1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Applications hanging after login.

Discussion in 'Windows 7' started by mrblaq, Jan 22, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. mrblaq

    mrblaq Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    27
    I'm seeing some odd issues with stanard windows services. Windows Management Interface, Security Center or Windows Update svchost.exe processes gobble up a ton of ram and nothing will execute until that svchost process is killed. This includes already open and new tabs in Chrome browser.

    I will post TSG SysInfo and HijackThis after I reboot. I already can't run/install either with this attempt. Please delete thread if I don't get my info in within the next 30 minutes.
     
  2. mrblaq

    mrblaq Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    27
    Welp, TSG Info doesn't help... I ran as Admin even...

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version:
    Processor:
    Processor Count:
    RAM:
    Graphics Card:
    Hard Drives:
    Motherboard:
    Antivirus: None
     
  3. mrblaq

    mrblaq Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    27
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:29:24 PM, on 1/22/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Users\Jenetic\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005&barid={34E3EA8F-628E-11E2-9EC0-60EB690F27F7}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Zoomex - {DCA54FC8-DF82-7DE5-BB81-4CA1F312D2E2} - C:\ProgramData\Zoomex\50fb2d59e2f66.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-21-1145144399-2307248429-141795494-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
    O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{798BC63C-1A33-4AB1-840E-1D825E516CC2}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs:
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 6998 bytes
     
  4. mrblaq

    mrblaq Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    27
    Here's a SS of an error that comes up when I run HijackThis as Administrator.
     

    Attached Files:

    • UGH.jpg
      UGH.jpg
      File size:
      146.6 KB
      Views:
      49
  5. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    Does the problem begin before you launch GC? If so, run GC with no add ons.

    Please describe the circumstances, if known, related to the onset of the problem; such as but not limited to installation or removal of hardware / software; W7 updates; anti malware updates; other program [ Java, Adobe Flash, et al ] updates.

    Check your W7 update history.

    Please display the lower / earlier layers of the msg in the .jpg. Thanks, by the way, for attaching it. This is much easier than "the error message said something like . . . ."



    When did the problem begin? Sometimes the date is important?

    You can most of the information:
    1.RIGHT click "computer"; Left click "properties"
    start > search > type: msinfo322.
    3. Your invoice or other documentation.

    What happens if you run the Tech Guy data utility in safe mode?
    RF123

    EDIT: msinfo32.exe is NOT included with W7
    end edit
     
  6. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    Which brand, model & model # computer or motherboard?
    Desktop or laptop?

    RF123
     
  7. mrblaq

    mrblaq Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    27
    And here's the system info page.

    It's a toshiba sattelite L655-S5096

    Anyone know how to get into Bios boot selection on this thing? Esc, f1, f2, f10, f11, f12 don't do anything. I'd like to run some memory and HD tests on this.
     

    Attached Files:

  8. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
  9. mrblaq

    mrblaq Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    27
    Ohkay, So behavior:

    About 3 minutes after desktop posts, svchost.exe attached to: Windows Management Interface, Security Center or Windows Update, and more will hit 512 (2gb in this comp) ram utilization in taskman, not much cpu utilization. All programs; browsers, notepad, explorer, cease to respond, no buried UAC prompt. I'm also unable to start any new programs. If I end the svchost process via taskman, all open programs immediately respond and explorer will launch new programs. About 3 minutes later, another svchost process will hit the same 512mb limit. If I try to end that process via taskman, I get an "Access denied" error. The attached service most recently was some Cleartype font rendering service. At this point, I'm unable to even shut down the computer normally. I have to do a hard power off.

    I currently have MSConfig set to only load MS-Only services and the only startup program is SuperAntiSpyware.

    Thanks for your help. I hope this info comes in handy.
     
  10. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
  11. mrblaq

    mrblaq Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    27
    I am familiar. However, I'm interested to know your direction.

    As I see it, we know something with svchost.exe is the issue. It's not the individual services themselves. I'll try running it and see if any other processes pop up that shouldn't be there.
     
  12. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    My direction is
    If the problem does not occur in safe mode, follow clean boot troubleshooting steps
    http://support.microsoft.com/kb/929135

    and educate yourself about Process Monitor & Process Explorer.

    because I am not at your computer. :)

    RF123
     
  13. mrblaq

    mrblaq Thread Starter

    Joined:
    Apr 27, 2007
    Messages:
    27
    TSG Sysinfo doesn't work in safe mode either.

    I will take a stab at Proc Explorer and Monitor and see what else comes up.
     
  14. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    Keep us posted.

    RF123
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086477

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice