installed why so slow and ran as Admin. Same issue, i.e. laptop gets frozen after i click on Analyze.
old laptop is working very slow, Toshiba Satellite M60 BK3
#46
Posted 20 November 2017 - 10:56 AM
#47
Posted 20 November 2017 - 11:15 AM
Let's run Rogue Killer
http://www.adlice.co...iller/#download
Portable 32 bits <= Use this one
Download and Save.
Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe) and Run As admin
Start Scan
Start Scan
Will take about 20 minutes to complete.
Open Report
Export TXT (save it to your desktop as rk) Save
Do not let Rogue Killer remove anything until you hear from me. Leave Rogue Killer up (but minimized) so you won't have to rescan.
Open rk.txt and copy and paste it to your next Reply.
#48
Posted 22 November 2017 - 09:14 PM
here is the report
RogueKiller V12.11.25.0 [Nov 20 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Michael [Administrator] Started from : C:\Users\Michael\Downloads\RogueKiller_portable32.exe Mode : Scan -- Date : 11/22/2017 17:17:15 (Duration : 00:54:04) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 21 ¤¤¤ [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} (%SystemRoot%\system32\systemcpl.dll) -> Found [PUP.SweetIM|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SweetIM -> Found [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\DriverTuner -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\DriverTuner_Init -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\IM -> Found [PUP.SweetIM|PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\SweetIM -> Found [PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found [PUP.Gen1] HKEY_USERS\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found [PUP.Gen1] HKEY_USERS\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found [PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found [PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67985CDF-AC98-4218-82A3-4A362C1C6A06} | DhcpNameServer : 172.20.10.1 ([]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{706C6C19-BB8F-4C05-A8A3-DCD5817CEA1F} | DhcpNameServer : 172.20.10.1 ([]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67985CDF-AC98-4218-82A3-4A362C1C6A06} | DhcpNameServer : 172.20.10.1 ([]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{706C6C19-BB8F-4C05-A8A3-DCD5817CEA1F} | DhcpNameServer : 172.20.10.1 ([]) -> Found [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1031GAS ATA Device +++++ --- User --- [MBR] 7714691ac6dd7798eee246d9bade173d [BSP] a56cf1a31ae89d2b8e4a1f85a8219da3 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 95205 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
#49
Posted 23 November 2017 - 06:54 AM
Let RK remove all but:
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67985CDF-AC98-4218-82A3-4A362C1C6A06} | DhcpNameServer : 172.20.10.1 ([]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{706C6C19-BB8F-4C05-A8A3-DCD5817CEA1F} | DhcpNameServer : 172.20.10.1 ([]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67985CDF-AC98-4218-82A3-4A362C1C6A06} | DhcpNameServer : 172.20.10.1 ([]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{706C6C19-BB8F-4C05-A8A3-DCD5817CEA1F} | DhcpNameServer : 172.20.10.1 ([]) -> Found
Download aswMBR.exe to your desktop.
The link is a direct download so the page won't change.
Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes. It will take a while to finish.
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.
#50
Posted 30 November 2017 - 03:58 AM
already 5th day in he row i'm running the aswMBR.exe scan and it never stops
Edited by mraskin, 30 November 2017 - 03:58 AM.
#51
Posted 30 November 2017 - 06:00 AM
It normally takes 2-3 hours. 5 days is too long. I'd stop it. Did it leave any logs on your desktop?
#52
Posted 02 December 2017 - 06:22 PM
i just clicked "Save log" and here it is:
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software Run date: 2017-11-29 22:39:39 ----------------------------- 22:39:39.706 OS Version: Windows 6.1.7601 Service Pack 1 22:39:39.706 Number of processors: 1 586 0xD08 22:39:39.710 ComputerName: TOSHIBA UserName: Michael 22:39:42.128 Initialize success 22:39:42.152 VM: initialized successfully 22:39:42.154 VM: Intel CPU virtualization not supported 22:39:50.555 AVAST engine defs: 17112902 22:40:20.190 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 22:40:20.200 Disk 0 Vendor: TOSHIBA_MK1031GAS AA204A Size: 95205MB BusType: 3 22:40:20.444 Disk 0 MBR read successfully 22:40:20.455 Disk 0 MBR scan 22:40:20.467 Disk 0 Windows 7 default MBR code 22:40:20.478 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95205 MB offset 63 22:40:20.502 Disk 0 Boot: NTFS code=1 22:40:20.517 Disk 0 scanning sectors +194980905 22:40:20.732 Disk 0 scanning C:\Windows\system32\drivers 22:40:41.029 Service scanning 22:41:29.030 Modules scanning 22:41:29.399 Disk 0 trace - called modules: 22:41:29.449 ntoskrnl.exe CLASSPNP.SYS disk.sys aswArPot.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys AGRSM.sys dxgkrnl.sys nvlddmkm.sys dxgmms1.sys 22:41:29.457 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e3f4d0] 22:41:29.466 3 aswArPot.sys[90fd3503] -> nt!IofCallDriver -> [0x859ed918] 22:41:29.475 5 ACPI.sys[89a1a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b3610] 22:41:30.065 AVAST engine scan C:\ 16:19:38.107 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat" 16:19:38.268 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
#53
Posted 02 December 2017 - 07:56 PM
Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot.
