9 replies to this topic

[rokytnji]

First off. This problem was brought to me from my Wifes friend. It has Limewire on it. It is not my Laptop and as you know I do not run Windows. It is a Acer Aspire 5670. Runs XP home SP3. I followed your steps Broni. She had Java 6 ru5 so I updated to Java 6 ru12. Scanned with Norton Corporate Edition after updating. It found nothing. Norton was off , real time protection, so after I turned it on I got this message

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan.Brisv.A!inf
File: C:\Documents and Settings\user\My Documents\Incomplete\Preview-T-5745425-marie lavoe don williams (unplugged version).mp3
Location: C:\Documents and Settings\user\My Documents\Incomplete
Computer: USER-D0EACA71DB
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Sunday, March 01, 2009 7:35:50 PM

This is gmer log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-02 00:08:46
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1628] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\Explorer.EXE[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02092E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02092C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02092C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\Explorer.EXE[760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02092C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Documents and Settings\user\Desktop\gmer.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Documents and Settings\user\Desktop\gmer.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Documents and Settings\user\Desktop\gmer.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\Documents and Settings\user\Desktop\gmer.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[1408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002E40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C20] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog@CurrentStreamLog 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog@StreamLogCount 1

---- EOF - GMER 1.0.14 ----

Mbam Log, done in safe mode

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/1/2009 8:09:35 PM
mbam-log-2009-03-01 (20-09-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 139168
Time elapsed: 28 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Hijack this Log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:26 AM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 8664 bytes


Super Anti Spyware,done in safe mode disconnected from internet, only found adware cookies so I figured from instructions I did not need to post them.
The Computer locks up right after Desktop comes up with 2 of those Windows ding sounds like after you plug in a USB drive. Jumps a round a bit with the hourglass and then locks up hard. Only thing I have fixed is the adware cookies in Superantispyware and that is it. As a side note, I finally got the mouse and keyboard to work by pulling the battery and running it just on the AC Adapter so I could post this. Also Mouse does not freeze or keys lock up in safe mode either. She has no Windows disk as I think this is one of those Laptops that come with a recovery partition. Like I said, its not mine. I feel like erasing it and installing Linux but my wife and her friend will emasculate me if I do http://www.smartestc...tyle_emoticons/default/blush.gif . I know you are laughing at this dohbar.
Started on this at 5pm my time and am just getting this posted now. I will be probably answering replies with my Linux box since this laptop is being such a pain, but any info from scans I will try to get to you.,

[Broni]

Well, we can safely assume, that Norton message was simply false positive, since none of the scans shows any sign of any infection.

Just for the kicks, you may upload Preview-T-5745425-marie lavoe don williams (unplugged version).mp3 file from C:\Documents and Settings\user\My Documents\Incomplete to http://www.virustotal.com/ for security check.
After that, since it's just incomplete download, you can delete the file.

Said that, I'm gonna move this thread to Windows XP forum, and I'm gonna post further reply there.

[Broni]

Now....

1. Please, post some computer info:
- processor type, amount of RAM (hold Windows logo key, hit Pause/Break key)
- hard drive size/free space (open "My Computer", right click on hard drive letter, click "Properties")

2. Is there any patter, or particular action present, when the laptop freezes?

3. Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Use the computer normally, and see, if it still freezes.

4. Download, and install SpeedFan: http://www.almico.com/sfdownload.php
Post your computer temperatures:



Post temps, while computer idles, keep Speedfan open, and see, if temps change, when you use the laptop.

That should be enough for now, to eliminate couple of possible causes.

