Author Topic: Assistance Requested (Read 8306 times)

pivotel · « **on:** March 22, 2015, 05:51:34 AM »

Hi Curson,

Love your work, inspirational!

I recently had an error that I've never experienced before when opening a game.

http://i.gyazo.com/e6615a6fc6899ce5208b82331338456e.png

The game still worked fine but I decided to perform a scan anyway.

Quote

RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Edward [Administrator]
Started from : D:\Users\Edward\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/22/2015 04:39:14

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 19 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutGetVolume : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000acd0 (jmp 0xffffffff9f4859e8)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutWrite : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac10 (jmp 0xffffffff9f4a5c95)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInClose : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ae40 (jmp 0xffffffff9f485474)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutReset : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000abe0 (jmp 0xffffffff9f49fde7)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInPrepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000aec0 (jmp 0xffffffff9f485456)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInOpen : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ad10 (jmp 0xffffffff9f4a1cbc)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutSetVolume : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000acf0 (jmp 0xffffffff9f485991)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInAddBuffer : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af40 (jmp 0xffffffff9f4853e5)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInReset : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b060 (jmp 0xffffffff9f48543e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutUnprepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac90 (jmp 0xffffffff9f4a609e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInGetPosition : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b0d0 (jmp 0xffffffff9f485469)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInUnprepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af00 (jmp 0xffffffff9f485429)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutClose : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000abb0 (jmp 0xffffffff9f4a6043)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutOpen : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ab40 (jmp 0xffffffff9f4a6622)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInStart : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af80 (jmp 0xffffffff9f4853c6)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInStop : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b000 (jmp 0xffffffff9f485412)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutPrepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac50 (jmp 0xffffffff9f4a5d41)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ole32.dll - CoCreateInstance : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000a4d0 (jmp 0xffffffff99f607c5)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ole32.dll - CoCreateInstanceEx : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000a630 (jmp 0xffffffff99f608e2)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Patriot Wildfire ATA Device +++++
--- User ---
[MBR] be293b8871d071d74f51df1ebbd093f1
[BSP] 2304ca54a1dbb77be9e65b606f9d735a : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST31000524AS ATA Device +++++
--- User ---
[MBR] d6ce936278f6c81d270231da3cff0341
[BSP] 7a2a3dc3040122d2247ea76acf756947 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] 7e91472cf6759fbe214f0a7067217200
[BSP] 64884cf4f9b3a48ec6de01dd6cb30ee6 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Seagate Desktop USB Device +++++
--- User ---
[MBR] ef6903c55d6d1c4188001ca82313cb50
[BSP] 6e4264fe1fa5e03f4924ed0d60f5d268 : Empty MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_03212015_220721.log - RKreport_DEL_03212015_221208.log - RKreport_DEL_03222015_010834.log - RKreport_DEL_03222015_010841.log
RKreport_DEL_03222015_010849.log - RKreport_SCN_03212015_220237.log - RKreport_SCN_03212015_220936.log - RKreport_SCN_03212015_221342.log
RKreport_SCN_03212015_232328.log - RKreport_SCN_03212015_235851.log - RKreport_SCN_03222015_004736.log - RKreport_SCN_03222015_011037.log

Any ideas on what this issue is and how to resolve it would be very much appreciated.

Kind Regards,
Edward

Curson · « **Reply #1 on:** March 23, 2015, 03:03:32 PM »

Hi Edward,

Welcome to Adlice.com Forum.

The report was generated with the 32 bits version of RogueKiller.
Please download RogueKiller (64 bits version), redo a full scan and post the report obtained in your next reply.

Regards.

pivotel · « **Reply #2 on:** March 23, 2015, 03:27:23 PM »

Thanks for the welcome! Sorry about that, here you go.

