System Hangs

R

.:RoKsTaR:.

New Member
I was having some problems with my internet speed so I decided to do a reinstall. Everything seemed to work great with regard to improving my internet connection. Now, a week or two later I started getting system hangs.

Mostly happens when on youtube, grooveshark, Windows MEdia Player, and KMPlayer. Whole thing just freezes sometimes and then comes back a few minutes later. When playing video it sounds like the speed has slowed to 1% percent or something.

This is just my office computer and the heaviest program I run is Sibelius. It's about 2 years old and has the following specs:

  • Core 2 Duo E7500 @2.93GHz
  • 2 GB Ram (I tested 1.2GB over night using 2 simultaneous memtests and it was fine)
  • W7 32 Bit (Legit)
  • MB is ASRock G41M-VS2
  • Scan Disk on the 500GB WD BLue dirve and it was fine. Mine is partitioned to 80GB for OS/Programs and the rest for files.
  • All my drivers are up to date as per the ASRock Site and I disabled speedstep to see if it help, but it didn't:(
  • With only firefox and resource monitor running, I'm using about 700mb of RAM. With Thunderbird, Firefox and resource monitor open I'm using 1 GB and my computer is SLOOOOOOW.

  • Event viewer shows a ridiculous amount of warnings and errors

  • Lastly, I'm using the on-board graphics since I had no use for a dedicated card. Not to mention, no space on this microATX board ;)

Don't think I left anything out, but let me know and I'll edit the post. Any help on how to trouble shoot this would be great :)
 
Last edited:
Once i had a problem like that but i dont remember what was wrong. All i remember is that something was wrong with hardware
 
Here's a snapshot of some of the events :)
  • 4101-Display driver igfx stopped responding and has successfully recovered.
  • 11 - The driver detected a controller error on \Device\Harddisk2\DR (various numbers).
  • 12348 - Volume Shadow Copy Service warning: VSS was denied access to the root of volume .... Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.
  • 1530 - Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
  • Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Lots of warnings and errors for servc control manager, WLAN auto-congfig, user profile, dns client events, and dhcp client
 
Start by doing this so we can make sure you aren't infected.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

2.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:25:46 PM, on 12/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Sandboxie\SbieSvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\COGECO Security Services\NRS\iescript\baselitmus.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\COGECO Security Services\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\J. Wesley Russell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\COGECO Security Services\ORSP Client\fsorsp.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 5537 bytes


Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8359

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/12/2011 4:23:45 PM
mbam-log-2011-12-12 (16-23-45).txt

Scan type: Quick scan
Objects scanned: 153985
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Suggestions for you in no particular order.

1. Do another fresh install, making sure existing partitions are deleted and repartitioned then formatted.

2. Do a system restore to when you did the install but before any updates or software was installed and try using your system and see what happens.

3. Run a diagnostic on the hard drive for errors. What brand is it?
 
Oh yeah, I have a 2 TB back up drive. I was asking about software. Right now I just use windows backup, but I didn't know if there was something else.
 
Well you would have to use windows backup to move the data back but programs would have to reinstalled. I would just backup your personal data to the 2tb drive.
 
I just realized that my base score is 2.8 because I had aero enabled. I switch to the basic theme and it went up a point. I'm wondering if that was causing an issue or maybe it's a sign of poor onboard graphics...?
 
Yep, if you are using onboard video, they aren't that great so turning aero off will help.
 
Think it's fixed with a total HD format and reinstall.l This time around I loaded 64 bit, so now I off to get some more ram and a video card. Luckily, my buddy works for a gaming developer and has lots of cards lying around ;)

Thanks!
 
Here's what I did:

deleted my partitions
formatted the drive
Reinstalled W7 Home 64 instead of 32
Added more RAM (Now 4GB instead of 2GB)

After 2 weeks of running, the same thing is happening. System hangs, or really it just get's crazy slow during audio and video (local apps or online)

Any thoughts?
 
After going back over the errors you listed, it seems this could be a hardware issue. Can you give us what motherboard and video card is being used? Also, you never did tell me if you test the hard drive for errors.
 
AsRock - g41vsm2
HD tested with no errors
Onboard graphics, but I'm trying out a Quadro fx3700 after I pull it out of my other computer

Also does it during sound, so it's not limited to graphics. So far the only audio it happens with is in grooveshark.
 
Last edited:
You must log in or register to reply here.
Back
Top