Computer freezes

[Ray K]

Since yesterday, my computer has started freezing at unpredictable
intervals. Sometimes, everything will work okay (i.e., normal speed, no
sluggishness)for as long as 30 minutes. Oddly, AV scans that take longer
than that still go to completion.

When it freezes, the ONLY things that respond are:

1. The screen pointer to mouse movements, but neither the left or right
key or the scroll wheel does anything
2. Num Lock
3. Scroll Lock
4. Caps Lock.

I can't close any windows by Xing them from the top right corner, or by
left-clicking the task bar and choosing Close. Clicking on Start does
nothing. Most of the time Ctrl-Alt-Del does not bring up the Task
Manager; if it happens to appear, I can't delete any of the applications.

Sometimes when the freeze occurs, I'll hear a stuttering sound from the
speaker if I'm watching something on YouTube or movie clips using
Windows Media Player. Other times, even if the speaker is silent, I hear
a low tone (low in frequency and amplitude) from the computer
tower-style case (maybe one of the two hard drives is doing something
odd). I immediately hit reset whenever I hear a sound and when the
computer restarts, everything works okay until the next freeze.

I've run AdAware, Spybot, AVG (in the Safe Mode), Malwarebytes (in the
Safe Mode) and SuperAntiSpyware. The Trend Micro House Call found
nothing. The results of Hijack This appear below.

Win XP, v5.1, SP3 with dozens of hot fixes.

Thanks for your suggestions.

Ray


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:49 PM, on 2/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -
C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG9\avgssie.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common
Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin
Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla
Firefox\firefox.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla
Thunderbird\thunderbird.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
-
http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ,
s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o.
- C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1ca296dbf3b7780)
(gupdate1ca296dbf3b7780) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe

 

[David H. Lipman]

From: "Ray K" <[email protected]>

| Since yesterday, my computer has started freezing at unpredictable
| intervals. Sometimes, everything will work okay (i.e., normal speed, no
| sluggishness)for as long as 30 minutes. Oddly, AV scans that take longer
| than that still go to completion.

| When it freezes, the ONLY things that respond are:

| 1. The screen pointer to mouse movements, but neither the left or right
| key or the scroll wheel does anything
| 2. Num Lock
| 3. Scroll Lock
| 4. Caps Lock.

| I can't close any windows by Xing them from the top right corner, or by
| left-clicking the task bar and choosing Close. Clicking on Start does
| nothing. Most of the time Ctrl-Alt-Del does not bring up the Task
| Manager; if it happens to appear, I can't delete any of the applications.

| Sometimes when the freeze occurs, I'll hear a stuttering sound from the
| speaker if I'm watching something on YouTube or movie clips using
| Windows Media Player. Other times, even if the speaker is silent, I hear
| a low tone (low in frequency and amplitude) from the computer
| tower-style case (maybe one of the two hard drives is doing something
| odd). I immediately hit reset whenever I hear a sound and when the
| computer restarts, everything works okay until the next freeze.

| I've run AdAware, Spybot, AVG (in the Safe Mode), Malwarebytes (in the
| Safe Mode) and SuperAntiSpyware. The Trend Micro House Call found
| nothing. The results of Hijack This appear below.

| Win XP, v5.1, SP3 with dozens of hot fixes.

| Thanks for your suggestions.

| Ray



Please do NOT post HJT logs here!


Post the contents of the HJT log with a full explanation of your problem and what you have
done to date in one of the below expert forums...

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

 

[Ray K]

Some guesses, for what they're worth, and assuming there is no malware
at work:

A) Hardware problems, eg, intermittent overheating, or intermittent
failure of one of the hardware subsystems, etc. Make sure all the fans
are working as they should. (I lost a video card a couple weeks ago
because its fan failed; machine wouldn't boot.)

You can check the system's temperatures etc before booting by going to
BIOS, and looking at one of the advanced settings pages - just hunt
around until you find it. Do this immediately after shutting down
because of a freeze. The parts don't cool off that fast, so any out of
the ordinary temp should be obvious.

Also, most systems these days include SMART HD monitoring, turn it on
(BIOS again), and see if it reports anything bad.

Um, that's about all I can think of hardwarewise offhand.

B) Another possibility is that Windows is trying to sort out the page
file, and having trouble because your HDD is close to full. This effect
may be worsened if you have minimal RAM - an XP system should have at
least 2GB. Clean out surplus files, and defrag the HDDs. If that doesn't
cure the freeze, then IMO hardware is the most likely problem.

HTH
wolf k.

Good suggestions. However, they don't seem to apply in my case.
Normally, my computer is on most of the day, so heat buildup should get
progressively worse over time and freezing should occur more quickly
after each reboot. Last night, I had the computer off for six hours;
when I turned it on, the freeze occurred within five minutes, unusually
fast under any circumstances, and especially in this case because there
was no heat buildup.

My c: drive has 37% free. All of the other four partitions on that
physical drive have much more free space, as do the two partitions on my
second physical drive. 1,834,000 KB of RAM is available to Windows,
according to Explorer.

The critical c: drive is only six month old; the d: drive is 29 months old.

A day or so earlier, I remember being at some site when a brief message
flashed that something had been installed. So there is no question in my
mind that this was/is the cause of my problem.

Thanks,

Ray

 

[Ray K]

Dave,

Thanks for the links. Usually someone will request a HJT log, so I
figured I'd be one step ahead by posting it as part of my original message.

Since it doesn't contain any files of the type that would increase
download times (photos, for example), I don't see what the issue is with
posting the log here. One never knows the expertise of other people on
this group, some of whom may be experts in interpreting the log.

Ray

 

[Leythos]

Since it doesn't contain any files of the type that would increase
download times (photos, for example), I don't see what the issue is with
posting the log here. One never knows the expertise of other people on
this group, some of whom may be experts in interpreting the log.

Many search engines can Usenet mirrors - websites that contain the
content of Usenet groups, so, when you post a HJ log here and a website
mirrors the content, well, it will show up when people to a search for
problems with HJ log information - it pollutes the ability to get good
search results.

If you were to have followed the instructions that came with HJ you
would already know where to post the logs.

 

[David H. Lipman]

From: "Ray K" <[email protected]>

| Dave,

| Thanks for the links. Usually someone will request a HJT log, so I
| figured I'd be one step ahead by posting it as part of my original message.

| Since it doesn't contain any files of the type that would increase
| download times (photos, for example), I don't see what the issue is with
| posting the log here. One never knows the expertise of other people on
| this group, some of whom may be experts in interpreting the log.

| Ray

Not here. It is *STRONGLY* discouraged and if HJT had been created prior to this group's
inception then there would have been a notice in this group's charter.

You should have asked first.

 

[Ray K]

I bit the bullet and did a clean install of XP. Besides fixing the
freezing problem, the fresh install cleared up other problems as well:
long startup times, oddball screen refreshes every time I switched back
and forth between Spider Solitare and any other application that was
open at the same time). Overall performance is faster.

I thought that the installation would also reformat C, but it didn't. So
while I had to reinstall many of the programs, many of the custom
settings were still available.

Thanks to all for your comments.

Ray

 

[Ray K]

IOW, you had a hell of a lot of clutter. The fact that a clean install
made such a difference in so many ways leads me to revise my hypothesis
as to the original cause: I now think it was a really, really messed up
registry, plus a mass of debris leftover from uninstalled programs.

Anyhow, it's nice to have a "nearly new" computer, eh?

wolf k.

Very likely, that was the cause. I do occasionally clean the registry
using CCleaner and one or two other programs, and I do defrag every
couple of weeks.

 

[David Kaye]

I thought that the installation would also reformat C, but it didn't. So
while I had to reinstall many of the programs, many of the custom
settings were still available.

If you have valid files in the config directory (system, software, security,
sam, and default) then the install disk will give you the option of keeping
your previous setup and merely reinstalling the critical files.

 

[Buffalo]

Ray K wrote:
[slip]

Very likely, that was the cause. I do occasionally clean the registry
using CCleaner and one or two other programs, and I do defrag every
couple of weeks.

I would advise against using CC's Registry Cleaner unless you really know
what you're doing.
The rest of CC's tools are extremely useful.
Buffalo

 

[Dragon]

Ray K wrote:
[slip]

Very likely, that was the cause. I do occasionally clean the registry
using CCleaner and one or two other programs, and I do defrag every
couple of weeks.

I would advise against using CC's Registry Cleaner unless you really know
what you're doing.
The rest of CC's tools are extremely useful.
Buffalo

That's an interesting comment.
CC's actions seem to be automatic/default so what is the catch please?

Henry

 

[ASCII]

CC's actions seem to be automatic/default so what is the catch please?

On the left side of the main screen is an [Options] box
whereby the 'automatic/default' settings can be selected.

 

[Dragon]

CC's actions seem to be automatic/default so what is the catch please?

On the left side of the main screen is an [Options] box
whereby the 'automatic/default' settings can be selected.

Indeed there is.
However what is wrong with leaving them alone?
What sort of damage can be done?
I'm always ready to learn and have got a lot from this group.
So thanks in advance

Henry

 

[FromTheRafters]

CC's actions seem to be automatic/default so what is the catch
please?

On the left side of the main screen is an [Options] box
whereby the 'automatic/default' settings can be selected.

Indeed there is.
However what is wrong with leaving them alone?

Nothing (I think) as the default condition opts out of registry cleaning
IIRC.

What sort of damage can be done?

Registry editing is always risky.

I'm always ready to learn and have got a lot from this group.
So thanks in advance

Many different symptoms arise from mucked up registries. The damage
manifestation can range from barely noticeable to the inability to run
the OS.