[debodun]

I was having a problem with my system booting slowly (Windows 7 - 64 bit). I downloaded Farbar and attempted to run it. It ran for about a minute than it stuck on a file named appid and then it said PROGRAM NOT RESPONDING. The HD light came on steady for about 5 minutes after this. What's going on here?

 

This is how far it scanned:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
Ran by Owner (administrator) on OWNER-PC (Hewlett-Packard HP Compaq dc5700 Small Form Factor) (08-10-2019 13:27:03)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0976F330-BF25-4F6F-B0B1-665D9BF7BCC0} - System32\Tasks\{68760510-2907-489D-B7A2-C35A3446BE71} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]
Task: {0A0C5E8A-2FCE-4C99-B12F-00B4B70AFB83} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {41E2110D-1421-413B-8E62-70C64466298F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-11] (Adobe Inc. -> Adobe)
Task: {5D084169-00AD-4D36-A448-C9A76FB459A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-11] (Adobe Inc. -> Adobe)
Task: {6B4D3DDA-9B0C-4B4E-A917-B9A141F6ED35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3129184 2012-09-24] (Piriform Ltd -> Piriform Ltd)
Task: {A149C588-D529-48EB-BAE0-95CA7AC5FE1C} - System32\Tasks\{304152A7-70D0-4E91-9F4E-DBD1652C7AAC} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [151552 2005-07-22] () [File not signed]
Task: {DDB1A270-9C47-4E77-9F28-24AAF8986644} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E05E619F-5932-445D-9D21-1FC2630E6BEE}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF DefaultProfile: 8wi3sbs5.default-1412761564967
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 [2019-10-08]
FF Homepage: Mozilla\Firefox\Profiles\8wi3sbs5.default-1412761564967 -> hxxps://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] (Apple Inc. -> )
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
 

Edited by debodun, 08 October 2019 - 12:57 PM.

[Advertisements]

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 

 

[RKinner]

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 

 

[debodun]

Wow, that's a lot of things to check! Probably do one thing at a time when I am not using the computer. Do I have to do them in the order you listed?

Edited by debodun, 09 October 2019 - 09:39 AM.

[RKinner]

FRST is sensitive to disk errors which is why I asked you to run the disk check.  It will take a few hours to complete depending on the size of your hard drive and speed of your computer.  SFC will take 20 minutes or so.  The other stuff is pretty quick but running things in order is best.

[debodun]

I was going to do a MalwareBytes scan today anyway since I had to be out for a few hours. Here is a screenshot of the results:

 

 

 

 

Attached Thumbnails

• 

[RKinner]

So probably not an infection.  Either a bad spot on the hard drive or perhaps some bad RAM.  Let it run the disk check tonight while you sleep.

[debodun]

I went to do the sfc / scannow as per your directions. When I got to this:

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

 

Right clicking showed this and I didn't see anything about Run as Administrator.

 

 

 

 

Attached Thumbnails

• 

Edited by debodun, 10 October 2019 - 12:55 PM.

[debodun]

Anyway, I did the scannow by typing cmd in the prompt bar. Here is a screen shot of it when it finished.

 

 

Attached Thumbnails

• 

[RKinner]

Doesn't look like it knows what program you had selected.  Make sure you left click on Command Prompt.

 

If that doesn't work for some reason then you can try putting

cmd

in the search box and then right clicking when it finds Command Prompt.

 

Also the Command Prompt file cmd.exe lives in C:\Windows\System32 so you can use explorer to drill down to the file and then right click on it.  This is a hidden location so you have to tell Windows to let you see it:

To show hidden files

Control Panel, (View By:  Large Icons)  Folder Options, View.

Uncheck Hide Extensions for Known File Types
Uncheck Hide Protected System Files
Check Show Hidden Files,Folders and Drives.
OK
 

[RKinner]

Good.  Go on to the VEW  logs

[debodun]

I tried to use the event viewer. When I clicked on RUN, nothing happened.

 

 

Attached Thumbnails

• 

[RKinner]

Did you start it with right click and Run as Admin?  Has to be run as admin or it can't work.

[debodun]

Yes I did.

[RKinner]

See if you can get this to work:

 

Full Event Log View

http://www.nirsoft.n...t_log_view.html

The download is near the bottom of the page.  Choose the one appropriate for your system.

Download FullEventLogView (32-bit version)
Download FullEventLogView (64-bit version)


Right click on the downloaded file and Extract All, Extract.  Doubleclick on FullEventLogView.exe

Once the program starts:  Options, Advanced Options and in the new window uncheck Informational verbose and Undefined.

Show only events from the last 1 Days

OK

Now Edit, Select All

File, Save Selected Items, to your desktop, call it events,  Save.

Close the program.  You should have a file called events.txt on your desktop.  Open it, Edit, Select All, Ctrl + c to copy and then move to a Reply and Ctrl +v to paste it into the reply.

 

[debodun]

[General]
MarkOddEvenRows=0
ShowGridLines=0
SaveFilterIndex=1
ShowInfoTip=1
ShowTimeInGMT=0
VerSplitLoc=16383
LowerPaneDisplayMode=1
AutoRefresh=0
TrayIcon=0
ShowEventStringsInColumns=0
TimeFilter=1
LastTimeFilterUnit=4
LastTimeFilterValue=1
SaveFileEncoding=0
EventIDFilter=1
EventIDFilterStr=
ProviderFilter=1
ProviderFilterStr=
ChannelFilter=1
ChannelFilterStr=
DescriptionStringFilter=1
DescriptionStringFilterStr=
ShowUndefined=0
ShowCritical=1
ShowError=1
ShowWarning=1
ShowInformation=0
ShowVerbose=0
FromTime=03-10-2019 16:16:22
ToTime=10-10-2019 16:16:22
DataSource=1
ComputerName=
LogFolder=
LogFolderWildcard=*
LoadArchiveFiles=1
UseQuickFilter=0
QuickFilterString=
QuickFilterColumnsMode=1
QuickFilterFindMode=1
QuickFilterShowHide=1
MainFont=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
WinPos=2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 4B 00 00 00 4B 00 00 00 CB 02 00 00 2B 02 00 00
Columns=78 00 00 00 50 00 01 00 50 00 02 00 64 00 03 00 B4 00 04 00 B4 00 05 00 FA 00 06 00 64 00 07 00 64 00 08 00 64 00 09 00 64 00 0A 00 64 00 0B 00 78 00 0C 00 78 00 0D 00
Sort=0