XP Home SP2 freezes after desktop and tray icons are loaded successfully?

[kimiraikkonen]

Sometimes and lately frequently, After system desktop and tray icons
are loaded successfuly, the computer freezes (Acer Aspire 3004WLCI)
and after that freeze i cannot launch apps like IE6,7, MSN 7.5, WLM8
etc also control panel.

Doing ctrl-alt-del does not help, the cpu usage is %0 or 1,
terminating some exe files does not help.


The only thing i can do is pressing power button more than 4 seconds
to close computer via emergency shutdown.


I couldn't find out. This problem will drive me crazy!!! I tried
plenty configuration of services(i set some services 'automatic'
which
are started although they are set to 'manual')


I simplified progams via add-remove.


I run updated version of McAfee8 and found no viruses.


My hijackThis report is this also:
[Y] Logfile of HijackThis v1.99.1 - This should be the newest version.
[WINXP] Platform: Windows XP SP2 (WinNT 5.01.2600) -
[Y] MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) - This should
be the newest version.
[Y] C:\WINDOWS\System32\smss.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\winlogon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\services.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\lsass.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\spoolsv.exe - This entry was classified from
our visitors as good.
[Y] C:\Program Files\Adobe\Photoshop Elements
4.0\PhotoshopElementsFileAgent.exe - Adobe Photoshop Elements
[Y] C:\Acer\eManager\anbmServ.exe - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Network Associates\Common Framework
\FrameworkService.exe -
[AVSCAN] C:\Program Files\Network Associates\VirusScan\mcshield.exe -
McAfee VirusScan
[Y] C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -
[Y] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -
Machine Debug Manager. Used by developers.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\Explorer.EXE - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -
[Y] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -
[Y] C:\WINDOWS\SOUNDMAN.EXE - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\AGRSMMSG.exe - SoftModem Messaging Applet
[Y] C:\WINDOWS\system32\Rundll32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\keyhook.exe -
[Y] C:\Program Files\Arcade\PCMService.exe - PowerCinema
[Y] C:\Program Files\Launch Manager\QtZgAcer.EXE - Acer Launch Manager
[Y] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe - Part
of Adobe Phothoshop
[Y] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE -
[Y] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
-
[Y] C:\Program Files\Common Files\Network Associates\TalkBack
\tbmon.exe - Network Associates / McAfee VirusScan Enterprise Corp.
Version
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\ctfmon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\sistray.exe - SIS Vga Card Driver
[Y] C:\Acer\Empowering Technology\eRecovery\Monitor.exe - Acer
eRecovery
[Y] C:\Program Files\Internet Explorer\iexplore.exe - This entry was
classified from our visitors as good.
[Y] C:\Documents and Settings\Kemal\Desktop\HijackThis.exe - Remember
that Hijackthis must be run in an own folder. Only if Hijackthis run
in an own folder it will create backups!Tool, mit dem sie dieses
Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:
\Programme\HijackThis\HijackThis.exe
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer
\Main,Default_Page_URL = http://global.acer.com - This page has been
identified as safe.
[Y] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll - AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat
reader, http://www.adobe.com/products/acrobat/re adstep2.html
[Y] O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar1.dll -
googletoolbar.dll, googletoolbar*.dll (* = number),
googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. -
Google toolbar, http://toolbar.google.com/
[Y] O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Toolbar\01.01.2607.0\tr-tr\msntb.dll -
Msntb.dll - MSN Toolbar, http://toolbar.msn.com/
[Y] O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar1.dll - googletoolbar.dll,
googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll,
googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll -
Google Toolbar
[Y] O4 - HKLM\..\Run: [LaunchApp] Alaunch - Unknown application.This
entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP
\SynTPLpr.exe - Synaptics touchpad driver helper. Required for
touchpad features to work
[Y] O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP
\SynTPEnh.exe -
[Y] O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - Not dangerous, but
unnecessary.This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe - IBM AMR modem driver
[Y] O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent -
Dynamic link library for setting Power Scheme
[Y] O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS
\system32\keyhook.exe -
[Y] O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME
\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - Not dangerous,
but unnecessary.Part of MS Input Method Editor which is used to ease
the input of Asian characters in MS Office (Chinese, Korean and this
one is Japanese)
[Y] O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT
\ImScInst.exe /SYNC -
[Y] O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /SYNC - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /IMEName - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade
\PCMService.exe" - In a Dell\Media Experience sub-directory
[Y] O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager
\QtZgAcer.EXE - Acer Launch Manager - on Acer laptops it allows users
to configure shortcut keys and to set the operating state of the WLAN
module and the (optional) Bluetooth radio
[Y] O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology
\eRecovery\Monitor.exe - Acer Empowering Technology eRecovery
[Y] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
\Photoshop Elements 4.0\apdproxy.exe" - Not dangerous, but
unnecessary.Part of Adobe's Photoshop Album or Photoshop Elements
packages - starts each time you connect an external image device to
your PC (see here)
[Y] O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates
\VirusScan\SHSTAT.EXE" /STANDALONE - From McAfee VirusScan NT 4.x.
Handles program communication among VShield components, displays
VShield icon. Can be started automatically or available via Start ->
Programs
[Y] O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey -
Associated with McAfee Enterprise 7.0.0. Updater for McAfee anti-virus
and security programs.
[Y] O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:
\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" -
Network Associates Error Reporting Tool - tool traps errors and
requests submission to NAI for the purpose of betatesting new
software
[?] O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe
P0870Pin.dll,RunDLL32EP 513 - Unknown application.
[?] O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe
V0060Pin.dll,RunDLL32EP 513 - Unknown application.
[Y] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime - Not dangerous, but unnecessary.QuickTime
[Y] O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe -
Office related
[Y] O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 -
AdobeUpdateManager
[Y] O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS
\system32\sistray.exe - System Tray icon for SiS based graphics. Note
- this resides in C:\Windows\System
[Y] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files
\Microsoft Office\Office10\OSA.EXE - Not dangerous, but
unnecessary.Application which launches common MS Office components to
help speed up the launch of Office programs. It's somewhat of a
resource hog
[Y] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - Not dangerous, but
unnecessary.Speeds up the time it takes to load the Adobe Reader
application. Your choice
[Y] O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program
Files\Common Files\Autodesk Shared\acstart16.exe - Preloads some
libraries that are used by AutoCAD in order to make the software load
faster
[Y] O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html - The entry &Google
Search has been identified as safe.
[Y] O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html - The entry
&Translate English Word has been identified as safe.
[Y] O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html - The entry Backward
Links has been identified as safe.
[Y] O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html - The entry Cached
Snapshot of Page has been identified as safe.
[Y] O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 - The entry E&xport
to Microsoft Excel has been identified as safe.
[Y] O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html - The entry Similar
Pages has been identified as safe.
[Y] O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html - The
entry Translate Page into English has been identified as safe.
[N] O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file
missing) - Unnecessary (deactivated) entry that can be fixed.The entry
has been identified as safe.
[N] O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
\xpnetdiag.exe (file missing) - Unnecessary (deactivated) entry that
can be fixed.The entry @xpsp3res.dll, has been identified as safe.
[Y] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe - The entry
Messenger has been identified as safe.
[Y] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -
The entry Windows Messenger has been identified as safe.
[?] O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF}
(SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX
Basic) - http://bes.anadoluhayat.com.tr/emeklilik/ScriptX.cab - Check
if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O16 - DPF: {1CD42208-BDFD-42DB-BCAD-25A25F91B1C6} (FinAChart
Control) - http://www.ataonline.com.tr/program/achart/FinAChartPro.cab
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[Y] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/
x86/client/muweb_site.cab?1152362812843 - This entry has been
identified as safe.
[Y] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/
swflash.cab - This entry has been identified as safe.
[?] O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920}
(JaguarEditControl-ISBANK) - https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISB.CAB
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O17 - HKLM\System\CCS\Services\Tcpip\..\{5DF78559-
A647-4B58-9492-0DEF721E66C8}: NameServer = 195.175.39.39,195.175.39.40
- Do you know the IP or Domain '195.175.39.39,195.175.39.40'? If not,
fix this entry.
[?] O17 - HKLM\System\CCS\Services\Tcpip\..\{6B84EBD8-34BD-436F-
A0A2-9CA8D13DF654}: NameServer = 193.140.83.251 - Do you know the IP
or Domain '193.140.83.251'? If not, fix this entry.
[Y] O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) - This entry has
been identified as safe.This entry was classified from our visitors as
good.
[Y] O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
- Windows Genuine Advantage Notification
[Y] O23 - Service: Adobe Active File Monitor V4
(AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe
\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe - This service
(PhotoshopElementsFileAgent.exe) was identified as a good one.
[Y] O23 - Service: Notebook Manager Service (anbmService) - OSA
Technologies Inc. - C:\Acer\eManager\anbmServ.exe - This service
(anbmServ.exe) was identified as a good one.
[Y] O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe - This
service (AdskScSrv.exe) was identified as a good one.
[Y] O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common Files\InstallShield
\Driver\11\Intel 32\IDriverT.exe - This service (IDriverT.exe) was
identified as a good one.
[Y] O23 - Service: McAfee Framework Service (McAfeeFramework) -
Network Associates, Inc. - C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe - This service (FrameworkService.exe)
was identified as a good one.
[AVSCAN] O23 - Service: Network Associates McShield (McShield) -
Network Associates, Inc. - C:\Program Files\Network Associates
\VirusScan\mcshield.exe - This service (mcshield.exe) was identified
as a good one.
[Y] O23 - Service: Network Associates Task Manager (McTaskManager) -
Network Associates, Inc. - C:\Program Files\Network Associates
\VirusScan\vstskmgr.exe - This service (vstskmgr.exe) was identified
as a good one.

Any useful help is appreciated.


Thank you...

 

[Guest]

I think I'm suffering the same type of thing. sometimes after startup, but
frequently when checking email (dialup) with Outlook 2003. Just in the last
week or two, the system started freezing. Unable to start any programs.
But, if I wait about 5 -10 minutes, the system will suddenly unfreeze, and
all the apps that I tried to start come up one after the other. This usually
occurs after trying to start 'one last program' after a few minutes delay.

If taskmanager is running from before the freeze, it is helpful. I noticed a
process: MDM.exe that had not been running on my computer before, and closed
it. It worked once, but I'm not sure it is the true source of the problem.
It seems to be some kind of debugging program, but have never heard of it,
nor do I know what it is supposed to do.

Sometimes and lately frequently, After system desktop and tray icons
are loaded successfuly, the computer freezes (Acer Aspire 3004WLCI)
and after that freeze i cannot launch apps like IE6,7, MSN 7.5, WLM8
etc also control panel.

Doing ctrl-alt-del does not help, the cpu usage is %0 or 1,
terminating some exe files does not help.


The only thing i can do is pressing power button more than 4 seconds
to close computer via emergency shutdown.


I couldn't find out. This problem will drive me crazy!!! I tried
plenty configuration of services(i set some services 'automatic'
which
are started although they are set to 'manual')


I simplified progams via add-remove.


I run updated version of McAfee8 and found no viruses.