[rokytnji]

Okey dokey. Will post back tomorrow Broni. Calling it a day

[rokytnji]

total Hardrive space 111 GB
used space> 33.9 GB
Free space> 77.8 GB


As you can see I am running a couple you tube windows while speedfan is running. I disabled startup. I disabled services. Windows Firewall is enabled, but this ladies kids have every box practically checked to allow anybody like limewire,facebook,you name it as a exception in firewall. All I am gonna do is tell her if that is how she is gonna run it to expect frequent breakage. I couldn.t get the marie lavoe file uploaded . All I got when I tried to upload was a window with spanish text. So I deleted file. Symantic was having a hissy fit after I moved file to desktop so I could find it easier. Kept popping up detection every 5 seconds. Now, here is what I have found on this. With Battery plugged in after disabling all startup services, mouse locks up as soon as Desktop appears-Normal mode.As soon as battery is pulled. Everything is fine again>reboot>mouse works. I.m gonna tell her to buy a battery. Whaddya think. The temps look OK and the fan runs but I never heard it kick into high speed. Vent is not exorbitantly warm or hot and neither is base of unit. It has not missed a beat since I have pulled the battery broni and deleted that one file. It has been on all day.

Some History on this Lappy. I just found out this morning. Laptop was bought used. The computer repair store here in town looked at it and told her, "Well what do you expect from a used computer". The guy there and her have done alot of business on her stuff, so I really wonder about that statement. Other people have dickered with it trying to fix it for her. You and I will not make any money troubleshooting this, just some major points with the Wife and Friends. Appreciate the help you have given me Broni. Really do. I feel creepy working on a Windows Laptop. Just like a Windows or Mac user would feel operating Linux I guess. I never got into using Windows when I powered up for the first time. I jumped into Linux at the get go. So your help is really appreciated. Thank you. http://www.smartestc...tyle_emoticons/default/bravo!.gif

EDIT; sorry about not answering earlier questions about noises. All it gives Broni is those dings (2 of them) like when you plug in a USB stick. Like a detect New hardware ding. After running Battery dead, it is now down to 1 ding and nothing freezes at the moment with Battery inserted, charging.

[rokytnji]

This is what I get after enabling all services. You know how people give you snippets of info after the fact. Well my wife just told me that the guy at the computer repair shop supposedly pulled the fan and did some soldering. On what I have no idea. I am thinking a Laptop Cooling Pad and a New Battery is all this lady is going to need. I do not like the fact that it runs in low speed without highspeed kicking in. No breakage still with Battery removed. I unistalled Highjack This, Malwarebytes, SuperAntispyware, and Gmer. Here is another screenshot while I have been typing this out with all Startups enabled. I hope you can forgive size of shots. This Keyboard is unusual because it is configured for spanish and plus I am not familiar with the screenshot software you posted in the other thread. Sorry



Edited by dobhar: Fixed screen shot. roky...the key combo "ALT" and "Print Screen" key will give you just the the Active Window..."Print Screen" give you the entire screen. You should be able to figure out what key is what by looking at one of your English keyboards. Take care dude... :)

[rokytnji]

Thats how I have been dealing with it dohbar. Thanks alot. I told it to grab just the Window with ALT and the key thats labeled DRUCK S-ABF. I even corralled my wife into trying to get it to work since she uses the latest and greatest Hardware while I keep to Obsolete Hardware. Right now I am in safe mode command prompt only on that Laptop trying to drain the battery completely, no AC on it right now. Its weird that the mouse and everything works OK only in safe mode but not in Normal mode with Battery installed. I'm hoping draining the battery might reset something in Windows Power Management maybe. Heck if I know though.

[rokytnji]

Another Update. I ran the battery down till computer shut off in Safe mode Command Prompt. Rebooted into Normal Mode and everything seems fine so far. Shutdown and rebooted a few more times to make sure it isn't a fluke. This thing uses Acer Power management instead of regular Windows XP Power management. The Lady is not coming by till Tomorrow to pick it up so I'll Post again if something new happens.

[rokytnji]

This is gonna be the last update on this problem. With dead Battery and laptop on AC adapter everything functions as it should in Normal mode bootup. As soon as battery reaches full charge and you reboot or turn on Laptop. Freezing occurs again. I feel safe now in telling her she needs to buy a new battery and if she wants, a cheap $10.00 Laptop cooling pad from Hong Kong also. People are cheap in my neck of the woods so that is what she will like to hear. She will probably run it with the battery pulled any hows. I'd call this one solved Broni. Although I see there is nothing in thread options to make it so.

[Broni]

Sorry for replying sooner, but somehow email notifications went AWOL.
However I can see, you pretty much pinpointed the problem.

...and no, we don't have any "Solved" option.