Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svhost at 1,8Gb ram constant 15% CPU


  • This topic is locked This topic is locked
30 replies to this topic

#1 szymciu

szymciu

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 12 November 2016 - 05:25 AM

Hello,

 

I am trying to deal with my friends' computer and it behaves wierd.

 

At first I noticed transparency turned off in AERO, then gigantic RAM load on svhost with constant 13-15% CPU usage.

In general they complain on performance of the laptop. It'a 2014 high-end one, so everything should work smooth.

 

Ran Combofix, ran FRST. Logs in attachments.

 

Best regards :)

Simon

Attached Files



BC AdBot (Login to Remove)

 


#2 szymciu

szymciu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 16 November 2016 - 06:06 AM

Anyone ? :(



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:18 AM

Posted 16 November 2016 - 10:49 PM

Greetings Simon and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST icon, select Rename, and rename it to FRSTenglish or FRST64english depending on which version you are using. Copy and paste both documents in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 szymciu

szymciu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 17 November 2016 - 02:59 AM

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Kavi (administrator) on KAVI-KOMPUTER (17-11-2016 08:53:14)
Running from D:\Users\Kavi\Downloads
Loaded Profiles: Kavi (Available Profiles: Kavi & Gość)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) D:\Users\Kavi\Downloads\FRST64english.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4586056 2016-03-29] (UltimateOutsider)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-11] (VIA)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-04-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25673776 2016-11-07] (Dropbox, Inc.)
HKU\S-1-5-21-4024320228-2989290556-2826121653-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 31.11.202.254 37.8.214.2
Tcpip\..\Interfaces\{FF3688EE-1114-4FEA-8EB3-CA194C5E24F4}: [DhcpNameServer] 31.11.202.254 37.8.214.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4024320228-2989290556-2826121653-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4024320228-2989290556-2826121653-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
 
FireFox:
========
FF DefaultProfile: k24aj1uf.default
FF ProfilePath: C:\Users\Kavi\AppData\Roaming\Mozilla\Firefox\Profiles\k24aj1uf.default [2016-11-17]
FF Extension: (Firefox Hotfix) - C:\Users\Kavi\AppData\Roaming\Mozilla\Firefox\Profiles\k24aj1uf.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-03]
FF Extension: (Adblock Plus) - C:\Users\Kavi\AppData\Roaming\Mozilla\Firefox\Profiles\k24aj1uf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-11]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4024320228-2989290556-2826121653-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Kavi\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-07-13] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default [2016-11-17]
CHR Extension: (Prezentacje Google) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-21]
CHR Extension: (Dokumenty Google) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-21]
CHR Extension: (Dysk Google) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-21]
CHR Extension: (YouTube) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-21]
CHR Extension: (Arkusze Google) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (AdBlock) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-09]
CHR Extension: (Skype) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-20]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\Kavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-07] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-11-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-07-06] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-01-05] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-12] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-12] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-11-12] (ESET)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-17 08:50 - 2016-11-17 08:50 - 00000000 ___RD C:\Users\Kavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-12 11:16 - 2016-11-17 08:53 - 00000000 ____D C:\FRST
2016-11-12 11:12 - 2016-11-12 11:12 - 00020949 _____ C:\ComboFix.txt
2016-11-12 10:58 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-12 10:58 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-12 10:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-12 10:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-12 10:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-12 10:58 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-12 10:58 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-12 10:58 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-12 10:57 - 2016-11-12 11:12 - 00000000 ____D C:\Qoobox
2016-11-12 10:56 - 2016-11-12 11:10 - 00000000 ____D C:\Windows\erdnt
2016-11-11 22:03 - 2016-11-11 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-11 20:05 - 2016-11-11 20:06 - 01213160 _____ C:\Windows\Minidump\111116-15802-01.dmp
2016-11-11 20:05 - 2016-11-11 20:05 - 687592604 _____ C:\Windows\MEMORY.DMP
2016-11-11 20:05 - 2016-11-11 20:05 - 00000000 ____D C:\Windows\Minidump
2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-07 23:49 - 2016-11-07 23:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-07 23:49 - 2016-11-07 23:49 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-17 08:56 - 2016-03-21 21:09 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-17 08:52 - 2016-06-06 13:35 - 00000000 ___RD C:\Users\Kavi\Dropbox
2016-11-17 08:49 - 2016-06-06 13:30 - 00001144 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-17 08:49 - 2016-03-21 19:16 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-17 08:49 - 2016-03-21 18:37 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-11-17 08:49 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-17 08:45 - 2016-03-21 20:42 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-11-17 08:45 - 2016-03-21 20:42 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-11-17 08:42 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-17 08:42 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-17 08:40 - 2016-04-06 19:13 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-16 09:29 - 2016-06-06 13:30 - 00001148 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-16 09:29 - 2016-03-21 19:16 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-12 11:09 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-11-12 10:54 - 2016-03-21 21:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-12 10:35 - 2016-05-23 10:50 - 00000000 ____D C:\Users\Kavi\AppData\Roaming\Skype
2016-11-12 10:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-12 10:29 - 2015-07-14 14:29 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-11-12 10:29 - 2015-07-14 14:29 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-11-12 10:29 - 2015-07-14 14:29 - 00181384 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2016-11-12 09:47 - 2016-09-19 22:26 - 00000000 ____D C:\Users\Gość\AppData\Local\Dropbox
2016-11-12 09:43 - 2016-03-21 21:09 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-11 22:03 - 2016-06-06 13:30 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-11 17:33 - 2016-08-06 22:58 - 00000000 ____D C:\Users\Kavi\AppData\Local\CrashDumps
2016-11-11 17:31 - 2011-04-12 14:21 - 00738984 _____ C:\Windows\system32\perfh015.dat
2016-11-11 17:31 - 2011-04-12 14:21 - 00155062 _____ C:\Windows\system32\perfc015.dat
2016-11-11 17:31 - 2009-07-14 06:13 - 01665128 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-11 16:33 - 2016-03-21 18:37 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-11-10 22:18 - 2016-06-06 13:30 - 00004144 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-10 22:18 - 2016-06-06 13:30 - 00003892 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-10 11:16 - 2016-03-21 21:12 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 03:42 - 2016-03-21 21:09 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-09 03:42 - 2016-03-21 21:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-09 03:42 - 2016-03-21 21:09 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-09 03:42 - 2016-03-21 21:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-09 03:41 - 2016-03-21 21:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-05 08:42 - 2016-03-21 19:28 - 00000000 ____D C:\Users\Kavi\AppData\Roaming\vlc
2016-11-04 09:48 - 2016-03-21 21:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-01 19:37 - 2016-03-21 19:16 - 00000000 ____D C:\Users\Kavi\AppData\Local\Google
2016-11-01 16:43 - 2016-10-10 16:33 - 00000000 ____D C:\Users\Public\CineForm
2016-11-01 16:41 - 2016-10-10 16:34 - 00000000 ____D C:\Users\Kavi\AppData\Roaming\GoPro
2016-10-25 13:02 - 2016-03-21 19:16 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-25 13:02 - 2016-03-21 19:16 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-24 13:08 - 2016-05-23 10:50 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-21 09:36 - 2016-05-23 10:50 - 00000000 ____D C:\ProgramData\Skype
2016-10-20 14:02 - 2016-04-29 16:52 - 00000000 ____D C:\Users\Kavi\AppData\Roaming\dvdcss
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-21 17:52
 
==================== End of FRST.txt ============================
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Kavi (17-11-2016 08:56:44)
Running from D:\Users\Kavi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-21 17:02:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4024320228-2989290556-2826121653-500 - Administrator - Disabled)
Gość (S-1-5-21-4024320228-2989290556-2826121653-501 - Limited - Enabled) => C:\Users\Gość
HomeGroupUser$ (S-1-5-21-4024320228-2989290556-2826121653-1002 - Limited - Enabled)
Kavi (S-1-5-21-4024320228-2989290556-2826121653-1000 - Administrator - Enabled) => C:\Users\Kavi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Aktualizacje NVIDIA 2.10.2.40 (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.4.42.69356 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.4.42.69356 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.3 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0017 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CopyTrans Suite Remove Only (HKU\S-1-5-21-4024320228-2989290556-2826121653-1000\...\CopyTrans Suite) (Version: 4.008 - WindSolutions)
Dropbox (HKLM-x32\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{854E8B33-874F-48FC-815B-006D4AB5A077}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Support Solutions Framework (HKLM-x32\...\{B65BC649-C9D2-45F6-9DD6-D189BD91F02E}) (Version: 12.5.32.37 - HP)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 pl)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Oprogramowanie systemu PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Sterownik 3D Vision 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA Sterownik dźwięku HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation)
Pakiet sterowników systemu Windows - Intel (NETwNs64) net  (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Pakiet sterowników systemu Windows - Intel (NETwNs64) net  (05/05/2013 15.7.0.4) (HKLM\...\0845762EB25C2963182F803D1890FA9863A5A745) (Version: 05/05/2013 15.7.0.4 - Intel)
Panel sterowania NVIDIA 364.51 (Version: 364.51 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SuperD spd2900gs (HKLM-x32\...\{EDE2CAF2-7168-4B45-B500-3E5C1F3138C2}) (Version: 1.0.0.0 - SuperD)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
VIA Platforma Menedżera urządzeń (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Zoom (HKU\S-1-5-21-4024320228-2989290556-2826121653-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03601391-55D8-4AC8-BF0C-BE08535D874C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-10-13] ()
Task: {083C3534-8B1A-469B-9CCD-30B595A63D21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-21] (Google Inc.)
Task: {0C924B59-9BEC-41EB-B0BE-59A511598089} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-17] (ASUSTek Computer Inc.)
Task: {2F0A44D3-891A-4D69-8504-C81758611036} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {352895A0-CAE0-4DE9-B35F-FD145324BCCD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {53F87AE2-0BFD-487A-85E2-9AA8922246B4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-06] (Dropbox, Inc.)
Task: {566AFC73-79E9-47CE-B119-B44A8C3853F3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {5CE0916F-03EE-4860-ADCA-8853C65A83D4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {6078046B-F0D4-4C42-A5BF-A321E846931C} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-04-06] (ASUSTek Computer Inc.)
Task: {765D9484-2AE9-46AC-B698-C3CFE53FE500} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {7B0BF0F6-A534-42C6-9ED7-31238E5BBC96} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-10-13] (ASUSTeK Computer Inc.)
Task: {7FF090B6-EC2D-4DEC-BD06-1644493CADA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {8A8AC590-EC89-4F4E-9199-BA2206FF9628} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {A15B096A-14A9-44FD-A4B3-CAB1F7C2C482} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {A9B4A32B-7024-43DB-992E-48EA100F18E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {B45B5820-AE80-4BF0-850F-93BF245E3C40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-21] (Google Inc.)
Task: {BB4576C2-120B-4C22-814C-CA34277AA949} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-10-13] (ASUSTeK Computer Inc.)
Task: {C8253FBE-6333-4CCD-A060-F0DCB4623F78} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-06] (Dropbox, Inc.)
Task: {D2EA3236-FEA1-4E45-B8BC-5E5CABCF929C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-21 21:08 - 2016-03-08 07:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-03 18:13 - 2012-08-31 14:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2016-03-21 20:46 - 2012-08-31 14:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2016-03-21 20:46 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2016-03-21 20:46 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-03-21 18:47 - 2012-07-11 15:51 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2016-03-21 18:47 - 2012-07-11 15:51 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2016-11-11 22:03 - 2016-10-10 17:29 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-11-11 22:03 - 2016-10-10 17:29 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-11-11 22:03 - 2016-10-10 17:29 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-11-11 22:03 - 2016-10-10 17:29 