Make a new Process Explorer log and post it. If Interrupts is a lot lower then go back into msconfig and recheck 1/2 of the entries. OK and Reboot. Keep doing that until you isolate the cause.
#54
Posted 02 December 2017 - 08:29 PM
#55
Posted 02 December 2017 - 08:38 PM
#56
Posted 02 December 2017 - 08:46 PM
here is the Process Explorer log :
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer procexp.exe 32.77 22,300 K 40,016 K 1436 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation Interrupts 28.29 0 K 0 K n/a Hardware Interrupts and DPCs System Idle Process 26.04 0 K 12 K 0 csrss.exe 4.44 12,900 K 9,524 K 476 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows explorer.exe 2.26 39,056 K 58,244 K 3240 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows System 1.59 48 K 248 K 4 svchost.exe 1.07 5,008 K 9,956 K 3880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.78 8,460 K 10,628 K 1708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows AvastSvc.exe 0.56 116,940 K 40,960 K 1388 Avast Service AVAST Software (Verified) AVAST Software s.r.o. chrome.exe 0.47 83,752 K 129,540 K 3748 Google Chrome Google Inc. (Verified) Google Inc aswidsagent.exe 0.35 11,356 K 20,948 K 2600 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o. AvastUI.exe 0.32 22,952 K 46,684 K 3680 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o. wmpnetwk.exe 0.29 11,356 K 10,084 K 3664 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.13 6,720 K 11,988 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows services.exe 0.11 3,928 K 5,812 K 524 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows taskhost.exe 0.10 5,576 K 8,648 K 3112 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.07 15,824 K 14,052 K 820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows SearchIndexer.exe 0.07 36,188 K 23,028 K 3572 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.06 13,380 K 12,768 K 1312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.06 16,952 K 27,436 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 0.06 61,032 K 66,992 K 908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows csrss.exe 0.05 1,364 K 3,376 K 412 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows chrome.exe 0.03 24,316 K 32,936 K 2092 Google Chrome Google Inc. (Verified) Google Inc svchost.exe 0.02 2,132 K 4,908 K 772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows winlogon.exe 1,524 K 4,688 K 556 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows wininit.exe 824 K 2,916 K 468 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows svchost.exe 12,208 K 9,168 K 1560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 2,524 K 5,804 K 700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 2,868 K 4,540 K 1668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows svchost.exe 1,072 K 3,784 K 1880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows spoolsv.exe 4,996 K 7,840 K 1516 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows smss.exe 212 K 684 K 308 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows lsm.exe 1,196 K 2,844 K 576 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows lsass.exe 3,316 K 8,288 K 568 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows FXSSVC.exe 1,824 K 4,592 K 1956 Fax Service Microsoft Corporation (Verified) Microsoft Windows dwm.exe 1,388 K 4,840 K 3212 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows chrome.exe 53,168 K 73,828 K 2700 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 72,624 K 71,956 K 1636 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 79,584 K 74,496 K 2228 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 38,484 K 59,884 K 1008 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 22,560 K 31,076 K 3648 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 1,396 K 4,672 K 3840 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 102,048 K 87,764 K 2272 Google Chrome Google Inc. (Verified) Google Inc chrome.exe 1,456 K 4,916 K 1068 Google Chrome Google Inc. (Verified) Google Inc audiodg.exe 16,116 K 15,276 K 3156 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
#57
Posted 02 December 2017 - 09:15 PM
My avast doesn't seem to mind the site. I just get a login form when I go there. Perhaps they have fixed the infection.
OK. Nothing in MSCONFIG had any effect on the high interrupts so you can go back in and recheck everything.
I wonder if Process Monitor will run on your PC. It might capture what is happening but its logfiles are super big. Perhaps a single page might be enough:
download Process Monitor http://live.sysinter...com/Procmon.exe
Save it to your desktop. Run Process Monitor.
As soon as it starts, File, then uncheck Capture Events. Once it stops,
Scroll to the last full page of events
Now click at the top of the page and then go down to the bottom of the page, hold down the shift key and click on the last line. That should highlight a full page of events.
File, Save, Highlighted Events, Format: Comma-Separated Values (CSV) then OK. It should save the file to logfile.csv which should be on your desktop. Close Process Monitor. and zip up the logfile.csv and attach it to a Reply. (You can also just rename it to logfile.txt and attach it if you don't have 7-zip)
#58
Posted 03 December 2017 - 12:59 PM
here is the logfile.txt
Attached Files
#59
Posted 03 December 2017 - 06:51 PM
It seems to be in a loop. Keeps checking HKLM\SYSTEM\Setup\SystemSetupInProgress & is told it is 0 which means no setup in progress but then it asks the same thing over and over again. Finally it looks at the version number for IE which is 9.11.9600.18837 (badly in need of updating).
Can you do another page from somewhere in the middle?
Have you tried running the System Update Readiness Tool for Windows 7
https://www.microsof...ls.aspx?id=3132
#60
Posted 04 December 2017 - 06:51 PM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users