Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 Very slow


  • This topic is locked This topic is locked
12 replies to this topic

#1 silentkow

silentkow

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 16 April 2012 - 06:16 PM

Good evening i currently have a windows 7 machine that i am using and today when i tried to go online it froze up completely, I ended having to restart. Upon restart it was still slow and eventually locked up. At some point i was able to get in a quick scan with avast. It showed no virus' found. Currently i am in safemode with networking and it is working just fine.

=================

Pasting in content from another post concerning the same computer and problem ~ OB

The other day when i was playing around on my laptop it completely locked up, I tried getting a command prompt and a taskmanger. Eventually i had to do a hard restart. Later today when i was on it started running very slow, web pages taking longer to load taking longer to switch between tabs, and eventually it locked up. It has been doing this repeatedly since then. I had avast installed and managed to get a quick scan in but it showed nothing. I have now installed Microsoft security essentials and am running a scan now. Any help would be greatly appreciated.

End of added content. ~ OB

Edited by Orange Blossom, 16 April 2012 - 11:55 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,995 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:41 AM

Posted 16 April 2012 - 11:55 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 silentkow

silentkow
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 17 April 2012 - 05:14 AM

The microsoft security essentials virus scan came back with nothing found. Just thought I'd give that update. I will be starting at step six later today after work

#4 silentkow

silentkow
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 17 April 2012 - 05:24 AM

and a quick question before i begin. does it matter whether i am in safemode or whether i am in regular windows when i perform these steps. so far the only way i am able to do any thing is by being in safemode w/ networking.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 19 April 2012 - 07:29 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Sounds like something is locking the system when the operating system is booted fully (as with normal mode but not with safe mode). This isn't necessarily malware but let's take a closer look.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Then

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 silentkow

silentkow
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 20 April 2012 - 05:03 PM

Farbar Service Scanner Version: 16-04-2012
Ran by silentkow (administrator) on 20-04-2012 at 17:58:17
Running from "C:\Users\silentkow\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 17:59:15
-----------------------------
17:59:15.698 OS Version: Windows x64 6.1.7601 Service Pack 1
17:59:15.698 Number of processors: 2 586 0x170A
17:59:15.699 ComputerName: SILENTKOW-PC UserName: silentkow
17:59:19.240 Initialize success
17:59:50.960 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:59:50.964 Disk 0 Vendor: ST932042 0002 Size: 305245MB BusType: 3
17:59:50.978 Disk 0 MBR read successfully
17:59:50.980 Disk 0 MBR scan
17:59:50.982 Disk 0 Windows VISTA default MBR code
17:59:50.988 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
17:59:50.999 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 290246 MB offset 30715904
17:59:51.014 Disk 0 scanning C:\Windows\system32\drivers
17:59:59.480 Service scanning
18:00:04.573 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:00:12.943 Modules scanning
18:00:12.950 Disk 0 trace - called modules:
18:00:12.955
18:00:12.958 Scan finished successfully
18:00:20.381 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\MBR.dat"
18:00:20.387 The log file has been saved successfully to "C:\Program Files (x86)\Mozilla Firefox\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 20 April 2012 - 06:00 PM

The logs are clean and I suspect it may be a process, service or a browser add-on that's faulting.

The first checks should be done on the browser add-ons. I believe you use Firefox so you can boot into normal mode and set the Firefox safe mode. Where this is depends on your version. My version shows this in the Help option under Restart with Add-ons Disabled.

If the restart then shows a speed up then it's one of your add-ons. The most likely is the last one you installed but it may also have happened after an update of the browser or the add-on. To get that answer you must eliminate the causes by disabling some and enabling others until you can see which one is causing the problem.

Try that and see how you get on.
Posted Image
m0le is a proud member of UNITE

#8 silentkow

silentkow
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 20 April 2012 - 10:59 PM

I tried doing as you said but when i booted into normal mode i had to leave my computer sit for about 15 min or it would lock up if i tried to do anything. After that 15 min it seems to be fine, but it did shut down and go to the blue screen. I unfortunately did not catch anything that was on the blue screen.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 21 April 2012 - 12:35 PM

This looks like it could be a hard drive problem.

Let's try a clean boot. This will boot the system without any services or startup programs and that will eliminate or pinpoint the main problem.

1. Click Start, type msconfig in the Start Search box, and then press Enter. If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.

2. On the General tab, click Selective Startup.

3. Under Selective Startup, click to clear the Load Startup Items check box.

4. Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.

5. Click Apply and OK.

6. When you are prompted, click Restart.

7. After the computer starts let me know what happens.
Posted Image
m0le is a proud member of UNITE

#10 silentkow

silentkow
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 22 April 2012 - 09:48 AM

I restarted with those setting applied and it is booting a lot faster and does not lock up.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 22 April 2012 - 12:20 PM

Okay, that's good and bad. Good because we know it's a service or a startup entry. Bad because the only way to eliminate it is to check half and reboot and if that's okay, then check the other half. If it's not okay then check half of those and eliminate down to the troublesome entry.


As this is one of the most difficult thing in the world to explain there is a Microsoft page detailing all this is here. It is about XP but the process is the same.

You should be able to pinpoint the problem after this. Let me know how you get on.
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 25 April 2012 - 07:24 PM

How's that going?
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 26 April 2012 - 08:55 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users