Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

infection, PC is so slow, boot and Internet

Started by vatch , Jul 06 2017 06:59 PM

Please log in to reply

#46
vatch

Posted 09 July 2017 - 09:47 PM

Member

Topic Starter
Member
55 posts

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 09/07/2017 11:43:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 10/07/2017 3:40:48 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 2 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 10/07/2017 3:41:13 AM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/07/2017 3:40:56 AM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/07/2017 3:40:52 AM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

#47
vatch

Posted 09 July 2017 - 09:48 PM

Member

Topic Starter
Member
55 posts

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 09/07/2017 11:47:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 10/07/2017 3:40:48 AM

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 2 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 10/07/2017 3:41:13 AM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/07/2017 3:40:56 AM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/07/2017 3:40:52 AM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

#48
RKinner

Posted 09 July 2017 - 10:34 PM

Malware Expert

Expert
24,625 posts

No application log. Going to bed now.

#49
vatch

Posted 09 July 2017 - 11:14 PM

Member

Topic Starter
Member
55 posts

Okay... thank you and have a good night!

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 10/07/2017 1:13:51 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 10/07/2017 3:45:53 AM

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 558 Start Time: 01d2f92e8ccf3c0f Termination Time: 16 Application Path: C:\Windows\Explorer.EXE Report Id: 2f2c3acf-6522-11e7-93ea-9305dce75251

Log: 'Application' Date/Time: 10/07/2017 3:40:39 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6 Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6 Exception code: 0x40000015 Fault offset: 0x000000000022af96 Faulting process id: 0x1568 Faulting application start time: 0x01d2f91ee78b98fe Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Report Id: 8a4f658a-6521-11e7-8624-a2036eb82f24

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 10/07/2017 4:17:33 AM

Type: Warning Category: 0

Event: 12348 Source: VSS

Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{f6501013-edb9-11e1-b440-c48508243ded}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:

Removing auto-release shadow copies

Loading provider

Context:

Execution Context: System Provider

Log: 'Application' Date/Time: 10/07/2017 3:54:23 AM

Type: Warning Category: 1

Event: 100 Source: CVHSVC

Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 10/07/2017 3:54:23 AM

Type: Warning Category: 1

Event: 100 Source: CVHSVC

Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 10/07/2017 3:54:23 AM

Type: Warning Category: 1

Event: 100 Source: CVHSVC

Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 10/07/2017 3:44:28 AM

Type: Warning Category: 11

Event: 3211 Source: Application Virtualization Client

{tid=EA8}

Attempting Transport Connection URL: http://c2r.microsoft...0.7181.5002.sftError: 24600F0A-10000001

Log: 'Application' Date/Time: 10/07/2017 3:44:08 AM

Type: Warning Category: 6

Event: 3057 Source: Application Virtualization Client

{tid=CF8}

The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: BOB-VAIO Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 10/07/2017 3:43:54 AM

Type: Warning Category: 3

Event: 3191 Source: Application Virtualization Client

{tid=CF8}

-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 10/07/2017 3:40:30 AM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-1830509043-3057109524-1489324202-1001:

Process 1248 (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1830509043-3057109524-1489324202-1001

Process 1248 (\Device\HarddiskVolume5\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1830509043-3057109524-1489324202-1001\Software\Microsoft\SystemCertificates\Root

#50
RKinner

Posted 10 July 2017 - 08:11 AM

Malware Expert

Expert
24,625 posts

Log: 'Application' Date/Time: 10/07/2017 4:17:33 AM

Type: Warning Category: 0

Event: 12348 Source: VSS

Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{f6501013-edb9-11e1-b440-c48508243ded}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

I expect this is Q: Copy the next two lines:

reg query HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices /s > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Win 8: http://www.eightforu...indows-8-a.html

win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Log: 'Application' Date/Time: 10/07/2017 3:45:53 AM

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 558 Start Time: 01d2f92e8ccf3c0f Termination Time: 16 Application Path: C:\Windows\Explorer.EXE Report Id: 2f2c3acf-6522-11e7-93ea-9305dce75251

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:

http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it (right click and Run As Admin)and look for the MICROSOFT column header. (You may need to scroll to the right to see it) Click once or twice on MICROSOFT so that items with NO are at the top.

Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and hopefully Explorer will stop crashing.

Log: 'Application' Date/Time: 10/07/2017 3:40:39 AM

Type: Error Category: 100

Event: 1000 Source: Application Error

Faulting application name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6 Faulting module name: ZeroConfigService.exe, version: 19.60.0.0, time stamp: 0x58d16fa6 Exception code: 0x40000015 Fault offset: 0x000000000022af96 Faulting process id: 0x1568 Faulting application start time: 0x01d2f91ee78b98fe Faulting application path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Faulting module path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Report Id: 8a4f658a-6521-11e7-8624-a2036eb82f24

Guess you weren't able to get Windows to handle the WiFi so you could turn this off? Where do you need help?

#51
vatch

Posted 10 July 2017 - 04:25 PM

Member

Topic Starter
Member
55 posts

HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

\DosDevices\C: REG_BINARY 444D494F3A49443AF9F4B73700DEA54680780D645A6A7CB4

\??\Volume{92b23e4b-b1d9-11e1-b2ff-806e6f6e6963} REG_BINARY 5C003F003F005C0049004400450023004300640052006F006D004D0041005400530048004900540041005F004400560044002D00520041004D005F0055004A00380041003700410053005F005F005F005F005F005F005F005F005F005F005F005F005F005F005F005F0031002E00300030005F005F005F005F002300340026003300620036003700380035006100660026003000260030002E0031002E00300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\DosDevices\D: REG_BINARY 5F003F003F005F00500043004900530054004F00520023004400690073006B002600560065006E005F005200450041004C00530049004C002600500072006F0064005F0052005400530035003200300038004C0055004E00300026005200650076005F0031002E00300030002300300030003000300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\DosDevices\E: REG_BINARY 5C003F003F005C0049004400450023004300640052006F006D004D0041005400530048004900540041005F004400560044002D00520041004D005F0055004A00380041003700410053005F005F005F005F005F005F005F005F005F005F005F005F005F005F005F005F0031002E00300030005F005F005F005F002300340026003300620036003700380035006100660026003000260030002E0031002E00300023007B00350033006600350036003300300064002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{f6501013-edb9-11e1-b440-c48508243ded} REG_BINARY 5C003F003F005C0056006F006C0075006D0065007B00610030003800380038003800300034002D0033003000370033002D0034006500660032002D0062003700660065002D003800370064003300340034003300630066003500390066007D00

\DosDevices\Q: REG_BINARY 5C003F003F005C0056006F006C0075006D0065007B00610030003800380038003800300034002D0033003000370033002D0034006500660032002D0062003700660065002D003800370064003300340034003300630066003500390066007D00

\??\Volume{b30c7d7d-f775-11e1-806e-30f9eded50a9} REG_BINARY 5F003F003F005F00500043004900530054004F00520023004400690073006B002600560065006E005F005200450041004C00530049004C002600500072006F0064005F0052005400530035003200300038004C0055004E00310026005200650076005F0031002E00300030002300300030003000300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{210f1ce4-139c-11e2-992c-c48508243ded} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F004100700070006C0065002600500072006F0064005F00690050006F00640026005200650076005F0031002E0037003000230030003000300041003200370030003000320032004400430033003200300032002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{68321502-8914-11e2-ae0e-806e6f6e6963} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F00530061006E004400690073006B002600500072006F0064005F004300720075007A00650072005F0047006C0069006400650026005200650076005F0031002E00320036002300320030003000340034003500320038003400320031004400430039004300310031004600330041002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{683215f0-8914-11e2-ae0e-30f9eded50a9} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F00530061006E004400690073006B002600500072006F0064005F004300720075007A00650072005F004D006900630072006F0026005200650076005F0038002E0030003100230034003500320038003700310030004300440038003200300046004100370042002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{6832161a-8914-11e2-ae0e-30f9eded50a9} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F0050004E0059002600500072006F0064005F005500530042005F0032002E0030005F004600440026005200650076005F0031003100300030002300410043004100380030003400440030003600300030003000300032003100310033002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{68321624-8914-11e2-ae0e-30f9eded50a9} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F00530061006E004400690073006B002600500072006F0064005F004300720075007A006500720026005200650076005F0038002E0030003200230033003500310034003600300030004500460045003200330031003600310033002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{71f076a6-94d7-11e2-b42c-30f9eded50a9} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F0070006E0079002600500072006F0064005F005500530042005F0032002E0030005F004600440026005200650076005F0031002E003000300023003000300036003000450030003400440045004600320039004100430037003000440032004300460031003800320045002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{fb0dfe35-e155-11e2-ae6c-30f9eded50a9} REG_BINARY 5F003F003F005F00500043004900530054004F00520023004400690073006B002600560065006E005F005200450041004C00530049004C002600500072006F0064005F0052005400530035003200300038004C0055004E00300026005200650076005F0031002E00300030002300300030003000300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{01da1a35-1495-11e3-97cd-30f9eded50a9} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F00420072006F0074006800650072002600500072006F0064005F004D00460043002D003400390035004300570026005200650076005F0031002E00300030002300380026003100380064006300300066003000260030002600420052004F004100300046003200390032003100370039002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\DosDevices\F: REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F00420072006F0074006800650072002600500072006F0064005F004D00460043002D003400390035004300570026005200650076005F0031002E00300030002300380026003100380064006300300066003000260030002600420052004F004100300046003200390032003100370039002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{1ecca124-5957-11e3-bf60-c48508243ded} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F004B0069006E006700730074006F006E002600500072006F0064005F00440054005F003100300031005F004700320026005200650076005F0050004D004100500023003000300031003900450030003600420030003700420033004500430042003000430037003400390030003000350031002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{b85bfbc3-7e86-11e3-96cd-30f9eded50a9} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F0041004D00420041002600500072006F0064005F00530074006F00720061006700650026005200650076005F00760031002E00300023003100320033003400350036003700380039004100420043002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{96b5b3b2-0c1e-11e4-accb-30f9eded50a9} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F0053006F006E0079002600500072006F0064005F0044005300430026005200650076005F0031002E003000300023004400350035003000360030003600390030003000390034002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

\??\Volume{1027d25b-e69c-11e5-9632-30f9eded50a9} REG_BINARY 5F003F003F005F00550053004200530054004F00520023004400690073006B002600560065006E005F004B0069006E006700730074006F006E002600500072006F0064005F004400610074006100540072006100760065006C00650072005F0032002E00300026005200650076005F0050004D004100500023003500420038003400310038003000300037004200370034002600300023007B00350033006600350036003300300037002D0062003600620066002D0031003100640030002D0039003400660032002D003000300061003000630039003100650066006200380062007D00

#52
RKinner

Posted 10 July 2017 - 04:43 PM

Malware Expert

Expert
24,625 posts

\??\Volume{f6501013-edb9-11e1-b440-c48508243ded} REG_BINARY 5C003F003F005C0056006F006C0075006D0065007B00610030003800380038003800300034002D0033003000370033002D0034006500660032002D0062003700660065002D003800370064003300340034003300630066003500390066007D00

\DosDevices\Q: REG_BINARY 5C003F003F005C0056006F006C0075006D0065007B00610030003800380038003800300034002D0033003000370033002D0034006500660032002D0062003700660065002D003800370064003300340034003300630066003500390066007D00

It's Q:\ which is a virtual drive used by MS Office CTR. Did you look in Control Panel, System, System Protection, Then find Q: under Protection Settings (you will have to scroll down to find it). Click on it then Configure and Turen Off System Protection. OK.

#53
vatch

Posted 10 July 2017 - 05:04 PM

Member

Topic Starter
Member
55 posts

Ok. Doing it now

#54
vatch

Posted 10 July 2017 - 05:07 PM

Member

Topic Starter
Member
55 posts

I don't see Q under protection settings. Just Local Disk (c:) (System) And under that is recovery. That's the only 2 things under protection settings

#55
vatch

Posted 10 July 2017 - 05:13 PM

Member

Topic Starter
Member
55 posts

I just shut off my wifi and turned on direct. Is this what you wanted me to do? This is what i was having trouble with. : )

#56
RKinner

Posted 10 July 2017 - 05:57 PM

Malware Expert

Expert
24,625 posts

Doesn't sound like it. Intel provides some software to control the WiFi. It's crashing so I thought we could turn it off and let Windows do the Wifi.

#57
vatch

Posted 10 July 2017 - 06:41 PM

Member

Topic Starter
Member
55 posts

Recovery is off. Does that matter?

#58
RKinner

Posted 10 July 2017 - 06:48 PM

Malware Expert

Expert
24,625 posts

What are you talking about?

#59
vatch

Posted 10 July 2017 - 10:26 PM

Member

Topic Starter
Member
55 posts

Under Protection settings the Recovery drive is off. I was just letting you know.

#60
RKinner

Posted 11 July 2017 - 04:56 AM

Malware Expert

Expert
24,625 posts

I assume you are saying that the drive marked Recovery is set to Off in the Protection Settings. The Recovery drive is where your PC maker stores the information used to return the PC to the way it was when it left the factory. It never changes so there is no need back it up with System Restore so it should be Off.