My hijackThis report is this also:
[Y] Logfile of HijackThis v1.99.1 - This should be the newest version.
[WINXP] Platform: Windows XP SP2 (WinNT 5.01.2600) -
[Y] MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) - This should
be the newest version.
[Y] C:\WINDOWS\System32\smss.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\winlogon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\services.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\lsass.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\spoolsv.exe - This entry was classified from
our visitors as good.
[Y] C:\Program Files\Adobe\Photoshop Elements
4.0\PhotoshopElementsFileAgent.exe - Adobe Photoshop Elements
[Y] C:\Acer\eManager\anbmServ.exe - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Network Associates\Common Framework
\FrameworkService.exe -
[AVSCAN] C:\Program Files\Network Associates\VirusScan\mcshield.exe -
McAfee VirusScan
[Y] C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -
[Y] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -
Machine Debug Manager. Used by developers.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\Explorer.EXE - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -
[Y] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -
[Y] C:\WINDOWS\SOUNDMAN.EXE - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\AGRSMMSG.exe - SoftModem Messaging Applet
[Y] C:\WINDOWS\system32\Rundll32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\keyhook.exe -
[Y] C:\Program Files\Arcade\PCMService.exe - PowerCinema
[Y] C:\Program Files\Launch Manager\QtZgAcer.EXE - Acer Launch Manager
[Y] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe - Part
of Adobe Phothoshop
[Y] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE -
[Y] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
-
[Y] C:\Program Files\Common Files\Network Associates\TalkBack
\tbmon.exe - Network Associates / McAfee VirusScan Enterprise Corp.
Version
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\ctfmon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\sistray.exe - SIS Vga Card Driver
[Y] C:\Acer\Empowering Technology\eRecovery\Monitor.exe - Acer
eRecovery
[Y] C:\Program Files\Internet Explorer\iexplore.exe - This entry was
classified from our visitors as good.
[Y] C:\Documents and Settings\Kemal\Desktop\HijackThis.exe - Remember
that Hijackthis must be run in an own folder. Only if Hijackthis run
in an own folder it will create backups!Tool, mit dem sie dieses
Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:
\Programme\HijackThis\HijackThis.exe
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer
\Main,Default_Page_URL = http://global.acer.com - This page has been
identified as safe.
[Y] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll - AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat
reader, http://www.adobe.com/products/acrobat/re adstep2.html
[Y] O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar1.dll -
googletoolbar.dll, googletoolbar*.dll (* = number),
googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. -
Google toolbar, http://toolbar.google.com/
[Y] O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Toolbar\01.01.2607.0\tr-tr\msntb.dll -
Msntb.dll - MSN Toolbar, http://toolbar.msn.com/
[Y] O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar1.dll - googletoolbar.dll,
googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll,
googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll -
Google Toolbar
[Y] O4 - HKLM\..\Run: [LaunchApp] Alaunch - Unknown application.This
entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP
\SynTPLpr.exe - Synaptics touchpad driver helper. Required for
touchpad features to work
[Y] O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP
\SynTPEnh.exe -
[Y] O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - Not dangerous, but
unnecessary.This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe - IBM AMR modem driver
[Y] O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent -
Dynamic link library for setting Power Scheme
[Y] O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS
\system32\keyhook.exe -
[Y] O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME
\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - Not dangerous,
but unnecessary.Part of MS Input Method Editor which is used to ease
the input of Asian characters in MS Office (Chinese, Korean and this
one is Japanese)
[Y] O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT
\ImScInst.exe /SYNC -
[Y] O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /SYNC - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /IMEName - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade
\PCMService.exe" - In a Dell\Media Experience sub-directory
[Y] O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager
\QtZgAcer.EXE - Acer Launch Manager - on Acer laptops it allows users
to configure shortcut keys and to set the operating state of the WLAN
module and the (optional) Bluetooth radio
[Y] O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology
\eRecovery\Monitor.exe - Acer Empowering Technology eRecovery
[Y] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
\Photoshop Elements 4.0\apdproxy.exe" - Not dangerous, but
unnecessary.Part of Adobe's Photoshop Album or Photoshop Elements
packages - starts each time you connect an external image device to
your PC (see here)
[Y] O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates
\VirusScan\SHSTAT.EXE" /STANDALONE - From McAfee VirusScan NT 4.x.
Handles program communication among VShield components, displays
VShield icon. Can be started automatically or available via Start ->
Programs
[Y] O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey -
Associated with McAfee Enterprise 7.0.0. Updater for McAfee anti-virus
and security programs.
[Y] O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:
\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" -
Network Associates Error Reporting Tool - tool traps errors and
requests submission to NAI for the purpose of betatesting new
software
[?] O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe
P0870Pin.dll,RunDLL32EP 513 - Unknown application.
[?] O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe
V0060Pin.dll,RunDLL32EP 513 - Unknown application.
[Y] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime - Not dangerous, but unnecessary.QuickTime
[Y] O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe -
Office related
[Y] O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 -
AdobeUpdateManager
[Y] O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS
\system32\sistray.exe - System Tray icon for SiS based graphics. Note
- this resides in C:\Windows\System
[Y] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files
\Microsoft Office\Office10\OSA.EXE - Not dangerous, but
unnecessary.Application which launches common MS Office components to
help speed up the launch of Office programs. It's somewhat of a
resource hog
[Y] O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - Not dangerous, but
unnecessary.Speeds up the time it takes to load the Adobe Reader
application. Your choice
[Y] O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program
Files\Common Files\Autodesk Shared\acstart16.exe - Preloads some
libraries that are used by AutoCAD in order to make the software load
faster
[Y] O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html - The entry &Google
Search has been identified as safe.
[Y] O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html - The entry
&Translate English Word has been identified as safe.
[Y] O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html - The entry Backward
Links has been identified as safe.
[Y] O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html - The entry Cached
Snapshot of Page has been identified as safe.
[Y] O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 - The entry E&xport
to Microsoft Excel has been identified as safe.
[Y] O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html - The entry Similar
Pages has been identified as safe.
[Y] O8 - Extra context menu item: Translate Page into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html - The
entry Translate Page into English has been identified as safe.
[N] O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file
missing) - Unnecessary (deactivated) entry that can be fixed.The entry
has been identified as safe.
[N] O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-
d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic
\xpnetdiag.exe (file missing) - Unnecessary (deactivated) entry that
can be fixed.The entry @xpsp3res.dll, has been identified as safe.
[Y] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe - The entry
Messenger has been identified as safe.
[Y] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe -
The entry Windows Messenger has been identified as safe.
[?] O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF}
(SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX
Basic) - http://bes.anadoluhayat.com.tr/emeklilik/ScriptX.cab - Check
if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O16 - DPF: {1CD42208-BDFD-42DB-BCAD-25A25F91B1C6} (FinAChart
Control) - http://www.ataonline.com.tr/program/achart/FinAChartPro.cab
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[Y] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl
Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/
x86/client/muweb_site.cab?1152362812843 - This entry has been
identified as safe.
[Y] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/
swflash.cab - This entry has been identified as safe.
[?] O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920}
(JaguarEditControl-ISBANK) - https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISB.CAB
- Check if you know this site and fix it if you do not.Unknown ActiveX-
Objects, or ActiveX-Objects from unknown sites should always be fixed.
If the name of the ActiveX-Object or the URL contains the words
'dialer', 'casino', 'free plugin' etc, it should be fixed!
[?] O17 - HKLM\System\CCS\Services\Tcpip\..\{5DF78559-
A647-4B58-9492-0DEF721E66C8}: NameServer = 195.175.39.39,195.175.39.40
- Do you know the IP or Domain '195.175.39.39,195.175.39.40'? If not,
fix this entry.
[?] O17 - HKLM\System\CCS\Services\Tcpip\..\{6B84EBD8-34BD-436F-
A0A2-9CA8D13DF654}: NameServer = 193.140.83.251 - Do you know the IP
or Domain '193.140.83.251'? If not, fix this entry.
[Y] O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) - This entry has
been identified as safe.This entry was classified from our visitors as
good.
[Y] O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
- Windows Genuine Advantage Notification
[Y] O23 - Service: Adobe Active File Monitor V4
(AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe
\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe - This service
(PhotoshopElementsFileAgent.exe) was identified as a good one.
[Y] O23 - Service: Notebook Manager Service (anbmService) - OSA
Technologies Inc. - C:\Acer\eManager\anbmServ.exe - This service
(anbmServ.exe) was identified as a good one.
[Y] O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe - This
service (AdskScSrv.exe) was identified as a good one.
[Y] O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common Files\InstallShield
\Driver\11\Intel 32\IDriverT.exe - This service (IDriverT.exe) was
identified as a good one.
[Y] O23 - Service: McAfee Framework Service (McAfeeFramework) -
Network Associates, Inc. - C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe - This service (FrameworkService.exe)
was identified as a good one.
[AVSCAN] O23 - Service: Network Associates McShield (McShield) -
Network Associates, Inc. - C:\Program Files\Network Associates
\VirusScan\mcshield.exe - This service (mcshield.exe) was identified
as a good one.

