Windows XP frequent hangs

Good Catch Sparrow - it is hot. 1000MHZ T-Birds ran quite a bit cooler than 1200's, 1300's & 1400's although the 200MHZ (2x100) CPU's ran hotter than the 266's (2x133) - I'd say this 56C, while within spec, is way high compared with what it should or let's say "could" be.

 

Paul Shillam

I have tried running with the lid off the PC but no change.
I have tried running with just one HDD and no CD or FDD to reduce load on PSU but still hung.
I did some disk copy's using DriveCopy and write verify to make it take longer, it ran for 12 hours without a problem but as soon as I went back to XP it hung within a few minutes. It has never hung under DOS.

 

Hi Paul Shillam,

I've looked over this whole long thread and it looks like you still have an infection in XP, or XP is otherwise broken.

Has system restore remained off? This is to avoid restoring any malware that was removed.

Have you continued to run every 2nd or 3rd day the cleanup suggested originally? I suggest you do, at least 'till your problem is solved. And dont forget to update the programs online first.

If all is clean and a new hijackthis log is also clean, I wonder about uninstalling SP2? Otherwise, I still think I'd consider a clean install of XP. If you go that way, fdisk your drive to delete all partitions and remake them so all-new boot records and partition tables are written, leaving no traces of the old OS. Format won't do this.

 

This doesn't necessarily surprise me. Running a 16 bit app in DOS is quite different than running a 32 bit app with a GUI. Not trying to backpedal here but as mentioned before, not sure we have enough to accurately identify software vs hardware problem. I originally chirped in after cautioning myself to shut up because everyone was focused solely on software when your machine behavior was somewhat indicative of a potential hardware issue. The fact that you experienced the same characteristic freezes when running only one HDD adds to the mystery but doesn't resolve the power issue completely, especially in regard to whether memory and video also have sufficient power. Don't get me wrong, I'm at a loss here too and I think we need to look beyond any power issues for a solution.

Couple more questions. Since this has been evident for a while, what if any changes were made to your machine (physically) going back to the origin of this behavior (six months ago). Same question re: software.

My best guidance at this point would be to clean your memory modules and check your memory setting in BIOS and then try selective startups as suggested quite some time ago by Charlesvar. Re-reading his post, he originally hit on both. Last question, do you have any kind of Drive Strength setting adjustment available in your BIOS and although you mentioned you set everything to default, have you tried setting memory to Auto or Spd and testing?

 

Paul Shillam

Hi Guy's, thanks for the continued support.

I do keep running the clean up Prog's with updates. I do note that SpyBot finds 12 problems but says it can only fix two and ask's if it can run at next start up, but when it does it only fixes two out of the twelve again.

I have had no hardware changes since problems started and only minor sofware, prob's started way before SP2 install'.

My memory Dim has been replaced with no change.

I don't see anything in BIOS which mentions drive strenght settings (what ever that is) or memory to Auto or Spd and testing.

 

Just re-read this thread and have a couple more comments and a couple more questions.

First off, it would be advisable to get whatever spyware cleaned up period. You reference problems with 10 of 12 entries found with SB S&D - well, you're in the right forum for a malware wizard to assist you but you'll need to post what ails you. Secondly, you said you nailed one of two AV programs you had running but didn't reference which one. I'd suggest you identify it by name as there may be additional steps required to totally clean it from your system. As a minimum I'd run Reg Cleaner and remove all remaining registry entries. Then I'd get back to Charlesvar's selective startup suggestions and see if you can isolate this, assuming it could be primarily software related.

Next - I see from your MoBo site that this machine will run PC100 or PC133 SDRAM. What are you running and what kind of memory is it - brand? You set default in your BIOS setup but dependent upon memory, there may be a couple of adjustments necessary. Similarly, your machine will run a 200 (100x2) or a 266 (133x2) CPU and it looks like your MoBo auto-detects the CPU. I'm assuming the default setup is the 200mhz bus speed CPU but please check & verify, then check whether memory speed is set to CLK or CLK+33. Understand that high density memory is going to be a problem on this board and if the individual chips are set parallel to the module's orientation, look no further - get out your pocketbook and replace it. Short of that, test it out and see if you have any read or write errors.

Not trying to be like the diagnostic doctor that names 25 potential diseases because he or she doesn't have a clue but every FAQ re: your Mobo on the Gigabyte website said to update BIOS. Not necessarily my recommendation, but once you've checked a few other things and further cleaned up your software issues, you can start thinking about the validity of their advice.

 

Wonder if rockster2u means post another hijackthis log after you reboot letting spybot try its best; and don't forget the antivirus and adaware.
Please post the log as it may reveal what's not being cleaned up and what requires manuas or other attention.

 

Paul Shillam

The AV I took out was AVG 6.0 the one that is running is Norton
I have run regcleaner.
The memory Dim is a Kingston and it is set at 100 in BIOS
I can't find anything in BIOS that tells me the clock speed of the CPU
I have updated the BIOS not so long ago
Here is the latest Hjack log file

Logfile of HijackThis v1.98.2
Scan saved at 11:23:00, on 13/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: EPSON Background Monitor.lnk = D:\ESM2\Stms.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: KANA IQ LiveA - http://dmzchatonly.europe.creative.com/srvs/eu/eu1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

 

I'll wait along with you until one of the guru's comments re: your log but notice you still have 3 entries for grisoft AVG.
Running Processes
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Plus
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

Am surprised RegCleaner wouldn't have shown these and permitted you to clean them up.



edit: (afterthoughts) Your CPU is 100 and your board auto-detects so thats fine. Updated BIOS also sounds fine but you may want to x-ref # with your MoBo site for added confidence/comfort. Memory sounds OK at first blush but some of the budget Kingston PC133 was not reliably backward compatable to PC100 (ran into this on a couple of old Dell boxes 2-3 years ago). Kingston SDRAM usually pretty reliable though and if its marked PC100, you should be fine.

