Not BSOD, but lots of issues - OS corrupt or virus (or both)?

Page 1 of 2 12 LastLast

  1. blade7658
    Posts : 14
    Windows 10
       New #1

    Not BSOD, but lots of issues - OS corrupt or virus (or both)?


    If I should post this in another forum, I am happy to do so (I couldn't find a forum that quite fit my problem).

    I was deployed for the last 18 months and my wife intermittently used the computer but often left it off and certainly didn't purposely maintain the computer. As time when on, she started telling me about more and more issues (freezing, acting strangely, etc). I am now back and indeed something is up.

    Here are some of the issues when I arrived:
    - I could not type in the search window (near the start button)
    - The start button didn't always work (but did sometimes)
    - I am unable to open Task Manager (it opens and then closes with nothing but the tabs every showing)
    - A number of processes say the Windows 10 software is missing

    I suspected 1) a virus or malware or 2) corrupt OS 3) both

    Regarding the OS:
    - Updated Windows and it froze at the reboot (I left it for 24 hours and it never got past 20% installed).
    - Windows 10 Update Assistant tells me I need to update but gives me an unspecified error when I run it
    - sfc.exe from an admin command prompt and it found problems it couldn't fix
    - Did a memory and dskcheck /f - both fine
    - Used CrystalDisk to check my boot drive - green
    - Tried manual install a Windows update but every version I tried said something like "this update doesn't apply to your system"
    - Had to create a USB boot on my laptop as MediaCreationTool gave me an error when I tried to create a boot USB
    - Tried to "recover" from a USB boot and the USB loaded, but then said it was not able to recover and that I should try from within Windows
    - Tried to “recover” from within Windows using USB and it said there was an error
    Virus check:
    - I use Windows Defender as my virus program - no issues noted
    - I downloaded MalwareBytes and installed – “unable to connect service” error when I tried to run it
    - Downloaded Bitdefender and installed but when I tried to logon on I got “Unexpected error” with no details
    - I downloaded and ran Emsisoft Start Emergency Kit and found 11 “items” some of which looked like real virus issues (report below) but not all could be deleted – rescan (second report below) found 7 “items”.

    First Report from Emsisoft
    C:\Users\Scott\AppData\Local\Temp\52332234\ic-0.cbca147c4805f.exe Trojan.GenericKD.12070136 (B)
    C:\Users\Scott\AppData\Local\ntuserlitelist\regtool\regtool.exe Gen:Variant.Johnnie.14657 (B)
    C:\Program Files\0f0195ad310b7fa6e61cd5ffc0f141b9\73f97e91c4500232dd42d2197d54827a.exe Application.Generic.1741633 (B)
    C:\Program Files\0f0195ad310b7fa6e61cd5ffc0f141b9\ca2b7813c03b10c8b5367fc3e56c043e.exe Gen:Variant.Zusy.250175 (B)
    C:\Program Files\0f0195ad310b7fa6e61cd5ffc0f141b9\19830114bbf25c0e3205d31daa8a3e87.exe Gen:Variant.Zusy.250175 (B)
    Key: HKEY_USERS\S-1-5-21-721001023-2188217060-1018798448-1001\SOFTWARE\WAJIENHANCE Application.Toolbar (A)
    C:\Users\Scott\AppData\Local\ntuserlitelist Trojan.Trafmous (A)
    C:\Users\Scott\AppData\Local\inmzkbs\ntetz\ct.exe Trojan.GenericKD.5732155 (B)
    C:\Users\Scott\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe Application.Agent.ASX (B)
    C:\Users\Scott\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe Application.Agent.ASY (B)
    C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe Gen:Variant.Application.LinenO.1 (B)

    Second Report from Emsisoft
    C:\Users\Scott\AppData\Local\inmzkbs\ntetz\ct.exe detected: Trojan.GenericKD.5732155 (B) [krnl.xmd]
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe detected: Application.Agent.ASY (B) [krnl.xmd]
    C:\Users\Scott\AppData\Local\ntuserlitelist detected: Trojan.Trafmous (A) [286865]
    C:\Users\Scott\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe detected: Application.Agent.ASY (B) [krnl.xmd]
    C:\Users\Scott\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe detected: Application.Agent.ASX (B) [krnl.xmd]
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\regtool\regtool.exe detected: Gen:Variant.Johnnie.14657 (B) [krnl.xmd]
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe detected: Application.Agent.ASX (B) [krnl.xmd]

    Sorry this is so long, but I figured details might be useful. I attached my zip file. I know enough about computers to make me dangerous, but I welcome any thoughts on what to do next before I save my important files and wipe the drive and start over with a new install (painful!).

    Thanks
    Not BSOD, but lots of issues - OS corrupt or virus (or both)? Attached Files
      My Computer
    Quote Quote

  3. zbook
    Posts : 41,474
    windows 10 professional version 1607 build 14393.969 64 bit
       New #2

    1) Do you have your files backed up?
    2) Had you made an image of the drive?
    3) Are you able to perform a clean install (delete partitions, format the drive, make an unallocated driver, install a new windows 10 version 1703) This would eliminate all files, applications, drivers, malware, etc.

    Download Windows 10

    Clean Install Windows 10 Windows 10 Installation Upgrade Tutorials

    If you cannot perform a clean install due the loss of critical files then:
    Run each of these malware programs on the computer and post images of the result:
    ESET: Free Virus Scan | Online Virus Scan from ESET ESET
    Superantispyware: SUPERAntiSpyware.com - Online Scanner
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
    Kaspersky: https://usa.kaspersky.com/downloads/tdsskiller
    AdwCleaner: Downloads - AdwCleaner - ToolsLib
    Windows defender offline scan
    Windows defender full scan
    Malwarebytes: Malwarebytes | Free Cyber Security & Anti-Malware Software
    Zemana: Zemana - AntiMalware and AntiLogger Protection


    The computer information that you had manually entered indicates a lap top.
    The information in the zip is a desktop.
    Please update one or the other.

    If this is a desktop please re-post all of the information and include information on:
    PSU, cooler, case, mouse, keyboard, anything else attached/connected to the computer.
    Last edited by zbook; 07 Aug 2017 at 05:56.
      My Computer
    Quote Quote

  4. blade7658
    Posts : 14
    Windows 10
    Thread Starter
       New #3

    Thanks - sorry about the profile - I have both systems but I updated my profile for my desktop.

    I have an off-site backup of all my files and on one of the hard drives, but I would like to avoid a complete reinstall if possible, so I will reply when I get all those scans done. Thanks for the guidance, very much appreciated.
      My Computer
    Quote Quote

  6. zbook
    Posts : 41,474
    windows 10 professional version 1607 build 14393.969 64 bit
       New #4

    At any time if there is a new bsod please post a new zip:
    BSOD - Posting Instructions - Windows 10 Forums
    There were numerous failed to update in the event log.
    This includes operating system, windows defender, adobe etc.


    One of the startup programs is:
    HP ENVY 7640 series (NET) "C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH49M270VQ063T:NW" -scfn "HP ENVY 7640 series (NET)" -AutoStart 1 MAINSSD\Scott
    How come there is a HP program on startup for an Asus computer?
    What does this HP program do?

    Please list the current active malware prorgrams.
    Please list the malware program that was in use when all the infections happened.
    Please list the malware programs that require manual use and how often had they been used.

    Once all of the malware scans have completed:

    The first part are keyboard steps:
    1) type: win + x (keys simultaneously)
    2) type: a
    3) type: alt + y (keys simultaneously)
    Administrative command prompt should appear as a pop up.

    If any of the steps below fail to complete please make sure that you reopen administrative command with the steps above and perform #9 followed by #12, 13, and 14

    4) type: sfc /scannow
    5) dism /online /cleanup-image /checkhealth
    6) dism /online /cleanup-image /scanhealth
    7) dism /online /cleanup-image /restorehealth
    8) chkdsk /scan
    9) net user test /add

    10) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread
    11) If you are unable to use the mouse please use a camera or smart phone camera to take a picture and post the image into the thread.
    12) shutdown /r
    13) When the computer reboots sign on with the new user named test.
    14) Evaluate the performance with the new user and compare to the prior user.






    If the malware can not be completely eradicated plan a clean install.
    It would be best to start with a clean install with all of the malware noted in the opening post.
    Once all the malware scans are completed and all of the malware has been eradicated these will be additional steps:
    Turn off windows fast startup:
    Turn On or Off Fast Startup in Windows 10 Windows 10 Performance Maintenance Tutorials
    Create a bootable windows 10 iso: Download Windows 10
    Plan a windows 10 version 1703 in place upgrade repair:
    Repair Install Windows 10 with an In-place Upgrade Windows 10 Installation Upgrade Tutorials



    Code:
    Windows failed fast startup with error status 0xC00000D4.
    Code:
    Crash dump initialization failed!
    Code:
    Installation Failure: Windows failed to install the following update with error 0x8024200D: Feature update to Windows 10, version 1607.
    Code:
    Installation Failure: Windows failed to install the following update with error 0x80246013: Microsoft .Net Native Framework Package 1.2.23205.0.
    Code:
    Event[33951]:  Log Name: System
  Source: Service Control Manager
  Date: 2017-08-01T19:37:07.111
  Event ID: 7001
  Task: N/A
  Level: Error
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: MainSSD
  Description: 
The Windows Defender Network Inspection System Driver service depends on the Base Filtering Engine service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    Code:
    Installation Started: Windows has started installing the following update: OneNote
    Code:
    Event[34920]:  Log Name: System
  Source: Microsoft-Windows-TaskScheduler
  Date: 2017-08-05T18:55:48.004
  Event ID: 408
  Task: Idle detection error
  Level: Error
  Opcode: Info
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\SYSTEM
  Computer: MainSSD
  Description: 
Task Scheduler service failed to initialize idle state detection module. Idle tasks may not be started as required. Additional Data: Error Value: 2.
    Code:
    Event[25306]:  Log Name: System
  Source: Microsoft-Windows-Ntfs
  Date: 2017-02-04T11:56:31.004
  Event ID: 98
  Task: N/A
  Level: Warning
  Opcode: Info
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\SYSTEM
  Computer: MainSSD
  Description: 
Volume ?? (\Device\HarddiskVolumeShadowCopy6) requires an Online Scan.  An Online Scan will automatically run as part of the next scheduled maintenance task.  Alternatively you may run "CHKDSK /SCAN" locally via the command line, or run "REPAIR-VOLUME <drive:> -SCAN" locally or remotely via PowerShell.
    Code:
    Event[13842]:  Log Name: System
  Source: cdrom
  Date: 2016-07-16T16:11:03.215
  Event ID: 7
  Task: N/A
  Level: Error
  Opcode: N/A
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: MainSSD
  Description: 
The device, \Device\CdRom0, has a bad block.
    Last edited by zbook; 07 Aug 2017 at 02:52.
      My Computer
    Quote Quote

  7. zbook
    Posts : 41,474
    windows 10 professional version 1607 build 14393.969 64 bit
       New #5

    1) Run HDTune: http://www.hdtune.com/


    to check the drive health,
    scan for errors, no quick scan but full scan
    run a benchmark.


    It may take some time, but please take the time you need to perform it properly.
    When above is done please make screenshots of the following
    the health,
    the error scan,
    the benchmark incl. following
    transfer rate,
    access time,
    burst rate,
    cpu usage.
    Take Screenshot in Windows 10 Windows 10 General Tips Tutorials


    2) Run Sea tools for windows on your drive using SMART, short and long generic tests:

    How to use SeaTools for Windows
    http://www.seagate.com/support/downl...ls-win-master/
    How to use SeaTools for Windows
    http://www.seagate.com/support/downloads/seatools/
    Last edited by zbook; 08 Aug 2017 at 19:06.
      My Computer
    Quote Quote

  8. blade7658
    Posts : 14
    Windows 10
    Thread Starter
       New #6

    Still working the scans (each are taking nearly 24 hours) but to answer your HP question, I have a HP muti-device (printer, scanner, etc). If you think I should change something, let me know. Thanks again!
      My Computer
    Quote Quote

  9. zbook
    Posts : 41,474
    windows 10 professional version 1607 build 14393.969 64 bit
       New #7

    For each virus scan please post images of the results into the thread.
      My Computer
    Quote Quote

  10. blade7658
    Posts : 14
    Windows 10
    Thread Starter
       New #8

    Windows Defender is done, but not sure what log to upload. I tried a couple of things and it told me I had an invalid file.

    ESET ran for 19 hours but seemed stuck on the memory scan (it was there when I went to bed last night and still there in the AM and when I got back from work) so I stopped it and ran it again with no memory scan - running now. Still working through the C: windows but found 3 infected files thus far.
      My Computer
    Quote Quote

  12. zbook
    Posts : 41,474
    windows 10 professional version 1607 build 14393.969 64 bit
       New #9

    So windows defender can not scan in quick, full, or offline or in just one mode?
    Or the scan completed with finding no malware?
    Or the scan completed find malware? Was anything quarantined?
    Was anything deleted?
    ESET is taking a lot of time but it is finding malware.

    This part was from post #4:
    Please list the current active malware programs.
    Please list the malware program that was in use when all the infections happened.
    Please list the malware programs that require manual use and how often had they been used.
      My Computer
    Quote Quote

  13. blade7658
    Posts : 14
    Windows 10
    Thread Starter
       New #10

    Defender ran in full (no offline choice) and found two issues and quarantined them (I then deleted them).

    No malware program beyond Defender prior to me starting to work your list.
      My Computer
    Quote Quote

 

  Related Discussions
Lots of lots of lots disk usage
in Performance & Maintenance

Hi I have 16gb memory. Running applications: Delphi xe10.2 Android + emulator eclipse + java Firefox Performance shows around 8gb memory taken.
Having serious issues with virus/malware
in AntiVirus, Firewalls and System Security

Just had a look at my daughter's laptop and I'm having serious issues with malware Win32/Heri and Win32/DH {Pg} in C:\Windows\SysremWOW64\hmpalert.dll flagged by AVG Free. Have run HP Diagnostics "Start-up Test" on Memory, Primary HDD Self test...
Lots of BSOD going on.
in BSOD Crashes and Debugging

Hi there, For the last few days I have been getting lots of BSOD errors, seem to happen very frequently (often just minutes apart) when running utorrent. Dump file attached. Any help much appreciated. Thank you.
I installed Windows 10 using windows update from Windows 8.1. I now have so many issues with windows 10 that I would gladly downgrade back to 8.1 but I have too many files that I will lose. Any help would be greatly appreciated :( Here are the...
So having run Preview since October last year, and no issues at all almost from the Windows 8 upgrade. I come to see fairly many issues on my Clean install. Used MS site for downloading the Windows 10, and created the ISO and moved it to USB with...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:18.
Find Us




Windows 10 Forums