Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC has become slow and mouse pointer stalls and freezes... pointer has

Started by jimxx7 , Mar 04 2017 07:39 PM

  • Please log in to reply

#31
jimxx7
Posted 11 March 2017 - 09:40 AM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
ino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/03/2017 2:39:49 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

Advertisements

#32
RKinner
Posted 11 March 2017 - 11:02 AM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP

Do you have a USB bluetooth device like a wireless mouse, keyboard or headset?

Doesn't look like it's working.

 

The rest of the errors are mostly from AVG so

Let's change out AVG and replace it with the free Avast:

 

Click on Download then choose the free version.
 
 
Download, Save,
 
Download and save the AVG removal tool
 

Uninstall AVG, right click on the removal tool you downloaded earlier and Run As Admin.  Reboot.

 

Right click on the Avast installer and Run As Admin.  Once Avast installs it will probably want a reboot.  You may be offered optional software, decline it and stay with the free Basic version.

 

Once installed and updated set it up to do a boot-time scan as follows:

 

 
Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
 
  Reboot and let it run a scan.  It may take hours so I usually run it while I sleep:
 
Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.

  • 0

#33
jimxx7
Posted 11 March 2017 - 09:07 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

 

Do you have a USB bluetooth device like a wireless mouse, keyboard or headset?

Doesn't look like it's working.

 

The rest of the errors are mostly from AVG so

Let's change out AVG and replace it with the free Avast:

 

Click on Download then choose the free version.
 
 
Download, Save,
 
Download and save the AVG removal tool
 

Uninstall AVG, right click on the removal tool you downloaded earlier and Run As Admin.  Reboot.

 

Right click on the Avast installer and Run As Admin.  Once Avast installs it will probably want a reboot.  You may be offered optional software, decline it and stay with the free Basic version.

 

Once installed and updated set it up to do a boot-time scan as follows:

 

 
Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.
 
  Reboot and let it run a scan.  It may take hours so I usually run it while I sleep:
 
Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.

 

 we have an issue with the AVG removal.

 

I can't download the tool. recieve the following:

 

An error occurred while processing your request.

Reference #132.5673cd17.1489287610.fa75704


  • 0

#34
RKinner
Posted 11 March 2017 - 09:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP

They moved it.  Try:  http://files-downloa...AVG_Remover.exe


  • 0

#35
jimxx7
Posted 11 March 2017 - 09:26 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

I removed AVG by first removing AVG Protection and then AVG (zen). When I removed AVG Protection I removed 'the vault' as well


  • 0

#36
jimxx7
Posted 11 March 2017 - 09:27 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

I removed AVG by first removing AVG Protection and then AVG (zen). When I removed AVG Protection I removed 'the vault' as well


  • 0

#37
jimxx7
Posted 11 March 2017 - 09:32 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

I guess its too late to get the removal file and run it?


  • 0

#38
RKinner
Posted 11 March 2017 - 09:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP

Won't hurt to run it.  It will pickup any leftover bits of AVG that the normal removal tool missed.


  • 0

#39
jimxx7
Posted 11 March 2017 - 11:38 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

OK - thanks again...

 

Ran the AVG removal tool - it found other stuff so it was worthwhile.

 

Log from AVAST Boot Scan

 

03/12/2017 14:58
Scan of C:
 
Scan of *STARTUP
 
File C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389958113424 is infected by Win32:Conduit-F [Adw], Moved to chest
File C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390895804790 is infected by Win32:Conduit-F [Adw], Moved to chest
File C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390895804807 is infected by Win32:Conduit-F [Adw], Moved to chest
File C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391069349253 is infected by Win32:Conduit-F [Adw], Moved to chest
File C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391069349269 is infected by Win32:Conduit-F [Adw], Moved to chest
File C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391412560940 is infected by Win32:Conduit-F [Adw], Moved to chest
File C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391498541711 is infected by Win32:Conduit-F [Adw], Moved to chest
File C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391498541712 is infected by Win32:Conduit-F [Adw], Moved to chest
File C:\Windows\Installer\af834d.msi|>Cabs.w1.cab|>FR_wzsepe32.exe.mui|>[Embedded_R#SFXHDR] is infected by Win32:Evo-gen [Susp], Moved to chest
File C:\Windows\Installer\af834d.msi|>Cabs.w1.cab|>CS_wzsepe32.exe.mui|>[Embedded_R#SFXHDR] is infected by Win32:Evo-gen [Susp], Moved to chest
File C:\Windows\Installer\af834d.msi|>Cabs.w1.cab|>DE_wzsepe32.exe.mui|>[Embedded_R#SFXHDR] is infected by Win32:Evo-gen [Susp], Moved to chest
File C:\Windows\Installer\af834d.msi|>Cabs.w1.cab|>ES_wzsepe32.exe.mui|>[Embedded_R#SFXHDR] is infected by Win32:Evo-gen [Susp], Moved to chest
File C:\Windows\Installer\af834d.msi|>Cabs.w1.cab|>IT_wzsepe32.exe.mui|>[Embedded_R#SFXHDR] is infected by Win32:Evo-gen [Susp], Moved to chest
File C:\Windows\Installer\af834d.msi|>Cabs.w1.cab|>MX_wzsepe32.exe.mui|>[Embedded_R#SFXHDR] is infected by Win32:Evo-gen [Susp], Moved to chest
File C:\Windows\Installer\af834d.msi|>Cabs.w1.cab|>FI_wzsepe32.exe.mui|>[Embedded_R#SFXHDR] is infected by Win32:Evo-gen [Susp], Moved to chest
Number of searched folders: 30216
Number of tested files: 678327
Number of infected files: 15
 
I was asked about the Windows Installer files and choose to move to chest - what do you think???

  • 0

#40
jimxx7
Posted 11 March 2017 - 11:38 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

And I replaced the wireless mouse with a cable version


  • 0

Advertisements

#41
RKinner
Posted 12 March 2017 - 07:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP

It looks like the installer stuff might be from winzip.  They usually have some adware riding along on the install which is the reason I prefer 7-zip to winzip.  Removing it to the chest was OK - tho since you have already installed it wasn't an active threat.

 

Check that you have a big enough pagefile:

 

Windows sets the initial minimum size of the paging file equal to the amount of random access memory (RAM) installed on your computer, and the maximum size equal to three times the amount of RAM installed on your computer.  Make sure that is what you have.

  1. Open System by clicking the Start buttonright-clicking Computer, and then clicking Properties.
  2. In the left pane, click Advanced system settings 
     
    If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. On the Advanced tab, under Performance, click Settings.
  4. Click the Advanced tab, and then, under Virtual memory, click Change.
  5. Clear the Automatically manage paging file size for all drives check box.
  6. Under Drive[Volume Label], click the drive that contains the paging file you want to change.
  7. Click Custom size, type a new size in megabytes in the Initial size (MB) or Maximum size (MB) box, click Set, and then click OK.

Let me know if you made any changes.

Then clear the alarms, reboot and :

 
Right click on Computer and select Manage. Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 

 

Reboot. 
 
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after the line)

sigverif

Press Start in the new window that pops up.

 

 

 

Does it find anything?

 

Either take a screenshot using the snipping tool and attach it or just copy down the names if there aren't too many.  


  • 0

#42
jimxx7
Posted 12 March 2017 - 03:16 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
modified Pagefile size to initial = 49095 and max = 49095
 
 
 
Here is the SYSTEM AND APPLICATION Logs:
(both in the one post)
 
===============================================================
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/03/2017 8:06:11 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/03/2017 8:49:24 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/03/2017 8:50:43 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\BTHUSB failed to load for the device USB\VID_0DB0&PID_A871\6&788acb3&0&2.
 
Log: 'System' Date/Time: 12/03/2017 8:49:31 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
==========================================================================
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 13/03/2017 8:07:40 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#43
jimxx7
Posted 12 March 2017 - 03:21 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Files found from Signature Verification:

 

maxxaudiorealtek.dll

sfcom64.dll

sfnhk64.dll

bthport.sys (version 6.1.2691.17607)

sfcom.dll


  • 0

#44
RKinner
Posted 12 March 2017 - 05:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP

Files that sigverif found don't look bad.  Something from Realtek HiDef Audio, several from Sonic Focus Effects and one bluetooth file that looks like it should be from Microsoft.  Odd that it doesn't have a signature.  Let's look at it a bit closer:

 

Run FRST and put bthport.sys in the Search: box then hit Search Files.

 

That should generate a file that shows what it found.  Copy and Paste it to a Reply.

 

Now that you have pagefile set to something nice and big perhaps it will get a dump file if it crashes again.


  • 0

#45
jimxx7
Posted 12 March 2017 - 06:32 PM

jimxx7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Jim (13-03-2017 11:30:36)
Running from C:\Users\Jim\Desktop
Boot Mode: Normal
 
================== Search Files: "bthport.sys" =============
 
C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8\bthport.sys
[2012-08-16 01:05][2012-07-07 06:58] 0552960 ____A (Microsoft Corporation) F4199097323B13F0D4976FB410673177 [File is digitally signed]
 
C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_d024215ad264fb95\bthport.sys
[2012-08-16 01:05][2012-07-07 07:07] 0552960 ____A (Microsoft Corporation) 738D0E9272F59EB7A1449C3EC118E6C4 [File is digitally signed]
 
C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\bthport.sys
[2010-11-21 14:23][2010-11-21 14:23] 0552448 ____A (Microsoft Corporation) 0D25B6D300BA26A5F2C3B2A8E96B158B [File is digitally signed]
 
C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\bthport.sys
[2010-11-21 14:23][2010-11-21 14:23] 0552448 ____A (Microsoft Corporation) 0D25B6D300BA26A5F2C3B2A8E96B158B [File is digitally signed]
 
C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
[2012-08-16 01:05][2012-07-07 07:07] 0552960 ____A (Microsoft Corporation) 738D0E9272F59EB7A1449C3EC118E6C4 [File is digitally signed]
 
C:\Windows\System32\drivers\bthport.sys
[2012-02-17 14:24][2012-02-17 14:24] 0552960 ____N (Microsoft Corporation) 64C198198501F7560EE41D8D1EFA7952 [File not signed]
 
====== End of Search ======

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP