Programs Locking up

Recently, it's been my experience that half of the time I try to do something in a program (especially when running multiple) that it will lock up for some seconds before functioning again. It affects different programs differently, but essentially I can't input anything, the (Not Responding) tag appears, audio/video may lock up or become silent if relevant. This makes everything take much longer than it should and makes smoothly watching videos and playing music almost impossible. At first I thought this may be the result of an infection, so I brought it to the attention of the Malware Removal forum, but despite a clean bill of health the problem persists. The topic can be found here.

OS: Microsoft® Windows Vista™ Home Premium Version 6.0.6002 Service Pack 2 Build 6002

Edited by professorchaos, 13 December 2010 - 07:56 PM.

Download System Information for Windows (SIW free version)
No installation required.

After it scans your computer, navigate to Hardware>Sensors and post all info from there.

picture of results

Temperatures look fine.

Please download VEW and save it to your Desktop: http://images.malwareremoval.com/vino/VEW.exe

Double-click VEW.exe then under Select log to query, select:
Application
System

Under Select type to list, select:
Critical (Vista only)
Error

Click the radio button for Number of events
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.

=================================================================================

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:



Attach the file to your next reply.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/12/2010 2:30:48 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/12/2010 3:51:49 AM
Type: Error Category: 0
Event: 1017 Source: Microsoft-Windows-Perflib
Disabled performance counter data collection from the "PolicyAgent" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Log: 'Application' Date/Time: 14/12/2010 3:51:49 AM
Type: Error Category: 0
Event: 1005 Source: Microsoft-Windows-Perflib
Unable to locate the open procedure "OpenIPSecPerformanceData" in DLL "C:\Windows\System32\ipsecsvc.dll" for the "PolicyAgent" service. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 14/12/2010 3:51:48 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 14/12/2010 3:51:46 AM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 11/12/2010 10:59:36 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Skype.exe version 5.0.0.152 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: d9c Start Time: 01cb992241960680 Termination Time: 10

Log: 'Application' Date/Time: 09/12/2010 7:16:29 AM
Type: Error Category: 0
Event: 1008 Source: McLogEvent
The McShield service terminated unexpectedly. Please review event 5019 or 5051 for details. The McShield service will be restarted in 5 seconds;

Log: 'Application' Date/Time: 09/12/2010 7:15:48 AM
Type: Error Category: 0
Event: 5051 Source: McLogEvent
A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 3424 (0xd60) Thread address : 0x77B25E74 Thread message : Build VSCORE.14.1.0.515 / 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\OpenOffice.org 3\program\soffice.bin by C:\Windows\Explorer.EXE 7011(103429)(0) 93(103429)(0) 5(103429)(0) 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

Log: 'Application' Date/Time: 05/12/2010 6:47:20 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application audacity.exe, version 1.3.12.0, time stamp 0x4bb190d2, faulting module wxbase28u_vc_custom.dll, version 2.8.10.0, time stamp 0x4b8d4e11, exception code 0xc0000005, fault offset 0x0001a948, process id 0xe1c, application start time 0x01cb94479df7f2dc.

Log: 'Application' Date/Time: 04/12/2010 11:00:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
The event description cannot be found.

Log: 'Application' Date/Time: 04/12/2010 6:01:09 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\P2P-MEETINGS.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 04/12/2010 6:01:07 PM
Type: Error Category: 0
Event: 4 Source: Microsoft-Windows-WMI
Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\DFSRPROV.MOF while recovering .MOF file marked with autorecover.

Log: 'Application' Date/Time: 04/12/2010 12:57:20 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 04/12/2010 12:50:33 AM
Type: Error Category: 0
Event: 1008 Source: McLogEvent
The McShield service terminated unexpectedly. Please review event 5019 or 5051 for details. The McShield service will be restarted in 5 seconds;

Log: 'Application' Date/Time: 04/12/2010 12:50:21 AM
Type: Error Category: 0
Event: 5051 Source: McLogEvent
A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 3196 (0xc7c) Thread address : 0x77B95E74 Thread message : Build VSCORE.14.1.0.515 / 5400.1158 Object being scanned = \Device\HarddiskVolume2\Users\professorchaos\Desktop\TSC Updated 11.30\Virus\vscan85.exe by C:\Windows\Explorer.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Log: 'Application' Date/Time: 03/12/2010 11:21:22 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program firefox.exe version 1.9.2.3951 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: a00 Start Time: 01cb933fd55e135f Termination Time: 0

Log: 'Application' Date/Time: 03/12/2010 10:50:02 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 03/12/2010 10:09:52 PM
Type: Error Category: 0
Event: 259 Source: McLogEvent
The file C:\Users\PROFES~1\AppData\Local\Temp\Av-test.txt contains the EICAR test file Test. No cleaner available, file deleted successfully. Detected using Scan engine version 5400.1158 DAT version 6185.0000.

Log: 'Application' Date/Time: 03/12/2010 9:50:08 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\System32\shell32.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Windows Explorer because of this error. Program: Windows Explorer File: C:\Windows\System32\shell32.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3

Log: 'Application' Date/Time: 03/12/2010 9:50:08 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module SHELL32.dll, version 6.0.6002.18287, time stamp 0x4c4daf14, exception code 0xc0000006, fault offset 0x00296bf1, process id 0xd4c, application start time 0x01cb91f10c438874.

Log: 'Application' Date/Time: 02/12/2010 7:18:00 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/09/2010 3:37:07 AM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 15/09/2010 1:27:44 PM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 21/08/2010 9:43:11 PM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 14/07/2010 7:37:43 PM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

Log: 'System' Date/Time: 14/07/2010 6:52:23 PM
Type: Critical Category: 0
Event: 41 Source: Microsoft-Windows-Kernel-Power
The last sleep transition was unsuccessful. This error could be caused if the system stopped responding, failed, or lost power during the sleep transition.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:11:18 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:11:18 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:11:18 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:11:18 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:11:18 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:11:18 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:11:18 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

Log: 'System' Date/Time: 14/12/2010 7:11:18 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

I don't see anything special in Autoruns log.

In Event Viewer, you have a whole bunch of these errors:

Log: 'System' Date/Time: 14/12/2010 7:24:14 AM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort1.

atapi.sys file problem is often seen on infected computers.

Because, it may require more sophisticated tools than they use in "Am I Infected?" forum.....

....I believe you may need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

Just to clarify, do you mean to suggest that I start another topic in the malware removal forum? Because that's where I started, as I mentioned in my original post, and they couldn't do anything for me.

Sorry for the mix up
I'm not sure, what I was thinking...
Hold on...

Let's try something else...

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

How about "NVIDIA Display Driver Service" and "Dell Wirless WLAN Tray Service"? Would these affect my ability to see things and connect to the internet?

You can disable nVidia. Windows will load its generic driver.
As for wireless, initially disable it too.
Restart computer and see how it goes.

Then, re-enable wireless driver, restart computer and see again how it goes, especially with browsers.

When done and ready to post your report, re-enable ALL disable items, restart computer and post your findings.

It appears to be the same deal with the services disabled.

Re-enable everything then. Restart computer.

Basically, we have 4 options left:
- running system file checker
- perform repair installation (if you have Vista DVD) <----let me know
- run hard drive diagnostics
- run memtest

Let's start with "sfc"....

Go Start>Run ("Start Search" in Vista/7), type in:
sfc /scannow
Click OK (hold CTRL, and SHIFT, hit Enter in Vista/7).
Have Windows CD/DVD handy (with Vista/7, most likely, you won't need it).
If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista/7 case).

Running sfc, I just got a black window that flashed for less than a second.

That's normal.
If no improvement after running "sfc"....
Do you have Vista DVD?