Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Experienceing Significant Slowdown On Startup


  • Please log in to reply
36 replies to this topic

#1 profstolte

profstolte

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Great State of Minnesota
  • Local time:06:02 PM

Posted 28 March 2006 - 10:43 PM

Thanks for attention,
I have been directed here after two other forums; I'm infected, and hijackthis logs.
The problem is as follows:
After the windows loading screen (which appears normal in rate - most of the time), when the desktop splashes, I experience a significant slowdown. Anything in the start menu or toolbar are not accessable, only shows the hourglass cursor. Although can access through display properties. Seems to act as if there is programs still loading into the system.
Problem started only after I removed spyfalcon myself. It appearrs that spyfalcon is gone for good (no symptoms assoiacted with spyfalcon are exhibted).
I have researched current startup configurations and see no problems or changes there. Some of my startup are opptional but are controller extentions for forceware chipset (these have always been there). They are legitamate.
I hope to eliminate the drag my system has seem to have developed. I am also into tweaking suggestions, since I have not really given this much attention in the past. I would like to clean up the system and make sure I am in good computer health and operating optimumly. I am willing to work at it.
Sincerely appreciate help in resolving this computer prob,
Profstolte

It only takes three brain cells to create a spark.
Two to rub together and the third to witness it.
Just Imagine what we can accomplish as a world.


BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:08:02 PM

Posted 29 March 2006 - 07:29 AM

A couple of things we can look for:

ctrl + alt + del will bring up the task manager. Click on the 'Performance' tab. Is the CPU running at 100% (or close to it) when the computer slows down? If so, click on the 'Processes' tab and see what the name of the process(es) is/are that are using up the CPU resources. This will indicated by the numbers in the CPU column.

NOTE: It is possible that you will see more than one instance of the same process running, each at, say, 25%, but with four of the same process running it will equal 100%.

Let us know the answers to the above and that will help track it down.
~~~~~~~~~~~~

A second thing to try:

Boot into safe mode by hitting the F8 at bootup and choosing 'Safe Mode' from the list of choices that will present itself.
1) can you boot into safe mode?
2) how about this:

Anything in the start menu or toolbar are not accessable

Can you access these items in safe mode?
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:02 PM

Posted 29 March 2006 - 10:37 AM

Boot into safe mode and choose last known good configuration.

How did you remove spyfalcon? Did you just delete files directly?

#4 profstolte

profstolte
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Great State of Minnesota
  • Local time:06:02 PM

Posted 31 March 2006 - 02:16 AM

ctrl + alt + del will bring up the task manager. Click on the 'Performance' tab. Is the CPU running at 100% (or close to it) when the computer slows down? If so, click on the 'Processes' tab and see what the name of the process(es) is/are that are using up the CPU resources. This will indicated by the numbers in the CPU column.

NOTE: It is possible that you will see more than one instance of the same process running, each at, say, 25%, but with four of the same process running it will equal 100%.



The task manager shows 99% idle during the slow period (when access to start menu is denied).
The other proccesses you are looking for only show up at the end of this slow down (a few seconds worth); this few seconds is what used to be the loadig time (since i'm running sata).
The long bog time that is experienced by bogging or denied access to the start menu lasts for approximately 1.5 to 2.5 minutes.

Boot into safe mode by hitting the F8 at bootup and choosing 'Safe Mode' from the list of choices that will present itself.
1) can you boot into safe mode?
2) how about this:
QUOTE
Anything in the start menu or toolbar are not accessable
Can you access these items in safe mode?


In safe mode everthing loads to normal speeds (about 10 - 30 seconds). Access is not denied in this selective "safe mode" start up.





Boot into safe mode and choose last known good configuration.


Are you reffering to system restore? If not please elaborate, thanks.




How did you remove spyfalcon? Did you just delete files directly?


I used multipleed spyware and malware removal tools along with registry adjustments and file shredding utilities aimed for spyfalson along with some diligent shearching on my own.
Hope this helps.
PS Every program and utility withinthe computer works at normal pace, loads like a snap, and appears to completely functional as before.






PS The slow down problem developed ( a little longer at first then steady later) progressively shortly after spyfalcon removal not immediately (took about 4 days of 5-6 power cycles a day), it has seemed to reach an average of leveled off bog down.

It only takes three brain cells to create a spark.
Two to rub together and the third to witness it.
Just Imagine what we can accomplish as a world.


#5 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:08:02 PM

Posted 31 March 2006 - 07:57 AM

In safe mode everthing loads to normal speeds (about 10 - 30 seconds). Access is not denied in this selective "safe mode" start up.

Good. This helps a lot in diagnosing what is going on. It makes sense then that something is starting up and running in real mode that is not in safe mode, and it is this program/item/process that is causing the problems. The first thing I suspect is that some remnants of the infection are still present. Or, perhaps it was removed completely and you are also infected with something else. Rarely is a computer infected with only one thing.

QUOTE
Boot into safe mode and choose last known good configuration.
Are you reffering to system restore? If not please elaborate, thanks.

When you hit F8 at boot up, you should see a menu offering you 'safe mode', safe mode with networking, etc. One of these options should be 'Last Known Good Configuration'. You could try that and see if it helps.

I have been directed here after two other forums; I'm infected, and hijackthis logs.

And what was suggested and/or done to your computer from thier advice? Can you post links to these threads?

I think we need to know for SURE that you computer is clean. I suggest posting a HJT log here at Bleeping Computer.

First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

Third: If, after finishing your work with the folks at the HJT forum you have issues with XP related to the removal of the infection, then come back in here and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:02 PM

Posted 31 March 2006 - 10:57 AM

One of the last things you did after removal of Spyfaclcon would have been to reset System Restore and therefore eliminate all previous restore points, so that probably wouldn't be effective at this time for you.

If you didn't dump the previous restore points and you had one from when you were infected, it would restore the infection - not good.

As Albert explained, you access last known good configuration from the Safe Mode menu. It is not System Restore, but it may resolve the problem you are experiencing now. I second his recommendation that you post a Hijack This log as well, but do not try to use the HJT ap yourself unless you are expert at the registry, so post the log and let our expert HJT team analyze it and make recommendations.

If that doesn't cure your problem come back to this forum and we will continue to assist you after we know you are malware free.

#7 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:08:02 PM

Posted 31 March 2006 - 01:03 PM

Another possibility is to go into MSCONFIG and see if you recognize any of the startup programs as being something relating to malware. Perhaps a program is trying to start but is missing files and cannot.

#8 profstolte

profstolte
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Great State of Minnesota
  • Local time:06:02 PM

Posted 31 March 2006 - 04:40 PM

Just would to start off by saying thanks, and I know I have choose the right place to seek outside help (I rarely have great faith in wackos I have meet on the net). And I haven't meet a wacko here yet.

Although I did find a shading guy trying to redirect people from good clean help (BC) for their own profit (and own web site) ...
{tried to shearch for the link (couldn't find it) so you could reminisce or laugh at the poor SOB that tried to talk his way around a BC person/member that clearly knew what this person was trying to exploit someone looking for help}
I'm glad someone put them in their place. It told me this is the place to receive good, competent, sincere, and trustworthy help!!!!

BC is all ACES!


A. Frank

And what was suggested and/or done to your computer from thier advice? Can you post links to these threads?

I think we need to know for SURE that you computer is clean. I suggest posting a HJT log here at Bleeping Computer.


Enthus

I second his recommendation that you post a Hijack This log as well, but do not try to use the HJT ap yourself unless you are expert at the registry, so post the log and let our expert HJT team analyze it and make recommendations.




Here are the links (I've been using bleeping computers all the way):

Help my computer is infected

Help System Bogging After Spyfalcon Removal, Would like some help with system slowing and recent spyware remolval

Result: use hijackthis forum to address

Hijackthislog analysis

Having Trouble, bogging on startup after spyfalcon removal

Result: looks clean, try XP forum

A. Frank

When you hit F8 at boot up, you should see a menu offering you 'safe mode', safe mode with networking, etc. One of these options should be 'Last Known Good Configuration'. You could try that and see if it helps.


Enthus

As Albert explained, you access last known good configuration from the Safe Mode menu. It is not System Restore, but it may resolve the problem you are experiencing now.



I'll try this tonight (Fri.). Results will posted immediately after.


Enthus

One of the last things you did after removal of Spyfaclcon would have been to reset System Restore and therefore eliminate all previous restore points, so that probably wouldn't be effective at this time for you.

If you didn't dump the previous restore points and you had one from when you were infected, it would restore the infection - not good.


You are correct, I did remove all of the restore points; and also plan not to open any that have been created since then until this problem is resolved. Thanks for checking.


HERK

Another possibility is to go into MSCONFIG and see if you recognize any of the startup programs as being something relating to malware.


I have been in msconfig (I regularly check this when cleaning the computer and ensuring safe and speedy computing fun). I keep a personal list and have checked it and the current configuration against the bleeping computer's recommended lists for safe loads. Everything appears groovy.
I don't know how to proceed or pursue with this method or line of reasoning, I will require guidance.




Perhaps a program is trying to start but is missing files and cannot.


I have had the feeling that this may be involved. The bog down at this specific interval suggests to me a semi-fatal loop or complete hard disk search for something by the operating system. {I realize this opinion of mine is just a guess.}

Enthus

If that doesn't cure your problem come back to this forum and we will continue to assist you after we know you are malware free.



A Frank

Third: If, after finishing your work with the folks at the HJT forum you have issues with XP related to the removal of the infection, then come back in here and let us help you get your computer back to normal.


Thats why I'm here. I took the route the BC website suggests to make people's job easier and be compliant. I appreciate that you are checking this, I would be willing to bet that you get quite a few that just blast around inconsiderate of every one's hard work and teem effort to systematic and through.

All of these questions and double checks reassure me of one thing.

You are in good hands! Good luck!

That I am in goods hands...


Thank you everyone for your detailed attention,
Profstolte

It only takes three brain cells to create a spark.
Two to rub together and the third to witness it.
Just Imagine what we can accomplish as a world.


#9 SuperSam

SuperSam

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 31 March 2006 - 06:18 PM

Hi,

There are too many nVidia items in the startup list. It might be the video driver.

Sam.

#10 profstolte

profstolte
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Great State of Minnesota
  • Local time:06:02 PM

Posted 01 April 2006 - 01:27 AM

Super Sam

Thanks for the input.

Can you suggest on this NForce (Nvidia) chipset Mother Board how to address the driver and apps that are allowing me to adjust the firmware setting via software and therefore adjusting in real time the memory timing, bus speeds, north and south bridge, along with the core voltage of at least three different components including the Nvida vid card from my desktop without ever having to use the setup menu? (in brief)

I guess I'm trying to say that the nVidia items you are reffereing to are not just for the vid card but accually run the MoBo.

Please elaborate on your last post to further this line of discovery.


Sincerely,
Profstolte

It only takes three brain cells to create a spark.
Two to rub together and the third to witness it.
Just Imagine what we can accomplish as a world.


#11 profstolte

profstolte
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Great State of Minnesota
  • Local time:06:02 PM

Posted 01 April 2006 - 01:39 AM

Update to suggestions:

A. Frank

QUOTE
When you hit F8 at boot up, you should see a menu offering you 'safe mode', safe mode with networking, etc. One of these options should be 'Last Known Good Configuration'. You could try that and see if it helps.



Enthus

QUOTE
As Albert explained, you access last known good configuration from the Safe Mode menu. It is not System Restore, but it may resolve the problem you are experiencing now.



I'll try this tonight (Fri.). Results will posted immediately after.



I tried this and recieved no change in the performance, operation, symptoms previosly discussed on the Comp, or activity within the task manager during the aforementioned specified time period.


sincerely,
Profstolte

It only takes three brain cells to create a spark.
Two to rub together and the third to witness it.
Just Imagine what we can accomplish as a world.


#12 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:02 PM

Posted 01 April 2006 - 03:14 AM

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll


Way too many of those I think!

Did you use LSP Fix or any other winsock repair ap?

#13 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:08:02 PM

Posted 01 April 2006 - 07:46 AM

Ok, I have consulted with the HJT team here at BC, and I have a suggestion for you.

Please follow ALL of the directions found HERE. You have not indicated exactly how you removed Spyfalcon, and it is a difficult infection to remove. I still believe you may have some remnants on your computer. Do not follow the instructions on posting another HJT log, however.

Follow those directions very closely and report back here.

Also, please tell me the name of the firewall you are using. Are you using more than one?

Edited by Albert Frankenstein, 01 April 2006 - 07:50 AM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#14 profstolte

profstolte
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Great State of Minnesota
  • Local time:06:02 PM

Posted 01 April 2006 - 12:45 PM

Enthus

Way too many of those I think!

Did you use LSP Fix or any other winsock repair ap?


I agree, I tried to use apps to examine this but felt over my head quickly. Instruction on pursueing this line of inquiry is highly desired (Guide me through it please). I also felt this was a lot of LSP's. I ran the app but did not really dig into the advanced stuff, the LSPs you see there are after using the utility.

Recomend...

I used "cexx.org's Winsock 2 (Layered Service Provider) repair utility." I found thie link to use this off of BC's site (looked for the link couldn't find it) here is the address it can be retrieved from
"http://cexx.org/lspfix.htm".

NOTE
Disclaimer for those that are following the thread and are not BC's helper people:
I am not endorsing or suggesting the use of this product, neither am I recomending or instructing on the use of the outside link shown above. If you are reading this in an attemp to resolve a problem that is similiar to the one I am experienceing, please follow the recommendations of the BC memeber that is helping you.
NOTE





A Frank

The page you indicated is the one I used specifically, I followed these instructions and eventually I (now) reside in your care (PS thanks). I also did some digging around on my own: in registry - found some left overs; in files associated with malware - found almost nothing; appliations and start up - looked good.
The Comp ran great immediately after and I then started experinceing (Bogging). Then I began to post

MY firewalls installed are:

Build Version: 4.88

Description: Networking driver
Path: C:\WINDOWS\system32\drivers
Component Version: 4.82

Description: Network Access Manager
Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\
Component Version: 4.88






Detailed description:

Network Access Manager Software Version

Build Version: 4.88

Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\ncgir.exe
Framework Version: 01.00
Component Version: 02.02

Description: Network Access Manager interface
Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\NMI.dll
Framework Version: 01.00
Component Version: 02.02

Description: Network Access Manager Common shared library
Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll
Framework Version: 01.00
Component Version: 02.02

Description: Network Access Manager WMI provider
Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nmp.dll
Framework Version: 01.00
Component Version: 02.02

Description: Network Access Manager tray application
Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
Component Version: 4.88

Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\SpecialCase.dll
Framework Version: 01.00
Component Version: 02.02



I use the nvidia firewall (windows firewall disabled from this application).


If you would like me to repeat the process in the aformentioneed BC page for removal, please indicate.

I apologize if my lack of provided information is causing overlaps, please be patient with me, I've never participated in a forum of this nature before. Just keep putting me to work.


BC Rules

sincerely,
Profstolte

It only takes three brain cells to create a spark.
Two to rub together and the third to witness it.
Just Imagine what we can accomplish as a world.


#15 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:02 PM

Posted 01 April 2006 - 01:41 PM

I used "cexx.org's Winsock 2 (Layered Service Provider) repair utility." I found thie link to use this off of BC's site (looked for the link couldn't find it) here is the address it can be retrieved from
"http://cexx.org/lspfix.htm".


Did you use it only once or did you use it many times (one for each entry)?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users