Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*Sigh* Friend asks me to look at his laptop, will only boot in Safe mode


  • Please log in to reply
16 replies to this topic

#1 Devel84

Devel84

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 29 March 2015 - 03:39 PM

Hi Again Bleeping Computer...

 

 

So my friend asks me to look at his laptop, as it would only boot in Safe mode.

 

I started to look and *Sigh*, no windows updates since March 2014, all marked as failed. Out of date AVG (although I am not sure it was even working), some dodgy looking IE tool bars installed, and redirects on normal websites :smash:

 

So ive uninstalled as much as I could, including AVG. Tried to start MSE would not start.

 

So Im thinking more serious infection :(

 

Used Malwarebytes and combo fix, and have managed to get laptop to boot normally, and managed to get MSE installed. And windows updates working again.

 

However Now svchost is using easily 50% of physical memory, resource monitor shows crazy disc read/writes and windows updates starting to fail again. So I may have made things slightly better but no means fixed.

 

No doubt with the above, performance is also terrible.

 

So please BleepingComputer Can you help.

 

Windows 7 home Premium SP1

 

thank you!


Edited by hamluis, 29 March 2015 - 04:01 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 29 March 2015 - 04:25 PM

Try running Eset Online Scanner in Safe Mode.

You should also consider doing a clean reinstall of Windows 7 since the problems/ malware infections have existed for a year or more.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Devel84

Devel84
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 29 March 2015 - 05:31 PM

Hi Buddy,

 

Thanks for your prompt reply.

 

I ran ESET, and as per your last note, it showed no infections, and did not show any option to view/download a log.

 

I am not sure if I have an infection, or if it is just the aftermath of an infection, please advise next step?

 

Many thanks



#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 29 March 2015 - 05:47 PM

Try two more scans and cleaning up with CCleaner. If those scans come up clean then maybe running the repairs using Windows Repair (All In One) Download

can repair the damage. Be sure to run Option #4 as well as the other repairs pertinent to your computer.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
  •  
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Devel84

Devel84
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 29 March 2015 - 06:19 PM

Thank you Again Buddy,

 

CCleaner deleted 380mb,

 

Logs from AdwCleaner and JRT below, please advise if I should run the Windows repair tool you mentioned?

 

# AdwCleaner v4.200 - Logfile created 30/03/2015 at 00:02:44
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Colin - COLIN-PC
# Running from : C:\Users\Colin\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v

-\\ Google Chrome v

[C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://isearch.avg.com?cid={057F3536-57E4-4B5E-80F6-AFB084AE7807}&mid=8bdcbb2e714d47d0b173d1572e9ec6e7-36a0dce4d4431fe220dfc9c044cfea7752f5f1b2&lang=en&ds=AVG&coid=&cmpid=&pr=fr&d=2013-01-27 18:11:20&v=18.1.0.443&pid=avg&sg=0&sap=hp

*************************

AdwCleaner[R1].txt - [1183 bytes] - [29/03/2015 23:56:06]
AdwCleaner[S1].txt - [1112 bytes] - [30/03/2015 00:02:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1171  bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Home Premium x86
Ran by Colin on 30/03/2015 at  0:05:47.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/03/2015 at  0:08:17.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 29 March 2015 - 07:35 PM

Yes, run the Windows Repair.....

 

Then do this:

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 29 March 2015 - 07:54 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Devel84

Devel84
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 29 March 2015 - 08:48 PM

Hi Again Buddy,

 

Really appreciate your help :)

 

Think you may have identified an issue, running window repair from tweaking, originally had an error on Reparse for C:\users\(logged on and only user)\Cookies\, which the tool appeared to work (at step 2) and repair.

 

So Continued to proceed with Windows Repair Tool.

 

Then CHKDISK at Step 3, highlighted an error, which the tool said had to be repaired at restart.

 

Upon Restart Windows did not appear to restart and the system "hung" before rebooting.

 

Upon Rerunning step 3, same error appears, please see log and advise...

 

Many Thanks yet again!

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Colin\Desktop>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

C:\>chkdsk C:
The type of the file system is NTFS.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
9 percent complete. (147201 of 147712 file records processed)    
  147712 file records processed.                                        

File verification completed.
  876 large file records processed.                                  

  0 bad file records processed.                                    

  0 EA records processed.                                          

  47 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
34 percent complete. (165993 of 184770 index entries processed)   
184770 index entries processed.                                       

Index verification completed.
0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
44 percent complete. (135138 of 147712 file SDs/SIDs processed)   
147712 file SDs/SIDs processed.                                       

Security descriptor verification completed.
  18530 data files processed.                                          

CHKDSK is verifying Usn Journal...
100 percent complete. (34013184 of 34013328 USN bytes processed)       
  34013328 USN bytes processed.                                           

Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

  78046207 KB total disk space.
  21444212 KB in 80330 files.
     57432 KB in 18531 indexes.
         0 KB in bad sectors.
    255967 KB in use by the system.
     65536 KB occupied by the log file.
  56288596 KB available on disk.

      4096 bytes in each allocation unit.
  19511551 total allocation units on disk.
  14072149 allocation units available on disk.

C:\>



#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 30 March 2015 - 05:13 AM

What happens now when you try to get Windows Updates? If you are able to get updates now, that may fix the problem you noted in your last post....or not.

 

You may have missed this:

Then do this:

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Devel84

Devel84
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 30 March 2015 - 06:29 AM

Hi Buddy,

 

When I first posted, I had 6 Windows updates, that failed

 

Over the 4 or 5 times I have done restart to run logs and tools etc, they have all installed, but like one or two at a time, so first 6 Failed, then 5, then 3, then 1 now all loaded.

 

I am looking at the CC logs too, I am surprised as I have uninstalled Firefox and Chrome at the min, but here is the log, please advise

 

Startup
No HKCU:Run BrowserChoice Microsoft Corporation "C:\Windows\System32\browserchoice.exe" /run
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
No HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
No HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
No HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

IE
Yes Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
Yes Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll

Firefox
No Extension AVG Security Toolbar 18.1.0.443 AVG Technologies default  C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443
No Extension DivX Plus Web Player HTML5 <video> 2.1.2.145 Â© 2000-2011, DivX LLC. DivX and associated logs are trademarks of Rovi. All rights reserved. default  C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
No Extension McAfee Security Scan Plus 1.0 McAfee Inc. default  C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
Yes Extension Speedial 9.5.5  default  C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\ai44o7js.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
Yes Plugin Adobe Acrobat 7.0.5.172  default  C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
Yes Plugin DivX Plus Web Player 2.2.0.52  default  C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
Yes Plugin DivX VOD Helper Plug-in 1.1.0.6  default  C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
Yes Plugin Google Update 1.3.24.15  default  C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
Yes Plugin Shockwave Flash 13.0.0.214  default  C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
Yes Plugin Silverlight Plug-In 5.1.30214.0  default  c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

Chrome
Yes App Gmail 7 First user C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
Yes App Google Drive 6.2 First user C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
Yes App Google Search 0.0.0.19 First user C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
Yes App YouTube 4.2.5 First user C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
Yes Extension DivX Plus Web Player HTML5 <video> 2.1.2.145 First user C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
Yes Plugin Chrome PDF Viewer  First user C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
Yes Plugin Chrome Remote Desktop Viewer  First user internal-remoting-viewer
Yes Plugin DivX Plus Web Player 2, 2, 0, 52 First user C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
Yes Plugin DivX VOD Helper Plug-in 1.1.0.6 First user C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
Yes Plugin Google Update 1.3.21.123 First user C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
Yes Plugin Native Client  First user C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
Yes Plugin Shockwave Flash 11.5.31.2 First user C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

Scheduled Tasks
Yes Task AVG-Secure-Search-Update_JUNE2013_HP_rmv  C:\Windows\TEMP\{736928BF-01A2-4E56-BF0F-CDF11354FE31}.exe --uninstall=1
Yes Task AVG-Secure-Search-Update_JUNE2013_TB_rmv  C:\Windows\TEMP\{F5B02E5E-96AB-4FA8-9BEB-95F57C363162}.exe --uninstall=1
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\System32\browserchoice.exe /launch
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe

Context
Yes Directory MSSE  
Yes Directory Offline Files  
Yes Folder Offline Files 

Uninstall
CCleaner Piriform 30/03/2015  5.04
HDAUDIO Soft Data Fax Modem with SmartCP  23/03/2015  
Huawei modem  19/08/2013  
Intel® Graphics Media Accelerator Driver Intel Corporation 06/12/2012 54.2 MB 8.15.10.1930
Java 8 Update 40 Oracle Corporation 23/03/2015 76.9 MB 8.0.400
Microsoft .NET Framework 4.5.2 Microsoft Corporation 21/03/2014 38.8 MB 4.5.51209
Microsoft Security Essentials Microsoft Corporation 23/03/2015  4.7.205.0
Microsoft Silverlight Microsoft Corporation 23/03/2015 155 MB 5.1.30514.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22/08/2013 298 KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14/12/2013 240 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14/03/2013 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16/03/2013 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 17/01/2013 12.2 MB 10.0.40219
Tweaking.com - Windows Repair (All in One) Tweaking.com 30/03/2015  3.1.0



#10 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 30 March 2015 - 08:54 AM

I had a similar experience this past week with one of my grandkids laptops.....several reboots to get the updates to install. My thoughts were that

the user was not allowing the updates to complete when offered originally. I turned off auto-updating and told her she would need to check once a month

or more often for updates. That wasn't the only problem but happy to say that the comp is purring like a kitten.

 

Disable these Windows Startups: ( you can use CCleaner...click to highlight each item....then on the right choose Disable)

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

 

Disable these in IE:

Yes Helper Java™ Plug-In 2 SSV Helper Oracle Corporation C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
Yes Helper Java™ Plug-In SSV Helper Oracle Corporation C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll

 

Firefox: You will need to do a search for Mozilla and Firefox then delete all that is found....especially the profile.

 

Chrome: Use Revo Uninstaller Pro free for 30 days to find and remove Chrome or any other program not uninstalling cleanly. Use in Advanced mode.

Download Revo Uninstaller Freeware

 

Disable these Scheduled Tasks:

Yes Task AVG-Secure-Search-Update_JUNE2013_HP_rmv  C:\Windows\TEMP\{736928BF-01A2-4E56-BF0F-CDF11354FE31}.exe --uninstall=1
Yes Task AVG-Secure-Search-Update_JUNE2013_TB_rmv  C:\Windows\TEMP\{F5B02E5E-96AB-4FA8-9BEB-95F57C363162}.exe --uninstall=1
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task CreateChoiceProcessTask Microsoft Corporation C:\Windows\System32\browserchoice.exe /launch
Yes Task SidebarExecute Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe

 

Uninstall:   Not much there...you sure that is all the programs installed presently?

Microsoft Silverlight Microsoft Corporation 23/03/2015 155 MB 5.1.30514.0 (you may of installed this unintentionally...)


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Devel84

Devel84
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 30 March 2015 - 10:00 AM

Hi Buddy Thanks For your reply yet again!

 

Disabled the startups and IE.

 

Revo Deleted all the Chrome files.

 

I couldn't disable the 2 AVG Scheduled tasks error was file not found.

 

And as for uninstall, I have Uninstalled Silverlight, I think that was an Optional WU?

 

As for lack of installed programs, this Laptop is now for one purpose and one purpose only, and doesn't require any additional software :)

 

I cannot figure out svchost still though, I have restarted machine, and ins running at 99% Physical Memory usage, with Majority at svchost, but it seams to die down and become useable after about 15 mins of run time :S

 

Thanks



#12 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 30 March 2015 - 11:23 AM

Have you defragged?

Did you run the entire gamut of fixes using the All In One tool?

 

  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Devel84

Devel84
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 30 March 2015 - 12:55 PM

Hi Buddy,

 

The windows all in one tool failed at CHKDSK (Step 3) log above. Should I just continue with next fixes?

 

Unfortunately im now away for a few days for Work, ill be back around on  Thursday 2nd, please do not close this thread and ill post reply then....

 

Many Thanks.



#14 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:17 PM

Posted 30 March 2015 - 03:46 PM

Yes, run the fixes and post the Mini Toolbox results when you have the time. No rush here....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Devel84

Devel84
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 04 April 2015 - 10:50 AM

Hi Buddy,

 

Thanks for your help, windows fixes program ran, SFC failed at 57%, the program has generated many logs, let me know if you want any, in the mean time here is the Mini Toolbox log.... Many thanks

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Colin (administrator) on 04-04-2015 at 16:46:09
Running from "C:\Users\Colin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: Satellite P300 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

127.0.0.1       localhost

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/04/2015 04:42:45 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (04/04/2015 04:36:26 PM) (Source: Microsoft-Windows-LoadPerf) (User: Colin-PC)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (04/04/2015 04:34:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: SetACL_32.exe, version: 3.0.6.0, time stamp: 0x504e4cb4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001a242
Faulting process id: 0x5c8
Faulting application start time: 0xSetACL_32.exe0
Faulting application path: SetACL_32.exe1
Faulting module path: SetACL_32.exe2
Report Id: SetACL_32.exe3

Error: (04/04/2015 04:34:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: SetACL_32.exe, version: 3.0.6.0, time stamp: 0x504e4cb4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001a242
Faulting process id: 0x7bc
Faulting application start time: 0xSetACL_32.exe0
Faulting application path: SetACL_32.exe1
Faulting module path: SetACL_32.exe2
Report Id: SetACL_32.exe3

Error: (04/04/2015 04:33:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: SetACL_32.exe, version: 3.0.6.0, time stamp: 0x504e4cb4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x0001a242
Faulting process id: 0x9a4
Faulting application start time: 0xSetACL_32.exe0
Faulting application path: SetACL_32.exe1
Faulting module path: SetACL_32.exe2
Report Id: SetACL_32.exe3

Error: (04/04/2015 04:29:30 PM) (Source: WinMgmt) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL

Error: (04/04/2015 04:29:03 PM) (Source: WinMgmt) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (04/04/2015 03:32:02 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Program Files\Microsoft Security Client\EppManifest.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.