 

I'm waiting too.

 

Yes, this is an issue that never seems to get cleared up, and until it is, really can't be sure that this isn't the source of the problem.

Regards - Charles

 

Second Rockster on the AVG. How did you take it out? Add/remove programs? If so, and it no longer shows up there, do another HJT scan and place a check next to the O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP entry, as well as the following, and click fix checked.
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: KANA IQ LiveA - http://dmzchatonly.europe.creative.com/srvs/eu/eu1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -


Information below about this process, running on your machine, taken from answersthatwork.com. C:\WINDOWS\System32\nvsvc32.exe

NVIDIA Driver Helper Service which gets installed under Windows NT4/2000/XP/2003 by the NVIDIA drivers for some of their graphics cards (or graphics cards based on an NVIDIA chipset). We do not at this stage know what this process does except consume memory ! And we also have no idea as to what a "Driver Helper Service" is supposed to do !!

Recommendation :
This service is often responsible for various glitches, from significant shutdown delays to excessive memory usage. Disabling it, however, does not result in our experience in any ill-effect in regards to the proper operation of your NVIDIA or NVIDIA chipset graphics card, so we recommend that you definitely set the Startup Mode of this service to Disabled. You can do this by going to start>run, type services.msc, hit enter. Locate the service in the list and right click>properties. Stop the service, then disable, apply and OK out.

Reboot when done and delete the Grisoft folder from C:\Program Files. Run the reg cleaner again and reboot.

 

Paul Shillam

I thought I had stopped AVG by disabling schedule tests so now I have removed it using Add/Remove Programe.
My memory was marked 133 so I have changed it to 133 in BIOS.
I have now folled the instructions to get rid of NVIDIA, I noticed when I deleted Grisoft that it had AVG6 under it so thats gone as well.
I ran a regclean prog and that also found AVG which it has cleaned.
System did seem to start up quicker now.
Here is the Hijack log after doing all of this.

Logfile of HijackThis v1.98.2
Scan saved at 09:51:17, on 14/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AS00_Netgear] C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: EPSON Background Monitor.lnk = D:\ESM2\Stms.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: KANA IQ LiveA - http://dmzchatonly.europe.creative.com/srvs/eu/eu1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

 

May be jumping ahead here but it doesn't look like you removed your 016 entries as instructed. This is not my expertise so don't do anything until you hear back from noahdfear or one of the other "Malware Masters" but I'd advise anybody to follow his instructions to a t - he's very good. It also appears that the java runtime you are running is an older version with a known security vulnerability, but again - I defer to the experts. Lets wait for further instruction.

With the hope that these changes lead to improvement, I would still advise replacing your power supply with at least a 350-400W PSU and you should invest in a better CPU cooler to get those temps down. Both of these can be purchased for less than $50-60 total. I'll be glad to make specific recommendations once you're sure you are on the road to recovery.



edit: forgot to mention - good catch on the memory setting - you'll get better performance although it may not seem that noticeable. Hey - we're only human - it takes a computer to measure some things.

 

Yep, you need to fix the 016 entries and update your Java as noted. Also, unless you use Windows Messenger (are you in a network environment?), fix the 04 messenger entry. Log is clean otherwise. Seem to remember there being a problem running an online virus scan with RAV (?). If so, try again and let us know if it is successful and the results.

You mentioned the machine is starting up faster now. Is it still having other problems? Describe again in detail if you would please.

 

Paul Shillam

I have removed the 016 entried and the 04 Messenger.
How do I update Java runtime?
Tried running the RAV but it comes back with the following:-

Failed to load Active X control
You must have administrative rights on this computer
You also must have internet explorer securitysettings to medieum level

Both of the above I have.

Good news I hope
Since removing AVG6 and NVIDIA this morning I have not had a hang.
I have run the PC for 13 hours now with no prob's I have been making it work with AV scans,backups and disk copys with no trouble. I don't belive AVG6 had anything to do with it as I only installed it on instructions from a member at the beginning of this thread. Keeping everything crossed.

 

Hi PAUL,

Failed to load Active X control

You have to have that enabled for the on-line scan. IE tools > internet options > security tab > Custom level and scroll down not very far to run activeX controls and plug-ins. Tick either Admin approved or prompt. I would go back and disable that after your business with RAV.

Just for clarifiction, I don't see anyone advise you to download and install AVG in this thread. I know that its easy to get lost in a thread that gets beyond a certain size - I did, but it does pay to keep track and go back over the thread a few times. The stuff you took off was mentioned earlier in this thread.

Regards - Charles

 

You can download Javaâ„¢ 2 Rutime Environment, Standard Edition (JRE) v1.42.05 from the link below. Make sure the 05 version as the 04 version had a security hole.

Install File => Click the "Download" button just to the right of "Windows (Offline Installation)" => http://www.java.com/en/download/manual.jsp

 

Paul Shillam

The mouse just stopped working whilst I was installing JAVA but it did finish installing ok.
I still can't run RAV, I ticked prompt and it did prompt me to alow it to load ActiveX but still came back saying failed to load ActiveX.
There is a post on page 1 dated 26 Sept at 22:31 that suggest I run Ad-aware, Spybot, AVG etc.

 

Hi PAUL,

I still can't run RAV, I ticked prompt and it did prompt me to alow it to load ActiveX but still came back saying failed to load ActiveX.

Ok, if you have the activex entries in IE enabled, then disable SpyBot's resdident processes temporarily - SDHelper & Teatimer. Left panel > Tools page > Resident > Resident page and untick them.

Regars - Charles