Results 1 to 14 of 14
  1. #1
    New Lounger
    Join Date
    Feb 2014
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    XP freezing on no activity - running out of ideas

    I have my sister's XP desktop which she messed up, somehow ending up losing such files as ntdetect etc in c:\, probably as a result of trying to fix a silly problem and ending up with some malware. It seems that she had inserted a friend's USB and then by mistake pulled out the Netgear and then tried to fix the resulting problems herself. Of course we cannot rule out the friend's USB didn't contain some malware but certainly the machine was able to connect to the internet as my sister tried to fix issues which she recalls as being a "missing ntldr" message.

    I have done a fair amount of work on it and for the moment it is intended to retain the XP regardless. However after a period of non-activity it freezes. The display is there and I can see from the clock what time it froze. The period could be 15min and as long as several hours. I need some fresh ideas as to how to approach the issue but meanwhile here are some details.

    As a result of house moves and kids going various places it is not viable to reformat/reinstall from fresh.

    The machine was built by a computer shop and the the components seem quite reputable.

    1) I replaced the missing files by booting up on DVD under Ubuntu and copying the missing root files from my laptop
    2) I rebuilt XP by doing a repair from the XP SP2 disk, then installing SP3 and going through all Windows updates which are now complete
    3) I downloaded current video, sound, and Netgear USB wireless drivers and installed. All devices show as ok under Device Management.
    4) I've installed a Linux Mint partitition and run a 12hr RAM test with no faults.
    5) Mint does not hang
    6) Windows Safe Mode does not hang
    7) I will check again but I don't think it hangs if I remove the wireless USB (it certainly went a few hours ok). A single test indicated that it lasted longer having Windows managing the wireless rather than the Netgear software.
    8) I've run and cleaned up with Spybot, Malwarebytes, Emsisoft, MSE.
    9) To be fair I've not established that it won't hang whilst I'm using it as I've not worked it for several hours
    10) I've run Windows Disk Error Checking, and Windows Defrag
    11) Strangely a couple of days ago MSE refused to update with a 0x80248014 error. I plan to uninstall/reinstall. Windows Update works fine but I cannot update the MSE definitions.
    12) The sons have put lots of stuff on the machine - Apple software, iTunes and others.

    The machine is not desperately needed and I can run tests as required, but a fresh set of eyes may help me focus on what to try next.

    Thanks

  2. #2
    4 Star Lounger SpywareDr's Avatar
    Join Date
    Dec 2009
    Location
    Riviera Beach, Maryland, USA
    Posts
    490
    Thanks
    10
    Thanked 52 Times in 43 Posts

  3. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Have you tried leaving Task Manager running to see what is active when the computer hangs?

    Have you checked the Event Viewer?

    Joe

  4. #4
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,396
    Thanks
    445
    Thanked 404 Times in 376 Posts
    Use ShellExView to disable all non-Microsoft DLLs, to see if the problem goes away; then reenable a few at a time, to see if the problem returns. If so, you can track down which DLL is the culprit, then disable it from loading.

    Here's where to get ShellExView: http://www.snapfiles.com/get/shellexview.html

  5. #5
    New Lounger
    Join Date
    Feb 2014
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    @spywaredr - thanks. I already did that once ref Step 2. I might explore some of the other choices.
    @adminstrator - no issues in Events. I'm guessing that the freeze stops the event from showing
    @mrjimphelps - ah - I've downloaded the full suite from nirsoft. Looks powerful and dangerous. MSE sees a lot of 'threat' in the suite.

    For the moment I've taken out the Netgear wireless and plugged in an ethernet cable. Strangely MSE now updated even though it was happy to be reinstalled under Wireless. I'll see if the machine runs overnight and report back. The Netgear USB is a bit weird has I've downloaded tons quite happily with applying fixes etc unless the issue is a USB port problem. I suppose I could install the Netgear in another machine though I had no problem when leaving the machine overnight after booting under Linux Mint with the Netgear connected.

  6. #6
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,396
    Thanks
    445
    Thanked 404 Times in 376 Posts
    In my opinion, wired networking is always preferable to wireless networking, if there is no problem with running an ethernet cable from the router to the computer.

    ShellExView can be safely run if you don't disable the Microsoft DLLs, nor your antivirus program's DLLs. It is really easy to reenable whatever you disable. But if you don't feel comfortable using it, don't use it.

    I don't have the whole Nirsoft suite, just ShellExView.

    I also don't use MSE, because Microsoft has stated that they aren't putting much effort into MSE these days.
    Last edited by mrjimphelps; 2014-02-21 at 16:09.

  7. #7
    New Lounger
    Join Date
    Feb 2014
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Never had a problem with numerous wireless once I've got away from any competing channels. Even had a rock solid wireless bridge set up from home to office approx 400m. The MSE/Nirsoft comment was just an observation as the full suite does some pretty powerful stuff eg password recovery and no doubt does some low level stuff that would look suspicious.

    What do you use for a/v? I'd like to try something different on my sister's machine. I found bitdefender very aggressive and avg bloated.

  8. #8
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,396
    Thanks
    445
    Thanked 404 Times in 376 Posts
    I use Trend Micro Maximum. I was using Vipre, and my subscription was going to run out in Sept of 2013, and I found that Vipre was not very well-rated by the various computer magazines, so I investigated what was out there. Trend Micro ranked at or near the top in three categories: (1) ability to clean up an already-infected PC; (2) ability to block new infections from getting onto the PC; (3) doesn't slow down the PC much if any. I installed Trend Micro, and I have not been disappointed.

  9. The Following User Says Thank You to mrjimphelps For This Useful Post:

    anthony2l (2014-02-21)

  10. #9
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,141
    Thanks
    101
    Thanked 579 Times in 464 Posts
    As you've checked the hardware (RAM and hard disk) and the PC doesn't lock up in Safe Mode (or Mint) then this suggests a driver issue, possibly a display driver.

    Have a look at Nir Sofer's WhatIsHang to see if it helps you identify what's causing the PC to lock up.

    (Nirsoft tools are amazing, especially ones like BlueScreenView, USBdeview and MyEventViewer. I keep the entire suite on a USB stick and carry them round with me all the time. Some AV software will flag some of them (the password retrieval utilities) as dangerous but they're not... just powerful and incredibly useful.)

  11. #10
    New Lounger
    Join Date
    Feb 2014
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks Rick. I had already downloaded the full Nirsoft package as a result of an earlier suggestion and have integrated the Sysinternals suite which I already used. Another tool I find handy is Anvir which I have running on my laptop by default. I'm still working my way through Nirsoft and thank you for your suggestion. Also another thing that I found in Jim's link was EasyClean - http://personal.inet.fi/business/ton...s/EClea2_0.zip which appears to be one of the better free registry cleaners.


    On Saturday I ran an ethernet cable to the router and that ran for about 8hrs without hanging which rules out the display driver unless there is a weird and unreported display driver/wireless driver conflict. Today I have disabled a whole load of startup items including the Netgear Wireless adapter software, and have Windows managing the wireless. I'll see how that goes. The problem is - how long to run before being satisfied it's ok? It's a slow process and very elusive. We have other wireless devices that have no problem and there are no nearby conflicts on the same channel.

  12. #11
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,141
    Thanks
    101
    Thanked 579 Times in 464 Posts
    Hi Anthony - Thanks for the info about Anvir... it looks interesting.

    If you have both the Nirsoft and Sysinternals suites then you may be interested in Windows System Control Center. This is a small portable app which provides an interface to both suites but also adds an automatic update mechanism.
    wscc.jpg
    Click on picture to enlarge.

  13. #12
    New Lounger
    Join Date
    Feb 2014
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks Rick - I'll look into adding that onto my USB stick. On my laptop I run Secunia which actively keeps me informed if I'm running behind or have updated something.

    The desktop has been running 4hrs now and still not frozen. Just a reminder that it all used to work ok before whatever happened a few weeks ago. The only changes I've had to make are to download and install drivers which I have done from the various manufacturers' sites ie Netgear, Nvidia, Soundblaster and motherboard (VIA KT400A-8235).

  14. #13
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,141
    Thanks
    101
    Thanked 579 Times in 464 Posts
    Anthony - If it's not a driver issue then could it be an intermittent network issue? Mint runs fine and it doesn't hang in Safe Mode... but how about Safe Mode with Networking? When it hangs, is it connected to or dis-connected from the internet?

    I know it's possibly clutching at straws but nearly 2 years ago I repaired a laptop that crashed intermittently for no apparent reason. After a long, long time spent diagnosing and testing I was about to wipe it and re-install from scratch but checked it using Avira's Rescue System CD. Unfortunately it's a very slow scan but it found and removed malware that wasn't detected whilst the laptop was running Windows. At long last... no more intermittent crashes. Since then I've always considered processes that may be deeply hidden from Windows.

    I appreciate you've used Spybot, Malwarebytes, Emsisoft and MSE but from what I can see, none of these check for rootkit activity (although Malwarebytes now have an anti-rootkit beta available). I use GMER (now integrated into Avast AV) for a quick check as Sysinternals's Rootkit Revealer hasn't been updated since 2006 and it appears to have better detection than RootRepeal. For a more comprehensive (but slower) scan I use McAfee's RootkitRemover which has recently been updated.

    The only other thing that I can think of is overheating. To check this I used to use System Information for Windows but these days tend to use the portable version of Piriform's Speccy.

    Sorry but can't think what else it could be...

  15. #14
    New Lounger
    Join Date
    Feb 2014
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Rick, thanks for your thoughts. Doesn't hang when wired to the router rather than wireless. Has gone 7hrs with a few startup items disabled so maybe it's in there.

    I might try the Avira route because my sister did something when putting in or taking out her friend's USB stick. Time isn't an issue. I came across a rootkit scanner in one of the utilities I recently downloaded. Currently running Eset.

    It's quite a big desktop, lots of space, fans on the power supply, massive heatsink and fan on the processor and fan on the video card plus doesn't hang in other situations.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •