Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

More problems with malware in Chrome

Started by krisinluck , Apr 07 2014 07:39 PM

  • Please log in to reply

#16
krisinluck
Posted 09 April 2014 - 07:27 AM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Photo of the extra tab is attached.  

 

I set my settings in Chrome for for NOT keeping Google Chrome background apps running when Google is closed.  I've done that for years.  Too much mess on the computer.  That said, whatever is causing the extra tab issue is related to that.  It turns back on.  It's a drain on the system at best.

 

And another new thing:  I checked task manager this morning, and found two items on there I have not seen before.

  • ielowutil.exe *32
  • rf-chrome-nm-host.exe *32

Interestingly enough, I had reset the background app mentioned above, closed Google, and opened the Task Manager.  There was no Google showing.  I left it running and opened Google, and there are these things I've never seen in there before, and seven instances of Chrome.exe *32 opened up.  And they are using a ridiculous amount of memory.  Since it was opening up so many tabs when we started, it makes me wonder.  

 

Second attachment is a photo of the task manager.

 

Edit to add:  I have identified the two items I hadn't seen before - they are legit.  Disregard those.  At the moment, there are six different Chrome.exe *32 running in the task manager.  I have ONE window open, and have been careful not to use tabs.  Each is running very high memory.  In order of top to bottom they read:

 

12,328 K

9808 K

72,632 K

44,688 K

8,800 K

17,344 K

 

That looks like a huge drain on the system.

Attached Thumbnails

  • photo (7).JPG
  • photo (8).JPG

Edited by krisinluck, 09 April 2014 - 03:03 PM.

  • 0

Advertisements

#17
krisinluck
Posted 09 April 2014 - 09:21 AM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

I just went back and looked at the first thread I started here.  You were my helper then as well.  We made some progress, but not enough before you left on a road trip.  It's cool - I forget things all the time.  But maybe looking at that thread would help?  Here's the link:  

 

http://www.geekstogo...as-infected-it/

 

 


  • 0

#18
krisinluck
Posted 10 April 2014 - 09:20 AM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

It's getting worse.  I don't know what's going on, but yesterday I had to manually reboot the system.  It's happened again this morning.  I'm almost completely deaf, pending a Cochlear Implant this summer, and I make my living on the internet since talking on the phone is impossible if I am not familiar with the voice pattern.  I have a kid to raise on my own, and I really need to get this cleared up so we don't end up living in my car somewhere.  

 

Half of the programs I use daily don't work properly, or fail to load at all.  When they do work well, the system simply stops and will not allow me to shut down from the start button.  

 

Please let me know if you are still working on this for me.  If not, I need to do something no later than tomorrow or we will be having serious problems here at home keeping on the utilities.  


  • 0

#19
RKinner
Posted 10 April 2014 - 01:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Run Autoruns which I assume you still have from our last post.  Remember to right click and run as Admin on Vista and Win 7.  Uncheck any yellow marked items then close the program.

 

Run VEW for System and Application ( Remember to right click and run as Admin on Vista and Win 7.)

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


  • 0

#20
krisinluck
Posted 10 April 2014 - 03:08 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

AutoRuns had three yellows that I unchecked.  There were four pink lines total, but I don't know what pink means and I left them alone.

 

VEW Log:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2014 3:59:09 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/04/2014 4:05:00 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 10/04/2014 3:05:30 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}. 
 
 
Log: 'Application' Date/Time: 10/04/2014 3:05:23 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=E44}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 10/04/2014 3:05:15 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=E44}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 10/04/2014 3:03:25 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/04/2014 3:03:24 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/04/2014 2:58:14 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/04/2014 8:00:22 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 10/04/2014 5:00:03 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 10/04/2014 3:14:58 AM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 10/04/2014 2:30:53 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=DDC}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 10/04/2014 2:30:44 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=DDC}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 10/04/2014 2:29:02 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/04/2014 2:29:02 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/04/2014 2:26:52 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 09/04/2014 8:17:40 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
Log: 'Application' Date/Time: 09/04/2014 6:33:48 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=AD8}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: ICELAND Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 09/04/2014 6:33:40 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=AD8}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 09/04/2014 6:31:00 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-387024861-1857405023-142887614-1000:
Process 684 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-387024861-1857405023-142887614-1000
 
 
Log: 'Application' Date/Time: 09/04/2014 6:01:04 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{7a675af5-28ea-11e2-9cb8-8000600fe800}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 
 
Operation:
   Removing auto-release shadow copies
   Loading provider
 
Context:
   Execution Context: System Provider
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/04/2014 8:09:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ping.avast.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 10/04/2014 2:29:04 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/04/2014 6:31:40 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/04/2014 6:31:39 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 09/04/2014 2:04:45 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_05AC&PID_129C\199d4bce9ce85bffc58c45a151624ed40640aac9.
 
Log: 'System' Date/Time: 09/04/2014 1:42:32 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_05AC&PID_129C\199d4bce9ce85bffc58c45a151624ed40640aac9.
 
Log: 'System' Date/Time: 09/04/2014 1:41:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/04/2014 1:41:34 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 09/04/2014 1:30:53 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_05AC&PID_129C\199d4bce9ce85bffc58c45a151624ed40640aac9.
 
Log: 'System' Date/Time: 08/04/2014 10:12:37 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 08/04/2014 10:12:37 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 08/04/2014 7:43:42 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 08/04/2014 7:43:42 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
BlueScreenView came up with nothing.

  • 0

#21
RKinner
Posted 10 April 2014 - 04:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I suspect the multiple chromes are caused by the default home page which shows a bunch of small windows. 

 

 

The Windows Search is hanging and corrupt.  I would type: services.msc in the search box and then hit Enter then Find Windows Search and right click on it and select Properties then change the Startup Type to Disabled and Apply.  Stop the service.

 

The other problem is with System Restore.  It's probably trying to backup something like the Q:\ drive where they put ClicktoRun Office.  Go in to the Control Panel, System, System Protection and make sure that it is only trying to to monitor C:\  (Other drives should say Off)


  • 0

#22
krisinluck
Posted 10 April 2014 - 06:32 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

I have used the Google Calendar as my home page for the last four years on Chrome.  I've never had issues like this before the virus that nailed me in December hit my system.  

 

Windows Search is disabled now.  

 

When I attempt the instructions given to me for System Restore, I get as far as opening System, and I get a message that says "Windows Explorer has stopped working" and that it is troubleshooting the problem.  That hangs for a minute, then my monitor goes blank, comes back up, and it reconnects the wifi.  Is there a workaround for this?  I tried it three times - same results each time.  I even tried running it after a right click to run as admin.  Same problem.  


  • 0

#23
RKinner
Posted 10 April 2014 - 06:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Try in Safe Mode?

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode.  Login with your usual login.)
 


  • 0

#24
krisinluck
Posted 10 April 2014 - 07:32 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

No dice in safe mode.  System Protection does not show up in there.  Once I open system in *not* safe mode, it does the mini-reboot I described above.  


  • 0

#25
RKinner
Posted 10 April 2014 - 07:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

In the Search box type:  msconfig

and wait for it to find it then right click on msconfig.exe and Run As Administrator.  That should open a new window.

 

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.

 

Does it still crash Windows Explorer?  If it doesn't make any difference you can go back into msconfig and check Normal Startup and OK.

 

Sometimes shell extensions will cause the problem.  If msconfig didn't help then try:

 

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the Explorer crashes.


  • 0

Advertisements

#26
krisinluck
Posted 10 April 2014 - 08:28 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Still crashing after both are done.

 

   :smashcomp:


  • 0

#27
RKinner
Posted 10 April 2014 - 08:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Run VEW again for System.  Perhaps it caught an error.


  • 0

#28
krisinluck
Posted 10 April 2014 - 09:10 PM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I am two hours ahead of you, so this is my last post for tonight.  I'm up by 7 am, so I'll check in for further instructions in the morning.  But not until I have one cup of coffee so I am coherent.  It's better that way for everyone.  Thank you for working with me on this!
 

 

VEW Log:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/04/2014 10:07:36 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/04/2014 2:26:21 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Log: 'System' Date/Time: 11/04/2014 2:12:09 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
 
Log: 'System' Date/Time: 11/04/2014 2:12:09 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
 
Log: 'System' Date/Time: 11/04/2014 2:11:53 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
 
Log: 'System' Date/Time: 11/04/2014 2:11:53 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
 
Log: 'System' Date/Time: 11/04/2014 1:37:42 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Log: 'System' Date/Time: 11/04/2014 1:24:01 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Log: 'System' Date/Time: 11/04/2014 1:14:41 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:59 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:59 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:59 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:59 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:59 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:59 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:57 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:56 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 11/04/2014 1:12:56 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Log: 'System' Date/Time: 11/04/2014 1:12:56 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
 
Log: 'System' Date/Time: 11/04/2014 1:12:55 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Log: 'System' Date/Time: 11/04/2014 1:12:49 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/04/2014 2:23:37 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 11/04/2014 2:23:36 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 11/04/2014 2:12:53 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 11/04/2014 2:12:53 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 11/04/2014 1:11:47 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 11/04/2014 1:11:47 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 10/04/2014 10:27:35 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 10/04/2014 10:27:35 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 10/04/2014 10:01:44 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ping.avast.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 10/04/2014 8:09:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ping.avast.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 10/04/2014 2:29:04 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/04/2014 6:31:40 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/04/2014 6:31:39 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 09/04/2014 2:04:45 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_05AC&PID_129C\199d4bce9ce85bffc58c45a151624ed40640aac9.
 
Log: 'System' Date/Time: 09/04/2014 1:42:32 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_05AC&PID_129C\199d4bce9ce85bffc58c45a151624ed40640aac9.
 
Log: 'System' Date/Time: 09/04/2014 1:41:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 09/04/2014 1:41:34 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 09/04/2014 1:30:53 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_05AC&PID_129C\199d4bce9ce85bffc58c45a151624ed40640aac9.
 
Log: 'System' Date/Time: 08/04/2014 10:12:37 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 08/04/2014 10:12:37 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\bcmihvsrv64.dll 

  • 0

#29
RKinner
Posted 10 April 2014 - 10:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Nothing of real interest in the event logs.  The DNS Client and Network Awareness are probably because the network is not working.  The

The ScRegSetValueExW call failed for Start with the following error:  Access is denied.

 

 

 error is probably from an outdated version of Avast.
 
 

Open a Command Pompt (with the right click and Run As Admin)

net start >  \junk.txt

ipconfig  /all  >>  \junk.txt

arp  -a  >>  \junk.txt

notepad  \junk.txt

Do your PDF thing with the \junk.txt file.  There is a program called Windows Repair All-in-one which sometimes helps:

 

Download Complete Internet Repair to your desktop

Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The programme will then run
Select the items I have highlighted
Press go
Let me know if it is able to conduct the repair, there is a log at the bottom

Int%20repair.JPG


  • 0

#30
krisinluck
Posted 11 April 2014 - 07:24 AM

krisinluck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Junk.txt:

 

These Windows services are started:
 
   Application Experience
   Application Information
   Application Virtualization Client
   Application Virtualization Service Agent
   avast! Antivirus
   avast! Firewall
   Background Intelligent Transfer Service
   Base Filtering Engine
   CNG Key Isolation
   COM+ Event System
   Computer Browser
   Cryptographic Services
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Diagnostic System Host
   Distributed Link Tracking Client
   DNS Client
   Extensible Authentication Protocol
   Function Discovery Provider Host
   Function Discovery Resource Publication
   Group Policy Client
   HomeGroup Listener
   HomeGroup Provider
   Human Interface Device Access
   IP Helper
   IPsec Policy Agent
   MBAMScheduler
   MBAMService
   Multimedia Class Scheduler
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Peer Name Resolution Protocol
   Peer Networking Grouping
   Peer Networking Identity Manager
   Plug and Play
   Power
   Print Spooler
   Program Compatibility Assistant Service
   Remote Desktop Services
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Secondary Logon
   Security Accounts Manager
   Security Center
   Server
   Shell Hardware Detection
   SSDP Discovery
   Superfetch
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Themes
   User Profile Service
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Backup
   Windows Defender
   Windows Error Reporting Service
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Image Acquisition (WIA)
   Windows Management Instrumentation
   Windows Media Center Scheduler Service
   Windows Mobile-2003-based device connectivity
   Windows Mobile-based device connectivity
   Windows Update
   WinHTTP Web Proxy Auto-Discovery Service
   WLAN AutoConfig
   Workstation
 
The command completed successfully.
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : iceland
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : zyxel.com
 
Wireless LAN adapter Wireless Network Connection 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
   Physical Address. . . . . . . . . : E0-46-9A-BC-7A-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 6:
 
   Connection-specific DNS Suffix  . : zyxel.com
   Description . . . . . . . . . . . : NETGEAR WNA3100 N300 Wireless USB Adapter
   Physical Address. . . . . . . . . : E0-46-9A-BC-7A-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8400:bb95:e7aa:9087%20(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.36(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, April 11, 2014 8:13:39 AM
   Lease Expires . . . . . . . . . . : Saturday, April 12, 2014 8:13:40 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 551569050
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A9-29-04-E8-40-F2-58-BF-53
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : E8-40-F2-58-BF-53
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.zyxel.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : zyxel.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1c91:25c7:3f57:fedb(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c91:25c7:3f57:fedb%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{9D466691-C917-4DF5-8AB9-1A5BCBBB9AC5}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{4694C4C7-1686-4060-BB4E-809496235740}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Interface: 192.168.1.36 --- 0x14
  Internet Address      Physical Address      Type
  192.168.1.1           cc-5d-4e-4c-b6-8c     dynamic   
  192.168.1.37          e0-ca-94-8d-9c-5d     dynamic   
  192.168.1.255         ff-ff-ff-ff-ff-ff     static    
  224.0.0.22            01-00-5e-00-00-16     static    
  224.0.0.252           01-00-5e-00-00-fc     static    
  239.255.255.250       01-00-5e-7f-ff-fa     static    
  255.255.255.255       ff-ff-ff-ff-ff-ff     static    

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP