PDA

View Full Version : Interesting problem



Ajmukon
04-19-2007, 09:52 PM
remember when i said my computer was acting slow?

Well, i fixed that problem, but now, IT is only slow for the first 24ish hours after Boot (or restart) Then it works fine!
Also, in this "slow time", the computer will randomly freeze, then perform a "post" beep, and begin again without restarting windows

Any ideas what could be causing this???

Whyzman
04-19-2007, 11:33 PM
If you have a floppy drive with this computer, I would suggest downloading the harddrive diagnostics from the harddrive manufacturer's website and also running Memtest86 http://www.memtest.org/

Paul Komski
04-19-2007, 11:53 PM
remember when i said my computer was acting slow?Don't remember - do you have a link?


Well, i fixed that problemWhat did you do to fix it?



the computer will randomly freeze, then perform a "post" beep, and begin again without restarting windows
Any BSODs and is the beep before the restart and where does it the system get to when it begins again if windows doesnt restart?

Faulty RAM (as mentioned by Whyzman) can cause just about anything. Overheating can do funny things as well. Neither of course explain why things should settle down to normal after 24hours, which would indicate something software rather than hardware related going on in the background for a day.

Ajmukon
04-20-2007, 01:18 PM
@Komski-
http://www.pcguide.com/vb/showthread.php?t=55481
link to original problem
I solved it when i performed a repair and it returned several errors from ".NET Framework" I
Ended up restoring Windows to a previous HD image'
After that,
I uninstalled the program and disabled Windows Auto-Update (another error from the repair of windows)

No BSOD, just the windows that freeze -i can't move anything- including the mouse, and i have to wait for it to "BEEP"- usually a minute.
Oh yeah, the windows leave an "after image" before it does this


@Whyzman
If this was a hardware problem, then it would be continually slow, but it isn't

hence my annoyance
(if it was a hardware problem, i would already have fixed it)

On a side note:
It has not done this in a while, but i have not changed anything

Paul Komski
04-21-2007, 01:06 AM
A repair installation is not indicated to repair an unknown software problem (or an undiagnosed hardware problem) and, in particular, is not a fix for any known or hidden malware. Repair installations are generally used when migrating to a new motherboard, or such like major hardware changes, or to regain entry to some non-booting system. You may think you have solved things by updating .NET but I would have thought this most unlikely to be the root problem (except when running specific specific programs) and in any case you are still experiencing problems.

There are a number of ways that can help one to differentiate between a software and hardware fault. One is to see if the problem persists or disappears when running is Safe Mode. Another is a new installation of an operating system. A brand new reinstallation is a good idea, using Dell's own factory image being the best idea of all. Another more extreme method is to migrate the hard-drive (or an image of it) to a new motherboard and then run a repair installation.

Since you did a repair installation you must have an installation CD so another thing you could try is a parallel installation of another instance of Windows into say a Windows2 folder on the same C drive (on an unpartitioned drive) or a new installation into a new partition; both of these would produce a dual boot menu in the process. Knoppix from a Live CD was also suggested in your other thread but not tried out.

You may think you have eliminated hardware as the source but a bad mobo, bad RAM and heat are all still easily on the cards and can all cause intermittent problems. Even a bad BIOS can cause such problems though flashing is not something I would rush to do.

If this were me I would make a smallish, 5 to 10 gig logical or primary partition at the end of the drive. Boot to the installation CD, choose new installation and install into this new partition. As long as the current system partition is unchanged Windows will set up a dual boot menu for you so you can still access your old system directly or indirectly get all your data from the new partition. Make image files of this small partition at intervals. They wont take long to make or restore and could be saved to DVD, external HDD or another internal partition.

PS We trust the installation CD is a good retail CD with its own product key? And also note that you can keep the size of any new partition (if chosen for a parallel install) smaller than normal by sharing the paging file on the current C drive.

Ajmukon
04-22-2007, 04:01 PM
Sorry for the LAG time in posting, i was away from my computer for the week
@Komski
No, the CD is a reinstall CD from DELL, and a clean install does not work, (Windows freezes after 5 restarts- even after activation, and 6 seconds after start-up )
However, i have tried Ubuntu and the problem DID NOT exist on UBUNTU
(though i can't seem to install it...)
So i have it is either a windows problem or HD (and both HD's are brand new...)

Also, it only does this IF i turn off the computer every night and turned it back on in the morning, and only after a while (as far as i can tell)

What i want to know... What should i do?

Paul Komski
04-22-2007, 04:21 PM
No, the CD is a reinstall CD from DELLReinstall CDs come in two versions. One version will run a Windows setup and the other restores from a factory image. The latter, in particular, should be used with the same original hardware that was on the PC when it came from the factory.


What should i do?Try some of the suggestions already suggested such as Knoppix and seeing if the problem persists in Safe Mode, etc, etc.

If I had a dell that gave problems following a factory reinstallation I would be strongly thinking of looking for an RMA if still within warranty.

Ajmukon
04-22-2007, 04:36 PM
@Komski
1) Knoppix (or Ubuntu) DID NOT have the problem
2) Safe mode DID NOT have the problem (One of the things DELL tried)
-should have stated that already, sorry
so i have limited this to a windows problem.

Also, i have a factory restore CD i think...
-whatever i have, Repair DOES not work
besides, i would rather fix this then wait for replacement- i NEED this computer for school/college

also, this is a different problem....although, these symptoms did exist for the original problem, i thought they were part of the original problem (I was wrong)

Variable
04-22-2007, 05:10 PM
2) Safe mode DID NOT have the problem (One of the things DELL tried)-should have stated that already, sorry



That looks like a driver and/or and application issue. Open Task Manager, click view and more columns, since the description of the problem is vague I would check them all. See what is going on when the problem happens and when it is not, look at Event Viewer for any issues that happen at the same time. Since you have no base line for a normal system it may take some time to figure out what the issue is. I would be inclined to think a driver or application is doing something not supported on the motherboard.

If you can find the offending process you can track it with Process Explorer. Several applications can use the same process.

Ajmukon
04-22-2007, 06:11 PM
Here is a picture: of normal operation::
60+ processes (i know what all of them are)


only ones out of ordinary is svchost (40k+ mem uasge, large page fault)
and mcods.exe (huge PAGE fault)
mcmscsvc.exe (Huge PAGE fault)
these two have page fault in the millions (both are Mcafee i believe)

Also:: explorer.exe has a large page fault (over 100,000)

I have already checked Process Explorer, none are virises

Variable
04-22-2007, 06:43 PM
I doubt it is a virus, what you are looking for is the application causing the issue. Page faults are not errors. I dont see a picture.

Baically, you need to view the system when it is running well and when it is experiencing the issue. When you find a likely process use process explorer to view what is running beneath it. You can also use Event Viewer to look for errors. If you see nothing out of the ordinary in Task Monitor or Event viewer then it is probably hardware related. If the machine is working fine load a newer game and run it for a few minutes and see if the issue starts.

Paul Komski
04-22-2007, 07:57 PM
As already stated a repair installation is not indicated. I wont mention it again.

If Safe Mode really runs just fine then you could try msconfig as another way of limiting what is running at start up and you might or might not get lucky and find a culprit.

Unfortunately some problems with PCs are just not black and white (as one would like them to be) and such problems can be very hard to track down.

If you cant track down a rogue process, program or driver then I would try a factory restore sooner rather than later. Then make image files periodically prior to adding new hardware/software. If after adding stuff the problems start then if rolling back to the image corrects things you have found the rogue.

I agree with variable that software looks likeliest but a hardware problem cannot be ruled out. Could the system be overheating?

Ajmukon
04-22-2007, 09:41 PM
One of the first things i checked was overheating issues- i removed the cover and put a high powered fan on it with an AC on (68 F) and the effect did not change. I figure if anything, that should have defeated any overheating issue.
Also, overheating issues usually GET WORSE with time, not BETTER

Also, All of the programs installed on the machine THAT are running in the background have NOT changed in five? months. I regularly update- that is the only change-

I apologize for a lack of picture- it would NOT let me upload them- i have a website to host them, but i have to change the format of the PIcs

http://files.myopera.com/ajmukon/albums/159130/IMGEY7P4HPHRM.jpg
http://files.myopera.com/ajmukon/albums/159130/IMGC46LXZUNI4.jpg
These are my process- anything unusual?
I did not think so... (other than what was posted before)
Also, i have read that a high number of Page Faults Can slow down programs (hence why i posted it)

Side note:
Windows Auto Update had a few "errors" as explained here:
http://swigartconsulting.blogs.com/tech_blender/2006/07/windows_update_.html
Could be the cause....

Still confused :confused: :confused:

Ajmukon
04-22-2007, 09:57 PM
Just in case:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Andrew\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

Ajmukon
04-22-2007, 09:58 PM
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170285557008
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0044281177041895) (0044281177041895mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\004428~1.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Paul Komski
04-23-2007, 03:43 AM
overheating issues usually GET WORSE with timeMaybe but are more likely when then the CPU is busy or the system OC'd.


high number of Page Faults Can slow down programsThis is effect not cause. You are more likely to have many page faults if a lot of programs are working simultaneously, if there are badly written programs running and if both the memory and the virtual memory are on the small side for what is asked from them. You can think of page faults, simplistically, not in terms of the word fault but as a software interrupt.

Both McAfee and Norton are not popular by many members here because of the way they both bloat the system and integrate themselves deeply into its workings - historically making them difficult to remove cleanly. Its up to you of course what you use for security and backup.

Ajmukon
04-23-2007, 11:50 AM
Mcafee came with the computer, for free (well, built in to the price)
Norton i got because it was the only available Back-up utility at The store for the price

Besides, those programs have been there for months now and were installed long before this "effect"

There are a few programs that i can generally rule out- SpyBot (installed 1? year ago) Mcafee( 1 year+ ago) Norton (6? months ago)

While i have not completely ruled out an overheating issue- one thing that tells me that it is not is that the FAN speed DOES NOT INCREASE (ie, is constant) while a FAN test Rev'ed the fan.

Also NOTE:
All hardware TESTs PASS (including HD, MEM, CPU, FAN, CD, DVD, GPU, etc)

So it is something within WINDOWS, and i do not understand windows at all

could something above (see HJT log) be doing this?
Please tell me- this is annoying me....

On the plus side- it has not done this in a week
It stopped doing it when i stopped turning it off every night

Paul Komski
04-23-2007, 06:34 PM
You seem convinced that this is a Windows problem but it does still have a smack of being based in hardware. In particular total freezes and spontaneous reboots are not typical of software-based problems under XP (which usually terminates bad processes or creates minidumps) though of course in the computer world just about anything is possible.

One piece of hardware not tested and that can result in such outcomes is a faulty or otherwise inadequate PSU and even loose molex connectors can cause such intermittent problems. The mobo itself can also be faulty.

I'd be amazed if you have McAfee for free - maybe a 3-month trial or something like that and personally I would never pay Symantec/Norton for their bloated utilities (in this case based on their new Ghost engine derived from Power Quest's Drive Image) when there are free or much cheaper and equally effective alternatives.

Ajmukon
04-23-2007, 09:02 PM
No, i got a 2 year subscription to mcafee with the price of my computer

Also, it is not rebooting, it is freezing and then, just Beeps, then i can move- nothing restarts, the computer FREEZES, then BEEPS, and i can move the mouse around

If it is a hardware problem, i do not know what could cause this effect.
If it was the HD, it would CRASH after it froze, if it was the Motherboard, it would not get past POST (already had a defective motherboard), If it was an inadequate PSU, the computer would detect "low power", give me a post error, and not start. If it was a faulty temperature sensor, it would not start (At least according to the DELL technicians, do not know if it is true).

Hence my conundrum, if any of the above is wrong, then tell me- i have no clue how much my PSU is rated for- and no idea how to find out

Paul Komski
04-24-2007, 03:20 AM
How much would the computer have cost if you hadn't included a subscription? (That was a rhetorical question BTW).

Motherboard problems (eg bad BIOS or leaky capacitors) can have far more subtle effects than just failures to POST.

The OEMs notoriously supply barely sufficient and low cost PSUs. If you value your equipment then spending the money you spent on Norton on a good brand PSU would have been a far wiser choice IMHO. Its not the hardest part to swap in and then have the original as a "spare tyre".

If you are convinced that this is a Windows problem (and it seems you remain unlikely to change that view) then a factory reinstallation is your best way forward.

Whyzman
04-24-2007, 09:51 AM
I would still encourage running at least memtest86...for this reason; To some degree you are putting a load on the system in a pre-Windows environment. If you're not interested in checking the RAM, perhaps just letting it idle in BIOS/setup with the temp monitoring screen up might reveal a weakness...

Just a thought...

We've seen some pretty weird stuff, seemingly unrelated.

When I had a harddrive going south, computer activity was really bizarre. It would boot, but slow...it would freeze...nothing was really distinctive. Running a harddrive diagnostic, just removes a variable that could possibly be involved....

Ajmukon
04-24-2007, 11:13 AM
I ran a HD diagnostics, many times :rolleyes:; nothing was wrong on both drives

I will run memtest86 if you tell me how....:confused:

I will run the Motherboard tests again...

AND

How do i check to see if the PSU is the culprit?:confused:


If these tests reveal no problems, what then?

Also, in order to buy the PC, i had to include some form of Antivirus, and the 2 year subscription did not add anything to the price.. but it was a year ago, and my memory is not all that good;)

Paul Komski
04-24-2007, 01:01 PM
Also, in order to buy the PC, i had to include some form of Antivirus, and the 2 year subscription did not add anything to the price.. but it was a year ago, and my memory is not all that goodConsider Avast or AVG in the future maybe - it's not mandatory to purchase subscriptions when customising a Dell purchase to my knowledge.

How do i check to see if the PSU is the culprit?
As I said "Its not the hardest part to swap in and then have the original as a spare tyre".

Ajmukon
04-24-2007, 01:19 PM
I do not have a spare PSU--
and i am unwilling to replace a component that i am unsure if it is at fault if i have to buy a new part- but i will look around for prices- is there any way i can determine the power rating of the PSU- i thought you could do it by looking at it and reading the label


I bought the PC a long time ago, it might have been a "freebe" promotion- it was a long time ago, but the point is, Mcafee has been there since the start and this problem only started a few weeks ago

Paul Komski
04-24-2007, 05:10 PM
The make and the quality is what really matters. The power rating must, of course, still be adequate for the system in question. Skimping on a PSU (as all the OEMs do) is just another reason for a DIY build.

eg "There is nothing more important than choosing the right PSU for your computer ... (http://www.pcreviews.com.au/2krig.htm)"

PS
Freebie and Dell are very unlikely to ever be in the same sentence. What Dell do very very well is their marketing.

Ajmukon
04-24-2007, 06:44 PM
Okay- i will check about replacing the PSU

If it does not work, i will repost here- but it will not be for at least a month- got to find one, get money for it, and buy it- might take some time

I have added a post to the "Cases" forum to ask about three different PSU

http://www.pcguide.com/vb/showthread.php?p=344656#post344656

Whyzman
04-25-2007, 12:07 AM
Memtest86... Do you have a floppy drive? If so, it can be downloaded and put onto a floppy disk. If you do not have a floppy drive you can burn to CD and run from there...

My first thought though, is to let it idle in Setup, turned to the temp monitor or voltage page and see if it goes beserk...

If the PSU is ailing, it just might tip its hat even though it's just idling...

http://www.memtest.org/

Ajmukon
04-25-2007, 12:23 PM
I do not have a temp monitor or Voltage page.. at least i don't think i do

I will run memtest86 probably this weekend (when i can restart my computer and not worry about its speed) and i WILL post back the results

thanks for the LINK!!

Whyzman
04-25-2007, 07:05 PM
Memtest loads before Windows is involved... If you believe that Windows might be complicit with your speed problems...not to worry, as Memtest uses DOS.

Ajmukon
04-25-2007, 07:30 PM
I know, but WHAT is a temp monitor or Voltage page?
- is it something within MEMTEST86?

Whyzman
04-25-2007, 07:34 PM
Temp or voltage on most motherboards you can find monitoring in SETUP/BIOS.

I'm not sure how to get into Setup on a Dell...usually, immediately after hitting the power button you begin to tap the Delete key and you will be able to get into the Setup/BIOS. If you check on the various pages you may just find what we're looking for...

Ajmukon
04-25-2007, 08:38 PM
apparently it does not exist on a DELL bios cause i never saw any page like that
-But i WILL look ;)

Whyzman
04-25-2007, 09:01 PM
Hmmm...also, Dell BIOS might be F2

Ajmukon
04-25-2007, 09:19 PM
it is, i have been into the Bios to apply a security lock on it to prevent changes

But i never saw anything about temp or Voltage
Not even in the logs

Whyzman
04-25-2007, 09:29 PM
Well...it is a Dell :D

Ajmukon
04-25-2007, 09:38 PM
Well...it is a Dell :D
Well said- can't argue with that

Ajmukon
04-26-2007, 09:59 PM
Now, i am not sure if they are related...

But just now (like 5 min before posting), my "Winsock" had an error and had to be reset to the original configuration- which requiered a restart- I could not connect to the Internet....
:confused:....

By the way.. the original "effect" is gone now....
:D (VERRY HAPPY INDEED)

Also :confused:...

Ajmukon
04-29-2007, 11:59 PM
memtest did not find any problems...
oh yeah, the problem returned yesterday,
And today, after startup, it will not let me connect the first time i opened FIREFOX...

AT startup, i have 2 processes that i do not think belong

00533~1.exe (i tried very quikly to write this down, but it disappeared before i could write it down fully, so this is not exact)

AND
MOM.exe

Paul Komski
04-30-2007, 02:58 AM
Sounds like it could be Spyware.Mom (http://www.symantec.com/smb/security_response/writeup.jsp?docid=2006-021614-3013-99&tabid=2) and if you have one perhaps you have more than one.

Ajmukon
04-30-2007, 11:36 AM
I am going to run Symantec internet scan...
i will report back here if it finds anything. THANKS Paul!!

EDIT:
If that does not work, what do i do??
Please Help!!!
EDIT:
MOM.exe looks like it is part of ATI control system
at least that is the folder it is in...
also, when i went to type my password in to log on my PC, it already typed it in, and would not let me delete it (backspace would not get rid of the last letter)

Do you want a HJT log (i have updated some drivers, and programs since the last HJT log- a vain attempt to end the problem)

Ajmukon
04-30-2007, 12:05 PM
New HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:53:01 AM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HighJAck THIS!\HijackThis.exe

Ajmukon
04-30-2007, 12:06 PM
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170285557008
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Ajmukon
04-30-2007, 12:06 PM
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Paul Komski
04-30-2007, 03:31 PM
mom.exe could be part of catalyst and could be spyware however exes with random and numerical names are quite commonly malware.

I'm not a security expert so suggest you post a specific question in the security forum with a link back to this thread if you think that would be helpful.

Ajmukon
04-30-2007, 03:32 PM
okay- i will!
Thanks for all of your help!