Computer freezes 2-5 minutes after logging in

By Gheb
Nov 9, 2008
Topic Status:
Not open for further replies.
  1. Hey, there, I'm new here so don't know if this is the right place but..
    computer freezes after 2-5 minutes of logging in and during those minutes i experience extreme slowness, i have avast and AVG (i know i should have one-but which one?), have done numerous scans with numerous online scanners and programs, have (and ran) ccleaner, malware bytes and am currently running in safe mode. some scanners ive run are: smitfraud fix, dr web, ewido online scanner, kaspersky online scanner, activescan, online trojan scanner, startup optimiser, avg, avast, windows defender, S&D and a few i forgot...all of these produced little results of viruses so i don't noe what to do
    *Don't noe if i should mention this, but the first problem started occurring when i was half working on word 07 it blue screened, i rebooted but it blue screened again, safe mode didn't work as one of the boot things didnt't work, so i bypassed using ubuntu/ultimate cd to backup data, then did a repair install using (XP CD) of the boot which saved the files (wasting all the time backing up) also from some lurking in other forums i checked out my event log and noticed many disk errors-however they've stopped occurring for now
    Any help is Greatly Appreciated
    ill put some of my logs up, they might be a few days old though
    View attachment 37414

    View attachment rapport.txt

    View attachment hijackthis.log

    View attachment mbam-log-2008-11-06 (23-42-00).txt
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Before we start,we need to clean up and update:

    1. Mbam removed Trojan.FakeAlert
    2. Have ewido remove the Tracking Cookies, then:

    Reset Cookies:
    Update Java:
    Temporarily Disable Real Time Monitoring Programs
    http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs
    :
    The following also need to be stopped:
    AVG vs Avast: I would recommend Avast. It doesn't look like you have it fully installed and configured though- Please download Avast and SAVE to your desktop. Do not run it yet:
    http://www.avast.com/eng/download-avast-home.html

    The AVG is a mess. If you decide to keep and run Avast, these will have to be handled. It appears that at one time you may have had the AVG Security Suite: you have AV, Firewall and anti-spyware. But they are not up to date and you have two versions v7 and v7.5. current version is v8.

    To run Avast only:
    Boot into Safe Mode: You need to make this changeover offline. Use File> Work Offline:> Start> Run> type in 'msconfig' without quotes> Enter> Selective Startup> Startup tab> UNCHECK all AVG or ewido processes- both AV and anti-spyware (one will be guard.exe)> Apply> OK
    Start> Run> services.msc> scroll to each of the following Services> right click on each> Properties> change startup Type to Disabled.
    O23 - Service: AVG Anti-Spyware Guard -
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
    O23 - Service: AVG7 Update Service (Avg7UpdSvc)
    O23 - Service: AVG Firewall (AVGFwSrv) -

    Control Panel> Add/Remove Programs> Uninstall ALL AVG programs> Apply> OK.
    Reboot back into Safe Mode: Stay offline> Run the Avast setup on the desktop.
    If you are asked if you want to remove previous version, answer Yes.

    When this has been completed, reboot the computer. You will gt a nag message that you can close after checking 'don' show this message again'. Stay in Selective Startup.

    Run Malwarebytes, SuperAntispyware and follow with HijackThis. attach all three logs.
    Guidance here: http://www.techspot.com/vb/topic58138.html
  3. sent12b

    sent12b Newcomer, in training Posts: 21

    restart the computer in safe mode

    1. Click Start, click Run, type msconfig in the Open box, and then click OK.
    2. On the General tab, click Selective Startup, and then click to clear the following check boxes:
    • Process System.ini File
    • Process Win.ini File
    • Load Startup Items
    NOTE : You cannot clear the Use Original Boot.ini check box.
    3. On the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.
    4. You cannot clear the click OK, and then click Restart to restart your computer.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Or continue with Bobbye's support, that's what I'd do :grinthumb
  5. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    ok.. one at a time Bobbye first...
    and thanks for the quick response:
    Clean and update: done
    Internet cookie options - done (what about other browsers like firefox cookies?)
    Java installation blocked by safe mode (any ideas of how to unblock?*)
    Superantivirus installation also blocked by safe mode
    when you say remove the following, do you mean use HJT to fix or to locate the file and delete? if it is locate file may you point out the default location or where you think it might be?
    disable resident protection: done (should i still be online?)
    If im uninstalling AVG do i still need to disable their resident protection?
    i eagerly await your reply as now im going to work offline for the next steps...
    ok ive uninstalled AVG and installed avast as directed
    however everytime i try to reboot in normal mode (where it froze before) it redirects me to safe mode automatically
    as said before safe mode prevents me from installing some of the programs and updates recommended
    a way which prevents this is last known good config, but does this reset everything i deleted?
    also when i reboot avast comes up before windows starts up as a light blue screen (not BSOD-like chkdsk) however it flashes up 0 files scanned, 0 files infected, then my comp continues to start up (in this case into safe mode during normal boot)(is this right/normal?)
    However the safe mode doesn't have the big graphics and shows my desktop?? and in msconfig safeboot is not checked
    *-normal mode is auto safe mode and last good known config normal mode is the one that freezes

    To sent12b
    i did as you said disabling all un microsoft services but im not sure it worked as again i am automatically redirected to safe mode and not sure if restore last known good config would alter my settings (of msconfig, and of what bobbye said)

    To kimsland:
    Thanks ill keep that in mind (if you directed that at me)

    Ill also include this random new HJT (from half safe mode) as i don't know what to do now
    View attachment 37489
    Thank you again for all your quick replies
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please do not do this. If you do, it will disable the antivirus program: While stopping processes and Services may sound like a good idea, one has to consider that they are for.
    Please run the Error Check:
    Better: Use the Firefox AdBlock Plus Extension and download all the of the Easy List filters:
    Please open this program and find where to disable it for now:
    Advise system status after error checking complete and Services restarted.
  7. sent12b

    sent12b Newcomer, in training Posts: 21

  8. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    ok ive re-enabled all the services in the service tab
    ran the error check (don't know where the log is, it replaced a few files but i left it overnight)
    now using ABP with firefox
    relocated lg updates (does this stop them?)
    and ran ccleaner (does this remove the online scanners? logs?)
    avast still does blank scans before the comp boots up (is this normal?)

    oh and what do you mean scan now and the OS disk?
    so my first and foremost problem now is to get out of safe mode boot (during normal boot)
    then i can see if changing the start up options, and if adding accounts would help the freezing
    also what does Last Good Configuration Do?
    To sent12b: Again i don't know if adding an account actually helped as it still boots in safe mode without my permission

    Thanks and sorry for the late reply
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Yes. Please do NOT do it.

    Please do NOT do this.

    Only if you have to set to scan on boot. What is a "blank scan"?

    If the scan finds a corrupt file, it will ask for the Windows CD to reinstall the file.

    When the system is clean, we will remove the cleaning tools and old System restore points.

    Plea run HijackThis again and attach a new log.
  10. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    blank scan was my term for a scan which scan 0 files and basically does nothing

    during the error check it fixed some files but never asked for the OS disk
    which scanner? if you are talking about sfc /scannow it doesnt work in safe mode due to the RPC server being unavailable

    ill post another fresh HJT log...(found the two online scanners again, what do i do? ive already deleted their temp data with ccleaner)

    if i shouldn't use last good config what can i do to get out of safe booting?

    [/ATTACH]
    (ill put HJT logs in every post from now on unless you tell me to stop)
    (can't put SAS log as in safe mode, as explained above)

    Attached Files:

  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Open Avast and/or "Add Scheduled Tasks" in Control Panel and stop the scan on boot.

    Error Checking doesn't ask for the disc> that's scan now. They are different.

    Please use msconfig to access the Startup menu and UNCHECK everything EXCEPT the Avast entry Apply> Reboot> Close the nag message after checking 'don't show message again'. Stay in Selective Startup.
    Make sure the following are included along with any others except Avast in what you uncheck on the Startup tab:
    Please stop a squared and ewido scans from running.

    Start> Run> services.msc> set all of the following Services to Disabled> Stop the Service:
    For this Service: if this is what you are using to connect, leave it set to Automatic. Otherwise, disable:
    Now see if you can boot into Normal Mode.

    I'm trying to weed out what may be causing th Safe Mode so we need to stop everything that is not essential.
  12. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    ive stopped all the necesssary services requested but still boot up in safe mode
    So how do i get OUT??
    avast also seems to have stopped its boot scans
    nag message also doesn't go away even when checked
    do you have any other ideas? View attachment 37663
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Sometimes it takes a couple of times checking the 'don't show again' to make it stop.

    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:
    These are still loading and need to be stopped:
    And this could possibly be causing a policy problem: Stores configuration data for the policy setting Shockwave Flash.
    And although this is a legitimate protocol, let's stop it for now:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Using the msconfig utility as before, take the following off of Startup if present:
    Contorl Panel> Add/Remove PRograms> Uninstall the following if present:
    Try again to reboot into Normal Mode. Close the nag message-again-after checking 'don't show.

    Let me know.
     
  14. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    STILL goes to Safe Mode after reboot after clearing/disabling the said services any other ideas?
    Nag messenge is gone
    View attachment 37737
    Would it be a driver problem? here is my boot log, some failed to load
    View attachment 37741
    after some lurking around ill include these files as well
    View attachment 37742
    View attachment 37743
    (if it is driver problem)
    Also don't know if this helps but serveral errors keep reoccuring in event viewer such as DCOM (10005), Service control manager and Tcpip(warning 4201)
    and here is a list of installed programs
    View attachment 37772
  15. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    Anyone?

    Ghebump
    anyone know anything any help is appreciated
    getting desperate (soz for double post)
    Thanks in advance
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please note: many drivers do not load in Safe Mode.

    Have HijackThis remove the following:
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and see if you can reboot into Normal Mode.
  17. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    STILL in safe mode

    ok removed it but it STILL keeps booting up in safe mode
    If it isnt a driver problem could it be a registry? (last known config fixes registry and drivers i think)
    Could it also be something we moved/deleted/changed?
    Remember how i said i used startup optimiser before,...it also made me auto boot to safe mode but last known config fixed it then (havent done it this time) so could it be one of the startup or AVG or real time protection programs?
    Just some suggestion...
    here is my HJT log
    View attachment 37827
  18. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi Gheb

    I assume you are copying the logs etc from the problem machine and sending from another?

    Regular Safe Mode can not access the www.

    Reboot and F8 to get the boot menu.

    Select Safe Mode with Networking.

    Maybe this is what you have been doing and it has not worked anyway but that was not clear to me.
    Safe Mode Networking will allow connecting to the Internet UNLESS while tinkering with the services you have disabled it somehow. OR it is part of your initial problem.

    So if you can get on the www in Safe Mode networking then do the below.

    Download SD Fix to Desktop among other things it runs GMER and Catchme to look for RootKits.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-clickto RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Copy and paste the Report.txt file to your next post.

    Now

    Due to your condition you still may or may not get back into normal mode, but either way continue below after reboot. Do this in normal if it does come back up in normal.

    ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall

    This will take some time!!!!!!!!

    Mike
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Mike, do you bother to open and check the logs?

    The same thing goes for you sent12b.

    You can't just ignore the information, try to throw out some program for a fix. There are currently at least three threads I know of- one is up to Post #48 and due to this type of "help" the person with the problem is in worse shape that when it was started.

    You guys are hit and miss. You don't start the help and you don't finish the help- you just drop by to throw something out. I ,for one, who work hard checking the logs and information, do not appreciate this. And not one of the people with a problem has been helped by it.
  20. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    ok.... now i'm just confused
    sorry mike, Bobbye was here from the beginning
    however Bobbye do you have any suggestions of what to do next?
    Thanks anyway
  21. mflynn

    mflynn Newcomer, in training Posts: 2,793

    1.Yes I read the logs
    2. and see he is locked in Safe Mode
    3. he bumped
    4. and that is exactly why I made my recommendation, fix the other issues and get him back to Normal mode!

    No problemo!

    Mike
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    What "boot things" are you referring to? Some devices, drivers and Services do not startup in Safe Mode.

    Give me copy of any Event Error corresponding to either freeze or starting up in Safe Mode:
    Please Ignore Warnings. You do not need to include the lines of code in the box below the Description- if an. Please do not copy the entire Event Log.

    Although some processes do not start up in Safe Mod, this may give us a clue if it is due to a Service that remained disabled. I'll sort through that.
  23. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    i am referring to one of the main system files when i say boot things, as in XP when you boot in safe mode it goes through steps shown in white writing on a black screen
    disk errors stopped a week ago (16th?), nowadays there isn't much except for reoccuring DCOM error etc, which i have said before
    Event Type: Error
    Event Source: Disk
    Event Category: None
    Event ID: 7
    Date: 16/11/2008
    Time: 23:19:42
    User: N/A
    Computer: LG-M1
    Description:
    The device, \Device\Harddisk0\D, has a bad block.

    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10005
    Date: 16/11/2008
    Time: 15:01:32
    User: LG-M1\user
    Computer: LG-M1
    Description:
    DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    Service control manager (errors) also appears often which variations such as:
    7026
    7023
    7011
    7006
    for example 7026
    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7026
    Date: 7/11/2008
    Time: 18:41:04
    User: N/A
    Computer: LG-M1
    Description:
    The following boot-start or system-start driver(s) failed to load:
    Aavmker4
    aswSP
    AVG Anti-Spyware Driver
    Avg7Core
    Avg7RsW
    Avg7RsXP
    Fips
    intelppm

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7023
    Date: 7/11/2008
    Time: 18:25:18
    User: N/A
    Computer: LG-M1
    Description:
    The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
    The system cannot find the file specified.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7023
    Date: 18/11/2008
    Time: 16:22:10
    User: N/A
    Computer: LG-M1
    Description:
    The Computer Browser service terminated with the following error:
    This operation returned because the timeout period expired.

    Due to space ill shorten this one

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7011
    Date: 7/11/2008
    Time: 21:04:32
    User: N/A
    Computer: LG-M1
    Description:
    Timeout (30000 milliseconds) waiting for a transaction response from the AVGFwSrv service.
    or (same date some everything except)
    Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
    or
    Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
    or
    Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    or
    Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
    or
    Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
    or (15th)
    The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.

    oh and found the 2 online scanner still there in new HJT log even though ive checked and deleted them twice already now any suggestions?

    To Mike & sent: thanks you for all the effort you have put in and it is true i bumped for an answer but until Bobbye runs into a wall and can't help you guys are straight after him
    To Bobbye: thank you for your continued support (and comp is still locked in safe mode) View attachment 37980
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You are being sent in different directions and that's not helpful. You were told specifically to boot into Safe Mode, now you can't get out! Try and undo whatever you did in Post #3. Then we need to make sure the necessary Services are set to Automatic or Manual:

    Services to be set, and this "can" be done in Safe Mode:
    DCOM> Automatic

    Of all the Events you posted, this is the only one with significance: Harddisk0 Usually refers to C: drive with the OS on it.
    Event Error #7, Source: Disc: Desc: The device, \Device\Harddisk0\D, has a bad block.
    "The device has a bad block of memory, which Windows attempted to read. The data might be missing or corrupted".
    This Event may also be caused by a CD or CDRom drive.

    It is also possible that some of the Services you were told to stop did not get re-started. For instance, FIPS uses Cryptography- the Cryptography Services should be set to Automatic.
    Please list the Services you have set to Disabled:
    Start> Run> services.msc.
    This is important. I think we are going to have to undo some of what you were told to do.

    Service resetting calls for careful fine-tuning. Dependencies must always be checked. Changing the Startup Type can't be a random process.

    These are drivers that won't load in Safe Mode.
    Aavmker4>> Base Kernel-Mode DeviceDriver for Windows NT/2000/XP (Avast)
    aswSP>> avast! self protection module
    AVG Anti-Spyware Driver
    Avg7Core
    Avg7RsW
    Avg7RsXP
    Fips: need Cryptography. That services should be set to Automatic
    intelppm
    DCOM>> "This service cannot be started in Safe Mode "

    ScRegSetValueExW is a Kaspersky related process. It was found in KIS v202 and supposedly fixed in KIS v207, which means you need to update.. But it also means you are running two antivirus programs and that need to be reconciled.

    Try to resolve Event #7, then reboot into Normal Mode and recheck the Event Viewer for Error occurring in Normal Mode.
  25. Gheb

    Gheb Newcomer, in training Topic Starter Posts: 22

    for some reason DCOM and Cryptography is already on automatic and the errors occur
    Services disabled
    View attachment 38059
    So i shouldnt worry about those drivers not loading
    error 7 didnt occur for a whole week so hmm but ill see what i can do
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.