Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST.exe problem!


  • Please log in to reply
13 replies to this topic

#1 Stormrage

Stormrage

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 05 January 2016 - 03:46 PM

Hi, guys. I have a problem with the svchost.exe. Every time when i start up the system this file take a amount of space... something like +2GB of RAM and 25% of CPU usage. What's wrong am i infected and how to fix that? I try scans with Eset Smart Securyti, Malwarbytes, SuperAntispiware and nothning found...

 

YmYqEhy.png?1

Windows 7 64bit


Edited by Stormrage, 05 January 2016 - 04:25 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 PM

Posted 05 January 2016 - 04:52 PM

Welcome aboard p22002758.gif

 

It looks like Windows automatic updates is causing it.

See here: https://blogs.technet.microsoft.com/asiasupp/2007/05/29/automatic-update-causes-svchost-exe-high-cpu/


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Stormrage

Stormrage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 06 January 2016 - 11:48 AM

The updates on my pc had always been turned off. Today i try to turn them on... but i see this error code 80244019... little search with google and >>> http://windows.microsoft.com/bg-bg/windows-vista/windows-update-error-80070422-80244019-or-8ddd0018 ... So maybe i am really infected :(



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 PM

Posted 06 January 2016 - 04:27 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Stormrage

Stormrage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 07 January 2016 - 01:50 PM

Hi, again :) The problem begin to look more and more strange. First i try to use "Security Check" but the program freeze on "Computer Health check" i wait more than 20 minutes and nothing happen. The same story with the second program FSS. So i create new User and try the programs there. They work properly this time. I notice that in the new user the svchost.exe again take space of 2 GB RAM...after ~30minutes the system start to freezing for 5-10 seconds... i try to restart but the system freeze on log off window... So i restart with the button on the computer. After restart and log again i instantly open the Task Manager and kill the Svchost.exe when i see it to take a lot of ram space.... But after ~10minutes the svchost.exe again appear so i repeat the kill maybe 4-5 times. After that the svchost finally begin to "act", normally ofcourse to the next restart. So now i finally success to make all the tests.... and there are the results:

checkup.txt (System Check)


Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Smart Security 9.0.349.14
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 60
Adobe Flash Player 20.0.0.267
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


FSS.txt Farbar Service Scanner


Farbar Service Scanner Version: 03-01-2016
Ran by Administrator (administrator) on 07-01-2016 at 18:34:23
Running from "F:\Virusi"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



MBT.exe Minitoolbox log

MiniToolBox by Farbar Version: 02-11-2015
Ran by Administrator (administrator) on 07-01-2016 at 18:49:28
Running from "F:\Virusi"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Stormrage-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ASUS

Ethernet adapter Tunngle:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
Physical Address. . . . . . . . . : 00-FF-5F-4C-0E-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ASUS
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 90-E6-BA-BD-59-3A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::413f:924b:734d:32a9%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.161(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 07 2016 . 18:24:36 .
Lease Expires . . . . . . . . . . : 08 2016 . 02:24:36 .
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 244377274
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B9-F8-2F-90-E6-BA-BD-59-3A
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-F4-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::388f:f885:7798:ae82%18(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 453509159
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B9-F8-2F-90-E6-BA-BD-59-3A
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.ASUS:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 8.8.8.8

Name: google.com
Addresses: 2a00:1450:4017:802::200e
93.123.23.31
93.123.23.53
93.123.23.59
93.123.23.24
93.123.23.39
93.123.23.52
93.123.23.38
93.123.23.18
93.123.23.45
93.123.23.46
93.123.23.25
93.123.23.32


Pinging google.com [93.123.23.38] with 32 bytes of data:
Reply from 93.123.23.38: bytes=32 time=3ms TTL=60
Reply from 93.123.23.38: bytes=32 time=4ms TTL=60

Ping statistics for 93.123.23.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 8.8.8.8

Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
2001:4998:44:204::a7
206.190.36.45
98.139.183.24
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Request timed out.
Reply from 98.139.183.24: bytes=32 time=146ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 146ms, Maximum = 146ms, Average = 146ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 ff 5f 4c 0e 03 ......TAP-Win32 Adapter V9 (Tunngle)
11...90 e6 ba bd 59 3a ......Realtek PCIe GBE Family Controller
18...08 00 27 00 f4 01 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.161 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.1.161 296
169.254.255.255 255.255.255.255 On-link 192.168.1.161 276
192.168.1.0 255.255.255.0 On-link 192.168.1.161 276
192.168.1.161 255.255.255.255 On-link 192.168.1.161 276
192.168.1.255 255.255.255.255 On-link 192.168.1.161 276
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.161 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.161 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
18 276 fe80::/64 On-link
11 276 fe80::/64 On-link
18 276 fe80::388f:f885:7798:ae82/128
On-link
11 276 fe80::413f:924b:734d:32a9/128
On-link
1 306 ff00::/8 On-link
18 276 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/07/2016 06:26:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2016 06:16:11 PM) (Source: Application Hang) (User: )
Description: The program FSS.exe version 3.1.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17b4

Start Time: 01d149667b6d41c3

Termination Time: 4

Application Path: F:\Virusi\FSS.exe

Report Id: f5ec358a-b559-11e5-a925-90e6babd593a

Error: (01/07/2016 06:14:14 PM) (Source: Application Hang) (User: )
Description: The program FSS.exe version 3.1.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1cd8

Start Time: 01d14965a1b7053e

Termination Time: 7

Application Path: F:\Virusi\FSS.exe

Report Id: aecdc104-b559-11e5-a925-90e6babd593a

Error: (01/07/2016 04:56:28 PM) (Source: Application Hang) (User: )
Description: The program ProgDvbNet.exe version 7.7.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1970

Start Time: 01d1495b4fe8fd0a

Termination Time: 60000

Application Path: R:\ProgDVB\ProgDvbNet.exe

Report Id: a62ad44a-b54e-11e5-a925-90e6babd593a

Error: (01/07/2016 03:59:12 PM) (Source: Application Hang) (User: )
Description: The program procexp64.exe version 16.10.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d0

Start Time: 01d1495366ba1a6c

Termination Time: 16

Application Path: C:\Users\STORMR~1\AppData\Local\Temp\procexp64.exe

Report Id: d3763ed1-b546-11e5-a925-90e6babd593a

Error: (01/07/2016 03:47:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 11:35:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 11:35:08 PM) (Source: Application Hang) (User: )
Description: The program PROCEXP64.exe version 16.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f58

Start Time: 01d148ca05ad7803

Termination Time: 8

Application Path: C:\Users\STORMR~1\AppData\Local\Temp\PROCEXP64.exe

Report Id: 59503090-b4bd-11e5-b3ae-90e6babd593a

Error: (01/06/2016 11:31:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 11:17:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/07/2016 06:27:18 PM) (Source: Service Control Manager) (User: )
Description: The Услуга на Google Актуализация (gupdate) service failed to start due to the following error:
%%2

Error: (01/07/2016 06:25:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RAMDiskVE

Error: (01/07/2016 06:24:11 PM) (Source: RAMDiskVE) (User: )
Description: Message: RAMDisk cannot load the image file.

Error: (01/07/2016 06:24:11 PM) (Source: RAMDiskVE) (User: )
Description: Message: Incorrect image file size. The image file may be corrupted.

Error: (01/07/2016 06:18:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (01/07/2016 05:30:24 PM) (Source: Service Control Manager) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/07/2016 05:28:47 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/07/2016 05:19:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/07/2016 03:59:10 PM) (Source: DCOM) (User: )
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/07/2016 03:49:05 PM) (Source: Service Control Manager) (User: )
Description: The Услуга на Google Актуализация (gupdate) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/07/2016 06:26:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2016 06:16:11 PM) (Source: Application Hang)(User: )
Description: FSS.exe3.1.2016.017b401d149667b6d41c34F:\Virusi\FSS.exef5ec358a-b559-11e5-a925-90e6babd593a

Error: (01/07/2016 06:14:14 PM) (Source: Application Hang)(User: )
Description: FSS.exe3.1.2016.01cd801d14965a1b7053e7F:\Virusi\FSS.exeaecdc104-b559-11e5-a925-90e6babd593a

Error: (01/07/2016 04:56:28 PM) (Source: Application Hang)(User: )
Description: ProgDvbNet.exe7.7.8.0197001d1495b4fe8fd0a60000R:\ProgDVB\ProgDvbNet.exea62ad44a-b54e-11e5-a925-90e6babd593a

Error: (01/07/2016 03:59:12 PM) (Source: Application Hang)(User: )
Description: procexp64.exe16.10.0.015d001d1495366ba1a6c16C:\Users\STORMR~1\AppData\Local\Temp\procexp64.exed3763ed1-b546-11e5-a925-90e6babd593a

Error: (01/07/2016 03:47:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 11:35:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 11:35:08 PM) (Source: Application Hang)(User: )
Description: PROCEXP64.exe16.5.0.0f5801d148ca05ad78038C:\Users\STORMR~1\AppData\Local\Temp\PROCEXP64.exe59503090-b4bd-11e5-b3ae-90e6babd593a

Error: (01/06/2016 11:31:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2016 11:17:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2014-09-29 14:05:48.263
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 14:05:48.133
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 14:04:22.843
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 14:04:22.733
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 14:00:59.880
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 14:00:59.755
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 13:59:02.661
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 13:59:02.548
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 13:56:38.366
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-29 13:56:38.257
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\IT9135BDA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Photo Editor 6 (HKLM-x32\...\ACDSee Photo Editor 6) (Version: 6.0.313 - ACD Systems of America Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
AirDroid 0.2.5.6 (HKLM-x32\...\AirDroid) (Version: 0.2.5.6 - Sand Studio)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtCine NFO Creator 2.0 (HKLM-x32\...\{6D32EF61-A56A-4675-8ABC-A5D2409CF49A}) (Version: 1.0.0 - Nova Vizija)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.17.5012 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{CA64F713-4AA8-47EB-AAA8-C215A425AAF1}) (Version: 0.9.17.5012 - BlueStack Systems, Inc.)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Bulk Image Downloader v4.91.0.0 (HKLM-x32\...\Bulk Image Downloader_is1) (Version: - Antibody Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
CrystalDiskMark 3.0.3b (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Download Master version 6.6.2.1485 (HKLM-x32\...\Download Master_is1) (Version: 6.6.2.1485 - WestByte)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.5 - IObit)
Dxtory version 2.0.128 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.128 - ExKode Co. Ltd.)
EA SPORTS FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
EaseUS Partition Recovery 8.5 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version: - EaseUS)
Eassos Recovery V3.9.1 (HKLM\...\{97B648DA-2BBF-47EE-864E-EF029C23A425}_is1) (Version: - Eassos Co., Ltd.)
ESET Smart Security (HKLM\...\{B6959178-1260-43B4-9520-AE3899D1E005}) (Version: 9.0.349.14 - ESET, spol. s r.o.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Fences (HKLM\...\{10CD364B-FFCC-48BE-B469-B9622A033075}) (Version: 1.0 - Stardock Corporation) Hidden
Fences (HKLM-x32\...\Fences) (Version: - Stardock Corporation)
FIFA 15 Ultimate Team Edition version 1.0 (HKLM-x32\...\{32C4CF13-4052-488F-90B0-C5A15C5E2E0E}_is1) (Version: 1.0 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Game Assistant (HKLM-x32\...\GameAssistant_is1) (Version: 1.0 - VTools)
Game of Thrones (HKLM-x32\...\Game of Thrones_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.13 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V version 1.0 (HKLM-x32\...\{5FC16D0F-F7DF-423E-875B-9B1A0BC4B051}_is1) (Version: 1.0 - Rockstar Games)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
InstallForge (HKLM-x32\...\InstallForge) (Version: 1.2.9.1 - solicus)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
IT9130 Driver v11.10.19.1 (HKLM-x32\...\IT9130 DriverInstaller_11.10.19.1) (Version: - )
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
K-Lite Mega Codec Pack 10.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.5 - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
MakeMKV v1.9.0 (HKLM-x32\...\MakeMKV) (Version: v1.9.0 - GuinpinSoft inc)
Malwarebytes Anti-Malware, версия 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MKVToolNix 7.9.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.9.0 - Moritz Bunkus)
Movavi Video Editor 10 (HKLM-x32\...\Movavi Video Editor 10) (Version: 10.2.0 - Movavi)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.0.5849 - Mozilla)
myFFmpeg version 1.6.1 (HKLM-x32\...\{C6131E30-4C35-4225-A264-6B3216DADF54}_is1) (Version: 1.6.1 - OSBytes)
Nepflex Screen Recorder (HKLM-x32\...\Nepflex Screen Recorder_is1) (Version: 1.4 - Nepflex)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Nexus Root Toolkit (HKLM-x32\...\Nexus Root Toolkit) (Version: 2.1.0 - WugFresh)
Nightly 46.0a1 (x64 en-US) (HKLM\...\Nightly 46.0a1 (x64 en-US)) (Version: 46.0a1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{B4760EA0-17DF-4F24-89ED-97DDD2DB57A2}) (Version: 0.9.1211 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
ProgDVB (HKLM-x32\...\ProgDVB) (Version: 7.x - Prog)
ProgDVB x64 (HKLM\...\ProgDVB) (Version: 7.x - Prog)
qBittorrent 3.3.1 (HKLM-x32\...\qBittorrent) (Version: 3.3.1 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAMDisk (HKLM-x32\...\{0FEB4B92-FA19-4417-B7A2-092D1F85A2FA}) (Version: 4.4.0.32 - Dataram, Inc.)
Registry Trash Keys Finder (Freeware) (HKLM-x32\...\Registry Trash Keys Finder) (Version: 3.9.3.0 - SNC)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
Smart Cutter (HKLM-x32\...\{69431000-EF3D-4491-AD09-35E02E1963A6}) (Version: 1.9.3 - FameRing)
Smart Install Maker 5.04 (HKLM-x32\...\Smart Install Maker 5.04) (Version: 5.04 - InstallBuilders)
SopCast 3.9.3 (HKLM-x32\...\SopCast) (Version: 3.9.3 - www.sopcast.com)
StreamTransport version: 1.1.6.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
SymMover (HKLM-x32\...\SymMover) (Version: - )
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
Tales from the Borderlands (HKLM-x32\...\Tales from the Borderlands_is1) (Version: - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Walking Dead - Episode 1 1.00 (HKLM-x32\...\The Walking Dead - Episode 1 1.00) (Version: - )
The Walking Dead - Season 1 (HKLM-x32\...\1432207977_is1) (Version: 2.0.0.1 - GOG.com)
TreeSize Professional V5.5.2 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.5.2 - JAM Software)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
UberIcon 1.0.4 (HKLM-x32\...\UberIcon_is1) (Version: - Punk Software)
Unified Remote (HKLM-x32\...\{71A521AE-CCAE-43B0-8439-369AC1615B34}) (Version: 2.14.3.0 - Unified Remote)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
USB Network Driver (HKLM-x32\...\{66ED8E01-C915-41F5-B33E-C5C31F27B885}) (Version: V3.70a - )
Valiant Hearts: The Great War (HKLM-x32\...\VmFsaWFudEhlYXJ0c1RoZUdyZWF0V2Fy_is1) (Version: 1 - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VIA п»ї (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Пакет за съвместимост за системата Office 2007 (HKLM-x32\...\{90120000-0020-0402-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Професионално издание на Google Earth (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

========================= Devices: ================================

Name: RAMDiskVE
Description: RAMDiskVE
Class Guid: {d617fec5-776c-4856-aa34-65d4603f2b2c}
Manufacturer: Dataram, Inc.
Service: RAMDiskVE
Device ID: ROOT\DATARAM_RAMDISK_DEVICES\0000
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 10238.18 MB
Available physical RAM: 4457.11 MB
Total Virtual: 20474.54 MB
Available Virtual: 14228.58 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:48.83 GB) (Free:3.25 GB) NTFS
2 Drive d: () (Fixed) (Total:172.96 GB) (Free:13.13 GB) NTFS
3 Drive e: () (Fixed) (Total:22.35 GB) (Free:2.04 GB) NTFS
4 Drive f: () (Fixed) (Total:221.62 GB) (Free:0.21 GB) NTFS

========================= Users: ========================================

User accounts for \\STORMRAGE-PC

Administrator Guest Stormrage

========================= Restore Points ==================================


**** End of log ****



MBAM LOG

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7.1.2016 г.
Scan Time: 18:52 ч.
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.07.04
Rootkit Database: v2016.01.05.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403528
Time Elapsed: 26 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



MBAM Rootkit LOG


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7.1.2016 г.
Scan Time: 18:52 ч.
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.07.04
Rootkit Database: v2016.01.05.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403528
Time Elapsed: 26 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



Rkill LOG

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/07/2016 08:15:21 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\ADMINI~1\AppData\Local\Temp\procexp64.exe (PID: 1552) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Update (wuauserv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/07/2016 08:15:55 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)






#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 PM

Posted 07 January 2016 - 06:02 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Stormrage

Stormrage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 08 January 2016 - 06:03 PM

It seems that Windows Update function now work fine... But the svchost problem still exist :( also the system after 1-2 hours of work start to be very unstable i can't even start the programs everything freezing to the next restart of the system... Now i turn on updates and waititng to be applied...


Logs

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x64
Ran by Stormrage (Administrator) on ЇҐв 08.01.2016 Ј. at 17:54:53,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Stormrage\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\sws9ux9n.default-1449915920718\extensions\staged (Folder)
Successfully deleted: C:\Users\Stormrage\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scan (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Stormrage) (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Update (Task)
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9961627E-4059-41B4-8E0E-A7D6B3854ADF} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ЇҐв 08.01.2016 Ј. at 17:57:37,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Ultimate x64
Ran by Stormrage (Administrator) on ЇҐв 08.01.2016 Ј. at 17:54:53,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.028 - Logfile created 08/01/2016 at 17:41:15
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Stormrage - STORMRAGE-PC
# Running from : F:\Virusi\Part 2\adwcleaner_5.028.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[!] Folder Not Deleted : C:\_acestream_cache_
[#] Folder Deleted : C:\ProgramData\mntemp
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9aixnlj0.default\StumbleUpon
[-] Folder Deleted : C:\Users\Stormrage\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Stormrage\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio
[-] Folder Deleted : C:\Users\Stormrage\AppData\LocalLow\.acestream
[-] Folder Deleted : C:\Users\Stormrage\AppData\Roaming\acestream
[-] Folder Deleted : C:\Users\Stormrage\AppData\Roaming\.acestream
[-] Folder Deleted : C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\StumbleUpon
[-] Folder Deleted : C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\lzvuy6r2.dev-edition-default\StumbleUpon

***** [ Files ] *****

[-] File Deleted : C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\SOFTWARE\Clients\Media\AceStream
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
[-] Key Deleted : HKCU\SOFTWARE\Classes\.acelive
[-] Key Deleted : HKCU\SOFTWARE\Classes\.acemedia
[-] Key Deleted : HKCU\SOFTWARE\Classes\.acestream
[-] Key Deleted : HKCU\SOFTWARE\Classes\.tslive
[-] Key Deleted : HKCU\SOFTWARE\Classes\acestream
[-] Key Deleted : HKCU\SOFTWARE\Classes\AceStream.file
[-] Key Deleted : HKCU\SOFTWARE\Classes\Applications\ace_player.exe
[-] Key Deleted : HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
[-] Key Deleted : HKCU\Software\Classes\ACEStream.CDAudio
[-] Key Deleted : HKCU\Software\Classes\ACEStream.DVDMovie
[-] Key Deleted : HKCU\Software\Classes\ACEStream.OPENFolder
[-] Key Deleted : HKCU\Software\Classes\ACEStream.SVCDMovie
[-] Key Deleted : HKCU\Software\Classes\ACEStream.VCDMovie
[-] Key Deleted : HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
[-] Key Deleted : HKCU\Software\Classes\DVD\shell\PlayWithACEStream
[-] Key Deleted : HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\AceStream
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegWorks.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSITx64.exe

***** [ Web browsers ] *****

[-] [C:\Users\Stormrage\AppData\Roaming\Mozilla\Firefox\Profiles\hnvqfjz1.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Stormrage\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Stormrage\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Stormrage\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences] [Extension] Deleted : kpckgflgdapkpabemgkielbefdildaio

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5788 bytes] ##########
 

 

2016-01-08 16:01:28.189    Sophos Virus Removal Tool version 2.5.5
2016-01-08 16:01:28.189    Copyright © 2009-2014 Sophos Limited. All rights reserved.