Quote

RogueKiller V10.5.7.0 (x64) [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Edward [Administrator]
Started from : D:\Users\Edward\Downloads\RogueKillerX64(2).exe
Mode : Scan -- Date : 03/24/2015 01:24:28

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-194976280-2367403184-606261679-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 19 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutGetVolume : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000acd0 (jmp 0xffffffff9fd959e8)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutWrite : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac10 (jmp 0xffffffff9fdb5c95)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInClose : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ae40 (jmp 0xffffffff9fd95474)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutReset : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000abe0 (jmp 0xffffffff9fdafde7)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInPrepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000aec0 (jmp 0xffffffff9fd95456)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInOpen : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ad10 (jmp 0xffffffff9fdb1cbc)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutSetVolume : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000acf0 (jmp 0xffffffff9fd95991)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInAddBuffer : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af40 (jmp 0xffffffff9fd953e5)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInReset : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b060 (jmp 0xffffffff9fd9543e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutUnprepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac90 (jmp 0xffffffff9fdb609e)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInGetPosition : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b0d0 (jmp 0xffffffff9fd95469)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInUnprepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af00 (jmp 0xffffffff9fd95429)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutClose : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000abb0 (jmp 0xffffffff9fdb6043)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutOpen : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ab40 (jmp 0xffffffff9fdb6622)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInStart : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000af80 (jmp 0xffffffff9fd953c6)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveInStop : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000b000 (jmp 0xffffffff9fd95412)
[IAT:Inl(Hook.IEAT)] (firefox.exe) WINMM.dll - waveOutPrepareHeader : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000ac50 (jmp 0xffffffff9fdb5d41)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ole32.dll - CoCreateInstance : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000a4d0 (jmp 0xffffffff9a7707c5)
[IAT:Inl(Hook.IEAT)] (firefox.exe) ole32.dll - CoCreateInstanceEx : C:\Windows\SysWOW64\HsSrv.dll @ 0x1000a630 (jmp 0xffffffff9a7708e2)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] d6ce936278f6c81d270231da3cff0341
[BSP] 7a2a3dc3040122d2247ea76acf756947 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Patriot Wildfire ATA Device +++++
--- User ---
[MBR] be293b8871d071d74f51df1ebbd093f1
[BSP] 2304ca54a1dbb77be9e65b606f9d735a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] 7e91472cf6759fbe214f0a7067217200
[BSP] 64884cf4f9b3a48ec6de01dd6cb30ee6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Seagate Desktop USB Device +++++
--- User ---
[MBR] ef6903c55d6d1c4188001ca82313cb50
[BSP] 6e4264fe1fa5e03f4924ed0d60f5d268 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_03212015_220721.log - RKreport_DEL_03212015_221208.log - RKreport_DEL_03222015_010834.log - RKreport_DEL_03222015_010841.log
RKreport_DEL_03222015_010849.log - RKreport_DEL_03222015_054118.log - RKreport_SCN_03212015_220237.log - RKreport_SCN_03212015_220936.log
RKreport_SCN_03212015_221342.log - RKreport_SCN_03212015_232328.log - RKreport_SCN_03212015_235851.log - RKreport_SCN_03222015_004736.log
RKreport_SCN_03222015_011037.log - RKreport_SCN_03222015_043914.log - RKreport_SCN_03222015_053817.log - RKreport_SCN_03222015_055848.log

Curson · « **Reply #3 on:** March 23, 2015, 03:49:09 PM »

Hi Edward,

HsSrv.dll was not blocked by RogueKiller.
This DLL is part of Asus Audio driver. It seems to have issue which can sometimes crash any game that supports EAX.

I advise you to update the Asus Audio driver, maybe it could solve the issue.
Similarly, disabling Asus "GX mode" (which emulates EAX) seems to help.

Regards.

pivotel · « **Reply #4 on:** March 23, 2015, 03:58:25 PM »

Thanks for your time, you're a saint.

Curson · « **Reply #5 on:** March 25, 2015, 08:05:02 PM »

Hi Edward,

You are very welcome.

Regards.

Author Topic: Assistance Requested (Read 8306 times)

pivotel

Assistance Requested

Curson

Re: Assistance Requested

pivotel

Re: Assistance Requested

Curson

Re: Assistance Requested

pivotel

Re: Assistance Requested

Curson

Re: Assistance Requested