Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow to boot, Firefox Crashing Frequently, OTL Freezes and will not co


  • Please log in to reply

#76
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
These are the only three that show up now.

Attached Thumbnails

  • ts1.jpg
  • ts2.jpg
  • ts3.jpg

  • 0

Advertisements


#77
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
I think these are all the same. Go into Task Scheduler Library/Microsoft/Windows and find Certificate Service Client. In the right pane right click on System Task and select Properties. In the General tab. Verify that it is running with the SYSTEM account. IF not, click on Change User or Group and then type in SYSTEM and Check Name then OK.

In the Triggers page click on At Startup and then on Edit. Verify that it has Delay Task for checked and that the time is set to 10 seconds. If it is already at 10 Seconds try changing it to 30 seconds.

If you make any changes then clear the alarms and history and reboot.
  • 0

#78
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Changed to 30 sec. Cleared logs and rebooted. Still long delay. Newest VEW attached

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 10/01/2013 10:33:01 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/01/2013 4:16:12 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

Log: 'System' Date/Time: 10/01/2013 4:06:15 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/01/2013 4:15:11 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 10/01/2013 4:04:28 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 10/01/2013 10:33:39 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#79
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
How do you connect to the internet?

Put the delay back to 10 seconds. And see if you can Disable the task. Then clear the logs and reboot and see if VEW still complains. (Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.)

Download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop and Run Process Monitor by right clicking and Run As Admin.

Under Options, click on Enable Boot Logging then close Process Monitor and Reboot. Run Process Monitor as before. It will tell you it has a boot log and ask if you want to save it. Say you do and note where it puts it. This will be an enormous file. You will need to get winRAR from: http://www.win-rar.c...nload.html?&L=0 and use it to compress it into a RAR archive. Then attach it to an email and mail it to me. I will send you my email in a PM.
  • 0

#80
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
VEW still complains. Bootlogs are in route to you in 4 separate e-mails.
  • 0

#81
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
I'm not sure why you have 4 of the logs. Normally there is just one per boot. I opened the -1 and looked at it and Norton is eating up a lot of your time. Did you run the removal tools?

Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Uninstall Symantec (save the product license key in case you decide to reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US)

Run the Norton Removal tool. (Right click and Run As Admin)

If you have run it already then get RegSeeker:

http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.

Select Find in Registry, check all of the registry sections then have it look for Norton. You can then select all and then right click and Export. It puts a copy of the stuff it exports in the backups folder which it creates below the folder it is in. I think it uses the date and time plus Trusted Software as the name. See if you can find the file, rename it tfrom .reg to .txt and then attach it.

RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.
  • 0

#82
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Not sure why it produced 4 reports either but each is different. There were several steps before I ran the bootlog so maybe I clicked the wrong thing?

I had run the norton removal tool before but ran it again, rebooted, and then ran the RegSeeker. I renamed the RegSeeker file but it won't allow me to attach it here. Will send in e-mail.
  • 0

#83
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Is the folder C:\Program Files\Norton 360 Premier Edition still there?
  • 0

#84
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
No just Norton Anti-theft and NortonInstaller
  • 0

#85
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
I would uninstall the Brothers printer. It doing some odd things so it may need to be reinstalled.

Do you have any network drives? I see it trying to open D and E and failing. If you have any network drives these should be disconnected using Computer or Windows Explorer.

Now that we have removed the worst of Norton, let's delete the old logs then do a new boot log. When you reboot, note the time when you see the PC Maker's logo and then the time that the login screen appears. I want to compare these to what I am seeing in the logs.
  • 0

Advertisements


#86
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Uninstalling brother now.
D: is the memory stick drive for the camera memory stick which I do use often but nothing in it since we've been doing this.
E: is the SD / MMC drive which I don't use at all.

Not sure how to disconnect and don't want to do anything that would not allow me to use the D: drive.
  • 0

#87
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window.

Windows will rediscover them when they are plugged in again.
  • 0

#88
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Bootlog created 6 attachments this time? I compressed each individually and will be e-mailing them one at a time.

For some reason my last post didn't go through.
Boot-up brings the Vaio symbol up almost immediately about 3 seconds. It takes about 40 seconds from that to the microsoft symbol and chime and then just over 6 minutes from that to the login. The screen turns blue/green after the microsoft symbol but just sits at Please wait...

Also. Whatever we've done in the last day or two has caused my Microsoft Word to crash every time I close the program. It gives me an error of some sort and tries to restart it, I've just been pressing cancel to not restart it but this is new.
  • 0

#89
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
For your word problem. Close word. Find all instances of normal.dot or normal.dotm and rename them to anormal. Then open Word by using the Programs menu (Don't open a document). Tools, Options, Save Then check Prompt to save Normal template. OK

Tools, Options, to display the Options dialog.
On the Options dialog, click on the Security tab, and then click the button for Advanced settings.
Change the setting to "High"

If you have 2007 or newer then you have to go into the Trust Center to make the same change.

Once you have made the change you shutdown Word and when prompted to save the normal template you say Yes this time. Next time say No unless you have made a change to the defaults.

We are still seeing some Norton in the registry as well as the Norton-Antitheft stuff. It's possible that you have to take ownership of the keys to delete them.

Open regedit and have it search for Norton. Then manually delete the keys.

If you go into the Safe Mode menu and select VGA mode (Enable Low Resolution Video) does it still have the big delay from logon?


If it's not an extension then get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK
Rar it up and send it to my email.
  • 0

#90
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Ok so I'm a little lost on your last post.

I was able to change the Word setting to Prompt to save Normal template
I could not find any security options even in the trust center to change to high. I'm on Word 2007.
When i closed it it didn't give me any options but I didn't get an error either.
I've opened saved and closed a few documents with no further problems.

I went into regedit and deleted all the Norton stuff I could find the Find function in regedit didn't bring up anything

I'm not sure what you mean by going into Safe Mode menu and selecting VGA. I restarted the computer and pressed F2 and F12. One took me to a menu but I couldn't find anything about VGA. The other asked me which system I wanted to start and I selected Vista.

Whatever was done, the login screen comes up instantly. Loading up the desktop is slightly slow, especially the side bar but no where near the 6 minutes.

Do I still need to run the autorun link?

I cleared logs and rebooted and ran VEW. System log was clear and here is the application log

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 12/01/2013 4:44:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/01/2013 10:38:28 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 12/01/2013 10:38:26 PM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 12/01/2013 10:38:26 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\system32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP