Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very sluggish computer. Suspecting malware.


  • Please log in to reply

#16
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello RKinner. I'm glad you're back! Hope you had safe travels.

 

Unfortunately, no success. I ran System Restore from System Recovery Options menu (pressed F8 during reboot). However, the system restore did not complete successfully, and I still cannot run any application as administrator (please see attached screenshot for error message). The restore process runs thoroughly but does not finish.

 

Please advise if I need to try a different restore point, or proceed with other steps.

 

Thank you very much!

 

Andre

Attached Thumbnails

  • Capture.JPG

  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Try an earlier restore point.


  • 0

#18
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello RKinner!

 

I was able to successfully restore to a different restore point. However, I still cannot run Avast as administrator, nor uninstall it using the control panel.

 

Should I try using safe mode?

 

Please advise on next steps. The computer is running but I'm concerned I may be vulnerable.

 

Thanks for ALL your efforts! I appreciate it.

 

Andre

Attached Thumbnails

  • avast-error.JPG
  • uninstall-error.JPG

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I think we need to try 
Windows Repair all in one
 
 
We want the free installer version which is 
 
 
Download it and save it then run it by right clicking and Run As Admin to install it.  Follow the prompts.  After the install gets to Finish it will start on its own.  Click on the Repairs tab then Open Repairs.  Uncheck all by clicking on the top option then check the next 3 (01, 02, & 03)  then Start Repairs.  It will take a while to finish.  If it doesn't reboot when done, please do so and then try to uninstall Avast.  Do you get the same error?

  • 0

#20
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hey RKinner,

 

Same error. The repair completed with success. However, I don't have "appropriate permissions"  to run Avast as administrator.

 

Any ideas?

 

Thank you for your kind assistance and patience!


  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Please download GrantPerms.zip 
and save it to your desktop.
Unzip the file and depending on the system run  GrantPerms64.exe (Right click and Run as Admin)
Copy and paste the following in the edit box:
 
 
C:\Program Files\AVAST Software\Avast\AvastUI.exe
 
 
Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run. 
 
 
Fun FRST again.  In the search box put
 
User32.dll
 
then Search Files
 
It should eventually bring up a log.  Copy and paste it into a reply.

  • 0

#22
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner, good morning!

 

It worked! I didn't execute your last instructions. I simply restarted my computer and now I can run Avast as administrator!!!!

 

Should I uninstall it? Please let me know how to proceed.

 

Thank you!


Edited by Andre Silva, 13 February 2016 - 08:52 AM.

  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Good news.  I would  download a fresh copy from https://www.avast.com/indexand save it then uninstall the old Avast, reboot and install the new by right clicking and run as admin.

 

 

I'd still like to see what this says:

 

Fun FRST again.  In the search box put
 
User32.dll
 
then Search Files
 
It should eventually bring up a log.  Copy and paste it into a reply.

  • 0

#24
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

RKinner,

 

I successfully uninstalled Avast. However, now I cannot install it back as I'm getting the same error now, again. Please see error screenshot.

 

I did run FRST search for your analysis. Please let me know how I should proceed next. Thank you!

 

Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Izilda (2016-02-13 11:09:09)
Running from C:\Users\Izilda\Desktop
Boot Mode: Normal

================== Search Files: "User32.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll
[2015-12-08 19:35][2015-11-10 13:35] 0833024 ____A (Microsoft Corporation) D0A3A0DBF77EE35CE97E55DE92014E05 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll
[2015-12-08 19:35][2015-11-10 13:37] 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010-11-20 22:24][2010-11-20 22:24] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll
[2015-12-08 19:35][2015-11-10 13:59] 1009152 ____A (Microsoft Corporation) E42CB2576D5C8456C60988B1C908F41A [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll
[2015-12-08 19:35][2015-11-10 13:55] 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010-11-20 22:24][2010-11-20 22:24] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B [File is digitally signed]

C:\Windows\SysWOW64\user32.dll
[2015-12-08 19:35][2015-11-10 13:37] 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722 [File is digitally signed]

C:\Windows\System32\user32.dll
[2015-12-08 19:35][2015-11-10 13:55] 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A [File is digitally signed]

C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.10240.16384_none_d538ddf00809c9d6\user32.dll
[2015-07-10 05:30][2015-07-10 05:30] 1366168 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\user32.dll
[2015-07-10 05:30][2015-07-10 05:30] 1366168 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]

====== End of Search ======

Attached Thumbnails

  • Capture-error-install-avast.JPG

  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Suspect it's having troubles loading your profile.  I think we need to do a disk check:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

  • 0

Advertisements


#26
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hi RKinner!

 

OK, Error check completed with success after about 4 hours of running.

 

sfc / scannow also finished successfully without any system errors.

 

I'm sorry but I didn't understand if I should execute these instructions below because some lines were struck out. Please advise if I should execute these steps. Thank you!

 

1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

Attached Thumbnails

  • scannow.JPG

  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I put the strike through the download line since I figured you already had it from earlier.


  • 0

#28
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hey RKinner,

 

Sorry for the delay. I had to take my boy to the doc. Here are my logs. What's next please? :)

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/02/2016 10:55:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/02/2016 11:21:27 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 13/02/2016 11:21:16 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 13/02/2016 11:21:01 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  gbpddreg wsddfac

Log: 'System' Date/Time: 13/02/2016 11:21:01 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Warsaw Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 13/02/2016 11:21:01 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Warsaw Technology service to connect.

Log: 'System' Date/Time: 13/02/2016 10:40:00 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 13/02/2016 9:47:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 13/02/2016 9:46:54 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  gbpddreg wsddfac

Log: 'System' Date/Time: 13/02/2016 9:46:52 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Warsaw Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 13/02/2016 9:46:52 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Warsaw Technology service to connect.

Log: 'System' Date/Time: 13/02/2016 9:46:24 PM
Type: Error Category: 0
Event: 877 Source: Application Popup
There was error [DATABASE OPEN FAILED] processing the driver database.

Log: 'System' Date/Time: 13/02/2016 4:56:32 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 13/02/2016 4:56:25 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Gbpddreg svc service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 13/02/2016 4:56:12 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  gbpddreg wsddfac

Log: 'System' Date/Time: 13/02/2016 4:56:10 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Warsaw Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 13/02/2016 4:56:10 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Warsaw Technology service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/02/2016 11:21:00 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 13/02/2016 11:20:50 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 13/02/2016 11:07:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/02/2016 9:46:49 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 13/02/2016 9:46:40 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 13/02/2016 9:46:24 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WinUsb failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 13/02/2016 5:00:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 13/02/2016 4:56:08 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 13/02/2016 4:55:38 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_138A&PID_0018\268bfa16b503.

Log: 'System' Date/Time: 13/02/2016 4:54:53 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/02/2016 10:57:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/02/2016 11:21:29 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 13/02/2016 9:47:50 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 13/02/2016 4:56:25 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/02/2016 2:10:56 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3190529940-644357419-2377663512-1001}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    A server error occurred. Check that the server is available.  (HRESULT : 0x80041206) (0x80041206)

 


  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Get autoruns. Don't have the URL on my tablet but Google it. It's usually the too entry. TechNet.Microsoft.com/ something.. below the download autoruns, click on Run autoruns now and save it. Run by rightclick and Run as admin. Find the services that vew said didn't start. Uncheck them. Reboot. Is it faster booting now? Going to bed now. Have to get up early.
  • 0

#30
Andre Silva

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hey RKinner!

 

I did the autoruns. Definitely rebooting a lot quicker. I think Warsaw is still installed though, due to my system restore. And, I still cannot run Avast install as administrator. No antivirus installed at all.

 

Next steps?

 

Thank you!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP