Jump to content

Recommended Posts

Hi guys so not long ago i had SVC host crash on me while i was installing https://unity3d.com/i work for a company as a beta tester anyway i was also doing a malwarebytes scan at the same time is it at all possible that the laptop was just overloaded and caused this event? i did do a avast and malware-bytes scan after hard reboot both came back clean  and haven't had any errors since my SFC scan did come back with some unfixable errors but that could just be because im using GWX control panel to block windiws 10 upgrade

 

Link to post
Share on other sites

Hello and welcome back:
 

Hi guys so not long ago i had SVC host crash on me while i was installing https://unity3d.com/i work for a company as a beta tester anyway


 
We need more information in order to better assist you.

Please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

On the other hand, if you think you might be infected, then I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.
 
(If -- as your post suggests -- this is a work or business computer, then you may wish instead to open a ticket at the Business Help Desk HERE. They will assist you.)

Thanks,

Link to post
Share on other sites

  • Root Admin

Could just be a fluke or could be some minor maintenance is needed. Double check the date and time and make sure they are correct.

Then visit this site and have it fix Windows Search. The logs show that it has a corrupted index. This tool should fix it.

https://support.microsoft.com/en-us/mats/windows_search

Then there is some type of disk issue so I'd suggest running a Full Disk Check.

If you click on your tiles you'll find a link for Command Prompt. Right click and choose "Run as administrator"

Then type in the following exactly. It will say it cannot run and ask you if you want to run the check after a restart. Press the Y key and Enter key and then restart the computer and let it run.
 

CHKDSK  C:  /R

Then copy and post back the results from the Event Logs entry.


On Windows 8 the disk check log is in the Event Logs under Application with a heading source of Chkdsk


How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

 

Thanks

 

Link to post
Share on other sites

hey there Ron thanks for working on my issue here the link to fix windows search does not work for me "We're sorry, but your operating system is not supported by Microsoft Fix it at this time. "

Runs on

Microsoft Windows XP

Windows 7

Windows Server 2008

Windows Server 2008 R2

Windows Vista

Windows 8

I am currently on 8.1 running classicshell/classic start

Link to post
Share on other sites

  • Root Admin

Yes, a bit annoying. They made some changes from 8 to 8.1 that prevented many tools from running.

 

Disk check found and corrected issues.

 

You need to look at resetting your search to correct the corrupted index. Please see if the following helps.

 

http://www.tekrevue.com/tip/how-to-solve-windows-search-issues-index-rebuild/

 

thanks

Link to post
Share on other sites

Understood as its late and has been noted that the index may take a long time id like to resume this in the morning with you but for now could you tell me what issues the logs indicated and also if the index rebuild is the last issue as of right now or we may need a longer process? thanks

UPDATE index finished rather quickly actually

whats next for tomorrow

Link to post
Share on other sites

  • Root Admin

You would need to let us know if the issue seems resolved or not as we're not there working on your computer. The crash could have been a one off issue and not happen again. I simply looked at what the logs said and they said a disk check and repair of the search index were both needed and either one could cause issues.

 

Cheers

Link to post
Share on other sites

well te computer does seem to be running better in general however cpu usage seems to fluctuate between 6-14% while not doing much at all i dont know whats considered a ok range for a asus laptop? also since my last windows update whenever i clean with ccleaner internet explorer temp seems to generate a large number of files so can windows logs together everything can total at lest 100 mb sometimes as high as 800

maybe im being slightly paranoid

i did switch myadblocker from ABP to ublock Origin

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/msybe that has a consequence?

i did generate no logs for your reviewer agter your recommended steps where completed just in case :)

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites

  • Root Admin

Well you are running a lot of programs that autostart when Windows starts that are probably not really needed. I would review them and stop items from starting up that don't really need to. You can always go manually start them if or when you want to run them.

 

Aside from that if there are still issues then you might need to do some further scanning and cleaning for potential malware.

 

If the issue continues I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
 

Thanks

Link to post
Share on other sites

  • Root Admin

Personally would not recommend tools like that as they often don't work well. You could run it but I would not expect it to remove much. Make a new System Restore Point then run the tool and reboot the computer 2 times and then post new FRST logs with Additions.txt included and if you like I can look at the startup items and help you weed them down.

Link to post
Share on other sites

  • Root Admin

Currently you have all of the following tasks that run each time the computer starts. If there are any that are not needed you may want to disable the task or delete the task.

Task: {0813FBAF-090F-431D-956F-99D546735141} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {091F855C-3B82-458D-8887-72A44FCC8B49} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {2BA11F24-CABB-4B64-B4CC-E384B84D830D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {2F666A3A-DC11-4CE8-9378-D78ED3C6AC87} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {31D03E79-E689-4C03-A7DF-09A4A16209A3} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {36EC5F18-8541-43DC-B392-30BF03254C0C} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {5EB81F5E-0623-4AC7-B5F5-F3AB8B35D288} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {635135E6-E010-41CD-8FB7-C50C17FFB0D4} - System32\Tasks\PB start => C:\Program Files\PeerBlock\peerblock.exe [2014-01-14] (PeerBlock, LLC)
Task: {70798605-6770-4EBC-8D58-442EDB00DEC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-07] (Google Inc.)
Task: {776D88E8-40F1-42D6-A40B-144DC0A1FD52} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-01] (AVAST Software)
Task: {861DC952-6470-44D0-B89D-ADCE34AB9273} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-01-04] (Glarysoft Ltd)
Task: {87114C22-40BB-4D0F-A1C3-8B1E3DB6BF61} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {991313F1-7A8F-44D3-9A41-6AAFD701D3E1} - System32\Tasks\{4B273AD4-1485-4867-BE04-885662EA9756} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.85.103/et/abandoninstall?page=tsPlugin
Task: {9EADCE5B-681B-4F81-94E0-BBBB2687FBE8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {AC79D86E-02A7-4A5C-86C6-E459FD8686CC} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {B1DDA0E9-6E99-4ADE-B278-86D910B1173A} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-01-04] (Glarysoft Ltd)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C736CD92-43B0-461B-BF05-022AFDA037AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-07] (Google Inc.)
Task: {DBE8AEA6-8485-4B1C-A933-F29DE2848AC6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {FC225815-AB5A-4B5E-807A-7015FD62CDB2} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)

Probably unlikely that the computer is updated by ASUS anymore. For the most part unless someone reports a serious bug most manufacturers often don't provide updates beyond a year or two as they move on to the next models.
If it were my computer I'd probably disable or remove the ASUS update tasks.
System32\Tasks\ASUS Live Update2
System32\Tasks\ASUS Live Update1

AsusVibeLauncher.exe
AsusVibe Application launches the AsusVibe online application store. Another one I would probably remove

Peerblock essentially provides similar idea of site blocking that MBAM does (as long as it does not conflict it's your choice to leave or not)

Personally don't see a need to have Google Update running and looking for it's own updates 24/7 I would remove from my computer.

Glary Utilities has some potential use but more like a one time run not something that would be needed to run all the time. Any Registry Cleaning should be avoided like the plague

Do I need a Windows Registry Cleaner?

Personally don't need a program like that but if you want okay but would still recommend disabling the task that runs it all the time. Run it if or when you want to.

I would delete this task.
Task: {991313F1-7A8F-44D3-9A41-6AAFD701D3E1} - System32\Tasks\{4B273AD4-1485-4867-BE04-885662EA9756} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.85.103/et/abandoninstall?page=tsPlugin


Not sure about the ASUS Splendid ColurU but this link points to people that wanted to remove it.
https://www.systemshock.org/index.php?topic=4075.0

ASUS Splendid ACMON (another one up to you) here is a link that talks about what it does
http://www.shouldiblockit.com/acmon.exe-6518.aspx

https://rog.asus.com/forum/showthread.php?10561-ASUS-Splendid-Video-Enhancement-Technology

UPnPHostConfig for the UPnPHost service - doesn't need to be set here in a task. Can and should be set in Services. I would delete the task, then decide if you want the service enabled or not.
If you're not connecting to other devices over the network at home then you may want to disable it or at least set it to manual.

What is UPnP?
UPnP is a set of computer network protocols that extends Plug and Play to simplify the networking of intelligent devices in homes and businesses. When devices incorporating UPnP technology are physically connected to the network, they will connect automatically to one another over the network, without the need for user configuration or centralized servers.

Not sure why it is set to run as a task instead of just a startup item. Personally don't use software like this but again up to you. I've provided some more info about it.
Smart Gesture - Introduction of ASUS Smart Gesture software
http://www.asus.com/us/support/FAQ/1009613/


More Google update automation - up to you. I don't use them but many people do. I manually go look for updates but that's me.
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe




HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-01] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKU\S-1-5-21-1269111879-1839473011-4141622504-1002\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1269111879-1839473011-4141622504-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [36776 2016-01-04] (Glarysoft Ltd)
HKU\S-1-5-21-1269111879-1839473011-4141622504-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7744568 2015-10-14] (GOG.com)


If you're not a big game player you may not want or need the Nvidia GeForce Experience entry.
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

A: GeForce Experience is the companion application to your GeForce graphics card. It keeps your drivers up to date, it automatically optimizes your game settings, and it's the easiest way to capture gameplay video or stream to twitch.

Don't really think the Logitech update download driver is needed to run either (again, all of these are up to you. Myself I would not run it)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

Appears to be the ASUS Product Registration reminder. I would remove
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)

If you don't use the Cloud storage from ASUS then I'd remove this auto start entry too
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)

If you do not have or use any Bluetooth devices then you might want to remove this auto start entry too.
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)

CanonQuickMenu - do you really need it?

This is for game updates, etc too. If you don't play these games often you may want to consider removing the autostart and just manually run it if or when needed.
HKU\S-1-5-21-1269111879-1839473011-4141622504-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7744568 2015-10-14] (GOG.com)

This is the Glary Startup manager which can potentially be used for disabling all these items. I've not used it myself but appears to be what it's for possibly.
If not then there are other tools that can do it.

HKU\S-1-5-21-1269111879-1839473011-4141622504-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [36776 2016-01-04] (Glarysoft Ltd)


So those are the bigger items that currently start and run EVERY time you start the computer. In "most" cases all of these can be manually started if or when needed and should not required to start every time you start your computer.

If you need help removing or deleting any items let me know
 

Link to post
Share on other sites

Hey there run lets go ahead and disable as much of the asus crapware as possible ideally the only things that should run on start up are my computer protection software peerblock is ok to keep gog iuse a lot but shouldn't start up i hate that lol if you could walk me through the process and then we can see whats left

Link to post
Share on other sites

  • Root Admin

Please read the following post I made a while back and it will suggest some software to disable those startup entries. I can whack them for you with FRST but if you do want them back you'd need to manually put them back.

 

Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup Manager
 

 

Let me know, we can manually whack them with FRST

 

Cheers

Link to post
Share on other sites

  • Root Admin

Please create a new System Restore Point before you proceed with the cleanup script.

http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

 

 

Then when ready do the following.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

Then let me know how the computer is running and if there are any issues.

 

 

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

I'm not sure what issue you're really having but that article is over a year old now and no replies to it in 2015. If it were still an issue I'd think that would have already been resolved by avast or others would still reply to the topic.

 

If you're using a free antivirus then in my opinion about the only 2 viable solutions are avast and avira - bitdefender has one but you have almost no control of it so not something I'd personally recommend. If using a paid antivirus then there are much more choices.

 

How is the computer running now overall ? Did the cleanup help it run faster and load faster ?

Is there anything else needed or can we go ahead and close this topic now?

 

Thanks again

 

Ron

Link to post
Share on other sites

the overall system is running much better though as a result of https://forums.malwarebytes.org/index.php?/topic/176908-possible-false-positive-on-avast-instupdll/#entry1010314 malwarebytes has quarantined this file before the fix is it advisable to restore the file?

and one last thing can we remove some files related to visual Studio i did not want the program it was te result of npt unchecking a textbox within unity3d game engine never fully installed nor is it uninstalled after all that i think im good thanks ron for all your help

Link to post
Share on other sites

  • Root Admin

Removing visual studio manually would not be a good idea. If there is a utility within the game or driver or uninstall applications in control panel that would be a better method. Doing it manually could cause problems with the computer. Having a few left over files is not hurting the system. As for the quarantine yes if it will restore go ahead.

 

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.