Windows XP SP3 random freezes (not BSOD)

[jwazevedo]

I have an aging Sony FX36a laptop updated to SP3. With increasing frequency, Windows has been freezing. The mouse and keyboard stop functioning, and the only way to get out is to turn off the power and start over. When I check the Event Viewer, I see nothing about the freeze, and there is no minidump. This happens about once every day or so (but twice today!). So how can I troubleshoot this problem?

Thanks!

Best,
Jerry

 

[mflynn]

Hi Jerry

Well lets begin with a cleanup.

Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.

Then boot to Safe Mode with Networking, and run them once more before continuing below.

Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).

Most importantly update MalwareBytes and SuperAntiSptware!

Mike

 

[kimsland]

From here: http://esupport.sony.com/US/perl/select-system.pl?PRODTYPE=24&NAVDISP=pc

# The model number is not listed in our system. This may occur with not yet released or extremely old models.
# It is a special version model. These models often end with a "/letter" (ex: SDM-HS75/B). If the version model isn't listed, check for the base model (ex: SDM-HS75).

This computer is over 7 years old !

 

[jwazevedo]

Sorry I garbled the model name. It's actually PCG-FXA36, and the Sony support page is here:

http://esupport.sony.com/US/perl/model-home.pl?mdl=PCG-FXA36&region_id=1

Mike, I've attached the logs from the 8-step program.

The computer runs AVG, Spybot S&D (resident). It has 256MB RAM. Windows is up-to-date. The freezing behavior has been very infrequent in the past, more frequent recently.

I'm trying to find a way to diagnose the freeze in the absence of any obvious logs or dumps. Hope you can help. Thanks.

Best,
Jerry

 

[kimsland]

Sorry I garbled the model name. It's actually PCG-FXA36

The computer runs AVG, Spybot S&D (resident). It has 256MB RAM..... The freezing behavior has been very infrequent in the past, more frequent recently.

Logfile of Trend Micro HijackThis v2.0.2
...
Boot mode: Safe mode

Malwarebytes' Anti-Malware 1.33
...
Scan type: Quick Scan

Yes mflynn, can you perform a miracle on this one ?
Personally I wouldn't know where to begin

Edit:

You are running a Small office/home office setup
And you have about ~ 30 Members signed up under your IP, over the 5 years you've been at TechSpot (?)

jwazevedo, why would you be using AVG8 anyway?
Wasn't this discussed fully in your last thread?
Pretty sure I said no to that, but here you are today with a Virus/Malware issue (?)

All your posts come across as someone who is technically knowledgeable (or experienced)
But sumthin aint right here Perhaps you could help me understand?
Because your above posts and logs seem... well... not you (?)
.

 

[mflynn]

Hi Jerry

Run HJT Scan only remove the below entry.
R3 - Default URLSearchHook is missing

OK no Malware so it is a system and more likely the Hardware issue. XP needs more ram than 256 and even more after SP3.

So we will attack this with cleanup and general maintenance.

We are going to Shotgun the system with most everything, so this is a long post but it is not as complex as it seems. Do it one step at a time.

The first thing I want you to do is go carefully thu Add/Remove programs and uninstall all unused programs.

Did you get and use CCleaner from the 8 Steps and run it? If not do so now.

Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.
-------------------------------------------------------------------------------------

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Recommended cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

Then reboot before continuing

Update then run SAS
Click Preferences-Repairs
Then counting down from top do the following entries
Numbers 6, 8, 11, 12, 13, 16, 18, 19, 20, 21, 23, 24 25, 26 and 27!

Then another Reboot and continue

Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

Have XP CD available in case DAF needs a file.

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here 1 at a time do the below

Flush DNS
Flush Icons
Process Idle Tasks
Reset Networking Interfaces
Reset WMI/WBEM (not reinstall)
Repair Permissions

Watch for any File not found or other errors and make note as this may lead to the fix!

Final Reboot here before continuing below.

Download AutoRuns http://technet.microsoft.com/en-us/s.../bb963902.aspx
Run it let it scan, then when it says ready at bottom left corner click File at top and then Find.

Type in the find box file not found and hit enter and delete all lines that have file not found.

There is a bunch of old stuff that M$ thought you might or would need that no longer exist or for computers that are assumed to have SCSI or AMD processors but do not or you have AMD so there is some Intel stuff!

Then look carefully through all the other entries and delete anything that you may have had but uninstalled and thought was gone. If you are sure delete these also.

Then get...

RunScanner http://technet.microsoft.com/en-us/s.../bb963902.aspx

Click Scan computer

Double click all Red lines to select, then click Item fixer and remove them.

Then click Extra stuff again select all Red lines.

Then click back to Malware hunting and Click the Item fixer again and remove these.

Same as already said on AutoRuns stuff that was assumed to be need but you do not have.

None of these items can run as the file is missing so most of the improvement you may see comes as a quicker startup as windows no longer searches or tries to load some of these. But some have noticed a faster shutdown also.

Reboot and recheck with both AutoRuns and RunScanner.

Lastly

Clean and tweak services

In services stop and disable all of the below just to get them out of the way for now for trouble shooting purposes.

Nothing is un-installed or deleted only disabled from running!

They can be put back anytime later but I would not, as none of them are needed by most home users and very few business users. Basically stuff M$ thought you should have.

Disabled uses no memory (RAM) and no CPU cycles.
Manual uses the RAM but a small amount of CPU.
Auto and not started they use even more RAM and CPU.
Auto and started even more RAM and CPU ..

Now in this case we disabling for trouble shooting purposes. But when we finish if you leave them all off until it is noticed that you need one (not likely for 99%) then it can be enabled.

Leaving these all off, then becomes a performance tweak/boost as they free some RAM and CPU cycles! Special note. If you are going to pick and choose then be aware that the small amount of RAM and CPU cycles of each one individually is not significant but as a group it is! So if you need most of them (or just think you do because you don't) then just as well enable them all)!

Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Fast User switching
Health Key and Certificate Management Service
Indexing service
Messenger
Net logon (needed only for logging on to some Domain Servers)
Net.TCP Port Sharing
NetMeeting Remote Desktop Sharing
IPsec services
QoS RSVP
Remote Registry (additionally is a security threat)
Uninterruptable power supply
Universal Plug and play
Web Client
Windows media player Network Sharing

IF you are using a wired network card and "NOT" using wireless on this computer then you can
also disable

Wireless Zero configuration

Wireless Zero configuration is only used on computers with a wireless NIC like a Laptop. Do not disable Wireless Zero configuration on a Laptop. Has nothing to do with other wireless hardware like wireless routers etc.

In short if this computer has a CAT 5 or 6 cable and no ability to connect wirelessly if that cable is unplugged, then you can disable Wireless Zero configuration.

This is not to be confused with Wired Auto Config do not disable that!

Let me know when you have finished with all the above, then run for a few days to see if we made progress!

Mike

 

[kimsland]

Download AutoRuns http://technet.microsoft.com/en-us/s.../bb963902.aspx
...
...

Then look carefully through all the other entries and delete anything that you may have had but uninstalled and thought was gone. If you are sure delete these also.

Well I'll say thorough
But a concern for Autoruns. Some of these not required auto starting items may stop the computer from running if disabled

I find Autoruns to be a very sensitive area, before disabling any item (other than "not found" entries) it's best to confirm the item specifically, you could start with Google on this. Instead of disabling any programs, always uninstall them first (preferably)

 

[mflynn]

No these are missing files and could not run even if they are in a Startup!

Can't run a missing file!

Have you recovered from your vacation yet?

Go get some coffee!

Mike

 

[kimsland]

Oh

I'm getting some coffee :chef:

 

[itguy7305]

Update Video drivers and if they the most current try the Omega Drivers. This sounds more like hardware that virus\spy issue.

http://www.omegadrivers.net/


Peace

 

[mflynn]

Good advice from itguy but don't mix it in with my post.

Do my post completely first.

Then if still issues do a restore point then update the driver advised by itguy!

Mike

 

[jwazevedo]

Thanks, Mike. I'll work through your list and report back.

Kimsland, I'm exactly who I say I am and nothing more. Can you PM me with your concerns? Thanks.

Best,
Jerry

Hi Mike,

I got this far and then got stuck:

Update then run SAS

What is SAS?


Also, two questions came up during the first part of the process.

1. KCleaner couldn't remove: c:\documents and settings\myname\cookies\index.dat

I checked the file system and in fact couldn't find a folder of that name (hidden files are set to show). So that's a mystery.

