XP Home SP3 Freezes After Idling for Long Period

Techies,

I'm stumped on this one! I have a customer who had bad spyware. I removed it all, did an XP repair and then downloaded/installed MS updates. We still had an issue with his AVG when I noticed that his Norton was not completely uninstalled so I ran the Norton Removal Tool and it worked. He then called me back to say his PC is freezing if he leaves it idle for a long period of time but not always the same amount. Once he came back 32 mins and found it frozen, another time he came back 35 mins and it was still running, then he returned 2 hours later and it was frozen. I checked the screensaver and powersaver options and only hibernate was selected at 1 hour. I tested all the settings (1 min timeout) and they did not cause XP to freeze. I again checked MS for updates and found none. Also searched their knowledge base and online for anything that matched and didn't find anything that was an exact match.

Anyone here encounter this exact problem or have a useful suggestion?

TIA,
-- Andy

P.S. Forgot to mention that I checked the Event Logs and found no errors or even any non-error logs. Very strange.

P. P. S. Re-running anti-spyware utilities (Malwarebytes, Spybot)

Lets do a deep clean of Windows temps and a gentle Registry clean.

Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Download and run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install) Click Analyze then clean.
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.
----------------------------------------------------------------------------------------------------------------------
Norton is hard to remove fully and properly and can cause non apparent issues and performance issues until properly cleaned.

May be a dood idea to run this again! Norton removal tool (use this to cleanup after a normal uninstall or if it will not uninstall)
http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Then the other Norton/Symantec cleaners....

Then SymRegFix ftp://ftp.symantec.com/public/english_us_canada/tutorials/SymRegFix.exe

To download using Internet Explorer. Click the following link to download the file:

SYMMSICLEANUP.reg (ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg)

Save the file to the Windows desktop.

To download using Firefox. Right-click the following link and then click Save Link As to download the file:

SYMMSICLEANUP.reg (ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg)

then
Use same instructions for IE or FF to get the below.

IE: MSIFIX.bat (ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat)

FF: MSIFIX.bat (ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat)

Then more Norton cleaning..

To clean even more Norton paste the text inside the box below to an open command prompt.

Code:

@echo off
cd\
attrib /s c:\norton*.* >"%USERPROFILE%"\Desktop\Norton.log
attrib -h -s -r  /s c:\norton*.* 
attrib /s c:\syman*.* >"%USERPROFILE%"\Desktop\symantec.log
attrib -h -s -r  /s c:\syman*.*
del /f /q /s c:\norton*.*
del /f /q /s c:\syman*.*
exit
exit

Now look at the 2 new files on Desktop to see what was left on the HDD!

To get the rest D/L Regseeker http://www.hoverdesk.net/freeware.htm
Click its find in registry and search for norton then symantec. Then a general Regseeker clean. Do 2 Registry cleans but not in a row. Reboot between!
--------------------------------------------------------------------------------------------------------

Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).
avg

Most importantly update MalwareBytes (MBAM) and SuperAntiSpyware (SAS)!

Before you scan with either MalwareBytes or SuperAntiSpyWare do the Extra Configs below these have become most important lately

SuperAntispyware extra config

After installed double-click the icon on your desktop to run it.

Update the program definitions.

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

MalwareBytes extra config

After update but before running
Click settings and confirm all are Checked.

I repeat Update these 2 programs.

Get me the MBAM and SAS logs.

Mike

Techies,

OK, looks like the problem is solved. I decided to run SUPERAntiSpyware as it's one of my "alternates". I left it with the customer as I had to go to a doctor's aapointment. I just called him back and he said it found 24 objects, he removed them, restarted and let the computer run idle for over an hour and it hasn't froze. Looks like we got that last piece of offending spyware.

Mike (mflynn), WOW! That's quite the "no stone unturned" answer! Actaully, I was beginning to think I might have to try a registry cleaner. I try to resist using one as I find that like playing with fire. If it works, it's magic, or it can backfire and make things worse. Yes, you can undo what a registry cleaner does so you hedge the risk. But, I've only use them once in a long while, really try everything else first. Everything else is good info but I had either tried it or ruled it out. Thanks for your detailed response, I appreciate the effort to help!

-- Andy

Hi Andy

I have not been on the board for a few days, traveling for long long work days.

But!

I will bet dollars to Donuts he is not clean! A 90% chance he is not and will soon be back like he was.

I highly advise getting all the fresh logs posted back here.

Mike

Mike,

I appreciate your feedback and concern but as far as I am concerned, the job is done. Once you remove the offending spyware, the performance is restored and you move on to the next job. I leave the customer with the necesary anti-spy utils to run periodically and also explain what Internet activities that are high risk for spyware and to avoid them. That's it. If the customer gets re-infected, well, that a a re-infection. It has nothing to do with anything undetected at this time. Really, my job is done now.

-- Andy