[RKinner]

They seem to have changed it a bit in the latest version,  Open Avast and click on Scan then Scan for Viruses.  There will be a delay of about 1 minute and then the page where you can select the Boot-time scan will appear.

 

 

 

 

[Advertisements]

net start msiserver is what i got when i ran the first part of the last message, is this what i should get? do i move on to the next step?

[bkp]

net start msiserver is what i got when i ran the first part of the last message, is this what i should get? do i move on to the next step?

[RKinner]

That's the last line from the copied message.  Hit Enter.

[bkp]

So the c:windows installer 4280.........
what should I do here? I did move to chest...but ask me file is in windows folder are u sure? Am i?

The other twords I moved to chest.

Attached Thumbnails

• 
• 
• 

[RKinner]

Yes let it remove it.

[bkp]

Here is my chest after running avast boot-drive scan

[bkp]

Here is my scan from avast boot-drive scan

Attached Files

•  chest.pdf   166.15KB   92 downloads

[bkp]

Vino's Event Viewer v01c run on Windows Vista in English

Report run at 25/12/2014 11:06:18 AM

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 25/12/2014 3:58:35 PM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

 

Log: 'System' Date/Time: 25/12/2014 3:58:04 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

 

Log: 'System' Date/Time: 25/12/2014 3:58:01 PM

Type: Error Category: 0

Event: 7009 Source: Service Control Manager

A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

 

Log: 'System' Date/Time: 25/12/2014 3:56:54 PM

Type: Error Category: 0

Event: 7009 Source: Service Control Manager

A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

 

Log: 'System' Date/Time: 25/12/2014 3:54:20 PM

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.

 

Log: 'System' Date/Time: 25/12/2014 3:53:45 PM

Type: Error Category: 0

Event: 15021 Source: Microsoft-Windows-HttpEvent

An error occured while using SSL configuration for socket address 0.0.0.0:4482.  The error status code is contained within the returned data.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 25/12/2014 3:54:27 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

 

Log: 'System' Date/Time: 25/12/2014 3:54:27 PM

Type: Warning Category: 0

Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

 

Log: 'System' Date/Time: 25/12/2014 3:51:44 PM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped. 

 

Log: 'System' Date/Time: 25/12/2014 3:51:43 PM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 

[bkp]

Vino's Event Viewer v01c run on Windows Vista in English

Report run at 25/12/2014 11:07:44 AM

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 25/12/2014 3:54:20 PM

Type: Error Category: 0

Event: 11 Source: Microsoft-Windows-CAPI2

Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

 

Log: 'Application' Date/Time: 25/12/2014 3:54:17 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 25/12/2014 3:51:25 PM

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   28 user registry handles leaked from \Registry\User\S-1-5-21-232412378-3118420049-1387226345-1000:

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\CA

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\CA

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Disallowed

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Disallowed

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Policies\Microsoft\SystemCertificates

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\trust

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\trust

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Root

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\Root

Process 1112 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\My

Process 3184 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-232412378-3118420049-1387226345-1000\Software\Microsoft\SystemCertificates\My

[bkp]

this is what was saved for the Procexp.txt...

Attached Files

•  System Idle Process.txt   11.8KB   195 downloads

[bkp]

Well I think I am doing everything you asked correctly. I want to wish you a Merry Christmas and Thank you for all of your help.

 

Thanks

 

BKP

[RKinner]

On a train. Hard to reply with tablet. Looks like it may be hot. Check temp with Speedfan or speccy.

[bkp]

seems like it is getting hot. I will have to get some of the lube. How was my last few reports?

[RKinner]

Looks like you have an old version of Windows Live. If you don't use it uninstall it. Can't read attachments with tablet.

[RKinner]

Managed to read process explorer log. Something wrong with explorer.exe. using too much CPU. Get shellexview from nirsoft.net.

 

http://www.nirsoft.n...s/shexview.html

 

Use this download:

http://www.nirsoft.n...xview_setup.exe

 

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.

Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer.  Run process explorer again. Is the top CPU user now system idle?