2016-01-08 16:01:28.189    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-01-08 16:01:28.189    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-01-08 16:01:28.190    Checking for updates...
2016-01-08 16:01:30.793    Update progress: proxy server not available
2016-01-08 16:01:40.689    Option all = no
2016-01-08 16:01:40.690    Option recurse = yes
2016-01-08 16:01:40.690    Option archive = no
2016-01-08 16:01:40.690    Option service = yes
2016-01-08 16:01:40.690    Option confirm = yes
2016-01-08 16:01:40.690    Option sxl = yes
2016-01-08 16:01:40.692    Option max-data-age = 35
2016-01-08 16:01:40.692    Option EnableSafeClean = yes
2016-01-08 16:01:42.226    Option vdl-logging = yes
2016-01-08 16:01:42.231    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-01-08 16:01:42.231    Machine ID:    52c813b18ccf4f62a661c04c9b60ca03
2016-01-08 16:01:42.232    Component SVRTcli.exe version 2.5.5
2016-01-08 16:01:42.232    Component control.dll version 2.5.5
2016-01-08 16:01:42.232    Component SVRTservice.exe version 2.5.5
2016-01-08 16:01:42.233    Component engine\osdp.dll version 1.44.1.2230
2016-01-08 16:01:42.233    Component engine\veex.dll version 3.63.0.2230
2016-01-08 16:01:42.233    Component engine\savi.dll version 9.0.0.2230
2016-01-08 16:01:42.234    Component rkdisk.dll version 1.5.30.0
2016-01-08 16:01:42.234    Version info:    Product version    2.5.5
2016-01-08 16:01:42.234    Version info:    Detection engine    3.63.0
2016-01-08 16:01:42.234    Version info:    Detection data    5.22
2016-01-08 16:01:42.234    Version info:    Build date    8.12.2015 г.
2016-01-08 16:01:42.234    Version info:    Data files added    264
2016-01-08 16:01:42.234    Version info:    Last successful update    (not yet updated)
2016-01-08 16:02:14.440    Downloading updates...
2016-01-08 16:02:14.442    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-01-08 16:02:14.442    Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-01-08 16:02:14.442    Update progress: [I49502] Found supplement IDE523 LATEST
2016-01-08 16:02:14.442    Update progress: [I49502] Found supplement IDE524 LATEST
2016-01-08 16:02:14.442    Update progress: [I49502] Found supplement IDE525 LATEST
2016-01-08 16:02:14.442    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-01-08 16:02:14.442    Update progress: [I19463] Syncing product SAVIW32 63
2016-01-08 16:02:15.033    Update progress: [I19463] Syncing product IDE523 121
2016-01-08 16:02:15.564    Installing updates...
2016-01-08 16:02:16.366    Error level 1
2016-01-08 16:02:16.400    Update progress: [I19463] Syncing product IDE524 131
2016-01-08 16:02:16.400    Update progress: [I19463] Syncing product IDE525 15
2016-01-08 16:02:28.811    Update successful
2016-01-08 16:02:47.237    Option all = no
2016-01-08 16:02:47.237    Option recurse = yes
2016-01-08 16:02:47.237    Option archive = no
2016-01-08 16:02:47.237    Option service = yes
2016-01-08 16:02:47.237    Option confirm = yes
2016-01-08 16:02:47.237    Option sxl = yes
2016-01-08 16:02:47.239    Option max-data-age = 35
2016-01-08 16:02:47.239    Option EnableSafeClean = yes
2016-01-08 16:02:47.325    Option vdl-logging = yes
2016-01-08 16:02:47.328    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-01-08 16:02:47.328    Machine ID:    52c813b18ccf4f62a661c04c9b60ca03
2016-01-08 16:02:47.329    Component SVRTcli.exe version 2.5.5
2016-01-08 16:02:47.329    Component control.dll version 2.5.5
2016-01-08 16:02:47.330    Component SVRTservice.exe version 2.5.5
2016-01-08 16:02:47.330    Component engine\osdp.dll version 1.44.1.2230
2016-01-08 16:02:47.330    Component engine\veex.dll version 3.63.0.2230
2016-01-08 16:02:47.330    Component engine\savi.dll version 9.0.0.2230
2016-01-08 16:02:47.331    Component rkdisk.dll version 1.5.30.0
2016-01-08 16:02:47.331    Version info:    Product version    2.5.5
2016-01-08 16:02:47.331    Version info:    Detection engine    3.63.0
2016-01-08 16:02:47.331    Version info:    Detection data    5.22
2016-01-08 16:02:47.331    Version info:    Build date    8.12.2015 г.
2016-01-08 16:02:47.331    Version info:    Data files added    264
2016-01-08 16:02:47.331    Version info:    Last successful update    8.1.2016 г. 18:02:28 ч.

2016-01-08 17:07:52.754    Could not open C:\Boot\BCD
2016-01-08 17:08:42.371    Could not open C:\pagefile.sys
2016-01-08 17:51:09.391    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-01-08 17:51:09.946    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-01-08 17:51:29.302    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-01-08 17:51:29.323    Could not open C:\Windows\System32\config\RegBack\SAM
2016-01-08 17:51:29.350    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-01-08 17:51:29.407    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-01-08 17:51:29.456    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-01-08 21:43:18.847    >>> Virus 'Mal/TDSSPack-AH' found in file F:\Downloads\ACDSee.Photo.Editor.v6.0.313.Incl.Keymaker-CORE\keygen.exe
2016-01-08 21:43:18.867    >>> Virus 'Mal/TDSSPack-AH' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:43:18.868    >>> Virus 'Mal/TDSSPack-AH' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:44:18.251    >>> Virus 'Mal/VMProtBad-A' found in file F:\Downloads\Assassin's Creed IV Black Flag Gold Edition-CRACK ONLY\UPlay_R1_Loader.dll
2016-01-08 21:44:18.253    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:44:18.255    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:46:15.744    >>> Virus 'Mal/VMProtBad-A' found in file F:\Downloads\Crack\steam_api.dll
2016-01-08 21:46:15.746    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:46:15.748    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:53:33.500    >>> Virus 'Mal/VMProtBad-A' found in file F:\Downloads\IsoBuster Pro 3.1 Build 3.1.0.0 Final\Keygen\Keygen.exe
2016-01-08 21:53:33.501    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:53:33.501    >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:54:55.267    >>> Virus 'Mal/Chifrax-A' found in file F:\Downloads\LIMBO1\LIMBO.v1.0r4.multi9.cracked-THETA\LIMBO.exe
2016-01-08 21:54:55.268    >>> Virus 'Mal/Chifrax-A' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 21:54:55.268    >>> Virus 'Mal/Chifrax-A' found in file HKU\S-1-5-21-215365994-4116708778-355400220-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
2016-01-08 22:21:47.067    Could not check F:\e51\Card\sys\bin\20012FA7.dll (format not supported)
2016-01-08 22:21:47.095    Could not check F:\e51\Card\sys\bin\2002665E.dll (format not supported)
2016-01-08 22:21:47.116    Could not check F:\e51\Card\sys\bin\2002665F.dll (format not supported)
2016-01-08 22:21:47.132    Could not check F:\e51\Card\sys\bin\20026660.DLL (format not supported)
2016-01-08 22:21:47.153    Could not check F:\e51\Card\sys\bin\20026662.DLL (format not supported)
2016-01-08 22:21:47.159    Could not check F:\e51\Card\sys\bin\20026663.dll (format not supported)
2016-01-08 22:21:47.176    Could not check F:\e51\Card\sys\bin\20026664.dll (format not supported)
2016-01-08 22:21:47.193    Could not check F:\e51\Card\sys\bin\20026665.DLL (format not supported)
2016-01-08 22:21:47.219    Could not check F:\e51\Card\sys\bin\ActiveFile.exe (format not supported)
2016-01-08 22:21:47.244    Could not check F:\e51\Card\sys\bin\AirfightHeroes_0x20025B8A.exe (format not supported)
2016-01-08 22:21:47.265    Could not check F:\e51\Card\sys\bin\anrufen31_a000af5f.exe (format not supported)
2016-01-08 22:21:47.282    Could not check F:\e51\Card\sys\bin\AppKiller.exe (format not supported)
2016-01-08 22:21:47.298    Could not check F:\e51\Card\sys\bin\AT_AAC_DecDll_2001FFA4.dll (format not supported)
2016-01-08 22:21:47.313    Could not check F:\e51\Card\sys\bin\AT_H264BpDecDll_2001FFA4.dll (format not supported)
2016-01-08 22:21:47.355    Could not check F:\e51\Card\sys\bin\backend.dll (format not supported)
2016-01-08 22:21:47.380    Could not check F:\e51\Card\sys\bin\bambuser_2001E4A8.exe (format not supported)
2016-01-08 22:21:47.399    Could not check F:\e51\Card\sys\bin\Batch_Uninstall_0x20028142.exe (format not supported)
2016-01-08 22:21:47.421    Could not check F:\e51\Card\sys\bin\BIG5.DLL (format not supported)
2016-01-08 22:21:47.439    Could not check F:\e51\Card\sys\bin\bobba.exe (format not supported)
2016-01-08 22:21:47.453    Could not check F:\e51\Card\sys\bin\bobbaEngine.dll (format not supported)
2016-01-08 22:21:47.466    Could not check F:\e51\Card\sys\bin\bobbaGraphics.dll (format not supported)
2016-01-08 22:21:47.483    Could not check F:\e51\Card\sys\bin\bobbaNetwork.dll (format not supported)
2016-01-08 22:21:47.506    Could not check F:\e51\Card\sys\bin\bobbaUI.dll (format not supported)
2016-01-08 22:21:47.521    Could not check F:\e51\Card\sys\bin\bobbaUtils.dll (format not supported)
2016-01-08 22:21:47.532    Could not check F:\e51\Card\sys\bin\BPCL_0x2001AC24.exe (format not supported)
2016-01-08 22:21:47.549    Could not check F:\e51\Card\sys\bin\BPC_0x2001AC23.exe (format not supported)
2016-01-08 22:21:47.559    Could not check F:\e51\Card\sys\bin\BTSend_A0000F61.dll (format not supported)
2016-01-08 22:21:47.572    Could not check F:\e51\Card\sys\bin\Bubbles_A000B313.exe (format not supported)
2016-01-08 22:21:47.597    Could not check F:\e51\Card\sys\bin\Bubblies_lnk.DLL (format not supported)
2016-01-08 22:21:47.672    Could not check F:\e51\Card\sys\bin\CorePlayer_20012FA6.exe (format not supported)
2016-01-08 22:21:47.696    Could not check F:\e51\Card\sys\bin\Daemon2.exe (format not supported)
2016-01-08 22:21:47.717    Could not check F:\e51\Card\sys\bin\DailyMotionPlugin_0xA0001877.dll (format not supported)
2016-01-08 22:21:47.746    Could not check F:\e51\Card\sys\bin\DocsLauncher.exe (format not supported)
2016-01-08 22:21:47.763    Could not check F:\e51\Card\sys\bin\DRMCommonConnector.dll (format not supported)
2016-01-08 22:21:47.779    Could not check F:\e51\Card\sys\bin\DRMCommonDlgs.dll (format not supported)
2016-01-08 22:21:47.793    Could not check F:\e51\Card\sys\bin\DRMCommonDmAdapter.dll (format not supported)
2016-01-08 22:21:47.809    Could not check F:\e51\Card\sys\bin\DRMCommonLicSrv.exe (format not supported)
2016-01-08 22:21:47.819    Could not check F:\e51\Card\sys\bin\DRMCommonProcessor.exe (format not supported)
2016-01-08 22:21:47.834    Could not check F:\e51\Card\sys\bin\DRMCommonRecognizer.dll (format not supported)
2016-01-08 22:21:47.850    Could not check F:\e51\Card\sys\bin\DRMCommonSecurity.dll (format not supported)
2016-01-08 22:21:47.865    Could not check F:\e51\Card\sys\bin\DRMCommonSignerCore.dll (format not supported)
2016-01-08 22:21:47.880    Could not check F:\e51\Card\sys\bin\DRMCS_InstallerDaemon.exe (format not supported)
2016-01-08 22:21:47.898    Could not check F:\e51\Card\sys\bin\DvcBrowser_0x2001FFA4.exe (format not supported)
2016-01-08 22:21:47.909    Could not check F:\e51\Card\sys\bin\epocam_0x2003877C.exe (format not supported)
2016-01-08 22:21:47.926    Could not check F:\e51\Card\sys\bin\ettl3rdparty.dll (format not supported)
2016-01-08 22:21:47.939    Could not check F:\e51\Card\sys\bin\FacebookPlugin_20023712.dll (format not supported)
2016-01-08 22:21:47.949    Could not check F:\e51\Card\sys\bin\FBInstaller_20024687.exe (format not supported)
2016-01-08 22:21:47.976    Could not check F:\e51\Card\sys\bin\flashengine_dp.dll (format not supported)
2016-01-08 22:21:47.992    Could not check F:\e51\Card\sys\bin\flashmem_dp.dll (format not supported)
2016-01-08 22:21:48.004    Could not check F:\e51\Card\sys\bin\flashsnddec_dp.dll (format not supported)
2016-01-08 22:21:48.019    Could not check F:\e51\Card\sys\bin\flashui_dp.dll (format not supported)
2016-01-08 22:21:48.041    Could not check F:\e51\Card\sys\bin\flash_dp.dll (format not supported)
2016-01-08 22:21:48.059    Could not check F:\e51\Card\sys\bin\FreeFSWPClient.exe (format not supported)
2016-01-08 22:21:48.084    Could not check F:\e51\Card\sys\bin\FreeFSWPServer.exe (format not supported)
2016-01-08 22:21:48.107    Could not check F:\e51\Card\sys\bin\FunFlash_0x20022847.exe (format not supported)
2016-01-08 22:21:48.114    Could not check F:\e51\Card\sys\bin\GB12345.DLL (format not supported)
2016-01-08 22:21:48.129    Could not check F:\e51\Card\sys\bin\GB2312.DLL (format not supported)
2016-01-08 22:21:48.143    Could not check F:\e51\Card\sys\bin\GBK.DLL (format not supported)
2016-01-08 22:21:48.168    Could not check F:\e51\Card\sys\bin\GIPSVoiceEngineDLL_2000B080.dll (format not supported)
2016-01-08 22:21:48.185    Could not check F:\e51\Card\sys\bin\gmm_midlet_uninstaller_2000CEA7.exe (format not supported)
2016-01-08 22:21:48.190    Could not check F:\e51\Card\sys\bin\gmm_recognizer_2000CEA4.dll (format not supported)
2016-01-08 22:21:48.195    Could not check F:\e51\Card\sys\bin\gmm_snapselection_2001F6C8.dll (format not supported)
2016-01-08 22:21:48.198    Could not check F:\e51\Card\sys\bin\GOEngine_A000BBE1.dll (format not supported)
2016-01-08 22:21:48.222    Could not check F:\e51\Card\sys\bin\GoogleMaps_2000CEA3.exe (format not supported)
2016-01-08 22:21:48.224    Could not check F:\e51\Card\sys\bin\googlenav_autostart_2001F6CA.exe (format not supported)
2016-01-08 22:21:48.227    Could not check F:\e51\Card\sys\bin\googlenav_handler_2000CEA6.exe (format not supported)
2016-01-08 22:21:48.245    Could not check F:\e51\Card\sys\bin\HandyShellWeatherPlugin.dll (format not supported)
2016-01-08 22:21:48.264    Could not check F:\e51\Card\sys\bin\HandyWeather.exe (format not supported)
2016-01-08 22:21:48.285    Could not check F:\e51\Card\sys\bin\HZ.DLL (format not supported)
2016-01-08 22:21:48.305    Could not check F:\e51\Card\sys\bin\icsclientside.dll (format not supported)
2016-01-08 22:21:48.330    Could not check F:\e51\Card\sys\bin\icscontacts.dll (format not supported)
2016-01-08 22:21:48.337    Could not check F:\e51\Card\sys\bin\icsengine.exe (format not supported)
2016-01-08 22:21:48.362    Could not check F:\e51\Card\sys\bin\icsisplugin.dll (format not supported)
2016-01-08 22:21:48.374    Could not check F:\e51\Card\sys\bin\icsorientationsensor.dll (format not supported)
2016-01-08 22:21:48.387    Could not check F:\e51\Card\sys\bin\icsutils.dll (format not supported)
2016-01-08 22:21:48.405    Could not check F:\e51\Card\sys\bin\imageexchange.exe (format not supported)
2016-01-08 22:21:48.409    Could not check F:\e51\Card\sys\bin\imexdb.dll (format not supported)
2016-01-08 22:21:48.429    Could not check F:\e51\Card\sys\bin\imexjpeg.dll (format not supported)
2016-01-08 22:21:48.449    Could not check F:\e51\Card\sys\bin\imexmediahandler.dll (format not supported)
2016-01-08 22:21:48.467    Could not check F:\e51\Card\sys\bin\imexserver.exe (format not supported)
2016-01-08 22:21:48.482    Could not check F:\e51\Card\sys\bin\imexserversession.dll (format not supported)
2016-01-08 22:21:48.490    Could not check F:\e51\Card\sys\bin\imexserverstopper.exe (format not supported)
2016-01-08 22:21:48.495    Could not check F:\e51\Card\sys\bin\imexserviceagent.dll (format not supported)
2016-01-08 22:21:48.512    Could not check F:\e51\Card\sys\bin\imexui.dll (format not supported)
2016-01-08 22:21:48.536    Could not check F:\e51\Card\sys\bin\ImiChat.exe (format not supported)
2016-01-08 22:21:48.555    Could not check F:\e51\Card\sys\bin\ImiDaemon.exe (format not supported)
2016-01-08 22:21:48.572    Could not check F:\e51\Card\sys\bin\irLircEngine9.dll (format not supported)
2016-01-08 22:21:48.591    Could not check F:\e51\Card\sys\bin\irRecognizer9.dll (format not supported)
2016-01-08 22:21:48.608    Could not check F:\e51\Card\sys\bin\irRemote9.exe (format not supported)
2016-01-08 22:21:48.627    Could not check F:\e51\Card\sys\bin\islocalizerapp.exe (format not supported)
2016-01-08 22:21:48.646    Could not check F:\e51\Card\sys\bin\jartool_0xabcd0003.exe (format not supported)
2016-01-08 22:21:48.659    Could not check F:\e51\Card\sys\bin\jmsservice.dll (format not supported)
2016-01-08 22:21:48.680    Could not check F:\e51\Card\sys\bin\joikuengine_client_0x20010B5C.dll (format not supported)
2016-01-08 22:21:48.698    Could not check F:\e51\Card\sys\bin\joikuengine_server_0x20010B5B.exe (format not supported)
2016-01-08 22:21:48.705    Could not check F:\e51\Card\sys\bin\joikunatinstall.exe (format not supported)
2016-01-08 22:21:48.722    Could not check F:\e51\Card\sys\bin\joikunatuninstall.exe (format not supported)
2016-01-08 22:21:48.757    Could not check F:\e51\Card\sys\bin\KillMe.exe (format not supported)
2016-01-08 22:21:48.768    Could not check F:\e51\Card\sys\bin\KillMeStarter.exe (format not supported)
2016-01-08 22:21:48.772    Could not check F:\e51\Card\sys\bin\libavaudio_0xA000187D.dll (format not supported)
2016-01-08 22:21:48.792    Could not check F:\e51\Card\sys\bin\libavvideo_0xA000187C.dll (format not supported)
2016-01-08 22:21:48.806    Could not check F:\e51\Card\sys\bin\libc.dll (format not supported)
2016-01-08 22:21:48.816    Could not check F:\e51\Card\sys\bin\libcipcserver.exe (format not supported)
2016-01-08 22:21:48.833    Could not check F:\e51\Card\sys\bin\libdl.dll (format not supported)
2016-01-08 22:21:48.852    Could not check F:\e51\Card\sys\bin\libm.dll (format not supported)
2016-01-08 22:21:48.869    Could not check F:\e51\Card\sys\bin\libpthread.dll (format not supported)
2016-01-08 22:21:48.903    Could not check F:\e51\Card\sys\bin\MessgeList.exe (format not supported)
2016-01-08 22:21:48.917    Could not check F:\e51\Card\sys\bin\MetacafePlugin_0xA0001879.dll (format not supported)
2016-01-08 22:21:48.952    Could not check F:\e51\Card\sys\bin\Mobile110_Cleanertool.dll (format not supported)
2016-01-08 22:21:48.993    Could not check F:\e51\Card\sys\bin\mobireader_20000d45.exe (format not supported)
2016-01-08 22:21:49.010    Could not check F:\e51\Card\sys\bin\mobirecog_20000d45.dll (format not supported)
2016-01-08 22:21:49.024    Could not check F:\e51\Card\sys\bin\MobiTubia.exe (format not supported)
2016-01-08 22:21:49.037    Could not check F:\e51\Card\sys\bin\MsgMirror_200184F5.exe (format not supported)
2016-01-08 22:21:49.054    Could not check F:\e51\Card\sys\bin\MWDRecog.dll (format not supported)
2016-01-08 22:21:49.078    Could not check F:\e51\Card\sys\bin\MWord60.exe (format not supported)
2016-01-08 22:21:49.093    Could not check F:\e51\Card\sys\bin\Need for Speed Undercover.exe (format not supported)
2016-01-08 22:21:49.150    Could not check F:\e51\Card\sys\bin\NotifySmsTimer.exe (format not supported)
2016-01-08 22:21:49.163    Could not check F:\e51\Card\sys\bin\OpenVideohub_0xA0001874.exe (format not supported)
2016-01-08 22:21:49.177    Could not check F:\e51\Card\sys\bin\OperaMobileBetaInstall_20032E68.exe (format not supported)
2016-01-08 22:21:49.189    Could not check F:\e51\Card\sys\bin\OperaMobileBetaModel_20032E64.dll (format not supported)
2016-01-08 22:21:49.202    Could not check F:\e51\Card\sys\bin\OperaMobileBetaSal_20032E65.dll (format not supported)
2016-01-08 22:21:49.222    Could not check F:\e51\Card\sys\bin\OperaMobileBeta_20032E63.exe (format not supported)
2016-01-08 22:21:49.235    Could not check F:\e51\Card\sys\bin\opera_beta_launcher_20032E67.exe (format not supported)
2016-01-08 22:21:49.249    Could not check F:\e51\Card\sys\bin\PhotoBook.exe (format not supported)
2016-01-08 22:21:49.270    Could not check F:\e51\Card\sys\bin\PhotoBool.exe (format not supported)
2016-01-08 22:21:49.289    Could not check F:\e51\Card\sys\bin\PhotoCaller.exe (format not supported)
2016-01-08 22:21:49.332    Could not check F:\e51\Card\sys\bin\positron_0x2002b4fe.exe (format not supported)
2016-01-08 22:21:49.346    Could not check F:\e51\Card\sys\bin\Psiloc_GB2312_SHARED.dll (format not supported)
2016-01-08 22:21:49.386    Could not check F:\e51\Card\sys\bin\Python.exe (format not supported)
2016-01-08 22:21:49.409    Could not check F:\e51\Card\sys\bin\python222.dll (format not supported)
2016-01-08 22:21:49.431    Could not check F:\e51\Card\sys\bin\python_appui.dll (format not supported)
2016-01-08 22:21:49.443    Could not check F:\e51\Card\sys\bin\python_launcher.exe (format not supported)
2016-01-08 22:21:49.463    Could not check F:\e51\Card\sys\bin\pyUninstaller_0xe3852bd1.exe (format not supported)
2016-01-08 22:21:49.492    Could not check F:\e51\Card\sys\bin\QtWebKit.dll (format not supported)
2016-01-08 22:21:49.523    Could not check F:\e51\Card\sys\bin\Quartz2DX_A0004545.exe (format not supported)
2016-01-08 22:21:49.541    Could not check F:\e51\Card\sys\bin\RDAccelerometer.dll (format not supported)
2016-01-08 22:21:49.557    Could not check F:\e51\Card\sys\bin\RecognizerRAR.dll (format not supported)
2016-01-08 22:21:49.573    Could not check F:\e51\Card\sys\bin\Recorder_0x20020305.exe (format not supported)
2016-01-08 22:21:49.593    Could not check F:\e51\Card\sys\bin\registry_certificate_reader_2000CEA8.dll (format not supported)
2016-01-08 22:21:49.610    Could not check F:\e51\Card\sys\bin\RescoViewer_F0200C8E.exe (format not supported)
2016-01-08 22:21:49.635    Could not check F:\e51\Card\sys\bin\RFSymbian.exe (format not supported)
2016-01-08 22:21:49.653    Could not check F:\e51\Card\sys\bin\RingtoneMaker.exe (format not supported)
2016-01-08 22:21:49.668    Could not check F:\e51\Card\sys\bin\saflash_dp.exe (format not supported)
2016-01-08 22:21:49.688    Could not check F:\e51\Card\sys\bin\ScheduledMessageCore_0x20027231.dll (format not supported)
2016-01-08 22:21:49.703    Could not check F:\e51\Card\sys\bin\ScheduledMessageSender_0x2002722F.exe (format not supported)
2016-01-08 22:21:49.751    Could not check F:\e51\Card\sys\bin\ScheduledMessage_0x2002722E.exe (format not supported)
2016-01-08 22:21:49.771    Could not check F:\e51\Card\sys\bin\sdlexe_0x2002a27e.dll (format not supported)
2016-01-08 22:21:49.797    Could not check F:\e51\Card\sys\bin\sdl_0x2002a27e.dll (format not supported)
2016-01-08 22:21:49.811    Could not check F:\e51\Card\sys\bin\signalserver.exe (format not supported)
2016-01-08 22:21:49.822    Could not check F:\e51\Card\sys\bin\skyhost.exe (format not supported)
2016-01-08 22:21:49.838    Could not check F:\e51\Card\sys\bin\SkypeEngine.dll (format not supported)
2016-01-08 22:21:49.853    Could not check F:\e51\Card\sys\bin\SkypeModel.dll (format not supported)
2016-01-08 22:21:49.870    Could not check F:\e51\Card\sys\bin\SkypeOsVariant.dll (format not supported)
2016-01-08 22:21:49.887    Could not check F:\e51\Card\sys\bin\SkypeUI.exe (format not supported)
2016-01-08 22:21:49.912    Could not check F:\e51\Card\sys\bin\Slides.exe (format not supported)
2016-01-08 22:21:49.926    Could not check F:\e51\Card\sys\bin\smscopy_200184F6.exe (format not supported)
2016-01-08 22:21:49.940    Could not check F:\e51\Card\sys\bin\SmsOutTimer123.exe (format not supported)
2016-01-08 22:21:49.958    Could not check F:\e51\Card\sys\bin\SmsSchedulerListener.exe (format not supported)
2016-01-08 22:21:49.973    Could not check F:\e51\Card\sys\bin\SmsSendByTimer.exe (format not supported)
2016-01-08 22:21:49.980    Could not check F:\e51\Card\sys\bin\SmsSendScedule.exe (format not supported)
2016-01-08 22:21:50.000    Could not check F:\e51\Card\sys\bin\SMSTimer_ConFig.exe (format not supported)
2016-01-08 22:21:50.024    Could not check F:\e51\Card\sys\bin\spartak-chess.exe (format not supported)
2016-01-08 22:21:50.048    Could not check F:\e51\Card\sys\bin\SpbPlayer.exe (format not supported)
2016-01-08 22:21:50.106    Could not check F:\e51\Card\sys\bin\Spreadsheet.exe (format not supported)
2016-01-08 22:21:50.126    Could not check F:\e51\Card\sys\bin\Supersms.exe (format not supported)
2016-01-08 22:21:50.147    Could not check F:\e51\Card\sys\bin\ThemeDIY.exe (format not supported)
2016-01-08 22:21:50.159    Could not check F:\e51\Card\sys\bin\ThemeDIYServer.exe (format not supported)
2016-01-08 22:21:50.171    Could not check F:\e51\Card\sys\bin\threadsms.exe (format not supported)
2016-01-08 22:21:50.184    Could not check F:\e51\Card\sys\bin\TimerSetSchedule.exe (format not supported)
2016-01-08 22:21:50.196    Could not check F:\e51\Card\sys\bin\Titanic.exe (format not supported)
2016-01-08 22:21:50.210    Could not check F:\e51\Card\sys\bin\TotalRecall.exe (format not supported)
2016-01-08 22:21:50.234    Could not check F:\e51\Card\sys\bin\TRL.exe (format not supported)
2016-01-08 22:21:50.249    Could not check F:\e51\Card\sys\bin\TTPodSigned.exe (format not supported)
2016-01-08 22:21:50.271    Could not check F:\e51\Card\sys\bin\viddec_on2_dp.dll (format not supported)
2016-01-08 22:21:50.295    Could not check F:\e51\Card\sys\bin\viddec_sorenson_dp.dll (format not supported)
2016-01-08 22:21:50.311    Could not check F:\e51\Card\sys\bin\VncViewer.exe (format not supported)
2016-01-08 22:21:50.336    Could not check F:\e51\Card\sys\bin\VPMobile.exe (format not supported)
2016-01-08 22:21:50.354    Could not check F:\e51\Card\sys\bin\WeatherDownloadClient2.dll (format not supported)
2016-01-08 22:21:50.374    Could not check F:\e51\Card\sys\bin\WeatherDownloadServer.exe (format not supported)
2016-01-08 22:21:50.386    Could not check F:\e51\Card\sys\bin\WeatherDownloadStart.exe (format not supported)
2016-01-08 22:21:50.410    Could not check F:\e51\Card\sys\bin\WeatherEng2.dll (format not supported)
2016-01-08 22:21:50.427    Could not check F:\e51\Card\sys\bin\WeatherScreenSaver.dll (format not supported)
2016-01-08 22:21:50.477    Could not check F:\e51\Card\sys\bin\WICommunityEngine31_A0009226.dll (format not supported)
2016-01-08 22:21:50.498    Could not check F:\e51\Card\sys\bin\WILoginEngine31_A0009225.dll (format not supported)
2016-01-08 22:21:50.517    Could not check F:\e51\Card\sys\bin\WINet31_A0009224.dll (format not supported)
2016-01-08 22:21:50.536    Could not check F:\e51\Card\sys\bin\winRAR.exe (format not supported)
2016-01-08 22:21:50.557    Could not check F:\e51\Card\sys\bin\X-plore.exe (format not supported)
2016-01-08 22:21:50.573    Could not check F:\e51\Card\sys\bin\Xplore.exe (format not supported)
2016-01-08 22:21:50.596    Could not check F:\e51\Card\sys\bin\YApps_E8876008.exe (format not supported)
2016-01-08 22:21:50.620    Could not check F:\e51\Card\sys\bin\YApp_E8876009.exe (format not supported)
2016-01-08 22:21:50.638    Could not check F:\e51\Card\sys\bin\YouTubePlugin_0xA000187B.dll (format not supported)
2016-01-08 22:21:50.655    Could not check F:\e51\Card\sys\bin\YToolsMailFolders.dll (format not supported)
2016-01-08 22:21:50.662    Could not check F:\e51\Card\sys\bin\YToolsTextViewer.dll (format not supported)
2016-01-08 22:21:50.680    Could not check F:\e51\Card\sys\bin\YToolsZipper.dll (format not supported)
2016-01-08 22:21:50.687    Could not check F:\e51\Card\sys\bin\YToolsZipperUI.dll (format not supported)
2016-01-08 22:21:50.704    Could not check F:\e51\Card\sys\bin\YuccaBrowser.exe (format not supported)
2016-01-08 22:40:07.606    The following items will be cleaned up:
2016-01-08 22:40:07.607    Mal/TDSSPack-AH
2016-01-08 22:40:07.607    Mal/VMProtBad-A
2016-01-08 22:40:07.607    Mal/Chifrax-A
 

 

 

 

 

 

 

 



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 PM

Posted 08 January 2016 - 06:07 PM

Did you try my original reply?

 

It looks like Windows automatic updates is causing it.

See here: https://blogs.technet.microsoft.com/asiasupp/2007/05/29/automatic-update-causes-svchost-exe-high-cpu/


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Stormrage

Stormrage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 09 January 2016 - 08:24 AM

Maybe you were right for the Windows Update... But  this page probably is too old 'cause more of the links are dead... I made a deep resarch with google and  found some kind of solution.

this batch script stop that "broken" process and everything work fine without any RAM and CPU over usage. This fix the problem but only to the  next restart of course....

net stop wuauserv
net stop bits
rd /s /q %windir%\softwaredistribution
net start bits
net start wuauserv
wuauclt.exe /detectnow

i also find two windows updates for which some guy claimed that will fix the problem...

Windows6.1-KB3102810-x64
Windows6.1-KB3050265-x64
after installed them the svchost take over 700 MB RAM (to half of the previous) .... but sometimes again take 25% CPU usage and i need to start the bat script which i post above...

I also run Windows Update Truobleshooter but it can't fix one problem and show me this

QeEoVYS.png


Edited by Stormrage, 09 January 2016 - 08:44 AM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 PM

Posted 09 January 2016 - 06:06 PM

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22012121.gif


Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

p22012122.gif


Go to Step 5 and under "System Restore" click on Create button:

p22012123.gif


Go to Repairs tab and click Open Repairs button.

p22012124.gif

In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

p22012126.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Stormrage

Stormrage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 10 January 2016 - 08:35 AM

Tweaking.com - Windows Repair v3.7.4
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: STORMRAGE-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Stormrage
Current Profile SID: S-1-5-21-215365994-4116708778-355400220-1000
Current Profile Classes: S-1-5-21-215365994-4116708778-355400220-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Stormrage\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:30:09

Process Count: 79
Commit Total: 4,71 GB
Commit Limit: 19,99 GB
Commit Peak: 5,66 GB
Handle Count: 23783
Kernel Total: 618,16 MB
Kernel Paged: 493,95 MB
Kernel Non Paged: 124,21 MB
System Cache: 6,22 GB
Thread Count: 990
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 10,00 GB
Memory Used: 3,95 GB(39,5094%)
Memory Avail.: 6,05 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 10,00 GB
Memory Used: 3,43 GB(34,3561%)
Memory Avail.: 6,56 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (10.1.2016 г. 14:33:15)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 65
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (10.1.2016 г. 14:33:17)


Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\hku.7z
Done,  0,23 seconds.


Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\hklm.7z
Done,  2,64 seconds.

   Running Repair Under System Account
   Done (10.1.2016 г. 14:37:57)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (10.1.2016 г. 14:37:57)

   Running Repair Under Current User Account
   Done (10.1.2016 г. 14:49:33)

02 - Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (10.1.2016 г. 14:49:33)


Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\default.7z
Done,  0,16 seconds.


Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\profile.7z
Done,  0,18 seconds.


Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\program_files.7z
Done,  0,19 seconds.


Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\program_files_x86.7z
Done,  0,18 seconds.


Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\programdata.7z
Done,  0,17 seconds.


Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\windows.7z
Done,  2,11 seconds.

   Running Repair Under Current User Account
   Done (10.1.2016 г. 14:55:33)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (10.1.2016 г. 14:55:33)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 14:55:35)

03 - Reset Service Permissions
   Start (10.1.2016 г. 14:55:35)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 14:56:32)

04 - Register System Files
   Start (10.1.2016 г. 14:56:32)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 14:57:32)

05 - Repair WMI
   Start (10.1.2016 г. 14:57:32)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   ESET Smart Security 9.0.349.14 Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   ESET Smart Security 9.0.349.14 Exported.

   Exporting 3rd Party Firewall Info...
   ESET Personal firewall Exported.

   Running Repair Under Current User Account
   Done (10.1.2016 г. 15:01:11)

06 - Repair Windows Firewall
   Start (10.1.2016 г. 15:01:11)

Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,17 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:02:00)

07 - Repair Internet Explorer
   Start (10.1.2016 г. 15:02:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:02:28)

08 - Repair MDAC/MS Jet
   Start (10.1.2016 г. 15:02:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:02:39)

09 - Repair Hosts File
   Start (10.1.2016 г. 15:02:39)
   Running Repair Under System Account
   Done (10.1.2016 г. 15:02:40)

10 - Remove Policies Set By Infections
   Start (10.1.2016 г. 15:02:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:02:42)

11 - Repair Start Menu Icons Removed By Infections
   Start (10.1.2016 г. 15:02:42)
   Running Repair Under System Account
   Done (10.1.2016 г. 15:02:43)

12 - Repair Icons
   Start (10.1.2016 г. 15:02:43)
   Running Repair Under Current User Account
   Done (10.1.2016 г. 15:02:44)

13 - Repair Network
   Start (10.1.2016 г. 15:02:44)

Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,23 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:03:07)

14 - Remove Temp Files
   Start (10.1.2016 г. 15:03:07)
   Running Repair Under System Account
   Done (10.1.2016 г. 15:03:09)

15 - Repair Proxy Settings
   Start (10.1.2016 г. 15:03:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:03:11)

17 - Repair Windows Updates
   Start (10.1.2016 г. 15:03:11)

Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (10.1.2016 г. 15:03:48)

18 - Repair CD/DVD Missing/Not Working
   Start (10.1.2016 г. 15:03:48)
   iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
   Done (10.1.2016 г. 15:03:48)

19 - Repair Volume Shadow Copy Service
   Start (10.1.2016 г. 15:03:48)

Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:13)

20 - Repair Windows Sidebar/Gadgets
   Start (10.1.2016 г. 15:04:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:16)

21 - Repair MSI (Windows Installer)
   Start (10.1.2016 г. 15:04:16)

Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:39)

22 - Repair Windows Snipping Tool
   Start (10.1.2016 г. 15:04:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:42)

23.01 - Repair bat Association
   Start (10.1.2016 г. 15:04:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:44)

23.02 - Repair cmd Association
   Start (10.1.2016 г. 15:04:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:46)

23.03 - Repair com Association
   Start (10.1.2016 г. 15:04:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:49)

23.04 - Repair Directory Association
   Start (10.1.2016 г. 15:04:49)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:51)

23.05 - Repair Drive Association
   Start (10.1.2016 г. 15:04:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:53)

23.06 - Repair exe Association
   Start (10.1.2016 г. 15:04:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:55)

23.07 - Repair Folder Association
   Start (10.1.2016 г. 15:04:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:04:58)

23.08 - Repair inf Association
   Start (10.1.2016 г. 15:04:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:00)

23.09 - Repair lnk (Shortcuts) Association
   Start (10.1.2016 г. 15:05:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:02)

23.10 - Repair msc Association
   Start (10.1.2016 г. 15:05:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:04)

23.11 - Repair reg Association
   Start (10.1.2016 г. 15:05:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:07)

23.12 - Repair scr Association
   Start (10.1.2016 г. 15:05:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:09)

24 - Repair Windows Safe Mode
   Start (10.1.2016 г. 15:05:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:11)

25 - Repair Print Spooler
   Start (10.1.2016 г. 15:05:11)

Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:29)

26 - Restore Important Windows Services
   Start (10.1.2016 г. 15:05:29)

Decompressing & Updating Windows Permission File D:\Downloads\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0,19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:38)

27 - Set Windows Services To Default Startup
   Start (10.1.2016 г. 15:05:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:52)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601

31 - Repair Windows 'New' Submenu
   Start (10.1.2016 г. 15:05:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:55)

32 - Restore UAC (User Account Control) Settings
   Start (10.1.2016 г. 15:05:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10.1.2016 г. 15:05:58)

33 - Repair Performance Counters
   Start (10.1.2016 г. 15:05:58)
   Running Repair Under Current User Account
   Done (10.1.2016 г. 15:06:07)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (10.1.2016 г. 15:06:07)
   Total Repair Time: 00:32:54


...YOU MUST RESTART YOUR SYSTEM...
 



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 PM

Posted 10 January 2016 - 11:59 AM

How are things now?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Stormrage

Stormrage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 10 January 2016 - 12:11 PM

Same :( Think that i have to use windows repair maybe...



#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:45 PM

Posted 10 January 2016 - 12:55 PM

Let's try some more advanced tools...

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users