Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezing at log on screen


  • Please log in to reply
7 replies to this topic

#1 Brian on Skye

Brian on Skye

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 02 January 2012 - 08:39 AM

I have been using Win 7 Ultimate 64bit for about 6 months. About 2 months ago this behaviour started and I was unable to associate it with any changes I had made to the machine.
Windows boot proceeds normally until the jingle and appearance of the logging on screen. At this point the computer becomes unresponsive to keyboard or mouse for a random time varying between 2-3 seconds and indefinitely. In the case of indefinitely I have to shut down by the power switch 3 second press and try again. My guess is that something I installed or something that installed itself is trying to call home at this time and prevents all other actions while it waits for a reply. Sometimes I have found that I can log in immediately after removing the network cable. I run Norton Internet Security which is up to date and reports nothing. If I try using the windows repair facility from the Win 7 disk to detect boot problems it reports that the boot that I had to abort was in fact successful. I guess it doesn't count anything after the log in screen.

The only time I ever got infected in the last 10 years was by a driveby trojan and I had to solve that by a drive image restore. That was a previous machine though.

I could solve this problem by restoring one of several drive images that I have but they are quite old and would have to reinstall quite a bit of software agin so I would rather not.
All I am looking for is an opinion as to whether I have a windows problem or a malware problem. I never open attachments so a driveby hit is the only likely source of any malware.
What do you lot think?

Brian

BC AdBot (Login to Remove)

 


#2 LucheLibre

LucheLibre

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:58 PM

Posted 02 January 2012 - 10:58 AM

This might sound like trying to kill a fly with an orbital ion cannon, but if you're willing to be patient, I'd like you to follow this procedure. If another member has a more efficient method to gather the information needed to help this person, I'd certainly appreciate the learning opportunity. Process Monitor is great if you're sitting there at the computer, but it generates rather large logs, even after compression, and so isn't very Internet-helper-person-friendly.

Be sure to plug in your network cable.

Use Process Monitor to capture your computer boot operations.

  • Download and extract to a folder on your desktop. Right-click on program and select Run As Administrator.
  • The ProcMon filter dialog box will appear. Click Reset and then OK.
  • Process Monitor will begin capture. Immediately press Control + E to stop. Press Control + X to clear log.
  • Click Options > Enable Boot Logging.
  • An options dialog will open. Check Generate profiling events. Select Every second. Click OK
  • Close Process Monitor and restart computer.
  • As soon as possible, rerun Process Monitor. It will ask to save the collected data. Click Yes. Save to your desktop as bootlog.
    • Depending on the size of your log, Process Monitor will create several files named "bootlog", "bootlog-1", etc.
  • Download 7-zip and install.
  • Select every bootlog file on the desktop, right-click on one of them and select 7-Zip > Add to "bootlog.7z". Do not select Add to "bootlog.zip".
  • Locate the new archive on your desktop and upload to a file-sharing site such as Mediafire.
  • Copy the file's weblink to your next reply.

If, by chance, the computer didn't freeze during this procedure or the freeze was very short (less than 2 seconds), I recommend deleting the captured data and repeating these directions.

Edited by LucheLibre, 02 January 2012 - 11:03 AM.

If it looks like I know what I'm doing, there's a pretty good chance the only reason for that is because
I once asked someone to run chkdsk /r and a BC Advisor smacked me in the back of the head.

~ LL ~


#3 Brian on Skye

Brian on Skye
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 02 January 2012 - 12:11 PM

Thanks LucheLibre I'll have a go as soon as possible. I have a calendar to finish this evening or I'll have to start a 2013 one ;)

Process monitor sounds like just the tool I've been looking for for a while. I made the mistake of installing the Windows SDK in an attempt to find out what was going on at boot and ended up with log files that filled C: drive in a couple of days. It took me a while to find out how to stop it.

Brian

#4 LucheLibre

LucheLibre

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:58 PM

Posted 02 January 2012 - 12:25 PM

Sounds good.

If it looks like I know what I'm doing, there's a pretty good chance the only reason for that is because
I once asked someone to run chkdsk /r and a BC Advisor smacked me in the back of the head.

~ LL ~


#5 Brian on Skye

Brian on Skye
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 02 January 2012 - 08:48 PM

Calendar is finished. Looks good.

I got a bootlog after a boot where the machine became unresponsive for about 10-15s from the first showing of the login screen.

It is at http://www.ullinish.com/noboot/bootlog.7z and is about 78Mb

I had a look inside and boggled at the 2.5 million odd steps involved in booting. Slightly worried by the references to lots of photo image files that I haven't looked at in months. Why would they be in there? Lots more stuff like that. No wonder booting takes so long.

If someone can tell from this file what my machine was doing while I was waiting for a password box I will be mightily impressed. I sincerely hope that publishing this file is not a security problem for me...

TIA

#6 LucheLibre

LucheLibre

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:58 PM

Posted 03 January 2012 - 10:36 PM

There are three things I'd like you to try. Do one, test, undo the first, then the next, test, etc.

1. Switch off your wireless as well as unplug the cable.

2. Disable your antivirus, including any services it installed.

3. Uninstall your audio drivers and disable your audio device.

If it looks like I know what I'm doing, there's a pretty good chance the only reason for that is because
I once asked someone to run chkdsk /r and a BC Advisor smacked me in the back of the head.

~ LL ~


#7 Brian on Skye

Brian on Skye
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 04 January 2012 - 07:23 PM

Thanks for looking LL. This is going to take a little while so bear with me. Naturally I have to fit this in with actually using the thing ;)

#8 LucheLibre

LucheLibre

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:04:58 PM

Posted 05 January 2012 - 11:15 AM

After the first two seconds of LogonUI's operation, after the audio program finished, the program responsible for your Pen/Tablet input started and continued working for 7 seconds. It doesn't quite match up with what you've given me, and I didn't see anything that said, "Hey I'm stuck over here," but considering you're having an input problem, I'd also rule this out by disabling or uninstalling the Tablet PC module from Windows and retesting.

Edited by LucheLibre, 05 January 2012 - 11:19 AM.

If it looks like I know what I'm doing, there's a pretty good chance the only reason for that is because
I once asked someone to run chkdsk /r and a BC Advisor smacked me in the back of the head.

~ LL ~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users