Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely slow Vista Home Premium


  • This topic is locked This topic is locked
18 replies to this topic

#1 Falneth

Falneth

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 AM

Posted 17 April 2015 - 11:09 AM

I am working on a customer's Vista Home Premium desktop. This desktop has a dual-core AMD Athlon 64 x2 4200+processor with 1 GB RAM. It is a 32-bit OS. It takes, at minimum, 5-10 minutes just to fully load the desktop upon startup. I have already scanned with MBAM and with AVG 2015 and it doesn't have any viruses or malware anymore. I have disabled many of the unnecessary startup programs but it still takes forever to finish the bootup. It also freezes up when scanning in normal mode with either program even after having removed the PUP's and two Trojans that MBAM found. It locks up whenever I try to open a program or delete a file as well. I ran CCleaner and it removed 250 MB of junk from temporary files and temp internet files and that was all.

 

 

I know something is wrong with it. I am at a loss of what else to do. Any help would be appreciated.


A.A.S in Computer and Network Support from Crowder College


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 17 April 2015 - 11:20 AM

Hi Falneth :)

What's wrong with this desktop is that it uses one of the worst Windows OS ever made, with a low profile CPU and RAM. I wouldn't expect much from it, but I can take a quick look.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      wNeKMCX.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
ik5xYHs.pngSpeccy - Publish a snapshot
Follow the instructions below to download and install Speccy, then to publish a snapshot of your system information:
  • Download and install Speccy from Piriform (the download will start automatically a few seconds after clicking on the Speccy link);
    Note: You can opt-out the Google Toolbar installation if you want;
  • Once Speccy is installed, launch the program and give it a good minute to load all your system information;
  • After that, click on the File menu in the top left corner, and select Publish Snapshot;
  • A window will appear asking you to confirm your decision to publish a snapshot. Click on Yes;
  • A new window will appear after, with a URL link to your snapshot. Click on Copy to Clipboard button to copy that URL to your clipboard, then paste it in your next reply and post it;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 AM

Posted 17 April 2015 - 11:51 AM

MiniToolBox Result:

 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Owner (administrator) on 17-04-2015 at 11:33:20
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: RK573AA-ABA a1710n Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/17/2015 10:53:08 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
 
Details:
This operation returned because the timeout period expired.   (0x800705b4)
 
Error: (04/17/2015 07:53:36 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Installed AVG 2015; Hr = 0x8007043c).
 
Error: (04/17/2015 07:53:30 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Installed AVG 2015; Hr = 0x8007043c).
 
Error: (04/17/2015 07:49:02 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (04/17/2015 07:41:51 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\msiexec.exe /V; Descripton = Installed AVG 2015; Hr = 0x81000101).
 
Error: (04/16/2015 06:43:18 PM) (Source: MsiInstaller) (User: Owner-PC)
Description: Product: Visual Studio 2012 x86 Redistributables -- Error 1704. An installation for Adobe Reader XI (11.0.10) is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
 
Error: (04/16/2015 06:33:05 PM) (Source: ESENT) (User: )
Description: WinMail (2416) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (04/16/2015 06:24:39 PM) (Source: ESENT) (User: )
Description: WinMail (168) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (04/16/2015 06:20:39 PM) (Source: Wininit) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.
 
Error: (04/16/2015 06:07:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
 
System errors:
=============
Error: (04/17/2015 11:24:32 AM) (Source: Service Control Manager) (User: )
Description: 30000avgwd
 
Error: (04/17/2015 11:00:31 AM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%2147949456
 
Error: (04/17/2015 10:57:24 AM) (Source: Service Control Manager) (User: )
Description: TPM Base Services
 
Error: (04/17/2015 10:55:39 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 
Expiration Reason: %%873
 
Expiration Date (UTC): ‎4/‎17/‎2015 3:55:37 PM
 
Error Code: 0x80092003
 
Error Description: An error occurred while reading or writing to a file.
 
