Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow computer


  • Please log in to reply

#16
realapp

realapp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

I uninstalled myWinlocker suite. I noticed every time I open google chrome it has an error. I tried uninstalling and reinstalling before but still doing it.

 

Running better but still have google chrome errors.


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

What exactly does the error say?


  • 0

#18
realapp

realapp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

Well, not getting error now, start up slowly but that's all now. Not sure if this matter but when I click on google chrome it has this is the address bar www.google.com/?gws_rd=ssl

 

Also, Imeant to say in last post that when I downloaded AVG and clicked on run as administrator it doesn't do anything. Thanks!


Edited by realapp, 14 March 2015 - 11:03 AM.

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
When you get to Step 3 Substep 2.  Copy and paste the text from Notepad into a reply.
 
(If you get a pop up just click on No Thanks I know everything)
 
 
Why are you downloading AVG?

  • 0

#20
realapp

realapp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

sorry, I meant the avg removal tool you suggested in previous post.

 

Not sure what is going on, but everytime I try to paste in here, the page freezes and it won't let me past the log. I tried opening with IE and no different. Also, I noticed this GetDiz (not sure what that is) program keeps copying everything I copy to clipboard and opens it in it's own window. Not sure if that has anything to do with it. 

 

Loading pages are super slow again.


Edited by realapp, 14 March 2015 - 05:43 PM.

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

GetDiz is listed in the uninstall list so you should be able to remove it.

 

Thought you had installed it on purpose.  It sounds good:

 

GetDiz is a Notepad replacement which offers a wide range of features while maintaining an incredible speed, ease of use, stability and small size.

 

 

Get autoruns from
 
Download Save and Run the program by right clicking and Run As Admin.  Once it finishes the scan, Look under Drivers and find avgtp and uncheck it.
 
 File, Save, to your desktop, autoruns.arn, OK.  This file is normally a bit over the forum size limit so will need to be zipped.  If you do not have win-zip or 7-zip then get 7-zip from 
Download, Save and Run the appropriate msi file for your PC.  You want this one:64-bit x64 7-Zip for 64-bit Windows x64 (Intel 64 or AMD64)
 
Once you have installed you can then right click on autoruns.arn then click on 7-zip, Add to autoruns.zip.  It should put the autoruns.zip file in the same directory.  Attach it.

  • 0

#22
realapp

realapp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

When I tried to run autoruns as administrator I got this message:

 

could not get WMI subscription the wait operation time out


  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Right click on the clock and select Start Task Manager then click on Services.  Scroll down to Winmgmt.  Is it really running?


  • 0

#24
realapp

realapp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

Yes it's running


  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
 
1. Disable and stop the WMI service;
 
Copy the next two lines:
 
 sc config winmgmt start= disabled     (note that there is a blank between '=' and 'disabled')
 net stop winmgmt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter It may say several services depend on winmgmt and ask for a Y or N.  Tell it Y.
 
 
2. Rename the repository folder (located at %windir%\System32\wbem\repository) to repository.old.
 

Copy the next line

rename \windows\System32\wbem\repository   \windows\System32\wbem\repository.old
Go back to the Command window and Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter
 
3. Re-enable the WMI service.
 
 

Copy the next line

sc config winmgmt start= auto
 
Go back to the Command window and Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
 
Ren VEW as before and post the logs.

  • 0

Advertisements


#26
realapp

realapp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

in step # 2 above it is telling me the syntax of the command is incorrect.  


  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Try:

cd \windows\System32\wbem
rename repository repository.old

If it fails which line does it not like?  You can also just rename the folder \windows\System32\wbem\repository to \windows\System32\wbem\repository.old using windows explorer.


  • 0

#28
realapp

realapp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/03/2015 5:19:38 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/03/2015 10:07:28 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Log: 'Application' Date/Time: 19/03/2015 10:07:28 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Log: 'Application' Date/Time: 19/03/2015 9:57:50 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: FastProx.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdefe Exception code: 0xc0000005 Fault offset: 0x00000000000012ab Faulting process id: 0x1f0 Faulting application start time: 0x01d061a467f388c8 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\wbem\FastProx.dll Report Id: fc2322bb-ce82-11e4-9f33-b870f4dd281e
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/03/2015 10:10:29 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...
 
Log: 'Application' Date/Time: 19/03/2015 10:10:29 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.
 
Log: 'Application' Date/Time: 19/03/2015 10:00:25 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=BC4}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: EVANSPC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 19/03/2015 10:00:17 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=BC4}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 19/03/2015 9:57:45 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-4046523146-1281529262-768510782-1001:
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Policies\Microsoft\SystemCertificates
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Policies\Microsoft\SystemCertificates
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Policies\Microsoft\SystemCertificates
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Policies\Microsoft\SystemCertificates
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Microsoft\SystemCertificates\My
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Microsoft\SystemCertificates\CA
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Microsoft\SystemCertificates\trust
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Microsoft\SystemCertificates\Root
Process 2480 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
 
 
 
 
 
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/03/2015 5:16:30 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/03/2015 10:03:14 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
 
Log: 'System' Date/Time: 19/03/2015 10:03:14 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
 
Log: 'System' Date/Time: 19/03/2015 10:03:13 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
 
Log: 'System' Date/Time: 19/03/2015 10:03:13 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
 
Log: 'System' Date/Time: 19/03/2015 10:03:14 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Log: 'System' Date/Time: 19/03/2015 10:03:13 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Log: 'System' Date/Time: 19/03/2015 10:03:02 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
 
Log: 'System' Date/Time: 19/03/2015 10:03:02 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
 
Log: 'System' Date/Time: 19/03/2015 10:03:02 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Remote Access Connection Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Logs are below:
 
 
Type: Error Category: 0
 
Event: 7031 Source: Service Control Manager
The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 19/03/2015 9:58:09 PM
Type: Error Categor
 
 
Event: 7031 Source: Service Control Manager
The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/03/2015 9:59:15 PM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Ethernet: The network link is down.  Check to make sure the network cable is properly connected.

Edited by realapp, 19 March 2015 - 04:20 PM.

  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Do you use Windows Live?  Most people don't but it gets installed as an optional update.  IF you don't use it, uninstall Windows Live Essentials.  If you do use it then it would be wise to uninstall it and download a newer version and install that.

 

Copy the next 2 lines:
 
delete C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\idstore.sst
lodctr /r
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter
 
It should take about a minute or less then come back and say:
 
Info: Successfully rebuilt performance counter setting from system backup store

 

 

Does it?  If so then let's try clearing the alarm and rebooting again and see if the error is gone.
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
Run VEW
 as before and post the logs.
 
 

  • 0

#30
realapp

realapp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

for whatever reason I can't copy and past in the command prompt so I just typed in the command and this is what it said:

 

delete is not recognized as an internal or external command, operable program or batch file


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP