Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware? Computer runs poorly


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

They seem to have changed it a bit in the latest version,  Open Avast and click on Scan then Scan for Viruses.  There will be a delay of about 1 minute and then the page where you can select the Boot-time scan will appear.

 

 

 

 


  • 0

Advertisements


#17
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

net start msiserver is what i got when i ran the first part of the last message, is this what i should get? do i move on to the next step?


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

That's the last line from the copied message.  Hit Enter.


  • 0

#19
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
So the c:windows installer 4280.........
what should I do here? I did move to chest...but ask me file is in windows folder are u sure? Am i?

The other twords I moved to chest.

Attached Thumbnails

  • 1419444163828571751887.jpg
  • 20141224_114430.jpg
  • 20141224_082021.jpg

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Yes let it remove it.


  • 0

#21
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Here is my chest after running avast boot-drive scan


  • 0

#22
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Here is my scan from avast boot-drive scan

Attached Files


  • 0

#23
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/12/2014 11:06:18 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/12/2014 3:58:35 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 25/12/2014 3:58:04 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 25/12/2014 3:58:01 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Log: 'System' Date/Time: 25/12/2014 3:56:54 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Log: 'System' Date/Time: 25/12/2014 3:54:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
 
Log: 'System' Date/Time: 25/12/2014 3:53:45 PM
Type: Error Category: 0
Event: 15021 Source: Microsoft-Windows-HttpEvent
An error occured while using SSL configuration for socket address 0.0.0.0:4482.  The error status code is contained within the returned data.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/12/2014 3:54:27 PM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 25/12/2014 3:54:27 PM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 25/12/2014 3:51:44 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 25/12/2014 3:51:43 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 

  • 0

#24
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/12/2014 11:07:44 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/12/2014 3:54:20 PM
Type: Error Category: 0
Event: 11 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
 
Log: 'Application' Date/Time: 25/12/2014 3:54:17 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/12/2014 3:51:25 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   28 user registry handles leaked from \Registry\User\S-1-5-21-232412378-3118420049-1387226345-1000:
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\CA
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\CA
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\trust
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\trust
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Root
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Root
Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\My
Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\My

  • 0

#25
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

this is what was saved for the Procexp.txt...

Attached Files


  • 0

Advertisements


#26
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Well I think I am doing everything you asked correctly. I want to wish you a Merry Christmas and Thank you for all of your help.

 

Thanks

 

BKP


  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
On a train. Hard to reply with tablet. Looks like it may be hot. Check temp with Speedfan or speccy.
  • 0

#28
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

seems like it is getting hot. I will have to get some of the lube. How was my last few reports?


  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Looks like you have an old version of Windows Live. If you don't use it uninstall it. Can't read attachments with tablet.
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Managed to read process explorer log. Something wrong with explorer.exe. using too much CPU. Get shellexview from nirsoft.net.

 
 
Use this download:
 
Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.

Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer.  Run process explorer again. Is the top CPU user now system idle?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP