Applications hanging after login.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mrblaq

Thread Starter
Joined
Apr 27, 2007
Messages
27
I'm seeing some odd issues with stanard windows services. Windows Management Interface, Security Center or Windows Update svchost.exe processes gobble up a ton of ram and nothing will execute until that svchost process is killed. This includes already open and new tabs in Chrome browser.

I will post TSG SysInfo and HijackThis after I reboot. I already can't run/install either with this attempt. Please delete thread if I don't get my info in within the next 30 minutes.
 

mrblaq

Thread Starter
Joined
Apr 27, 2007
Messages
27
Welp, TSG Info doesn't help... I ran as Admin even...

Tech Support Guy System Info Utility version 1.0.0.2
OS Version:
Processor:
Processor Count:
RAM:
Graphics Card:
Hard Drives:
Motherboard:
Antivirus: None
 

mrblaq

Thread Starter
Joined
Apr 27, 2007
Messages
27
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:29:24 PM, on 1/22/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Users\Jenetic\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005&barid={34E3EA8F-628E-11E2-9EC0-60EB690F27F7}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Zoomex - {DCA54FC8-DF82-7DE5-BB81-4CA1F312D2E2} - C:\ProgramData\Zoomex\50fb2d59e2f66.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-1145144399-2307248429-141795494-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{798BC63C-1A33-4AB1-840E-1D825E516CC2}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6998 bytes
 

mrblaq

Thread Starter
Joined
Apr 27, 2007
Messages
27
Here's a SS of an error that comes up when I run HijackThis as Administrator.
 

Attachments

Joined
Dec 28, 2004
Messages
8,256
Does the problem begin before you launch GC? If so, run GC with no add ons.

Please describe the circumstances, if known, related to the onset of the problem; such as but not limited to installation or removal of hardware / software; W7 updates; anti malware updates; other program [ Java, Adobe Flash, et al ] updates.

Check your W7 update history.

Please display the lower / earlier layers of the msg in the .jpg. Thanks, by the way, for attaching it. This is much easier than "the error message said something like . . . ."



When did the problem begin? Sometimes the date is important?

Welp, TSG Info doesn't help... I ran as Admin even...

Tech Support Guy System Info Utility version 1.0.0.2
OS Version:
Processor:
Processor Count:
RAM:
Graphics Card:
Hard Drives:
Motherboard:
Antivirus: None
You can most of the information:
1.RIGHT click "computer"; Left click "properties"
start > search > type: msinfo322.
3. Your invoice or other documentation.

What happens if you run the Tech Guy data utility in safe mode?
RF123

EDIT: msinfo32.exe is NOT included with W7
end edit
 

mrblaq

Thread Starter
Joined
Apr 27, 2007
Messages
27
And here's the system info page.

It's a toshiba sattelite L655-S5096

Anyone know how to get into Bios boot selection on this thing? Esc, f1, f2, f10, f11, f12 don't do anything. I'd like to run some memory and HD tests on this.
 

Attachments

mrblaq

Thread Starter
Joined
Apr 27, 2007
Messages
27
Ohkay, So behavior:

About 3 minutes after desktop posts, svchost.exe attached to: Windows Management Interface, Security Center or Windows Update, and more will hit 512 (2gb in this comp) ram utilization in taskman, not much cpu utilization. All programs; browsers, notepad, explorer, cease to respond, no buried UAC prompt. I'm also unable to start any new programs. If I end the svchost process via taskman, all open programs immediately respond and explorer will launch new programs. About 3 minutes later, another svchost process will hit the same 512mb limit. If I try to end that process via taskman, I get an "Access denied" error. The attached service most recently was some Cleartype font rendering service. At this point, I'm unable to even shut down the computer normally. I have to do a hard power off.

I currently have MSConfig set to only load MS-Only services and the only startup program is SuperAntiSpyware.

Thanks for your help. I hope this info comes in handy.
 

mrblaq

Thread Starter
Joined
Apr 27, 2007
Messages
27
I am familiar. However, I'm interested to know your direction.

As I see it, we know something with svchost.exe is the issue. It's not the individual services themselves. I'll try running it and see if any other processes pop up that shouldn't be there.
 
Joined
Dec 28, 2004
Messages
8,256
My direction is
What happens if you run the Tech Guy data utility in safe mode?
RF123
If the problem does not occur in safe mode, follow clean boot troubleshooting steps
http://support.microsoft.com/kb/929135

and educate yourself about Process Monitor & Process Explorer.

Give someone a fish and they eat for a day. Teach someone to fish and they eat for a lifetime.
because I am not at your computer. :)

RF123
 

mrblaq

Thread Starter
Joined
Apr 27, 2007
Messages
27
TSG Sysinfo doesn't work in safe mode either.

I will take a stab at Proc Explorer and Monitor and see what else comes up.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Staff online

Top