Windows Sort of Stops Working From Time to Time

RC5000 · 02 Feb 2016

But there are a ton of filters with Procmon. Not sure which ones I should use. Won't any significant data be lost in the torrent of info, like all the tcpip stuff?

DavidE · 02 Feb 2016

I really don't know, it's something you could play with to see if it can help find what causes the delay.
I'm not a Process Monitor expert, I'll ask to see if others can help with using it.

UsernameIssues · 02 Feb 2016

My guess is: you have a bad/flawed/broken installation of Kaspersky.

Just as a test, disconnect from the Internet and uninstall Kaspersky. Then try opening and closing Word every few minutes until you see the lockup or until you are convinced that it is no longer happening. (Maybe you can think of better test - other than opening/closing Word.) If you want, you can temporarily install MSE and spend time online again.

As for Process Monitor:
Since you might need to let Process Monitor run for a relatively long time, set a local backing file.
(Menu bar > Files > Backing Files...)

When you start Process Monitor, you might be shown the filter dialog box. If you see this, press Reset.

Let Process Monitor run while you go about normal usage of the computer. Take note of the time if/when the computer acts up. You can stop the data collection by Process Monitor and work your way up from the bottom of the data looking for anything that jumps out at you. You can stop looking if you get past the time of the lockup. Unfortunately, I cannot tell you what to look for in the data.

You might try the steps above after a clean boot. The fewer things running, the less data to sift thru.

OldGrantonian · 02 Feb 2016

RC5000 said:

But there are a ton of filters with Procmon. Not sure which ones I should use. Won't any significant data be lost in the torrent of info, like all the tcpip stuff?

I use procmon if my disk LED is flickering constantly. So I'm only interested in disk reads/writes.

Here's what I do.

By default, File > Capture Events is checked.

Ctrl+E to stop capture
Ctrl+X to clear screen
Ctrl+E to restart capture. Count to 10 seconds (or whatever)
Ctrl+E to stop capture.

Tools > File Summary tells me everything I need to know.

"By Path" is the default tab. "By Folder" might be more useful.
.

Callender · 02 Feb 2016

Process Monitor logs are huge and hard to decipher. If it doesn't help here's another idea.

Read through this:

Use Windows 7 Event Viewer to track down issues that cause slower boot times - TechRepublic

Create the Custom View in Event Viewer by carefully following the steps mentioned. Then create a second Custom View - details further down the page:

"You'll now repeat these steps and create another Custom View, and this time, you'll type 101-110 in the Includes/Excludes Event IDs box and name it Boot Degradation."

See if you can spot any obvious problems using the Event ID's.

Look for something like this:

Note

This application took longer than usual to start up, resulting in a performance degradation in the system startup process:

Check mostly Event Id 101 & 102

Investigate and look for anything that stands out and looks as if the time measured in ms is too long.

Windows Sort of Stops Working From Time to Time-event-viewer.jpg

What you might need to look for:

Security software load time issues or driver load time issues.

EDIT:

Reading your first post in this thread again I notice that you say that your original boot time problem is improved. Perhaps you could look back through the dates in Event Viewer logs to see if anything shows up.

RC5000 · 03 Feb 2016

An IT technician I know examined the machine yesterday and felt it was severely compromised. He thought, for instance, that recent Windows updates were not installed (or failed) but the log files said otherwise. He wondered about a volume listed under Computer Management-Disk Management. The Volume has no name (like OS (C:)), but its status is the OEM Partition); it's 39 MB. Also, the name of a laptop I have appeared in a log file for yesterday but the laptop only connects via WiFi. I am not sure what that means.

As another note,it seems that the problem has abated. Since I don't know what causes it or why, a few days ago it happened every few minutes (for about 3 minutes at a time), but today and late yesterday it seems to not occur.

One other thing: Yesterday, Taskmgr showed EFS running. (Encrypting File System). I am not sure why as I did not start it and I am pretty sure I have never seen it before in Taskmgr. I haven't run cipher.exe and never used it. I have Windows 7 Home Premium and never got keys from anywhere.

DavidE · 03 Feb 2016

I have Windows 7 Home Premium and never got keys from anywhere.

If the PC came from Dell with pre-installed Windows 7 it should have a COA sticker.

The COA sticker looks like this:

You need a valid readable COA key (or purchase a new Win 7) to do a clean install of Win 7.

Here is a tutorial for a clean install:
Clean Reinstall - Factory OEM Windows 7

You could also consider a factory recovery.
If you don't have factory recovery media you could contact Dell and see if they can send you recovery media.

RC5000 · 03 Feb 2016

That's not a bad idea. I'm sure there's such a sticker on my machine. But if this is an SMM virus, would a clean install make a difference?

DavidE · 03 Feb 2016

That's a good question.
I'm not a security expert so i can't answer.
It would be best to ask that question in a new thread in the Security sub-forum here:
https://www.sevenforums.com/system-security/

You could include a link to this thread so security experts there can see what has been tried so far.

RC5000 · 03 Feb 2016

One person answered so far. He didn't think it was a problem.