Error: (04/17/2015 10:55:04 AM) (Source: Service Control Manager) (User: )
Description: KtmRm for Distributed Transaction Coordinator
 
Error: (04/17/2015 10:53:52 AM) (Source: Service Control Manager) (User: )
Description: MBAMScheduler%%1053
 
Error: (04/17/2015 10:53:51 AM) (Source: Service Control Manager) (User: )
Description: 30000MBAMScheduler
 
Error: (04/17/2015 10:45:17 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
 
Error: (04/17/2015 10:44:44 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing Service%%1053
 
Error: (04/17/2015 10:44:43 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player Network Sharing Service
 
 
Microsoft Office Sessions:
=========================
Error: (04/17/2015 10:53:08 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
This operation returned because the timeout period expired.   (0x800705b4)
 
Error: (04/17/2015 07:53:36 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20150x8007043c
 
Error: (04/17/2015 07:53:30 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20150x8007043c
 
Error: (04/17/2015 07:49:02 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (04/17/2015 07:41:51 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled AVG 20150x81000101
 
Error: (04/16/2015 06:43:18 PM) (Source: MsiInstaller)(User: Owner-PC)
Description: Product: Visual Studio 2012 x86 Redistributables -- Error 1704. An installation for Adobe Reader XI (11.0.10) is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)
 
Error: (04/16/2015 06:33:05 PM) (Source: ESENT)(User: )
Description: WinMail2416WindowsMail0:
 
Error: (04/16/2015 06:24:39 PM) (Source: ESENT)(User: )
Description: WinMail168WindowsMail0:
 
Error: (04/16/2015 06:20:39 PM) (Source: Wininit)(User: )
Description: C:\Windows\system32\lsass.exe1
 
Error: (04/16/2015 06:07:48 PM) (Source: SideBySide)(User: )
Description: C:\Users\Owner\Downloads\msert.exeC:\Users\Owner\Downloads\msert.exe0
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-17 11:29:00.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:28:58.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:28:57.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:28:56.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:28:53.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:28:48.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:12:31.867
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:12:30.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:12:29.988
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-17 11:12:29.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe AIR (Version: 17.0.0.144 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4331 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Canon MP210 series User Registration (HKLM\...\Canon MP210 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows2.0) (Version: 2.0 - Coupons, Inc.)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.0.0.19 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.2 - DivX,Inc.)
DriverUpdate (HKLM\...\{27F8B90A-4DD8-4289-90F0-959FFEE93D37}) (Version: 2.2.29726 - SlimWare Utilities, Inc.)
eBay Desktop Icon (HKLM\...\eBay Desktop Icon) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Feedback Tool (HKLM\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
getPlus® for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.0.0 - DivX, Inc.)
HP Active Support Library (Version: 2.0.9.1 - Hewlett-Packard) Hidden
HP Active Support Library 32 bit components (Version: 1.0.9 - Hewlett-Packard) Hidden
HP Connections (remove only) (HKLM\...\HPOOVClient-6811507 Uninstaller) (Version:  - )
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Photosmart Essential 2.5 (Version: 1.03.0000 - Hewlett-Packard) Hidden
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 4.0.0009 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{29ED20C9-5E15-4969-9279-25BF3727A3DA}) (Version: 10.5.0.142 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java Auto Updater (Version: 2.8.31.13 - Oracle Corporation) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KODAK Share Button App (HKLM\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.0 - DivX, Inc.)
MobileMe Control Panel (HKLM\...\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}) (Version: 3.0.0.101 - Apple Inc.)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
muvee autoProducer 5.0 (HKLM\...\{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}) (Version: 5.00.050 - muvee Technologies)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
OcxSetup (Version: 1.0.0 - Hewlett-Packard Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pogo Games (remove only) (HKLM\...\PogoDGC) (Version:  - )
PSSWCORE (Version: 2.03.0000 - Hewlett-Packard) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RCA Detective 1.0.0.96 (HKLM\...\RCA Detective_is1) (Version:  - RCA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung USB Driver (HKLM\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: 1.0 - Samsung Techwin)
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Search Settings 1.2 (HKLM\...\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}) (Version:  - )
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VideoToolkit01 (Version: 110.0.171.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: 12.0.1606.1023 - Microsoft Corporation)
Windows Live Photo Gallery (HKLM\...\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}) (Version: 12.0.1347.0718 - Microsoft Corporation)
Yahoo! Browser Services (HKLM\...\Yahoo! Customizations) (Version:  - )
Yahoo! Browser Services (HKLM\...\Yahoo! Extras) (Version:  - )
Yahoo! BrowserPlus 2.7.1 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Messenger for Vista (HKCU\...\Yahoo! Messenger for Vista) (Version:  - Yahoo! Inc.)
Yahoo! Photos Easy Upload Tool (HKLM\...\Yahoo! Photos Drag-Drop Uploader 1v7) (Version:  - Yahoo! Inc.)
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 78%
Total physical RAM: 893.82 MB
Available physical RAM: 195.96 MB
Total Pagefile: 2054.2 MB
Available Pagefile: 465.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.33 MB
 
========================= Partitions: =====================================
 
1 Drive c: (HP) (Fixed) (Total:291.83 GB) (Free:228.69 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:6.26 GB) (Free:0.91 GB) NTFS
4 Drive f: () (Removable) (Total:3.76 GB) (Free:3.56 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\OWNER-PC
 
Administrator            Guest                    Owner                    
 
 
**** End of log ****
 

 

Speccy Link:

 

http://speccy.piriform.com/results/NJNjaqV5KHPDnD8gfrkgRtx


A.A.S in Computer and Network Support from Crowder College


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 17 April 2015 - 01:41 PM

Sorry for the delay Falneth. Uninstall the following programs:
  • Acrobat.com - Useless, simply web link;
  • AVG 2015 - Way too heavy for that system, it won't be able to handle it;
  • AVG Web TuneUp - Useless bloatware;
  • Coupon Printer for Windows - All of them, mostly PUPs, you can uninstall them;
  • DriverUpdate- Useless;
  • Java 8 Update 31 - Outdated;
  • Java FX 2.1.1 - Outdated;
  • Safari - Outdated, not supported on Windows anymore;
  • Search Settings 1.2 - Malicious program;
  • Visual Studio 2012 x86 Redistributable - To uninstall once you uninstall AVG;
  • Yahoo! Browser Services - Useless;
  • Yahoo! BrowserPlus 2.7.1 - Useless;
  • Yahoo! Search Protection - Useless;
There's way too many programs on that system, programs it can't handle hence why it's so slow.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 AM

Posted 17 April 2015 - 01:49 PM

Do you have a recommended lightweight antivirus that the computer would be more able to handle?


A.A.S in Computer and Network Support from Crowder College


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 17 April 2015 - 01:53 PM

The most light-weight free Antivirus I know is Panda Cloud Antivirus, since it's cloud-based. However, if he goes offline, there won't be any real-time protection at all. If he can, adding at least 1GB of RAM should help things up a bit but the standard now a day is 4GB to be able to run decently.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 AM

Posted 18 April 2015 - 08:00 AM

I've uninstalled all the software you recommended but it still is taking easily 10 minutes to do a full boot. Occasionally when it boots, I get a solid blue screen, no text, with the mouse icon like it's the desktop. I was getting this same screen occasionally before I uninstalled the software as well. After about 3-5 minutes, the screen goes to a black screen with a window that says: "Logon process has failed to create the security options dialog" "Failure - Security Options" with an OK button. I hit the OK button and it then continues to the actual desktop and proceed to login and start loading the startup programs like normal.

 

I will discuss with my customer about adding a 1 GB of RAM but she told me she doesn't have the funds available right now for it.


Edited by Falneth, 18 April 2015 - 08:02 AM.

A.A.S in Computer and Network Support from Crowder College


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 18 April 2015 - 08:02 AM

Can you configure a clean boot, then restart the laptop and see if it takes a lot of time to boot? The instructions are in the article below.

https://support.microsoft.com/en-us/kb/929135?wa=wsignin1.0

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 AM

Posted 18 April 2015 - 08:29 AM

Even with a clean boot, it took at least 6 minutes to fully boot.


A.A.S in Computer and Network Support from Crowder College


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 18 April 2015 - 08:31 AM

Let's check something else.

sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Go on ge.tt and upload the Autoruns file you saved;
  • Once done, post the download URL of your uploaded file in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 AM

Posted 18 April 2015 - 09:11 AM

When saving the report, it just locked up then blue screened with this error:

 

kernal_stack_inpage_error with stop code 0x00000077

 

After rescanning and resaving the report, the download link is:

 

http://ge.tt/9DqypjE2/v/0?c


Edited by Falneth, 18 April 2015 - 09:20 AM.

A.A.S in Computer and Network Support from Crowder College


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 18 April 2015 - 11:58 AM

Delete the entries listed below. They'll be highlighted in yellow or pink. To delete them, right-click on them and select Delete. What I'm listing below is their name under the Autorun Entry column.
  • tmtbim;
  • Run IMVU;
  • nosGetPlusHelper;
You can also delete these:
G7WuxBO.png

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Willy22

Willy22

  • Members
  • 945 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Planet Earth
  • Local time:01:21 PM

Posted 18 April 2015 - 11:59 AM

- Try booting in Safe Mode. Is that (much) faster ?

- All Apple software (including the Bonjour Service) have caused problems in recent weeks. Can you disable that ?

- Re-install MBAM (corrupt driver)

- GOOGLE found this for me regarding "NisDrvWFP.sys".

http://www.solvusoft.com/en/files/bsod-blue-screen-error/sys/windows/microsoft-corporation/microsoft-windows/nisdrvwfp-sys/

 

- After removing malware it's ALWAYS good to run "Tweaking's Windows Repair All in one". It tries to put A LOT OF things back to their default settings in Windows.

http://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Run the program in SAfe Mode. Follow the instructions provided, disable internet & antivirus and start all "default" repairs. If you got version v3.13 then skip repair #17.

- The best solution for too little memory is to add more memory. A 32 bit system recognizes 3 GB. The second best solution is to install PcWinTech's Cleanmem. It reduces memory usage every 15 minutes and let it clean the system file cache.


Edited by Willy22, 18 April 2015 - 12:14 PM.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 18 April 2015 - 02:18 PM

Just a simple correction, 32-bits version of Windows can recognize up to 4GB of RAM, minus the RAM used by the graphic card. So it's 4GB, not 3GB :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:07:21 AM

Posted 18 April 2015 - 02:44 PM

Aura, I deleted all the entries except the RUN IMVU because I couldn't find the listing. I did a search for it and it couldn't find it.

 

I rebooted to go into Safe Mode and suddenly got this error: 

 

"Handle is Invalid"

 

I hit OK and it took me to a login screen asking for a password when there isn't a password to login. I rebooted and tried normal mode and got the same issue. I rebooted again and tried Last Known Good Configuration and managed to automatically login. I then rebooted and went into safe mode. I ran the "Tweaking's Windows Repair All in one" repair.

 

I got another blue screen after rebooting from normal mode just now after reinstalling MBAM:  

kernal_data_inpage_error. Stop code 0x0000007A (0xc0416c18, 0xC000000E, 0x0E024860, 0X82D83000)

storport.sys - Address 82D83000 base at 82D4E000, DateStamp 49e01ef7


A.A.S in Computer and Network Support from Crowder College





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users