Program: Antimalware Service Executable
File: C:\Program Files\Microsoft Security Client\EppManifest.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (04/04/2015 03:32:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb2053
Faulting module name: mpclient.dll, version: 4.7.205.0, time stamp: 0x54cb2034
Exception code: 0xc0000006
Fault offset: 0x0002358b
Faulting process id: 0x2fc
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3

Error: (03/30/2015 00:15:39 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.17689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5f4

Start Time: 01d06a7624a467dc

Termination Time: 3

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

System errors:
=============
Error: (04/04/2015 04:42:41 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (04/04/2015 04:42:04 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (04/04/2015 04:35:47 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/04/2015 04:33:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/04/2015 03:53:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.195.1816.0).

Error: (04/04/2015 03:40:46 PM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80508001

 Error description: A problem is preventing the program from starting. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

 Signature version: 1.195.808.0;1.195.808.0

 Engine version: %600

Error: (04/04/2015 03:40:36 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (04/04/2015 03:32:13 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%886

 Error Code: 0x80070006

 Error description: The handle is invalid.

 Reason: %%837

Error: (04/04/2015 03:32:13 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%835

 Error Code: 0x80070006

 Error description: The handle is invalid.

 Reason: %%837

Error: (04/04/2015 03:32:13 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%834

 Error Code: 0x80070006

 Error description: The handle is invalid.

 Reason: %%837

Microsoft Office Sessions:
=========================
Error: (04/04/2015 04:42:45 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (04/04/2015 04:36:26 PM) (Source: Microsoft-Windows-LoadPerf)(User: Colin-PC)
Description: .NET CLR Networking 4.0.0.02E412

Error: (04/04/2015 04:34:38 PM) (Source: Application Error)(User: )
Description: SetACL_32.exe3.0.6.0504e4cb4ntdll.dll6.1.7601.18247521ea91cc00000050001a2425c801d06eecdc7ed6a8C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\SetACL_32.exeC:\Windows\SYSTEM32\ntdll.dll1a69454f-dae0-11e4-bb74-001e687a2f14

Error: (04/04/2015 04:34:18 PM) (Source: Application Error)(User: )
Description: SetACL_32.exe3.0.6.0504e4cb4ntdll.dll6.1.7601.18247521ea91cc00000050001a2427bc01d06eecd00b8419C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\SetACL_32.exeC:\Windows\SYSTEM32\ntdll.dll0dff7842-dae0-11e4-bb74-001e687a2f14

Error: (04/04/2015 04:33:48 PM) (Source: Application Error)(User: )
Description: SetACL_32.exe3.0.6.0504e4cb4ntdll.dll6.1.7601.18247521ea91cc00000050001a2429a401d06eecbe03f7e6C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\SetACL_32.exeC:\Windows\SYSTEM32\ntdll.dllfc6a2e1c-dadf-11e4-bb74-001e687a2f14

Error: (04/04/2015 04:29:30 PM) (Source: WinMgmt)(User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL

Error: (04/04/2015 04:29:03 PM) (Source: WinMgmt)(User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (04/04/2015 03:32:02 PM) (Source: Application Error)(User: )
Description: C:\Program Files\Microsoft Security Client\EppManifest.dllAntimalware Service ExecutableC00001853

Error: (04/04/2015 03:32:02 PM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.7.205.054cb2053mpclient.dll4.7.205.054cb2034c00000060002358b2fc01d06ee0182c921dc:\Program Files\Microsoft Security Client\MsMpEng.exec:\Program Files\Microsoft Security Client\mpclient.dll5b4991fc-dad7-11e4-bb74-001e687a2f14

Error: (03/30/2015 00:15:39 AM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.176895f401d06a7624a467dc3C:\Program Files\Internet Explorer\iexplore.exe

 

=========================== Installed Programs ============================
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version:  - )
Huawei modem (HKLM\...\Huawei Modems) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java Auto Updater (Version: 2.8.40.26 - Oracle Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.7.0205.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 3.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.1.1 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

========================= Devices: ================================

Name: MpKsl689c3efb
Description: MpKsl689c3efb
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl689c3efb
Device ID: ROOT\LEGACY_MPKSL689C3EFB\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 1270.43 MB
Available physical RAM: 402.98 MB
Total Pagefile: 2540.86 MB
Available Pagefile: 1397.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.88 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.43 GB) (Free:55.72 GB) NTFS

========================= Users: ========================================

User accounts for \\COLIN-PC

Administrator            Colin                    Guest                   

**** End of log ****


While I am waiting for your reply, I shall run Defrag...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users