in vain. Have anyone faced similar problem? Is there anything like IE settings, Firewall settings could be a reason?

Can someone help me in this regard?

A:IE memory leak

How many computers is this effecting?

woudl you eb able to update to IE7 and see if the same probelm occurs?

Read other 2 answers

I'm not sure how long this has been going on, but after my computer is on a few hours and I've been messing around (WoW, witcher 3, browsing the internet, etc) my computer eventually gets stuck on a high memory usage % (over 90%+) even though I have closed like every program running. If I close a high memory program the memory usage will still stay on 80%+
And when I restart my computer, my memory usage is normal around 20%-30% but after a few hours it jumps back up to 90%+ and becomes very sluggish and laggy. 
I have run virus scans, malware scans, spyware scans, you name it, and no infections found.
I have included an imgur album that I created to show you my windows processes, memory usage, RAMMap results, etc.
As you can see on RamMap, when I went to processes, there are literally THOUSANDS of "Powercfg.exe" and "Conhost.exe" (Look how small the scroll bar is!) So this is obviously a problem, I don't know why there are thousands of zombie processes. I've never dealt with a memory leak before (if it even is one) and I would very much like help! Thank you fellows! These thousands of powercfg and conhosts are each 4 kb each... multiply that by 1000+ and you've got a problem.

A:Possible memory leak? Help please!

Please download MiniToolBox  , save it to your desktop and run it.
 Checkmark the following checkboxes:  List last 10 Event Viewer log  List Installed Programs  List Users, Partitions and Memory size.
 Click Go and paste the content into your next post.
 Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post. 

Read other 3 answers

Hello, I'm new to this forum and I've been having a problem with this ram issue lately.. Basically, my computer builds up RAM over time which is impossible to clear unless I restart my computer. Any solutions? Thanks

A:[RAM] Memory Leak

It's supposed to do that. Yes you can clear it but RAM usage will soon increase as you start using your machine. You don't need to clear it.

Why do you want to?

Edit: Windows will free up RAM automatically when needed.

Read other 9 answers

This one is above my head (but most everything is ).

What I've found so far (correct me if wrong here):

System processes make a demand for physical/virtual memory, which gets proportioned out amongst both - ram and page file (hard disk space).

As processes 'process', allocations of memory to complete the process get deleted, and new memory gets requisitioned, until the process terminates, or idles down, and no memory requests are made by that process.

When the old allocations of memory are not released by a process, memory resources gets to the point that there's none left for continued processing by ANY process. Re-booting is a work-a-round. The system will shut down, even if left idle. I did that once, and had info file on the 'Error Shutdown', but I cannot find them where the error pop-up indicates. PROBABLY BECAUSE THEY ARE NOT SAVED, WITH NO MEMORY AVAILABLE AT SHUTDOWN.

I routinely get an error after so much 'processing', and data transfer between disks, that:
"Insufficient system resources exist to complete the requested service."

It's not a shortage of hdd space. If you post "The disk is probably full", without reading this detail, you'll show us alot about yourself).

Task Manager shows nothing under any tab. (if you post "Check Task manager", without reading this detail, you'll show us alot about yourself).

I found a Performance Monitor, which seems to be the diagnostic sta... Read more

Read other answers

I have 4GB of memory in my computer and for some reason if I leave My computer on for the day when I get home in the afternoon the memory usage is up at 60-90% and my computer starts getting really Laggy and slow. Then I have to turn it off and after a restart its fine for the rest of the day. I am very careful and only install programs I can trust so I'm guessing its a bug somewhere?

I have Eset smart security installed

Hope someone can help


A:Memory leak?

Exit FireFox before you leave and then re-open it when you get home. FireFox can remember your open tabs if needed.

Read other 9 answers

I think i have a memory leak, everytime i leave my computer idling for a few hours all my memory is taken by something and the system becomes very slow until i free it up using a memory cleaning software.

here's what task manager shows me:

and here is the list of processes:

Im using Windows 7 x64 Ultimate

A:Memory Leak

Why antivirus solution are you using?

Read other 9 answers

Hi, i have a weird problem i have a hp dv5000 and i usually use it for basic stuff (internet, word, etc) but ocassionally i use mame to run games, it was fine until a couple of days ago when i run the program the game starts fine but then it gets slow (something that never occour before).

I didnt install anything new that could possibly burn more memory, i even try to use readyboost but it didnt work. HOEWEVER being as courios as i am, i mess with the

"tasks" options in control panel/administrative tools

and disable a couple of ones (dont remember wich ones), do you guys can give any thoughts, any help is good

A:Memory leak

Hello.. have you opened up task manager and in process tab. seen what is using the most memory.. just click on the memory column til the one using most is at top.. See what it is .. post a screen shot if you are able .

Read other 5 answers

Product Name: hp ENVY 15-k10ne-15 inchOperating System: Microsoft Windows 10 (64-bit)I have problem with my pc hp pavilion p7 1234.When I turn off the error pop up.an unexpected memory leak has occurred,the unexpected smoll block leaks are:37-44 bytes UnicodeString x285=92 bytes UnicodeString x1117-124 bytes UnicodeString x3Is there any help to fixthat?  Tank you dear friends       

A:memory leak

Greetings, Please see this Microsoft MSDN document on finding memory leaks. HP provides Win 10 drivers for this product here. You may want to update your drivers. This should or may correct the problem. Cheers!

Read other 1 answers

Recently I've built myself a new pc
Specs: GPU; GTX 970 (msi). CPU; AMD 8350. Motherboard; ASUS SABERTOOTH 990FX R2.0. RAM; HyperX Fury Black 8GB 1866MHz DDR3 CL10 DIMM. Hard Drive; WDC WD20EZRZ-00Z5HB0

I don't know if any of that is helpful but I'm not too experinced with this issues so I thought it might be worth giving all the information I can.

What happens is when I load up the computer it instantly uses around 2 or more gb of my 8gb ram stick and it's a lot worse on games. It uses almost the full 8gb no matter which game im playing. I'm not sure what the problem is as this computer is no more than a week old and at first it worked perfectly. Can anyone help?

Read other answers

I just reinstalled the software to see if the memory leak bug had been fixed!!
Unfortunately it still exists!
With EIS installed, ntoskrnl.exe was approaching 200 MB ram usage,when I removed the software,the usage went back to normal!!

Any similar feedback from other users!!

Read other answers

Reading around I thought IE eliminated it's memory leaks but I definitely have it when I use IE8.

I typically have three windows of IE8 open and within one will have multiple tabs, maybe five or six at the most. Over time memory usage definitely grows and is not reclaimed as tabs or even windows are closed. Only way I can reclaim memory is by closing all windows and putting computer to sleep. When I awaken it and start again memory usage is back to it's initial state. But then it will grow again as I use IE8. Seems to happen no matter what websites are visited so I don't think a specific site is causing the problem.

Is it a problem somewhere in my system or is it just how IE8 really is?

A:IE8 Memory Leak

Have you done a Google Search?
Remember Google is your friend.

Some examples...

A memory leak issue occurs in Internet Explorer 8 when you switch between XML files

Memory Leak in IE8?

IE8 memory leak - Microsoft Answers

Read other 5 answers

Hi everyone,

Just recently, I've been having major problems with memory usage. Right when I reboot, all processes in my taskmanager are at normal, with the majority of programs running at 5-6 megs. But as I run a few programs, the memory usage of the majority of processes suddenly jump up to 30-40 megs.

For example, foobar2000, which usually takes 5 megs, now takes 44 megs. But if I close it and restart the program, it's back the normal 4-5 meg level, but it gradually consumes more and more memory.

Could this be the result of a virus? I ran Symantec and Spysweeper and came up with nothing (and even these scans are running at much lower speeds than normal).

CPU usage is also normal, just a memory problem.

Thanks in advance for any help.

Logfile of HijackThis v1.99.1
Scan saved at 7:14:37 PM, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\COMMON~1\S... Read more

A:Possible memory leak?

Read other 11 answers

Ive been having some trouble for some time now that my My computer begins to use more and more PF usage over time from i start it, 2 weeks ago it look it 8-10 hours to run out of memory now it usually happens in 2-3 hours so its increasing. Ive been unable to locate where the memory leak have occured but its happening under 2 identical processes called: svchost.exe

System Information
Time of this report: 11/20/2009, 11:47:55
Machine name: XXX
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.090804-1435)
Language: English (Regional Setting: Danish)
System Manufacturer: System manufacturer
System Model: System Product Name
BIOS: Phoenix - AwardBIOS v6.00PG
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+, MMX, 3DNow (2 CPUs), ~3.0GHz
Memory: 3582MB RAM
Page File: 3598MB used, 1865MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode
Is there anyone that can help?

A:Memory leak?

Try narrowing down your search and identify the exact process by following this guide: How to determine what services are running under a SVCHOST.EXE process

Read other 6 answers

Hi, a friend of mine sent me here to figure out what I could.I'm on a Sager NP5793 with Core 2 Duo 2.5ghz, 4gb RAM, a 512mb nVidia 9800M GTS, 320gb 7200rpm hard drive, and Vista Ultimate 64-Bit installed. It sits on a Notepal Infinite (small for a 17" widescreen, but the vents line up nicely) and I use a Logitech Cordless Mini Optical.I got this laptop less than a week ago, and the first thing I did after installing XP SP3 32-Bit and Vista 64-Bit was install all the drivers from the bundled CD from Sager. The current installed programs are Avast, Ccleaner, Firefox 3 (Plus Flash 10 and Java VM plugins), Foxit Reader, Diskeeper 2009, Itunes, Gtalk, Pidgin, Logitech SetPoint, Protector Suite QL(fingerprint reader), Speedfan, Nero 9, WinRAR, VLC, Speedfan, and a bunch of Source games.I've been noticing an average of 33% memory usage consistently, even when nothing is on. I thought it may have had something to do with the Aero theme, which shouldn't have had a problem considering my laptop's specs, but I disabled them to test, and my memory usage fell a whopping 2%.The Protector Suite QL (psqltray.exe) likes to eat memory randomly, sometimes growing to 500, but I've seen hundreds of reports about this and no one seems to know why it happens. I just end the process, and retain use of my fingerprint reader for logging in and unlocking the pc.One instance of svchost likes to claim about 100mb+ of my ram, which isn't much of an issue (I'm not too stingy). It has the Windows Drive... Read more

A:Possible Memory Leak

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.This may not work with the 64-bit... but others will help.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the progra... Read more

Read other 1 answers

hi all
i am having all memory used up at intermittent times
sometimes 2 hours sometimes it takes 2 days and when it happens media portal has frozen and its used about 900 meg of my 3325 of ram

any body like to help me figure out were the memory leak is

cheers brad

A:memory leak

As discussed previously, it sounds like a resource leak, but the real questions are "what's leaking?" and "can it be worked around without (re)coding the component in question?". This is all assuming you're already on the latest version of all the components involved, which tends to have a way of resolving (embarrassing) known resource leaks

The best way to troubleshoot is to start a Perfmon log straight after a reboot, and to keep it running until the "freeze" symptom manifests itself. Given it can take days, the trick is to keep the log file from growing to a monstrous size. That's done by being selective about what's being monitored, and how often perfmon records a "sample".

As a suggestion, create a Perfmon counter log to record all instances of all counters under the following objects:


Set the sample interval to say 2 minutes, and kick off the log soon after the next scheduled reboot. Stop the perfmon log only once you're confident that the machine is clearly being all weird in the particular way which you wish to analyse.

If you need more info on how to create the perfmon log, just yell. Ditto if you'd like assistance in analysing it. There's nothing particularly personal in there other than the hostname of your server and the names of the processes running on it.

Read other 9 answers

After searchin the web a bit i have found that i may have run into a memory leak on my computer. Random SVChosts regular processes + systems processes all use massive amounts of memory that continues to get larger over time (99% usage and 280k+ memory usage), at first i thought it was a a virus but im being told it is a bug in the os. I do not have a boot disc this unit was a hand me down, I am useing Windows xp 32 bit and if you guys are able to lend a hand i would apprciate it cause the computer has become literally unusable after aobut 5-10 minutes of being used. PLease repsond with what programs logs or other information you would like to know!P.S. I know for a fact that my browser has the redirect virus if that may be an issue i apologize for posting in the wrong thread.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Memory Leak

Lol the svchost has a memory usage of 380k atm.... it seems if i don;t force close the process (which simply restarts afterwards) it will infinitely climb, any suggestions!?

Read other 3 answers

How do I come to know there is an memory leak issue on my pc.

A:Memory leak

Read other 6 answers

Hey all,

Over the course of the past few days my PC seems to be suffering from high memory usage. What's interesting is that I found this thread on this same forum in which the OP was having the exact same issue as me. The PC starts fine and remains fine while in use, but allowing it to sit for long periods of time with no activity will cause memory to be eaten and unable to be released. I checked for any aliases that the Win32/Ramnit virus may be hiding under but can't seem to find anything. I'm more than willing to post any screenshots of my Task Manager and whatnot but I'll have to get back to you on it as it takes a bit longer to for a substantial amount of my memory to be eaten due to the fact that I have 32GB. Feel free to ask for any screenshots in the meantime so I know what to grab.

Has anyone else other than Walter Odim experienced this problem?

A:Memory Leak?

You have 32 GB installed physical RAM?

Please provide a tasklist. Bring up an Admin CMD prompt & paste:

tasklist /v > 0 & net start >> 0 & echo. >>0 & start notepad 0
A Notepad will open. Save it and attach to next post.

Check out Resource Monitor (RESMON). Click on Memory tab; click on Working Set to sort in descending order. What items are using the most memory & how much?

Windows Resource Monitor (RESMON) - (Windows 8.1, 8, 7 & Vista) - Sysnative Forums

Regards. . .



p.s. Thank you to MS Mod jenae for tasklist from cited thread in post #1

Read other 16 answers

I have an Asus m2400n notebook, XP SP3 32 bit, 768 MB ram, 80GB Hard drive....real basic....Anyway, heres my issue, when i am running google chrome(my web browser of choice) and shockwave flash player, the memory usage of the 2 processes begins to grow, but it doesnt stop, it keeps growing until windows displays the low memory warning to increase the page file size....I "googled" it and from what i read, this could be a problem with chrome itself, something about how it uses multiple processes, idk. Thats why im on here, if i cant google the answer, gotta talk to some real people

A:Memory Leak

Really??? 33 views and no replies...come on now

Read other 1 answers

Hi, recently I've noticed my comp has been having issues with slowing down a lot after being on for a day, I decided to start looking into the processes yesterday and noticed 1 svchost.exe process using 1.7gb of ram, about 8 hours later it was using 2.6gb of ram. After rebooting the readings went down to a more normal looking level with the physical memory use while a couple of programs are running being about 50% (my system has 4gb of ram)
I have been keeping task manager open and watching the memory usage, most of the svc processes increase slowly with occasional small dips but the increase is very slow, there is however 1 process that is increasing by about 1mb every 3-5 minutes. This process is the one involving network programs (winhttpautoproxy, wdiservicehost, nsi, netprofm, fontcache and fdphost)
I hear all these processes are linked to server 2008 which i didn't think was installed and thought wasn't needed on a standard home computer.
I double checked and ran a malware scan and a virus scan which both came back clear, so i have no idea what is causing such a rapid memory drain.

A:Possible memory leak

Make your way to this website here: CCleaner - Download
On the first column where it says "Download from:" click on Piriform.com

*Windows XP - Internet Explorer 8 Download

*Windows Vista, 7 & 8 - Internet Explorer 9 & 10
The software should now ask you to either Run, Save or Cancel. Click on Run.
*When installing on a Windows XP PC:

Then click Run again.

You should now see the onscreen CCleaner setup guide. Click Next >

If asked to agree to their terms and services then click on I Agree.
You may be asked to install either Ask! or Google Toolbar. Installing unnecessary toolbars will cause security holes along with a slower browser.

Untick the box for the Ask! or Google Toolbar:

Next step in the setup is to untick all the boxes accpet the the first and last boxes.

Now click the Finish button and CCleaner should open up.


With CCleaner running:

For the following picutres make sure anything with a RED box is unticked and anything with a BLUE box is ticked.

Now click on the Applications tab:

In the bottom of the program click on Analyze. After that is finished you will see a list of what files will be deleted. Once finished click on Run Cleaner

After the Analyze button:

Once finished analyzing that files will be deleted click the Run Cleaner button.

Once finished it will show you how much data has been removed. You can now close out of the progra... Read more

Read other 7 answers

an instance of svchost.exe is eating up my memory which is in short supply. Here is a list of my runing processes. Any idea why this is or what to do about it?Process PID CPU Description Company Name Virtual SizeSystem Idle Process 0 80.95 0 K Interrupts n/a Hardware Interrupts 0 K DPCs n/a 14.29 Deferred Procedure Calls 0 K System 4 1,876 K smss.exe 624 Windows NT Session Manager Microsoft Corporation 3,800 K csrss.exe 676 Client Server Runtime Process Microsoft Corporation 26,584 K winlogon.exe 700 Windows NT Logon Application Microsoft Corporation 54,516 K services.exe 744 1.90 Services and Controller app Microsoft Corporation 37,768 K svchost.exe 904 Generic Host Process for Win32 Services Microsoft Corporation 61,376 K 1XConfig.exe 1620 8021XConfig Module Intel Corporation 50,944 K naPrdMgr.exe 1268 NAI Product Manager Network Associates, Inc. 30,140 K svchost.exe 948 Generic Host Process for Win32 Services Microsoft Corporation 36,492 K svchost.exe 992 Generic Host Process for Win32 Services Microsoft Corporation 145,380 K S24EvMon.exe 1036 Event Monitor - Supports driver extensions to NIC Driver for wireless adapters. Intel Corporation 33,436 K svchost.exe 1112 Generic Host Process for Win32 Services Microsoft Corporation 31,492 K spoolsv.exe 1192 Spooler SubSystem App Microsoft Corporation 51,660 K FrameworkService.exe 1052 Framework Service Network Associates, Inc. 52,876 K Mcshield.exe 796 On... Read more

A:Memory Leak

Since you've got Process Explorer on your system - use it to identify what processes are running under that particular svchost.exe process (PID 992) Once you find what's running beneath it, let us know and we'll be able to move on with more stuff to do. (the easiest way to get the info is to hover your mouse over the svchost.exe process - then the program will pop up a list of services that are running under that process).Are you performing any debug routines? I see that mdm.exe is running - this can be a result of a manual debug, or can be the result of an error.I also notice what may be 2 anti-virus programs running on your system. This can cause major problems as they compete for access to files, and they compete for access to system resources. I'd recommend turning one of them off immediately.I'd also suggest running this free, online scan (must use IE): http://safety.live.com/ It will scan for malware, clean your registry, delete your Temp files, and defrag your hard drive.

Read other 4 answers