1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Seemingly random lock-ups

Discussion in 'Windows XP' started by Desdewd, Jul 17, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
    Windows XP
    A couple of nights ago, out of the blue, my computer started locking up. It's a hard prblem to explain, partly because its effects aren't always consistent, so I'll just give a few examples:

    I had just turned on my computer within the last 5 minutes. I then went online (using firefox) to watch a streaming video. I am able to get a few minutes in before the video suddenly halted; the picture had stopped but the sound kept repeating the same tenth of a second, like a .1 second sound file played on repeat mode if that helps you picture it. The system clock had stopped as well. I have a keyboard with an LCD screen that shows the same time as my computer (logitech g15 gaming keyboard, the original one), and it also freezes. I had fullscreen mode enabled so the only thing I could see was the video. I was able to disable the video's fullscreen mode by hitting the escape button. I had two windows of firefox open (one was the video and the other was just a webpage) and after disabling fullscreen the frozen video was overlayed onto the entirety of both windows and my background. In other words the image from the frozen video stayed on my screen even after hitting escape, but now I could see the task bar and the outlines of the two windows (I can't remember if I could see the icons on my desktop or not or if one of the windows were covering them). I forgot to mention I still am able to move my cursor (the ability to move my cursor and the clock freezing are probably the only two constants everytime this "thing" happens but I digress). When I mouse over the windows on the taskbar and the start menu button it highlights them like normal. But clicking on the windows on the taskbar does not minimize the larger windows. I am, however, able to open the start menu and highlight and select the all programs tree and it displays everything that it should. But if I try to close out of it, it doesn't do anything. Now when I mouse over the windows on the taskbar it doesn't highlight them and clicking on them does nothing. I keep clicking on the windows and the start menu and after a bit I am able to highlight the windows properly again when I mouse over them. After this I decided to see whether or not I could open any of the items in the system tray. I was able to bring them up but they didn't load all the way. I then powered it down using the power button.

    That was the most recent occurence. And by recent occurence I mean the last time I turned on my computer. So far there have only been a few occasions where I was able to properly shut it down or restart it using the start menu. And for those occasions I was only on for less than 15 minutes. Sometimes it will occur within 10 minutes of turning it on, sometimes it wil be 2 hours. The longest time was probably when I was running a Mcafee virus scan and was able to get to 86% before it froze. (consequently I have been unable to finish a full scan; the # of attempts is probably close to 10) There does seem to be some pattern between the level activity and the amount of time I have before it locks up, but it's a very rough one. I was able to successfully back up about a gig of data without it locking up, but on the opposite end of the spectrum leaving the computer just sitting idly with no open applications will eventually result in it locking up (After a while I began to equate the clock being frozen with the computer being frozen so I can tell the computer has locked up even if nothing is running because the clock has frozen to an earlier time)

    I know this is a lot and I'm jumping from point to point but I can't find very many patterns or consistencies in the lock-up's trigger or consequences so that makes it very hard for me to describe what the problem is so please bear with me. Also it's 3 in the morning.

    Usually (like with a video or a virus scan) the app that I'm running at the time of a lock-up freezes, but with something like a webpage i'm still able to do some stuff. Once, after a lock-up i was still able to type something into a textbox on a forum but when I hit and held backspace it only backspaced one letter. If I continued to type or backspace, after a while it would stop recieving keyboard input all together. Sometimes I'm able to open the ctrl-alt-del window, sometimes I'm not, sometimes it only partially loads up. Most of the time after it occurs I am unable to open anything else but that is not always the case (though eventually it stops recognizing my commands). Sometimes if I start trying to open too many windows or otherwise give it too much input the computer tower will make a loud, long, and never ending beep.

    So far I have completed a disk scan (CHKDSK) and it only took one attempt. Everything I downloaded the day it started I have deleted (and in some cases shredded using mcafee's shredder) It seemed to start when I downloaded media player classic but I got it from cnet and as I said I have since deleted it. Mcafee came up with three warnings about pup's(potentially unwanted programs if I understand that correctly) but the page I got that from said cnet had heard that from some people and they tested it and it's safe. I'm pretty sure I correctly cleaned out my temp and cache files at least once (used mcafee program to do it)

    Since it's so late when I'm typing this I'll just list a few main points here:
    Everytime a lock-up occurs (or whatever you want to call it) I end up having to do a hard shutdown (holding the power button for five seconds
    It seems like it hasn't gotten worse since it started but it hasn't gotten better
    avg. amount of time before a lockup occurs: 20 min., but ot ranges from an hour and a half to 3 minutes
    One time I let it sit without opening anything or doing anything and it eventually froze mayb half an hour after start up, but may have been triggered by the screen saver because the (frozen) screen saver was there after I came back from leaving it idle.

    Sorry if it's really confusing but any help would be appreciated. As follows are my system specs:
    Asus m2n32 SLI deluxe motherboard
    amd Athlon 64 x2 5200+ processor
    nvidia 8800 gtx
    microsoft xp pro, service pack 3

    if you need more info, just ask.
     
  2. Officer Dibble

    Officer Dibble

    Joined:
    Oct 24, 2007
    Messages:
    544
    How old is the system? Did you buy it or build it?

    Is you anti-virus software up to date? Which one are you using?

    Have you tried using any of the following applications to remove spyware?

    Malwarebytes, Lavasofts Ad-aware, or Super Anti-spyware?

    It could be that something is overheating, is your system over-clocked?

    If you had a thermometer in the room you keep the pc in, what would you say is the ambient temperature?

    Is there a lot of clutter, paperwork, etc, around the computer, is it in a cupboard of sorts?

    The PSU fan at the back, does it have a few inches clearance from the [wall] at the back?

    Are the internal fans working, on the CPU, video card, PSU, and any other internal fans there may be? Is there an internal case fan?
     
  3. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
    I think it's about two years old now, I built it.

    Yes it's up to date, I use Mcafee, but as I said I haven't been able to complete a full scan.

    No I have not tried using any of those programs.

    I have (or I guess had, since I uninstalled it in my attempts to try and get rid of this problem) a program that came with the motherboard that monitored the cpu and system temps. So far on start-up the cpu has been around 40 C which is hotter than normal (32-36) but it seemed to have started getting warmer before this problem started, but I may be wrong about that. (system temp has been around 32 C) Part of the reason for this is that the room temperature has gotten warmer, it used to get into the sixties at night but now it probably averages at seventy-two. Now I usually close out of that app after start up so I don't think I've been able to see the temp when the lock up happens. Also I have opened the case and removed as much dust out of the cpu fan as I could but I didn't have very many good tools so I'll probably do it again. Also I do not over-clock.

    I should probably mention that my casing is the aerocool xtreme engine 3t so overheating has never been an issue before. I've allso had it in the same place (sitting in the same desk) since I first built it. It has lots of clearance on the side with the fan, the front and back side, as well as the top. The only sides of the case that come into contact with the wood of the desk is the bottom (obviously) and the non-fan side. But now that you mention it, the back of the case is getting a little close to the wall (the desk sits against a wall) and all of the cables (even though it's always been that way) so I'll pull it out a bit.

    The only fans in the computer are the cpu fan, the Nvidia 8800 gtx's fan, the psu fan, and the two fans that are a part of the case. I'll check each one to make sure it's running properly but I can confirm that the two case fans as well as the cpu fan is running properly (though i'm not sure if the cpu fan is running properly when a lock-up occurs so I'll make sure to check that as well)

    Also I should mention that I have not added or made any hardware changes for quite sometime (February was probably the last time I had to open the case).
     
  4. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
    Alright I downloaded and installed the free version of Malwarebytes. A drive is a non-existent 3.5 floppy drive; C drive is my hard disk drive; D drive is the DVD drive; E drive is the cd-rw drive. Between these scans were several failed ones where the computer froze before it could finish.

    For this first one I deselected the hard drive because none of the scans had succeeded thus far so I wanted to get some results.

    Malwarebytes' Anti-Malware

    1.39
    Database version: 2453
    Windows 5.1.2600 Service

    Pack 3

    7/17/2009 6:44:59 PM
    mbam-log-2009-07-17 (18-44-59).txt

    Scan type: Full Scan

    (A:\|D:\|E:\|)
    Objects scanned: 80912
    Time elapsed: 1 minute(s),

    22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items

    Infected: 2
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items

    Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter)

    -> Bad: (1) Good: (0) ->

    Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) ->

    Bad: (1) Good: (0) ->

    Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Torin\favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

    -------------------------------------------------

    This one was more problematic. As the scan was finishing a mcafee alert popped up telling me that it had found a PUP and asked if I wanted to remove it. I decided to wait for the scan to finish because I didn't want to jepordize the scan's completion (I'm still not sure what triggers the freezes so I try not to click or do anything I don't need to do) After it had finished it asked me to restart my computer in order to complete the operation. Before I hit ok I clicked on the option to remove the pup presented to me by Mcafee. A second one followed and I deleted that one too (I can't find any log of the stuff that mcafee finds once I delete it) After this I hit ok in order to restart my computer and as it was shutting down it froze (I believe it was at the final stage of the windows shut down screen) forcing me to do a hard shutdown via the power button. I'm not sure if any of that had any impact or not but there you go. (I'm pretty sure the log was made before I restarted the computer)

    Malwarebytes' Anti-Malware 1.39
    Database version: 2453
    Windows 5.1.2600 Service Pack 3

    7/17/2009 7:49:32 PM
    mbam-log-2009-07-17 (19-49-32).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 222461
    Time elapsed: 51 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Torin\local settings\application data\Mozilla\Firefox\Profiles\fpjav5z5.default\Cache\D8AABD14d01 (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\RECYCLER\s-1-5-21-789336058-1757981266-839522115-1003\Dc4.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

    ---------------------------------------------------

    This one went perfectly.

    Malwarebytes' Anti-Malware 1.39
    Database version: 2453
    Windows 5.1.2600 Service Pack 3

    7/17/2009 11:16:23 PM
    mbam-log-2009-07-17 (23-16-23).txt

    Scan type: Full Scan (A:\|C:\|D:\|E:\|)
    Objects scanned: 201298
    Time elapsed: 46 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\system volume information\_restore{df7d4eba-ed4e-4205-aaf5-e948994c6a7c}\RP826\A0158107.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{df7d4eba-ed4e-4205-aaf5-e948994c6a7c}\RP826\A0158108.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

    After this last one I decided to see if I still had the problem so I ran a Mcafee virus scan. I was able to complete it (no detections) for the first time since this started so maybe that's progress. After that I decided I might as well defrag. I left the room for a while in order for it to complete. When I came back I noticed the clock had frozen (thus indicating the problem had struck again) but on the screen it said that the defrag had completed. So I'm not sure wether it froze before,during, or after it had finished. That time period was the longest I had been on without it freezing (almost two hours). But after turning it back on it froze withing twenty minutes, and after another hard reset it did it again with in 15 minutes. I should mention that for the final malwarebytes scan (the third log) and the mcafee virus scan and the defrag I had my computer offline (wired connection so I just pulled the ethernet cable out).

    One issue I had with malwarebytes is that after these successful scans, the infected item were listed in the quarantine tab, so i'm not sure if they were deleted and it's just a log or if they are still in quarantine. The infections listed in the first two logs I deleted from the quarantine tab. The ones listed in the third log are still listed in the quarantine tab.

    The psu fan seems to be working fine, but I'm not exactly sure what I should be looking for (I can feel the fan going) I can't tell wether or not the graphics card fan is working properly because I can't see it from outside the case. I gave the computer more clearance on the back and non-fan sides. Should I download those other two programs you listed as well?
     
  5. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
    Anyone have any ideas of what I should try next?


    *edit* Also I can confirm that if I turn it on and log in, and then just leave it completely idle (not close out of anything , click, or even move the mouse) that it eventually freezes (way before the screen saver comes on. I'm pretty sure I didn't have any scheduled tasks set for today either.
     
  6. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Please click here to download and install the HijackThis installer.

    Run it and select Do a system scan and save a logfile.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    Do not fix anything
     
  8. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
    Thank you for the response. Here is the log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:14:40 PM, on 7/19/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Netgear Update Assistant\LanUpdate.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\ResChanger 2005\ResChanger2005.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [LanUpdate] "C:\Program Files\Netgear Update Assistant\LanUpdate.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{44C23430-C620-47F0-AA38-D28FE249A6E7}: NameServer = 12.207.232.47,12.207.234.32
    O17 - HKLM\System\CS2\Services\Tcpip\..\{44C23430-C620-47F0-AA38-D28FE249A6E7}: NameServer = 12.207.232.47,12.207.234.32
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Creative Audio Engine Licensing Service - Unknown owner - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (file missing)
    O23 - Service: Creative Audio Service (CTAudSvcService) - Unknown owner - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (file missing)
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

    --
    End of file - 10496 bytes
     
  9. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Your log isn't showing any malware but it doesn't mean your computer is not infected. Over 50% of infections don't show in a HijackThis log.

    You do have too many applications loading with Windows. It really doesn't help. To trim your Startup list, click on Start, Run and type msconfig.

    Under the Startup tab, uncheck all unnecessary applications. You can copy the .exe files found at the end of the 04 HijackThis log entries and paste them on this website to help you decide what to uncheck or keep.

    Look at the attached picture for an idea on where to paste the .exe files.

    Also, McAfee is a real system resource hog, and you have the whole bundle!

    And, how much RAM do you have?

    If nothing helps, you might have to start a new thread in the Malware Removal forum.
     

    Attached Files:

  10. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
    I was able to cut a almost 50% of the startups so thank you for that. But I noticed something strange on the start-up list, there was a blank one. It has no name and no command but it does have the location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    I have two gigs of RAM and I would be glad to be rid of mcafee but what would a good replacement be?
     
  11. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    If you're paying for a security software, without hesitating, I would recommend ESET Smart Security (NOD32 antivirus + firewall + anti-spyware + anti-spam module). It's lightning fast, really effective, the best heuristic capabilities out there (ThreatSense) and uses a very small amount of system resources. It also downloads new virus definitions many times a day without any computer slowdown. You won't even notice it.

    Combine this to good anti-spyware programs like Malwarebytes' Anti-Malware (free or paid), SuperAntiSpyware (free version) and SpywareBlaster (free version).
     
  12. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    Uncheck the entry and reboot. You'll see what happens.

    Please post a new HijackThis log.
     
  13. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
    This was taken after I unchecked the blank item and rebooted. I haven't noticed any changes from unchecking it yet. Also, last night I noticed that command.com doesn't work anymore. It (usually) gives me this warning when I open it for the first time:

    16bit MS-DOS Subsystem (this is the window header)

    C:\Windows\System32\command.com
    NTVDM has encountered a system error.
    NTVDM has encountered a system error c0h, choose close to terminate application

    Close Ignore

    If I ignore, it brings up the command input window but doesn't recieve any input from my keyboard. I'm pretty sure this is the first time I've tried using it since this problem started and the last time I know for sure that I used it was almost two weeks ago.

    Edit* The command line is C:\DOCUME~1\(my name)> I don't remember it being shortened like that, but I could be wrong.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:26:35 PM, on 7/20/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Netgear Update Assistant\LanUpdate.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [LanUpdate] "C:\Program Files\Netgear Update Assistant\LanUpdate.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{44C23430-C620-47F0-AA38-D28FE249A6E7}: NameServer = 12.207.232.47,12.207.234.32
    O17 - HKLM\System\CS2\Services\Tcpip\..\{44C23430-C620-47F0-AA38-D28FE249A6E7}: NameServer = 12.207.232.47,12.207.234.32
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Creative Audio Engine Licensing Service - Unknown owner - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (file missing)
    O23 - Service: Creative Audio Service (CTAudSvcService) - Unknown owner - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (file missing)
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

    --
    End of file - 8944 bytes
     
  14. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    ntvdm.exe is a process that belongs to the Windows 16-bit Virtual Machine. It provides an environment for a 16-bit process to execute on a 32-bit platform. This program is important for the stable and secure running of your computer and should not be terminated.

    Troubleshooting NTVDM

    If you recheck the entry, does the error message go away?
     
  15. Desdewd

    Desdewd Thread Starter

    Joined:
    Jul 15, 2009
    Messages:
    10
    i noticed this before I unchecked that blank entry (also the blank entry is now gone from the startup list) I saw that Microsoft support page but I'm not sure how to set the values for the config.nt file.

    edit* Typing cmd instead of command into the run box, brings up a command prompt that works but from what I can tell, I'm actually opening cmd.exe instead of command.com. The cmd.exe does not shorten the command line. I also found this and starting to sound alot like mine: http://www.technologyquestions.com/technology/windows-xp/351693-ntvdm-error-c0h.html post 12 by ppp64. I'll post some more information that I discovered tomorrow.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Seemingly random lock
  1. Coco767
    Replies:
    3
    Views:
    281
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/843954

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice