Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezes and shuts down, but NOT in safe mode


  • This topic is locked This topic is locked
3 replies to this topic

#1 Kyron and Keira

Kyron and Keira

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:53 AM

Posted 04 August 2011 - 04:41 AM

Greetings,

Having a really hard time trying to figure out what is going on with a couple machines.
I will list the reports from this machine and details on what is happening. Any help is VERY appreciated!

A little background:

Specs:
Windows XP Professional
Prescott 800 ASRock Mother board
Nvidia G-Force 7600 GT Graphics card
Maxtor 80Gig Hard Drive
Pentium 4 /3.2g
Sound Blaster 5.1 sound card
P4-450 watt power supply
2gig Ram

I did test out all the hardware and made sure everything is working properly. Nothing is running hot or above temperatures, ran a "Reimage" report to analyze hardware as well, and other than the fact its low on space (80gig Hard drive with 25 gig's of space)evrything checks out. Computer is clean, heat paste/heat sink is perfect, and everything is seated properly.

The reason I think this might be virus related or bios related is this problem has occured now on two machines that are networked and share a internet connection.
It started on our first machine as a simple mouse/keyboard freeze. Each time had to hard restart. It got more frequent, till it would do shut downs randomly. Now it is occuring on this machine which is what I am posting about. (both have occured within the same month time frame)

It has started also doing freezes. First with the mouse/keyboard, then random shut downs, to the point it is at now and not even running for a couple mins in regular boot up. I am ONLY able to get into safe mode with networking. Which it seems to run fine.

I have done virus scans like you would not believe! Kaspersky, AVG, Avira, Trend Micro, Emisoft, Clean-Up to get rid of temps, and NOTHING is detected. Tried cleaning up registry to see if it is corrupt, ran system restores, which seems to work for several hours and then resorts back to freezing. Ran a XP repair and still does the same freeze in regular boot up.

The freeze is completly random. I can freeze on login screen, in the start menu, when you try to start internet, there is no set amount of time it can take or freeze up. Sometimes there are hours and other times it is right on boot up. At times it will try to freeze when TRYING to go into safe mode, before everything has launched. Once IN safe mode we have never had a freeze.

I have ran the reports and they are located below this, I can't get reports in regluar mode, only while in safe mode.

DDS Report:

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.3264 BrowserJavaVersion: 1.6.0_24
Run by Kyron at 10:28:46 on 2011-08-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1630 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/firefox/
uInternet Connection Wizard,ShellNext = iexplore
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
StartupFolder: c:\docume~1\kyron\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.2
TCP: Interfaces\{4DE52386-275A-45F4-A548-078AF52BEF17} : DhcpNameServer = 10.0.0.2
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
LSA: Notification Packages = :\WINDOW
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kyron\application data\mozilla\firefox\profiles\lbb5ljdq.default\
FF - prefs.js: browser.search.selectedEngine - Astroburn Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2011\ffext\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\program files\kaspersky lab\kaspersky anti-virus 2011\ffext\virtualkeyboard@kaspersky.ru\components\ffvkplugin.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-24 218688]
S0 tfxgbo;tfxgbo; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-9 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-12 309848]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-3-24 2978720]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-12 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-12 42184]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-5-15 21992]
S2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-15 2218600]
S2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-3-24 73728]
S3 cpuz134;cpuz134; [x]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-08-04 08:19:08 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-03 20:57:07 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-08-03 20:57:07 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-31 07:39:17 -------- d-----w- c:\documents and settings\kyron\application data\Error Fix
2011-07-31 07:39:04 -------- d-----w- c:\program files\Error Fix
2011-07-31 07:21:44 -------- d-----w- C:\rei
2011-07-31 07:21:36 -------- d-----w- c:\program files\Reimage
2011-07-30 20:06:45 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2011-07-30 20:06:44 870784 -c--a-w- c:\windows\system32\dllcache\ati3d1ag.dll
2011-07-30 20:03:50 516768 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
2011-07-30 19:44:52 -------- d-----w- c:\program files\Personal
2011-07-30 16:48:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-30 16:48:32 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-07-30 16:48:32 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-07-30 16:48:32 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-07-30 16:48:32 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-30 16:48:32 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-30 16:48:32 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-07-30 16:48:32 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-07-30 09:24:07 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-07-30 09:24:07 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-07-30 09:22:15 -------- d-----w- c:\program files\Kaspersky Lab
2011-07-30 09:22:15 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-07-29 22:26:53 -------- d-----w- c:\documents and settings\all users\application data\Astroburn Lite
2011-07-11 19:48:23 -------- d-----w- c:\program files\Microsoft Games
2011-07-08 15:35:52 -------- d-----w- c:\windows\system32\NtmsData
2011-07-08 15:35:04 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-07-06 10:55:32 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-05 14:45:08 -------- d-----w- c:\documents and settings\all users\application data\FrontLine Registry Cleaner
2011-07-05 14:26:27 -------- d-----w- c:\documents and settings\all users\application data\RegInOut
2011-07-05 14:26:23 -------- d-----w- c:\windows\RegInOut System Utilities
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-10 12:24:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 09:23:09 260440 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-21 09:23:09 260440 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-21 09:23:09 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-15 18:17:49 0 ----a-w- c:\windows\ativpsrm.bin
2011-05-14 17:56:02 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.
============= FINISH: 10:29:32.67 ===============


Thank you for ANY help you can provide. My wall will also thank you... as it is sick of being beat upon!

Kyron & Keira

Attached Files



BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:01:53 AM

Posted 10 August 2011 - 11:52 PM

Hi Kyron and Keira
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up.

Please do this in normal boot mode.

Download ComboFix from Here

Before saving it rename it to Mobofix.com then download it to your Desktop.

Please run it this way.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click Mobofix.com and follow the prompts.
  • Vista users right click Mobofix.com and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:01:53 AM

Posted 15 August 2011 - 11:06 PM

Hi
If you still require help. please respond to this thread or it will be closed in 48 hours.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#4 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:01:53 AM

Posted 20 August 2011 - 04:27 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users