[pageone]

Hi BlackOxide,

Did all the steps in your last missive -- and for about five minutes I thought we were there. After running chkdsk and rebooting everything was running about as I would expect of a machine of this vintage.

So I uninstalled MS Security Essentials and defragged as suggested. When I rebooted we were right back where we started -- slow as sludge. I didn't reactivate Avast until after that reboot, so I suppose it's possible I either got hit with something external during a very brief window or a piece of malware that hadn't been caught reactivated.

An Avast scan found nothing, but MBAM found c:\RECYCLER\S-1-5-21-~(ab out 30 digits here, which I can send if they're helpful)\Dc3.exe.

I'm just about to stick a different drive in it and reinstall XP ... but I hate to give up!

Let me know where we should go from here. Many thanks.

[Advertisements]

Forgot to mention that after IE struggles for 1 to 1.5 minutes to launch and open its first page it can be closed and will run quite quickly when reopened. So it still seems to be something related to startup.

Thanks again.

[pageone]

Forgot to mention that after IE struggles for 1 to 1.5 minutes to launch and open its first page it can be closed and will run quite quickly when reopened. So it still seems to be something related to startup.

Thanks again.

[BlackOxide]

Hmmm, it's a bit of tricky one is this, as it could be a number of things causing the problem. I have seen it though, that when a PC hasn't been reinstalled for a number of years, even if there is not much running at startup, it still runs very slowly. On some machines I've found that you can significantly speed them up, by doing things such as reducing startup items, Full defrag etc, yet some machines still just run as slow as they did before. I'm not giving up on this one yet though

If you do try a different drive in the PC and install Windows onto it, my guess is that you would see a big difference in speed and it would be noticeably a lot faster. Going back to this one though, lets try a few more things to see if we can pinpoint the problem. I'm interested to see the MBAM log if you can get it for me (instructions below), as the previous MBAM scan didn't pick anything up, nor did the ComboFix scan.

Let me know how you get on with the steps below




1)

• Open MBAM and click the Logs tab at the top
• They should be in Date/Time order, please choose the log from the previous run whereby those infections were removed, then click Open.
• Copy and Paste the log into your next reply

2)
Lets take a look at the error logs to see if they reveal any clues...

Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:

Double-click VEW.exe (in Vista/Windows 7, Right Click and choose Run as Administrator)

Under 'Select log to query', select:
Application
System

Under 'Select type to list', select:
Error
Warning

Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply




3)
Lets get a second opinion on whether any more infections have returned to the PC. We'll use the Kaspersky Virus Removal Tool.

Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.

• Save it to your desktop.
• Double click the setup file to run it.
• Follow the onscreen prompts until it is installed
• Click the Options button (the 'cog' icon), then make sure only the following are ticked:

• System Memory
• Hidden startup objects
• Disk boot sectors
• Local Disk (C:)
• Also any other drives (Removable that you may have)

• Then click on Actions on the left hand side
• Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
• Click on Automatic Scan
• Now click the Start Scanning button, to run the scan
• After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
• Click Detected threats on the left
• Now click the Save button, and save it as kaslog.txt to your Desktop
• Please copy and paste the contents of kaslog.txt in your next reply.

4)
Lets try a 'clean boot' of Windows XP. This will load just the Windows based startup items and Services. Can you let me know if the PC boots any faster and whether the browsers do as well please. It will be interesting to see if this makes a difference or not.

Selective Startup

Click the Start button, then click Run
In the Run dialogue box, type msconfig, then press ENTER

• In the System Configuration Utility dialog box, click Selective Startup on the General tab.
• Click to clear the Load Startup Items check box.
  
• Click the Services tab.
• Click to select the Hide All Microsoft Services check box.
• Click Disable All, and then click OK.
• When you are prompted, click Restart.

In your next reply
Please post the contents of...
MBAM log
Event Viewer log
Kaspersky log
Let me know if there was any difference after trying the 'clean boot' method

[pageone]

Ok, all done, and there were some interesting results. which I'll jump ahead to. No viruses or malware were found this time, yet the computer continued to open browsers slowly even after the Windows clean boot. HOWEVER, after I reset Windows to normal startup, browsers are now performing quite a bit better. As a result, I ran a second VEW log in case the one prior to clean boot for some reason differs from the one after. So:

1. MBAM log, which shows no threats. However, the program quarantined a PUP file called c:\RECYCLER\S-1-5-21-1547161642-1292428093-1177238915-500\Dc3.exe


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.15.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home PC :: HOMEPC [administrator]

Protection: Disabled

7/16/2012 8:28:31 PM
mbam-log-2012-07-16 (20-28-31).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 154
Time elapsed: 17 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----

2. First VEW log:


Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/07/2012 7:15:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2012 5:22:08 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 15/07/2012 3:12:36 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 13/07/2012 11:02:09 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 13/07/2012 11:02:09 AM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 13/07/2012 11:02:09 AM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 12/07/2012 2:05:05 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application datamn~1.exe, version 1.0.0.1, faulting module datamn~1.exe, version 1.0.0.1, fault address 0x00092ee2.

Log: 'Application' Date/Time: 11/07/2012 3:33:28 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application datamn~1.exe, version 1.0.0.1, faulting module datamn~1.exe, version 1.0.0.1, fault address 0x00092ee2.

Log: 'Application' Date/Time: 11/07/2012 2:48:00 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application datamn~1.exe, version 1.0.0.1, faulting module datamn~1.exe, version 1.0.0.1, fault address 0x00092ee2.

Log: 'Application' Date/Time: 08/07/2012 8:40:37 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:40:36 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:40:34 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:58 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:55 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:49 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:47 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:45 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:13 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 6:58:24 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 6:43:12 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 6:43:11 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/07/2012 9:33:35 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HOMEPC\Home PC registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 17/06/2012 10:18:08 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 17/06/2012 10:06:36 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2012 8:18:56 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PCIIde

Log: 'System' Date/Time: 16/07/2012 8:18:39 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 16/07/2012 4:17:01 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WSWNA3100 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/07/2012 4:17:01 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the WSWNA3100 service to connect.

Log: 'System' Date/Time: 16/07/2012 12:57:31 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 16/07/2012 12:56:27 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm MpFilter

Log: 'System' Date/Time: 16/07/2012 12:55:25 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 15/07/2012 3:12:25 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WSWNA3100 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 15/07/2012 3:12:24 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the WSWNA3100 service to connect.

Log: 'System' Date/Time: 14/07/2012 11:56:42 AM
Type: error Category: 0
Event: 2001 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 13/07/2012 10:39:54 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 13/07/2012 10:39:54 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Log: 'System' Date/Time: 12/07/2012 2:52:07 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/07/2012 2:52:00 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Log: 'System' Date/Time: 12/07/2012 2:09:10 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The WSWNA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 12/07/2012 2:09:10 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 12/07/2012 2:09:08 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 12/07/2012 2:09:07 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 12/07/2012 2:09:06 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 12/07/2012 2:09:05 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2012 4:16:29 PM
Type: warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 08/07/2012 2:53:34 PM
Type: warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

-----

3. Kaspersky found no files worth reporting, so no log was generated.

----

4. As noted above, immediately after clean boot there seemed to be little difference in browser performance, but everything speeded up after I reset windows to normal startup and rebooted again. Then I ran VEW again for whatever info it might provide:

Second VEW log:


Vino's Event Viewer v01c run on Windows XP in English
Report run at 18/07/2012 12:05:56 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/07/2012 7:22:42 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 17/07/2012 7:22:40 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 16/07/2012 5:22:08 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 15/07/2012 3:12:36 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 13/07/2012 11:02:09 AM
Type: error Category: 0
Event: 8 Source: crypt32
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Log: 'Application' Date/Time: 13/07/2012 11:02:09 AM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 13/07/2012 11:02:09 AM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Log: 'Application' Date/Time: 12/07/2012 2:05:05 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application datamn~1.exe, version 1.0.0.1, faulting module datamn~1.exe, version 1.0.0.1, fault address 0x00092ee2.

Log: 'Application' Date/Time: 11/07/2012 3:33:28 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application datamn~1.exe, version 1.0.0.1, faulting module datamn~1.exe, version 1.0.0.1, fault address 0x00092ee2.

Log: 'Application' Date/Time: 11/07/2012 2:48:00 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application datamn~1.exe, version 1.0.0.1, faulting module datamn~1.exe, version 1.0.0.1, fault address 0x00092ee2.

Log: 'Application' Date/Time: 08/07/2012 8:40:37 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:40:36 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:40:34 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:58 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:55 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:49 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:47 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:45 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 8:35:13 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

Log: 'Application' Date/Time: 08/07/2012 6:58:24 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/07/2012 8:51:11 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HOMEPC\Home PC registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 08/07/2012 9:33:35 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user HOMEPC\Home PC registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 17/06/2012 10:18:08 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 17/06/2012 10:06:36 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/07/2012 8:50:40 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error: Access is denied.

Log: 'System' Date/Time: 17/07/2012 8:50:27 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for Start with the following error: Access is denied.

Log: 'System' Date/Time: 16/07/2012 8:18:56 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PCIIde

Log: 'System' Date/Time: 16/07/2012 8:18:39 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

Log: 'System' Date/Time: 16/07/2012 4:17:01 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WSWNA3100 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/07/2012 4:17:01 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the WSWNA3100 service to connect.

Log: 'System' Date/Time: 16/07/2012 12:57:31 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 16/07/2012 12:56:27 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm MpFilter

Log: 'System' Date/Time: 16/07/2012 12:55:25 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 15/07/2012 3:12:25 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WSWNA3100 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 15/07/2012 3:12:24 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the WSWNA3100 service to connect.

Log: 'System' Date/Time: 14/07/2012 11:56:42 AM
Type: error Category: 0
Event: 2001 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 13/07/2012 10:39:54 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 13/07/2012 10:39:54 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Log: 'System' Date/Time: 12/07/2012 2:52:07 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/07/2012 2:52:00 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Log: 'System' Date/Time: 12/07/2012 2:09:10 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The WSWNA3100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 12/07/2012 2:09:10 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 12/07/2012 2:09:08 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 12/07/2012 2:09:07 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2012 4:16:29 PM
Type: warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 08/07/2012 2:53:34 PM
Type: warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

----

At this point, since the machine definitely seems better, I'm mildly encouraged and await your analysis.

Thanks again!

[BlackOxide]

No problem, thanks for all the info. This is a strange one for sure. It supposed to run better when running as a 'clean boot', yet it decides to run better once everything is loaded back on

I don't believe this is malware related, the problem I have is that I'm not exactly sure what it is that's slowing things down
The Event logs show the odd service timing out etc, but you see similar events on most PC's, but nothing in them jumps out to me that would be actively slowing down the loading of browsers. There is the service "WSWNA3100" which has played up a couple of times, which is the Netgear Wireless Service. Do you connect wirelessly with a Netgear dongle and have any wireless problems? If so, it may be worth downloading the latest driver for the device, uninstalling the current Netgear software, then reinstall it using the latest download. However, I wouldn't think this would slow down the loading of the browsers though. It would be more likely to affect the actual Wireless connection itself.

At least one positive thing is that at the moment it sounds like it is behaving properly. Whether this is temporary or not we'll wait and see

Could you get back to me with the following info please and in the meantime I shall have think of any other methods we could try, if the problem returns.

• Reboot the PC a couple more times if you haven't already done so. Let me know if it's still performing better, or if it's gone back to poor performance.
• When the PC boots, do you wait until all startup programs, like Avast etc have fully loaded, then try to run Internet Explorer or Chrome etc? Only asking this as quite a few people have a habit of double clicking on an icon/program as soon as they see the Desktop icons. This will usually result in quite a long time to load that program, as your PC is still busy trying to load the startup items and Windows components etc
• As there are some mentions of Windows Updates problems in the Error logs, can you just check to see if Windows Updates work normally on your PC, then let me know please. To check for Updates, just click here.

[pageone]

Yes, the compter connects via a Netgear USB adapter, which seems to be working fine (at least it's consistently connecting and reporting good to very good signal strength). But I'll see if there's a newer driver.

I forgot to mention that for some reason Avast isn't starting on bootup, so I need to fix that. Also, one other thing: Kaspersky reported (in a popup balloon that disappeared before I fully absorbed it) that some RAR file was locked, but I could find no log mention of it.

I am waiting till everything is loaded before clicking on IE, so I don't think that's an issue.

Finally, I have rebooted the machine four or five times since it started running better because I'm suspicious that it may be temporary, but it's been doing ok -- not quite as fast as I'd expect if I reinstalled XP, but much, much faster than before and certainly usable. You'll recall I saw this behavior earlier, too, when we were about halfway through the many fixes we've tried, which is why I'm still uncertain that the cure is permanent, but I'm keeping fingers crossed. I did download the most recent version of Windows Update and it seemed to be working fine, but I'll take another look to make sure the settings are correct.

Thanks again for all your help, which is much appreciated. I'd like to keep this old machine viable enough for routine email, browsing, and word processing and it looks like maybe we're there We'll see in due course, I guess.

[BlackOxide]

I forgot to mention that for some reason Avast isn't starting on bootup, so I need to fix that.

Just check to make sure that it's not UNticked in msconfig from earlier, however I think you re-enabled all items, so that shouldn't be the problem. You may just need to uninstall Avast and then reinstall it from a fresh download from their website. Any problems along the way with this, just let me know.

Also, one other thing: Kaspersky reported (in a popup balloon that disappeared before I fully absorbed it) that some RAR file was locked, but I could find no log mention of it.

That's fine, it shouldn't be anything to worry about. It just means that a RAR file is probably password protected, so it couldn't scan it's contents.

I am waiting till everything is loaded before clicking on IE, so I don't think that's an issue.

Excellent, I thought you would be, but just wanted to check

Thanks again for all your help, which is much appreciated. I'd like to keep this old machine viable enough for routine email, browsing, and word processing and it looks like maybe we're there We'll see in due course, I guess.

Not a problem, you're welcome Yep, hopefully it stays as it is

What we'll do now is remove the tools we have used for checking for malware, as these are no longer needed. I give this speech to everyone, so that the tools can be properly removed at the end. I'll leave this topic open for at least the next few days, so if there is a problem removing the tools we have used, or if the problem with the browsers reappears etc, then just let me know.




Good stuff, your logs now appear clean

Thank you for following the procedures, your system now appears free from Malware. It's now time to remove the programs we have used throughout this cleanup and make sure important programs are updated to their latest versions. This all helps in the fight against being reinfected.

Please make sure you follow the steps below, as they are highly recommended.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR, VEW and Kaspersky Virus Removal Tool from the Desktop (if present). Autoruns and Auslogics Disk Defrag can be kept for future use, if required.

2)
Remove ComboFix

• Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
• In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
  
• Follow the prompts on the screen
• A message should appear confirming that ComboFix was uninstalled

3)
OTL Cleanup

• Open OTL
• Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

4)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

========== Anti Malware Protection ==========

Having a good Anti Virus program and an on-access Anti Malware program, is great in the battle against malware and various other forms of infections. You should aways make sure your Anti Virus is Enabled and has the latest defintions downloaded (Anti Virus software will nearly always update it's definitions automatically)

Here are some recommendations:

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. This is where a lot of people fall down, as there are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very worthwhile habit to get into.

Windows Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
Here's how to check to see if you are missing any updates. Just click your version of Windows below, to see how to check...
Windows XP
Windows Vista
Windows 7

Java updates

• Click the Start button
• Click Control Panel
• Double Click Java
  (If you don't see the Java icon - In XP, click Switch to Category View. In Vista, click Classic View. In Windows 7, click View By: in the top right and change it to Large Icons)
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed

Adobe Reader updates

• Open Adobe Reader
• Click Help on the menu at the top
• Click Check for Updates
• Allow any updates to be downloaded and installed

========== Key Tips ==========

- Never be tempted to download software you didn't ask for
If for example you see a "Free Registry Booster" or "Get rid of all your malware problems or blue screens by using this software", don't be tempted to click on them. The software is often useless, could actually be harmful to your PC and they are generally just out to get your money. If you didn't ask for the software, don't download it

- Run regular scans
Set yourself a date, approximately every 2, 3 or 4 weeks, whereby you run a Full Scan with your Anti Virus and a scan with any Anti Malware/Spyware program you may have installed, like Malwarebytes' Anti Malware.


Have fun and stay safe online
BlackOxide

[pageone]

OK, everything seems to be good (for the time being at least ), so I think we can close this case. Thanks again for all the help!

[BlackOxide]

No problem you're welcome

Take care.

[BlackOxide]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.