Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 constant disk activity and maexceedingly slow logging in and generally


  • Please log in to reply
4 replies to this topic

#1 pudn-UK

pudn-UK

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 06 November 2013 - 08:23 PM

We have a laptop on our domain which has apparently been getting very slow over the past few weeks/months but the user has only now raised it as a problem as it is taking a huge amount of time logging in, even in Safe Mode. The hard drive indicator is almost constantly lit but memory and CPU usage are low when I do eventually get logged in and am able to open Talk Manager.

 

I have tried using 'Last known good Configuration' without any effect.  Hard drive space in use is around 40%.

 

Although I have not timed it I have as I write this been waiting now about 30 minutes for it to load into Safe Mode from switch on.  At present I have a mouse pointer on a black screen, 'Safe Mode' in the four corners and 'Microsoft ® Windows ® (Build 7601: Service Pack 1) at the top of the screen.  There is presently no Task Bar or anything else on screen.  There is no hour-glass by the mouse pointer,  Just as I finished typing that sentence the Task Bar appeared.  After 5 minutes the 'Windows Help and Support' window opened and the desktop icons appeared.  The System Tray clock had not updated for the 5 minutes prior to the Help window opening.

 

The machine is a Dell Latitude E6410 running Windows 7 Professional x64.

 

There is a network share mapped to drive letter S: (with CSC-CACHE).

 

It is currently after 1am here.  I am hoping to run 'SFC /scannow', and start off an Emsisoft Emergency Kit scan also  before I hit bed.

 

I will post an update when I rise.



BC AdBot (Login to Remove)

 


#2 pudn-UK

pudn-UK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 06 November 2013 - 08:28 PM

Quick update - 'sfc /scannow' run from elevated command prompt in Safe Mode gives the error: 'Windows Resource Protection could not start the repair service'.

 

Bed beckons ..........



#3 pudn-UK

pudn-UK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 07 November 2013 - 03:08 AM

After the last post I ran (or started to run) Rkill (or at least the iExplore64 named file) in Safe Mode.  I tend to use this before using either Malwarebytes or Emsisoft Emergency Kit to do a full scan and clean.  After 7 hours Rkill has yet to complete but this is the log so far:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/07/2013 01:43:10 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\WUDFHost.exe (PID: 1480) [WD-HEUR]
 * C:\Windows\SysWOW64\DllHost.exe (PID: 1248) [SFI]
 * C:\Windows\servicing\TrustedInstaller.exe (PID: 1240) [WD-HEUR]
 * C:\Windows\system32\WerFault.exe (PID: 1252) [WD-HEUR]
 * C:\Windows\system32\rundll32.exe (PID: 1568) [WD-HEUR]
 * C:\Windows\system32\rundll32.exe (PID: 240) [WD-HEUR]
 
6 proccesses terminated!
 
Possibly Patched Files.
 
 * C:\Windows\system32\csrss.exe
 * C:\Windows\system32\wininit.exe
 * C:\Windows\system32\csrss.exe
 * C:\Windows\system32\winlogon.exe
 * C:\Windows\system32\services.exe
 * C:\Windows\system32\lsass.exe
 * C:\Windows\system32\lsm.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\System32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\svchost.exe
 * C:\Windows\system32\ctfmon.exe
 * C:\Windows\System32\svchost.exe
 * C:\Windows\system32\DllHost.exe
 * C:\Windows\system32\conhost.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\appmgmts.dll [NoSig]
 +-> C:\Windows\erdnt\cache86\appmgmts.dll : 149,504 : 07/14/2009 00:14 AM : a45d184df6a8803da13a0b329517a64a [Pos Repl]
 +-> C:\Windows\SysWOW64\appmgmts.dll : 149,504 : 07/14/2009 00:14 AM : a45d184df6a8803da13a0b329517a64a [Pos Repl]
 
 * C:\Windows\System32\browser.dll [NoSig]
 +-> C:\Windows\erdnt\cache64\browser.dll : 136,704 : 07/04/2012 11:01 PM : 6b054c67aaa87843504e8e3c09102009 [Pos Repl]
 
 * C:\Windows\System32\cngaudit.dll [NoSig]
 +-> C:\Windows\erdnt\cache64\cngaudit.dll : 18,944 : 07/14/2009 11:40 AM : 86fe1b1f8fd42cd0db641ab1cdb13093 [Pos Repl]
 +-> C:\Windows\erdnt\cache86\cngaudit.dll : 12,288 : 07/14/2009 11:15 AM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl]
 +-> C:\Windows\SysWOW64\cngaudit.dll : 12,288 : 07/14/2009 00:15 AM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl]
 
 * C:\Windows\System32\comres.dll [NoSig]
 +-> C:\Windows\erdnt\cache64\comres.dll : 1,297,408 : 07/14/2009 11:26 AM : 1a47d52e303b7543e4e6026595b95422 [Pos Repl]
 +-> C:\Windows\SysWOW64\comres.dll : 1,297,408 : 07/14/2009 00:04 AM : 808d8a8b2a3074002852bc856d419576 [Pos Repl]
 
 * C:\Windows\System32\d3d8thk.dll [NoSig]
 +-> C:\Windows\SysWOW64\d3d8thk.dll : 11,264 : 07/14/2009 00:15 AM : 77b1471a490b53b24efe136f09f76550 [Pos Repl]
 
 * C:\Windows\System32\drivers\cdfs.sys [NoSig]
 
 * C:\Windows\System32\drivers\http.sys [NoSig]
 
 * C:\Windows\System32\drivers\netbt.sys [NoSig]
 

I started an Emsisoft scan off at around 5am and it is currently at 75% (Scanning files ... (4/4)) but appears not to be moving on.  There are currently no items flagged up as problems.


Edited by pudn-UK, 07 November 2013 - 03:10 AM.


#4 davnel

davnel

  • Members
  • 590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:02:30 PM

Posted 07 November 2013 - 07:32 AM

I didn't quite understand from your initial post, but is this a company machine, or your own property?

Are you using it for work or just personal?

Is there an IT department at your company (if this is a company machine)?

The use of the word "domain" implies Microsoft Server software and a formal IT setup. Or did you mean domain in the sense of Kingdom?

 

IMHO, you are spending entirely too much time fiddling with something that's easily cured by a two hour clean reinstall.

 

1. Where are your working data files? Are they on the machine or on the network?

2. Do you have OS installation media and a valid product key?

3. If neither, is there a hidden partition on the hard disk that the manufacturer has put there for restoring the OS?

4. Do you know how to get at it?

5. Do you have the necessary installation media and product keys for any needed application software?

6. Is there any particular reason to preserve the original OS installation?

 

The reason for all of this is that the easiest, maybe best, answer is to reinstall the OS and apps. If you have either the manufacturers restore disks, or if there's a hidden partition with that software in it, then by all means restore. Make sure you back up any locally stored data files (Microsoft's Backup utility is pretty good at picking out the necessary files, or, if you don't keep a lot of data on the system, you can use the Windows Easy Transfer utility in System Tools) to external media, then reformat the working partitions - the restore routine will usually provide for that.

 

If this is a custom build, and you do not have the original media or key, talk to IT about a replacement or rebuild. If you do have them, then perform the backup or transfer save, then strip the disk of all partitions, reformat the whole thing - use the slow format, not the quick version - then reinstall everything from scratch.

 

The normal sequence is:

1. Install OS on clean disk.

2. Install hardware drivers from manufacturer

3. Activate OS and perform validation.

4. Install AV and AM software. Validation is required for Microsoft Security Essentials. Install ONLY ONE AV program.

5. Configure OS to your preferences. Microsoft has a system transfer utility (Windows Easy Transfer) that can help do that.

6. Install base application software - Office, Acronis True Image, Special mouse/keyboard software, etc.

7. Once that's complete and running properly, image the boot drive with Acronis and save it to external media. You can totally restore the machine from the Acronis backup in less than 10 minutes the next time this crops up. You might do progressive incremental backups occasionally to keep them up to date. If you don't, at least you have a known working starting point. The external backups also prevent contamination of the hard disk from ruining the backup or restore data - a definite danger with "Restore Points". Acronis also allows you to make a bootable CD or USB key to assist restoration.

 

Please keep us posted on your progress and results.



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:30 PM

Posted 07 November 2013 - 12:04 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users