[mraskin]

installed why so slow and ran as Admin. Same issue, i.e. laptop gets frozen after i click on Analyze. 

[Advertisements]

Let's run Rogue Killer

http://www.adlice.co...iller/#download
Portable 32 bits <= Use this one


Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 

[RKinner]

Let's run Rogue Killer

http://www.adlice.co...iller/#download
Portable 32 bits <= Use this one


Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 

[mraskin]

here is the report

RogueKiller V12.11.25.0 [Nov 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Michael [Administrator]
Started from : C:\Users\Michael\Downloads\RogueKiller_portable32.exe
Mode : Scan -- Date : 11/22/2017 17:17:15 (Duration : 00:54:04)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 21 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} (%SystemRoot%\system32\systemcpl.dll) -> Found
[PUP.SweetIM|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SweetIM -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\DriverTuner -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\DriverTuner_Init -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\IM -> Found
[PUP.SweetIM|PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\SweetIM -> Found
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67985CDF-AC98-4218-82A3-4A362C1C6A06} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{706C6C19-BB8F-4C05-A8A3-DCD5817CEA1F} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67985CDF-AC98-4218-82A3-4A362C1C6A06} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{706C6C19-BB8F-4C05-A8A3-DCD5817CEA1F} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1019612095-945130092-1823104862-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1031GAS ATA Device +++++
--- User ---
[MBR] 7714691ac6dd7798eee246d9bade173d
[BSP] a56cf1a31ae89d2b8e4a1f85a8219da3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 95205 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[RKinner]

Let RK remove all but:

[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67985CDF-AC98-4218-82A3-4A362C1C6A06} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{706C6C19-BB8F-4C05-A8A3-DCD5817CEA1F} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67985CDF-AC98-4218-82A3-4A362C1C6A06} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{706C6C19-BB8F-4C05-A8A3-DCD5817CEA1F} | DhcpNameServer : 172.20.10.1 ([])  -> Found

 

Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.
 

[mraskin]

already 5th day in he row i'm running the aswMBR.exe scan and it never stops

Edited by mraskin, 30 November 2017 - 03:58 AM.

[RKinner]

It normally takes 2-3 hours.  5 days is too long.  I'd stop it.  Did it leave any logs on your desktop?

[mraskin]

i just clicked "Save log" and here it is:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-11-29 22:39:39
-----------------------------
22:39:39.706    OS Version: Windows 6.1.7601 Service Pack 1
22:39:39.706    Number of processors: 1 586 0xD08
22:39:39.710    ComputerName: TOSHIBA  UserName: Michael
22:39:42.128    Initialize success
22:39:42.152    VM: initialized successfully
22:39:42.154    VM: Intel CPU virtualization not supported 
22:39:50.555    AVAST engine defs: 17112902
22:40:20.190    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:40:20.200    Disk 0 Vendor: TOSHIBA_MK1031GAS AA204A Size: 95205MB BusType: 3
22:40:20.444    Disk 0 MBR read successfully
22:40:20.455    Disk 0 MBR scan
22:40:20.467    Disk 0 Windows 7 default MBR code
22:40:20.478    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS        95205 MB offset 63
22:40:20.502    Disk 0 Boot: NTFS     code=1
22:40:20.517    Disk 0 scanning sectors +194980905
22:40:20.732    Disk 0 scanning C:\Windows\system32\drivers
22:40:41.029    Service scanning
22:41:29.030    Modules scanning
22:41:29.399    Disk 0 trace - called modules:
22:41:29.449    ntoskrnl.exe CLASSPNP.SYS disk.sys aswArPot.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys AGRSM.sys dxgkrnl.sys nvlddmkm.sys dxgmms1.sys 
22:41:29.457    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e3f4d0]
22:41:29.466    3 aswArPot.sys[90fd3503] -> nt!IofCallDriver -> [0x859ed918]
22:41:29.475    5 ACPI.sys[89a1a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b3610]
22:41:30.065    AVAST engine scan C:\
16:19:38.107    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
16:19:38.268    The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

[RKinner]

Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot. 

 

Make a new Process Explorer log and post it.  If Interrupts is a lot lower then go back into msconfig and recheck 1/2 of the entries.  OK and Reboot.  Keep doing that until you isolate the cause.

[mraskin]

did all this and after the reboot I've got Avast's  notificatification

Attached Thumbnails

• 

[mraskin]

and this too

Attached Thumbnails

• 

Edited by mraskin, 02 December 2017 - 08:39 PM.

[mraskin]

here is the Process Explorer log :

Process	CPU	Private Bytes	Working Set	PID	Description	Company Name	Verified Signer
procexp.exe	32.77	22,300 K	40,016 K	1436	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com	(Verified) Microsoft Corporation
Interrupts	28.29	0 K	0 K	n/a	Hardware Interrupts and DPCs		
System Idle Process	26.04	0 K	12 K	0			
csrss.exe	4.44	12,900 K	9,524 K	476	Client Server Runtime Process	Microsoft Corporation	(Verified) Microsoft Windows
explorer.exe	2.26	39,056 K	58,244 K	3240	Windows Explorer	Microsoft Corporation	(Verified) Microsoft Windows
System	1.59	48 K	248 K	4			
svchost.exe	1.07	5,008 K	9,956 K	3880	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe	0.78	8,460 K	10,628 K	1708	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
AvastSvc.exe	0.56	116,940 K	40,960 K	1388	Avast Service	AVAST Software	(Verified) AVAST Software s.r.o.
chrome.exe	0.47	83,752 K	129,540 K	3748	Google Chrome	Google Inc.	(Verified) Google Inc
aswidsagent.exe	0.35	11,356 K	20,948 K	2600	Avast Behavior Shield	AVAST Software	(Verified) AVAST Software s.r.o.
AvastUI.exe	0.32	22,952 K	46,684 K	3680	Avast Antivirus	AVAST Software	(Verified) AVAST Software s.r.o.
wmpnetwk.exe	0.29	11,356 K	10,084 K	3664	Windows Media Player Network Sharing Service	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe	0.13	6,720 K	11,988 K	936	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
services.exe	0.11	3,928 K	5,812 K	524	Services and Controller app	Microsoft Corporation	(Verified) Microsoft Windows
taskhost.exe	0.10	5,576 K	8,648 K	3112	Host Process for Windows Tasks	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe	0.07	15,824 K	14,052 K	820	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
SearchIndexer.exe	0.07	36,188 K	23,028 K	3572	Microsoft Windows Search Indexer	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe	0.06	13,380 K	12,768 K	1312	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe	0.06	16,952 K	27,436 K	960	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe	0.06	61,032 K	66,992 K	908	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
csrss.exe	0.05	1,364 K	3,376 K	412	Client Server Runtime Process	Microsoft Corporation	(Verified) Microsoft Windows
chrome.exe	0.03	24,316 K	32,936 K	2092	Google Chrome	Google Inc.	(Verified) Google Inc
svchost.exe	0.02	2,132 K	4,908 K	772	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
winlogon.exe		1,524 K	4,688 K	556	Windows Logon Application	Microsoft Corporation	(Verified) Microsoft Windows
wininit.exe		824 K	2,916 K	468	Windows Start-Up Application	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe		12,208 K	9,168 K	1560	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe		2,524 K	5,804 K	700	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe		2,868 K	4,540 K	1668	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
svchost.exe		1,072 K	3,784 K	1880	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
spoolsv.exe		4,996 K	7,840 K	1516	Spooler SubSystem App	Microsoft Corporation	(Verified) Microsoft Windows
smss.exe		212 K	684 K	308	Windows Session Manager	Microsoft Corporation	(Verified) Microsoft Windows
lsm.exe		1,196 K	2,844 K	576	Local Session Manager Service	Microsoft Corporation	(Verified) Microsoft Windows
lsass.exe		3,316 K	8,288 K	568	Local Security Authority Process	Microsoft Corporation	(Verified) Microsoft Windows
FXSSVC.exe		1,824 K	4,592 K	1956	Fax Service	Microsoft Corporation	(Verified) Microsoft Windows
dwm.exe		1,388 K	4,840 K	3212	Desktop Window Manager	Microsoft Corporation	(Verified) Microsoft Windows
chrome.exe		53,168 K	73,828 K	2700	Google Chrome	Google Inc.	(Verified) Google Inc
chrome.exe		72,624 K	71,956 K	1636	Google Chrome	Google Inc.	(Verified) Google Inc
chrome.exe		79,584 K	74,496 K	2228	Google Chrome	Google Inc.	(Verified) Google Inc
chrome.exe		38,484 K	59,884 K	1008	Google Chrome	Google Inc.	(Verified) Google Inc
chrome.exe		22,560 K	31,076 K	3648	Google Chrome	Google Inc.	(Verified) Google Inc
chrome.exe		1,396 K	4,672 K	3840	Google Chrome	Google Inc.	(Verified) Google Inc
chrome.exe		102,048 K	87,764 K	2272	Google Chrome	Google Inc.	(Verified) Google Inc
chrome.exe		1,456 K	4,916 K	1068	Google Chrome	Google Inc.	(Verified) Google Inc
audiodg.exe		16,116 K	15,276 K	3156	Windows Audio Device Graph Isolation 	Microsoft Corporation	(Verified) Microsoft Windows

[RKinner]

My avast doesn't seem to mind the site.  I just get a login form when I go there.  Perhaps they have fixed the infection.

 

OK.  Nothing in MSCONFIG had any effect on the high interrupts so you can go back in and recheck everything. 

 

I wonder if Process Monitor will run on your PC.  It might capture what is happening but its logfiles are super big.  Perhaps a single page might be enough:

 

download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop.  Run Process Monitor.

As soon as it starts, File, then uncheck Capture Events.  Once it stops,

Scroll to the last full page of events

Now click at the top of the page and then go down to the bottom of the page, hold down the shift key and click on the last line.  That should highlight a full page of events.

File, Save, Highlighted Events, Format: Comma-Separated Values (CSV) then OK.  It should save the file to logfile.csv which should be on your desktop.  Close Process Monitor.  and zip up the logfile.csv and attach it to a Reply.  (You can also just rename it to logfile.txt and attach it if you don't have 7-zip)

 

[mraskin]

here is the logfile.txt

Attached Files

•  Logfile.txt   5.59KB   265 downloads

[RKinner]

It seems to be in a loop.  Keeps checking HKLM\SYSTEM\Setup\SystemSetupInProgress & is told it is 0 which means no setup in progress but then it asks the same thing over and over again.  Finally it looks at the version number for IE which is 9.11.9600.18837  (badly in need of updating).

 

Can you do another page from somewhere in the middle?

 

Have you tried running the System Update Readiness Tool for Windows 7

 

https://www.microsof...ls.aspx?id=3132

[mraskin]

I just ran System Update Readiness Tool for Windows 7. It installed Hotfix for Windows (KB947821)

I just checked IE version on my laptop and it is 11.0.9600.18837

 

And here is a middle portion of the log:

Attached Thumbnails

• 

Attached Files

•  Logfile1.txt   9.61KB   241 downloads

Edited by mraskin, 04 December 2017 - 07:49 PM.