# System Hangs



## .:RoKsTaR:.

I was having some problems with my internet speed so I decided to do a reinstall. Everything seemed to work great with regard to improving my internet connection. Now, a week or two later I started getting system hangs.

Mostly happens when on youtube, grooveshark, Windows MEdia Player, and KMPlayer. Whole thing just freezes sometimes and then comes back a few minutes later. When playing video it sounds like the speed has slowed to 1% percent or something.

This is just my office computer and the heaviest program I run is Sibelius. It's about 2 years old and has the following specs:


Core 2 Duo E7500 @2.93GHz
2 GB Ram (I tested 1.2GB over night using 2 simultaneous memtests and it was fine)
W7 32 Bit (Legit)
MB is ASRock G41M-VS2

Scan Disk on the 500GB WD BLue dirve and it was fine. Mine is partitioned to 80GB for OS/Programs and the rest for files.

All my drivers are up to date as per the ASRock Site and I disabled speedstep to see if it help, but it didn't

With only firefox and resource monitor running, I'm using about 700mb of RAM.  With Thunderbird, Firefox and resource monitor open I'm using 1 GB and my computer is SLOOOOOOW.


Event viewer shows a ridiculous amount of warnings and errors


Lastly, I'm using the on-board graphics since I had no use for a dedicated card.  Not to mention, no space on this microATX board 

Don't think I left anything out, but let me know and I'll edit the post. Any help on how to trouble shoot this would be great


----------



## khajvah

Once i had a problem like that but i dont remember what was wrong. All i remember is that something was wrong with hardware


----------



## johnb35

Would help to know what some of the event viewer errors were.  Can you post some?


----------



## .:RoKsTaR:.

Here's a snapshot of some of the events 

 4101-Display driver igfx stopped responding and has successfully recovered.

11 - The driver detected a controller error on \Device\Harddisk2\DR (various numbers).

12348 - Volume Shadow Copy Service warning: VSS was denied access to the root of volume .... Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly.  Check security on the volume, and try the operation again. 

1530 - Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Lots of warnings and errors for  servc control manager, WLAN auto-congfig, user profile, dns client events, and dhcp client


----------



## johnb35

Start by doing this so we can make sure you aren't infected.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.






If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it.  Please open the log and copy and paste it back here.

2.

Please download *Malwarebytes' Anti-Malware *from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run *Rkill.scr*,  *Rkill.exe*, or *Rkill.com*.  If you are still having issues running rkill then try downloading these renamed versions of the same program.

*EXPLORER.EXE*
*IEXPLORE.EXE*
*USERINIT.EXE*
*WINLOGON.EXE*

But *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the *HijackThis* installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy.  Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## .:RoKsTaR:.

Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:25:46 PM, on 12/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Sandboxie\SbieSvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\COGECO Security Services\NRS\iescript\baselitmus.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\COGECO Security Services\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\COGECO Security Services\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\COGECO Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\J. Wesley Russell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\COGECO Security Services\ORSP Client\fsorsp.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 5537 bytes


Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8359

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/12/2011 4:23:45 PM
mbam-log-2011-12-12 (16-23-45).txt

Scan type: Quick scan
Objects scanned: 153985
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## johnb35

Do you have the latest version of Flash player?  Did TDsskiller find anything?


----------



## .:RoKsTaR:.

yes and no...seems strange and frustrating to me considering it only happened after a clean install.


----------



## johnb35

Suggestions for you in no particular order.

1.  Do another fresh install, making sure existing partitions are deleted and repartitioned then formatted.

2.  Do a system restore to when you did the install but before any updates or software was installed and try using your system and see what happens.  

3.  Run a diagnostic on the hard drive for errors.  What brand is it?


----------



## .:RoKsTaR:.

Thanks 

what's the most reliable and fastest way to back everything up?


----------



## johnb35

Depends on how much data you need.  A cheap usb external comes in handy at times.


----------



## .:RoKsTaR:.

Oh yeah, I have a 2 TB back up drive.  I was asking about software.  Right now I just use windows backup, but I didn't know if there was something else.


----------



## johnb35

Well you would have to use windows backup to move the data back but programs would have to reinstalled.  I would just backup your personal data to the 2tb drive.


----------



## .:RoKsTaR:.

Cool, I'll just stick with windows backup and leave it at that   Thanks

I'll post back in a few days after everything is complete


----------



## .:RoKsTaR:.

I just realized that my base score is 2.8 because I had aero enabled.  I switch to the basic theme and it went up a point.  I'm wondering if that was causing an issue or maybe it's a sign of poor onboard graphics...?


----------



## johnb35

Yep, if you are using onboard video, they aren't that great so turning aero off will help.


----------



## .:RoKsTaR:.

Think it's fixed with a total HD format and reinstall.l  This time around I loaded 64 bit, so now I off to get some more ram and a video card.  Luckily, my buddy works for a gaming developer and has lots of cards lying around 

Thanks!


----------



## .:RoKsTaR:.

Here's what I did:

deleted my partitions
formatted the drive
Reinstalled W7 Home 64 instead of 32
Added more RAM (Now 4GB instead of 2GB)

After 2 weeks of running, the same thing is happening.  System hangs, or really it just get's crazy slow during audio and video (local apps or online)

Any thoughts?


----------



## johnb35

After going back over the errors you listed, it seems this could be a hardware issue.  Can you give us what motherboard and video card is being used?  Also, you never did tell me if you test the hard drive for errors.


----------



## .:RoKsTaR:.

AsRock - g41vsm2
HD tested with no errors
Onboard graphics, but I'm trying out a Quadro fx3700 after I pull it out of my other computer

Also does it during sound, so it's not limited to graphics.  So far the only audio it happens with is in grooveshark.


----------



## kronckew

just found an alternate solution that works on my old acer t650 pentium D MB. i upgraded the CPU from an 820 to a 930 and have been having random freezes. after eliminating all event log errors except the 'Some processor performance...' ones, i found that changing the cpu management in the power management from 'active' to 'passive' (i also ensured that the cpu was at 100% for both max and min) fixed it.

the 820 did not have any EIST (enhanced intel speedstep technology) where the 930 does.

my MB has it's own thermal sensor and fan control, so it doesn't really need it, the bios has no settings to enable eist, acer in their wisdom having removed that option which was available in the MB mfg. (ECS) own bios.

it's therefore stuck at EIST disabled. <- this is the 'feature' referred to in the error message as being disabled.

'Active' means increase fan speed before throttling the cpu.

'Passive' means throttle the cpu before increasing the fan speed.

by setting 'passive and setting the max/min to both be 100%, it's effectively disabled. i have not had a freeze since.

while it was set to the default 'active' it must have conflicted with the MB's own thermal management , causing the freezes.

sadly, the event log still warns me with the same error message, but at least i can now ignore it.


----------

