Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random lockups and long startup time for IE and Mail


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Let's look at the boot log

 

Search for 

 

msconfig

 

hit Enter.

 

This should bring up a new window.  Under the Boot Tab check Boot Log. OK  Reboot.

 

This will create a file C:\Windows\ntbtlog.txt

 

You will probably need to tell Windows to let you see it.

 

 

Control Panel, (View By:  Large Icons)  Folder Options, View.

 

Uncheck Hide Extensions for Known File Types

Uncheck Hide Protected System Files

Check Show Hidden Files,Folders and Drives.

OK

 

 

Attach the file C:\Windows\ntbtlog.txt

 

 

Right click on Computer and select Manage then Device Manager, View, Show Hidden Devices, then look in the right pane.  Do you see any yellow flagged devices?

Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.  

 

If you see VNC Mirror Driver or vncmirror just right click and Uninstall or Delete.  If it asks you about the drivers tell it to delete them too.  Then reboot.  Come back into Device Manager and see if it returns.

 

 

I don't see any infection but it's worth taking the time to runs some scans to make sure.

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 
 
Tonight let Avast do its boot-time scan:
 
Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
 
Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.
 
 

  • 0

Advertisements


#17
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi RKinner

 

Here's the ntbtlog file

 

delboy

Attached Files


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

The boot log looks good.  You can go back into msconfig and uncheck boot log.  OK.  No need to reboot.

 

Try starting IE without add-ons and see if it starts up faster:

 

In Windows 7, to run your Internet Explorer in the no add-ons mode, Open Start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons). This will start IE with no add-ons.  Does it load faster?

 

Run VEW again for both System and Applications and let's see if there are new errors.


  • 0

#19
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi RKinner

 

I think my last post was wrong. I didn't uncheck 'hide protected system files' in Folder Options.

Do you want me to rerun it?

 

delboy


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

No you got the log OK.

 

Rereading your whole thread I see the problem is more something slowing you down when you start.

 

Search for

 

msconfig 

 

and hit Enter.  

 

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.  If it doesn't run faster then go back into msconfig and recheck the
things you turned off.  If it helps then go back and turn on a few items each
time until you find the culprit.  You will need to reboot after each change.
 
If that doesn't help, try right clicking on the clock right after you boot and select Start Task manager
Then Processes and click on the CPU column header twice to bring the highes users to the top.  If you don't see anything using a lot of CPU then Show Processes From All Users.
 
See if you can catch something besides System Idle at the top.  If it's an SVCHOST then right click on it and select Go To Services.  It will highlight in blue the services riding on the SVCHOST.  What are they?

  • 0

#21
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Hi RKinner

Took a while to follow all you instructions, but nothing conclusive to report!

MSConfig... Removing items from the Startup tab didn't seem to make a noticeable difference so I have checked all of them back again.

As a measure of how long the delay is I have used the Resource Monitor in Task Manager and this shows around 15 mins of 100% CPU use before dropping to ~50%. The processes at the top of the list are avast! service and svchost (netsvcs)

delboy
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Perhaps you need to uninstall, reboot then reinstall Avast?

 

Is Windows Update (wuauserv) on the list of services running on the svchost?

 

I've seen it go bonkers so you might just search for 

services.msc

and hit Enter

 

Find Windows Update  and right click and select Properties.  Change the Strtup Tyoe: to Disabled OK.  Then reboot and see if things are better.


  • 0

#23
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts

Hi RKinner

Tried disabling Windows Update - no improvement.

Uninstalled avast! and reinstalled it and it seems to have made a lot of difference. By that I mean the CPU useage in Task Manager drops to less that 5% within 2 mins of startup.

Funny because I recall the last time I contacted G2G with a slow down problem it turned out to be the Sophos AV I was using at that time. It was then I switched to avast.

Coincidence or what?

delboy
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Make sure you turn Windows Update back on.

 

I have no idea why A-V programs sometimes go nuts.  I've seen Norton go bonkers and require 45 minutes before it let Windows load.  Avast is usually not that bad when it screws up.

 

Are you pretty much back to normal now?  Are you still seeing svchost using a lot of CPU?


  • 0

#25
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Hi RKinner

Windows Update is back to Automatic.

The only Process that uses a lot of CPU is svchost(netsvcs). This now is taking 50% CPU time even after 10mins or more since startup. Is that normal?

delboy
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Not normal.  If you can right click on it  in Task manager and select Services it should show you what services are involved.  You can note them (highlighted in blue) and right click on each and see if you can stop each service.  Try to figure out which one it is that is causing the high cpu.  


  • 0

#27
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Hi RKinner

Would you believe that since my post yesterday CPU useage has been well behaved and showing typically <5% with the occasional peak up to 40%, but returning quickly to the very low figure. I have rebooted several times but the results are the same.

While it is like that there is no problem with slow response and I can browse or mail with no trouble.

What do we do now? Can I leave this thread open in-case the problem returns?

delboy
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I don't close threads so if the problem returns let me know.  We should cleanup tho:

 

We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. Delfix has been a tad too aggressive recently and seems to dislike pdf files in the Downloads folder so if you have any you should move them to a different folder before running Delfix.
 
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
 
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 
Ron

  • 0

#29
70delboy

70delboy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts


Hi Ron

Here's the DelFix log. CPU usage still behaving!

delboy

Attached Files


  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Excellent!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP