SCC

Hi. ^^ I'm having a problem lately. I'm using Windows XP SP2. My Windows keep hanging recently. The programs'll hang eventually after I start my Windows. & the cause is unknown. I'm suffering from this for quite some time already. So, really hope that u can help me out, even though I wrote a lot.


PLZ HELP ME, EVEN THOUGH I WROTE A LOT. THEY'RE ALL DETAILS IN THIS PROB. THIS MIGHT BE A NEW VIRUS OUTBREAK AS WELL. UR HELP IS VERY VERY MUCH APPRECIATED.


The hanging process is hasten when I'm connected to internet. The hanged programs cannot be killed even in Windows Task Manager. I'm using several programs that're problematic in this issue. BitComet 0.98, Windows Live Messenger 8.1 & Mozilla Firefox.

After I connected to internet, I'll usually open these programs. & these are the programs that hang in this issue. BitComet will hang 1st, then turn to Windows Live Messenger. Mozilla Firefox will then become unable to connect to internet. The BitComet & Windows Live Messenger will appear to be unable to be killed even in Windows Task Manager after they hanged up.


Symptoms

The Status Bar under Mozilla Firefox windows shows 'Stopped', but the tabs're still showing 'Loading...'. I'm suspecting some services stopping the Firefox access to internet. Might be a rootkit.

Another symptom is the Windows will appears to be locked. The logged on user after the hanging occurs cannot be logged off or switched to other user. After clicking on Log Off on Start Menu, an 'Unlock Computer' window appears. The Window includes spaces to be filled in with Windows account username & password. However, changing to other user account cannot succeed, but logging back in to the current account can be done.

Besides, Restart can't be made after the programs hang. Only pressing on the Reset button on the CPU can solve the prob, but'll occurs again eventually.


Origins

I'm suspecting this is malware or virus's prob, but I've tried scanning with Spyware Doctor & SpySweeper, both with anti-virus, no threat found.

Actually, I've encounter this prob once few months ago, after installing ZoneAlarm Pro & NOD32, both trial ver. After suspecting that this is malware or virus prob, I did a scan with NOD32.

& then...

I'm suspecting virus... The virus reacted immediately during the scan. It spoilt my system partition's MFT & MFT mirror, rendered lost of my data.
I thought this is a virus that infected from the internet, so I installed ZoneAlarm Pro again after reinstalling my Windows & the prob occurs again.

I've cancel off the possibility of NOD32 causing the prob, bcoz I thought that NOD32 causing the prob initially, & I made an image of the system partition before installing NOD32. The prob occurs after installing NOD32, so I revert back to the image I've made, but the prob still occurs. & the only new program I've installed is ZoneAlarm Pro in the image.

So, I'm suspecting ZoneAlarm Pro causes the prob, since I'm experiencing the identical prob after installing this program twice. I didn't have this prob before I installed ZoneAlarm Pro. & I dun dare to make a scan again, afraid of losing data again.


Detecting cause of hanging or high CPU usage

Btw, I can't detect wat causes the hanging in this prob. I've checked Windows Task Manager, the CPU usage is fine, & the 'System' & 'System Idle Process' processes don't act strangely as well. Juz that those programs keep hanging & can't be killed.
So, I'd like to know how to detect the cause of a PC hanging or CPU usage is keep high while I don't running any resource demanding programs. Juz want to know in case of troubleshooting this kinda prob in future.

IN CONCLUSION, I HOPE THAT U CAN HELP ME IN THIS PROB. WAT I WROTE MIGHT BE A LIL LONG, BUT PLZ DO HELP ME OUT. I'LL APPRECIATE UR ASSISTANCE VERY MUCH. THIS MIGHT BE A NEW VIRUS OUTBREAK AS WELL. SO, THX IN ADVANCE! HOPE TO HEAR FROM U SOON. ^^

SCC

Hmm... No one replying~ Can anyone, plz help me~?

GameMaster

OK, let's suspect it really is a malware issue.
Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
• Click Save to save the log file and then the log will open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

__________________
Register and participate onAnti-Hackers website and help us bring the hackers down!

SCC

Oh. Thx a lot. ^^ Here's the HJT log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:28 AM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG. EXE /SetPreload /Log
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200363860134
O17 - HKLM\System\CCS\Services\Tcpip\..\{00FF8A18-3F3C-4DC4-B7F8-300E9ACF6EB8}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{00FF8A18-3F3C-4DC4-B7F8-300E9ACF6EB8}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{00FF8A18-3F3C-4DC4-B7F8-300E9ACF6EB8}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 6301 bytes

GameMaster

Hmm this is clean. No signs of infections I was looking for.
This all points out on hardware problems.
Otherwise...anyway from now on, I no longer can help...sorry.
I am sure some1 will answer you as fast as I did so don't worry.

__________________
Register and participate onAnti-Hackers website and help us bring the hackers down!

SCC

If this log is clean, means my pc is undoubtedly clean? I guess this is a software prob.

GameMaster

OK, you mentioned you reinstalled your system. It didn't work. I am just curious, but I bet it would be the same if you reformat it.
I cannot be sure, however, I would plce 20$ it's a hardware issue. Probably a dying motherboard. To prove that, I bet soon your computer will take 5 minutes to boot ( if not so already ).

__________________
Register and participate onAnti-Hackers website and help us bring the hackers down!

2048Megabytes

What is your computer system specifications (processor, RAM)?

__________________
"Few men have virtue to withstand the highest bidder." -- George Washington

Operating Systems: 32-bit Fedora 8 Linux, 32-bit Windows Vista Service Pack 1
Processor: AMD Athlon 4000+ Socket 939
Motherboard: Foxconn 6100K8MA-RS
Memory: 2 gigabytes of PC-3200 Super Talent

SCC

Intel Core2Duo 6300 1.83GHz, NVidia 7600GT, Dual-Channel 2GB 667MHz RAM & Intel DG965RY Motherboard.

I've said before, in the 1st post, but it might not so clear, soree. I actually had this prob few months ago, after installing ZoneAlarm Pro. After reformatting, I didn't install again until recently. & I dun experience this prob all along the time I reformatted until I installed the ZoneAlarm Pro again. So, I'm suspecting ZoneAlarm Pro more.

Anyway, wat should I do to check the hardware issue? Which hardware u're suspecting?

& there's another question u havn't answer. =p If this log is clean, means my pc is undoubtedly clean?

GameMaster

Dying motherboard was my prime thought.
Then again, it's always better first to check all software issues. So please then, unninstall Zone Alarm and tell is it better.

__________________
Register and participate onAnti-Hackers website and help us bring the hackers down!