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-11-11 22:03 - 2016-10-10 17:29 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-11-11 22:03 - 2016-10-10 17:29 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-11-11 22:03 - 2016-10-10 17:29 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-11-11 22:03 - 2016-11-07 23:58 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-11 22:03 - 2016-10-10 17:30 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-11-11 22:03 - 2016-11-07 23:58 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-11-11 22:03 - 2016-11-07 23:58 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-11-11 22:03 - 2016-10-10 17:29 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-11-11 22:03 - 2016-10-10 17:31 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-11-11 22:03 - 2016-11-07 23:58 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-11 22:03 - 2016-10-10 17:30 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-11-11 22:03 - 2016-11-07 23:58 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-11-11 22:03 - 2016-10-10 17:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-11-11 22:03 - 2016-11-07 23:59 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-11-11 22:03 - 2016-11-07 23:59 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-11-11 22:03 - 2016-10-10 17:29 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-11-11 22:03 - 2016-10-10 17:33 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-11-11 22:03 - 2016-10-10 17:34 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-11-11 22:03 - 2016-11-07 23:59 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-11-11 22:03 - 2016-10-10 17:31 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-11-11 22:03 - 2016-11-07 23:59 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-21 21:09 - 2016-03-08 11:07 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-25 13:02 - 2016-10-20 09:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-25 13:02 - 2016-10-20 09:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-03-21 18:37 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2016-11-12 11:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4024320228-2989290556-2826121653-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kavi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 31.11.202.254 - 37.8.214.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EDA48FAF-CFE2-480D-9914-E2A9DFAB211C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC351E2A-0F55-4A2A-99B6-59C227C2F2AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E9B30560-DB76-45CE-8DF9-9CA1E346860E}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe
FirewallRules: [{6A58B61E-C832-43DA-91BA-525D6E563425}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe
FirewallRules: [{6CE1066F-6DC6-407A-B56C-59E82292A9DF}] => (Allow) LPort=9100
FirewallRules: [{001D5A84-0281-4F11-9DF8-A50ABCE05FED}] => (Allow) LPort=427
FirewallRules: [{AEC747F2-0AC0-4258-A321-DD79BF688DAD}] => (Allow) LPort=161
FirewallRules: [{BF2173BB-A6C5-4019-A664-8E4D563C035F}] => (Allow) LPort=427
FirewallRules: [{B5BFBD64-8FC2-4DBC-8D68-884B649A4852}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BE4A6EF9-470E-4332-AA28-5CD93B1A5660}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F10BBFDA-C168-442E-91F4-761CC7EF3483}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{600CE31B-A8F2-49EC-BBC9-7B9821E0542D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FE7E2AFB-3320-4374-805E-443AF1F5777B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1032346C-16D6-4E57-9818-4EFD5D886DE2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{474BCEDD-ECEA-4762-A852-583F44847349}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{116B398C-1171-4F56-972A-0F639A4ADC92}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{B67031B2-5613-4802-A208-83134C7F434C}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{B9AFF921-BCEF-413D-9EA6-18B284C2F435}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B93FA64B-FA68-4477-AE2D-C0B9A3CFD702}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3E7EB29-D665-4EAF-8104-2E3802EC1866}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0717CE9-24DF-4EBE-A513-5C4FD59338FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F16A4226-195F-4F3A-A6DC-69B6CDBD649E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F451DC55-33F2-4881-BEDA-E41B9D064F5E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{52B98041-AD72-43F3-B4B1-39F830315C16}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9ED2C474-8C6B-419A-9180-640EF9C5B2B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FCFD22AF-B989-4D0C-9857-85ACCF0D0254}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2AD21AD0-F86E-4C65-BCB4-5E8C71F8DB22}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{478FB72E-9BF2-43F5-9808-E56C0CA2AC0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{44648C34-823A-456D-8090-1561AF5330FA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
10-10-2016 16:31:37 Quik
10-10-2016 16:33:31 Instalator modułów systemu Windows
12-11-2016 10:53:27 Quik
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/17/2016 08:50:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/17/2016 08:49:20 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Nie można odnaleźć określonego pliku.
 
Error: (11/17/2016 08:36:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/17/2016 08:35:00 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) Nie można odnaleźć określonego pliku.
 
Error: (11/16/2016 09:29:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8393322
 
Error: (11/16/2016 09:29:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8393322
 
Error: (11/16/2016 09:29:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/16/2016 07:08:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3584949
 
Error: (11/16/2016 07:08:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3584949
 
Error: (11/16/2016 07:08:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (11/17/2016 08:50:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi TeamViewer.
 
Error: (11/12/2016 11:30:43 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Usługa Windows Update nie została poprawnie zamknięta po odebraniu kodu sterującego przed zamknięciem.
 
Error: (11/12/2016 11:28:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Serwer {995C996E-D918-4A8C-A302-45719A6F4EA7} nie zarejestrował się w modelu DCOM w wymaganym czasie.
 
Error: (11/12/2016 11:09:18 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie.
 
Error: (11/12/2016 11:08:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika.
 
Error: (11/12/2016 11:05:34 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie.
 
Error: (11/12/2016 10:46:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa HP LaserJet Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.
 
Error: (11/12/2016 10:46:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi MMCSS.
 
Error: (11/12/2016 09:47:17 AM) (Source: DCOM) (EventID: 10016) (User: Kavi-Komputer)
Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 i identyfikatorem aplikacji APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 użytkownikowi Kavi-Komputer\Gość o identyfikatorze zabezpieczeń SID (S-1-5-21-4024320228-2989290556-2826121653-501) z adresu LocalHost (użycie LRPC). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
 
Error: (11/12/2016 09:47:17 AM) (Source: DCOM) (EventID: 10016) (User: Kavi-Komputer)
Description: Zgodnie z ustawieniami uprawnienia właściwe dla aplikacji nie jest udzielane uprawnienie Lokalny Aktywacja do aplikacji serwera COM z identyfikatorem klasy CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 i identyfikatorem aplikacji APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 użytkownikowi Kavi-Komputer\Gość o identyfikatorze zabezpieczeń SID (S-1-5-21-4024320228-2989290556-2826121653-501) z adresu LocalHost (użycie LRPC). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-12 11:08:43.357
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-12 11:08:43.326
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 60%
Total physical RAM: 8145.68 MB
Available physical RAM: 3187.25 MB
Total Virtual: 8543.89 MB
Available Virtual: 3914.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.78 GB) (Free:99.19 GB) NTFS
Drive d: () (Fixed) (Total:781.51 GB) (Free:718.57 GB) NTFS
Drive e: (Kavi) (CDROM) (Total:2.63 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:59.45 GB) (Free:26.3 GB) exFAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E621458B)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Thanks you Gary for your involvement   :)

Edited by Oh My!, 17 November 2016 - 03:29 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:18 AM

Posted 17 November 2016 - 03:42 PM

Greetings.

My pleasure to assist you with this. Your computer is clean.

Please do this.

===================================================

Identifying Task Manager Running Processes

--------------------
  • Right click on the Taskbar and select Start Task Manager
  • Select the Processes tab
  • Click on Memory and CPU so that the entries are sorted from highest to lowest
  • Identify and list in your reply the top 5 processes using the most amount of Memory under the Memory column
  • Identify and list in your reply the top 5 processes using the most amount of CPU under the CPU column
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Task Manager information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 szymciu

szymciu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 19 November 2016 - 07:58 AM

svhost.exe - 13% CPU - 1 518 500 K Memory

 

chrome.exe - 0% CPU - 254 376 K

 

svhost.exe - 0% CPU - 187 232 K

 

ekrn.exe - 0% CPU - 146 352 K

 

Skype.exe - 0% CPU - 116 840 K



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:18 AM

Posted 19 November 2016 - 08:14 PM

While in Task Manager Process tab scroll down to the Service Host entries. Identify the Service Host entry(s) using the most Memory and click the down arrow to list what is underneath. Please take a screen shot of this window and attach it to your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 szymciu

szymciu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 22 November 2016 - 04:54 AM

Instructions unclear. Theres no "down" arrow tha lists anything.

 

I right-clicked the troublesome process and clicked "Go to services".

Result was highlightes services in the service tab. 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:18 AM

Posted 22 November 2016 - 10:08 AM

Sorry about the instructions and thank you for adapting.

In the Services tab right click on wuauserv and select Stop Service. Let me know if that changes things.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 szymciu

szymciu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 22 November 2016 - 10:38 AM

Bullseye! :D

Right after shutting down Windows Update service CPU consumption dropped to 0% at svhost.exe.

I turned off autostart of WU service as a temporary solution.

I assume that now we would have to reinstall Windows Update, right?

 

Best Regards :)

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:18 AM

Posted 22 November 2016 - 02:56 PM

Please run Option #3 here. Let me know if there is a change.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:18 AM

Posted 27 November 2016 - 11:08 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 szymciu

szymciu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 28 November 2016 - 03:23 PM

Yes, I'm sorry I was unable to reach my friends, due to excess of work. Topic is still alive. Tomorrow I will try to get in touch with them.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:18 AM

Posted 28 November 2016 - 03:34 PM

No problem, thanks for letting me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 szymciu

szymciu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 29 November 2016 - 01:02 PM

Sadly it didn't work. Update service collects ram and CPU gradually again. I was testing it for about 10 minutes. Tried also the tool mentioned in "if it doesn't help" part the the #3 method.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users