2. Do any of these steps need to be repeated under the 'administrator' account? On this computer, I have only my own account and the so-called 'administrator', which isn't listed under User Accounts but is available in safe mode. When I ran some of the tests yesterday in safe mode, I used the 'administrator' account, but now I'm running tests in standard mode and therefore under my own account. Any difference?

Thanks.

Best,
Jerry

 

[mflynn]

Appearently you skiped this step tisk, tisk, tisk or you would know tha SAS is SuperAntiSpyware and MBAM is MalwareBytes AntiMalware.

Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

This is your best chance to fix this as if it don't you will know it is hardware.

Just go carefully thu the steps at your on pace but don't skip steps.

Mike

 

[gbhall]

I think this is all a wild goose chase. At 7 years old, it would much more likely to be a hardware issue, and the obvious place to start is open the case and blow out the fluff. On standard PC's which are not able to download anything (i.e. business) they do start to randomly seize up at that age, and the reasons are :

40% shorts on video card or memory due to dust and static buildup
40% failing hard drive
10% failure of fans
5% failure of CPU paste seal to cooling fins due to 1000+ heat cycles
5% failure of power supply

That's my experience. Don't have very much experience of laptops, but clearly power pack comes much higher in that case

 

[jwazevedo]

Thanks, gb. I had the case open to install a new hard drive three months ago. Just another bit of info.

Best,
Jerry

Thanks, Mike. I didn't skip anything, but I can't always keep straight the alphabet soup of computing. I'll continue with your list now.

Best,
Jerry

 

[mflynn]

No problem just step thu it! If it does turn out to be hardware then it will be clean and fast between crashes.

Mike

 

[jwazevedo]

Mike,

I've just finished with your shotgun list, aka the wild goose chase. All went smoothly but for two exceptions. The first was the ghost cookies\index.dat file, as mentioned previously. The second glitch was while running DAF. While resetting WMI/WBEM, I got an error: "Access violation at address 77CO154D in module "version.dll" read of address 00000004". The error prevented DAF from proceeding with that fix, and I had to X out of it.

The only unexpected results were that one of these tools keeps resetting my Word options, which I find a bizarre side-effect, and the Spybot S&D resident quick launch icon has disappeared.

So the computer is clean now, and as per your suggestion I'll give it a few days and see if the frequency of freezes diminishes.

Thanks for your help.

Best,
Jerry

 

[mflynn]

Run DAF and post me its log, to the right of the hammerhead.

The index.dat is OK it was set to delete on reboot!

Mike

 

[jwazevedo]

Mike,

Here's the DAF log. You'll notice that it abruptly ends with the notice that it has registered cimwin32.dll. That's not exactly true. What actually happened was that there was that error message at the start of the 'reset wmi/wbem' process, and then DAF hung. For 15 minutes, it said that it was registering cimwin32.dll, but nothing was happening. I finally close that window and then X'ed out of DAF (saving the log just before I went). So the WMI/WBEM step never completed.

Best,
Jerry

 

[mflynn]

This will fix issues that were found by DAF!

Download Windows Resource kit: http://www.microsoft.com/downloads/...69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

After installed

Left Drag mouse and Copy for Pasting all text in the box below.
Make sure the slider bar goes to bottom from the @ to the end of the second exit.
Then paste to the black screen of an open command prompt.

@echo off

cd\"\Program Files\Windows Resource Kits"

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

@Echo =========================

@Echo Finished.

@Echo =========================

@pause
exit
exit

It may run for an hour or more give it time close it and reboot then run DAF again, it should complete now.

Mike

 

[jwazevedo]

Mike,

I downloaded subinacl.exe separately (to save some time on my dial-up) and ran your script in a CMD window. There were three "failures" reported in the HKEY_LOCAL_MACHINE arena, presumably the Windows locked files, maybe the same one that is giving DAF a fit (?). Whatever, DAF had the same error again. I can try rebooting to a DOS prompt and running the script that way to get around Windows, or maybe you have another idea. Whatever your advice, I'll do it tomorrow when I have some time. Thanks.

Best,
Jerry

 

[mflynn]

This happens so don't be concerned.

Don't do it again.

For now..

Just run for a few days to see if thr problem has improved!

Mike

 

[jwazevedo]

Will do. Thanks, Mike.

Best,
Jerry