 

[kimiraikkonen]

I think I'm suffering the same type of thing. sometimes after startup, but
frequently when checking email (dialup) with Outlook 2003. Just in the last
week or two, the system started freezing. Unable to start any programs.
But, if I wait about 5 -10 minutes, the system will suddenly unfreeze, and
all the apps that I tried to start come up one after the other. This usually
occurs after trying to start 'one last program' after a few minutes delay..

If taskmanager is running from before the freeze, it is helpful. I noticed a
process: MDM.exe that had not been running on my computer before, and closed
it. It worked once, but I'm not sure it is the true source of the problem.
It seems to be some kind of debugging program, but have never heard of it,
nor do I know what it is supposed to do.

Sometimes and lately frequently, After system desktop and tray icons
are loaded successfuly, the computer freezes (Acer Aspire 3004WLCI)
and after that freeze i cannot launch apps like IE6,7, MSN 7.5, WLM8
etc also control panel.

Doing ctrl-alt-del does not help, the cpu usage is %0 or 1,
terminating some exe files does not help.

The only thing i can do is pressing power button more than 4 seconds
to close computer via emergency shutdown.

I couldn't find out. This problem will drive me crazy!!! I tried
plenty configuration of services(i set some services 'automatic'
which
are started although they are set to 'manual')

I simplified progams via add-remove.

I run updated version of McAfee8 and found no viruses.

My hijackThis report is this also:
[Y] Logfile of HijackThis v1.99.1 - This should be the newest version.
[WINXP] Platform: Windows XP SP2 (WinNT 5.01.2600) -
[Y] MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) - This should
be the newest version.
[Y] C:\WINDOWS\System32\smss.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\winlogon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\services.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\lsass.exe - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\System32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\spoolsv.exe - This entry was classified from
our visitors as good.
[Y] C:\Program Files\Adobe\Photoshop Elements
4.0\PhotoshopElementsFileAgent.exe - Adobe Photoshop Elements
[Y] C:\Acer\eManager\anbmServ.exe - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Network Associates\Common Framework
\FrameworkService.exe -
[AVSCAN] C:\Program Files\Network Associates\VirusScan\mcshield.exe -
McAfee VirusScan
[Y] C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -
[Y] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -
Machine Debug Manager. Used by developers.
[Y] C:\WINDOWS\system32\svchost.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\Explorer.EXE - This entry was classified from our
visitors as good.
[Y] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -
[Y] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -
[Y] C:\WINDOWS\SOUNDMAN.EXE - This entry was classified from our
visitors as good.
[Y] C:\WINDOWS\AGRSMMSG.exe - SoftModem Messaging Applet
[Y] C:\WINDOWS\system32\Rundll32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\keyhook.exe -
[Y] C:\Program Files\Arcade\PCMService.exe - PowerCinema
[Y] C:\Program Files\Launch Manager\QtZgAcer.EXE - Acer Launch Manager
[Y] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe - Part
of Adobe Phothoshop
[Y] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE -
[Y] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
-
[Y] C:\Program Files\Common Files\Network Associates\TalkBack
\tbmon.exe - Network Associates / McAfee VirusScan Enterprise Corp.
Version
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\RunDLL32.exe - RUNDLL32 is the Microsoft
Windows program that loads DLLs into memory so that they can be used
by specific programs or by Windows.
[Y] C:\WINDOWS\system32\ctfmon.exe - This entry was classified from
our visitors as good.
[Y] C:\WINDOWS\system32\sistray.exe - SIS Vga Card Driver
[Y] C:\Acer\Empowering Technology\eRecovery\Monitor.exe - Acer
eRecovery
[Y] C:\Program Files\Internet Explorer\iexplore.exe - This entry was
classified from our visitors as good.
[Y] C:\Documents and Settings\Kemal\Desktop\HijackThis.exe - Remember
that Hijackthis must be run in an own folder. Only if Hijackthis run
in an own folder it will create backups!Tool, mit dem sie dieses
Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:
\Programme\HijackThis\HijackThis.exe
[Y] R1 - HKLM\Software\Microsoft\Internet Explorer
\Main,Default_Page_URL =http://global.acer.com- This page has been
identified as safe.
[Y] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll - AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat
reader,http://www.adobe.com/products/acrobat/readstep2.html
[Y] O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar1.dll -
googletoolbar.dll, googletoolbar*.dll (* = number),
googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. -
Google toolbar,http://toolbar.google.com/
[Y] O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Toolbar\01.01.2607.0\tr-tr\msntb.dll -
Msntb.dll - MSN Toolbar,http://toolbar.msn.com/
[Y] O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar1.dll - googletoolbar.dll,
googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll,
googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll -
Google Toolbar
[Y] O4 - HKLM\..\Run: [LaunchApp] Alaunch - Unknown application.This
entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP
\SynTPLpr.exe - Synaptics touchpad driver helper. Required for
touchpad features to work
[Y] O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP
\SynTPEnh.exe -
[Y] O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - Not dangerous, but
unnecessary.This entry was classified from our visitors as good.
[Y] O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe - IBM AMR modem driver
[Y] O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent -
Dynamic link library for setting Power Scheme
[Y] O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS
\system32\keyhook.exe -
[Y] O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME
\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - Not dangerous,
but unnecessary.Part of MS Input Method Editor which is used to ease
the input of Asian characters in MS Office (Chinese, Korean and this
one is Japanese)
[Y] O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT
\ImScInst.exe /SYNC -
[Y] O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /SYNC - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT
\TINTSETP.EXE /IMEName - Not dangerous, but unnecessary.Part of
Microsoft's Input Message Editor (IME) for translating Japanese/
Chinese text in IE
[Y] O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade
\PCMService.exe" - In a Dell\Media Experience sub-directory
[Y] O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager
\QtZgAcer.EXE - Acer Launch Manager - on Acer laptops it allows users
to configure shortcut keys and to set the operating state of the WLAN
module and the (optional) Bluetooth radio
[Y] O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology
\eRecovery\Monitor.exe - Acer Empowering Technology eRecovery
[Y] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
\Photoshop Elements 4.0\apdproxy.exe" - Not dangerous, but
unnecessary.Part of Adobe's Photoshop Album or Photoshop Elements
packages - starts each time you connect an external image device to
your PC (see here)
[Y] O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates
\VirusScan\SHSTAT.EXE" /STANDALONE - From McAfee VirusScan NT 4.x.
Handles program communication among VShield components, displays
VShield icon. Can be started automatically or available via Start ->
Programs
[Y] O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network
Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey -
Associated with McAfee Enterprise 7.0.0. Updater for McAfee anti-virus
and security programs.
[Y] O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:
\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" -
Network Associates Error Reporting Tool - tool traps errors and
requests submission to NAI for the purpose of betatesting new
software
[?] O4 - HKLM\..\Run: [PD0870 STISvc] RunDLL32.exe
P0870Pin.dll,RunDLL32EP 513 - Unknown application.
[?] O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe
V0060Pin.dll,RunDLL32EP 513 - Unknown application.
[Y] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe"

...

read more »- Hide quoted text -

- Show quoted text -

MKSafer, i agree you with exactly the same situation. I have MDM.exe
everyboot now i disabled it from msconfig and we will see if anything
changes.

Thanks.

 

[kimiraikkonen]

MKSafer, i agree you with exactly the same situation. I have MDM.exe
everyboot now i disabled it from msconfig and we will see if anything
changes.

I tried everything with no help but we will see if this helps.

Thanks.

 

[Guest]

Hmmm....
I don't know how to disable MDM, but I quarantened it with Norton. How
about that for ingenuity. In any event, I'm sorry to say that the problem
persists. Maybe the MDM.exe is but a symptom of something worse. I have
System Mechanic and ran its PC repair wizard, which removed about 60 broken
shortcuts and 38 registry problems. I'm running fine at the moment, but
we'll see when I boot up tomorrow. Let me know how you fare. If this
doesn't go away, I will probably use a restore point from the beginning of
January.

 

[Guest]

I found the following discussion that outlines our problem exactly:
Subject: Re: Dial-up to Internet freezes computer upon connection 2/2/2007
11:57 PM PST
By: Bruce A. Johnson In: microsoft.public.windowsxp.help_and_support

Towards the end of the thread Bruce writes:

Solution finally found. See:
Freeze-Up Dial-Up Networking Problem
http://brucejohnson.ca/dun-problem.html

He says to uninstall the Microsoft TCP/IP version 6 protocol.
I have written him for more precise instructions as to how to uninstal the
protocol he says has been the culprit. I guess we can re-enable MDM.exe
after all. If you figure out how to get to that protocol before I do, let me
know.

Thanks.

 

[Guest]

You go into Network Connections, right-click on LAN, properties.
Inside are several protocols with check boxes. Uncheck 'Windows TCP/IP
version 6' and click uninstall. restart the computer, then it works!
Good night!
Moshe

 

[kimiraikkonen]

You go into Network Connections, right-click on LAN, properties.
Inside are several protocols with check boxes. Uncheck 'Windows TCP/IP
version 6' and click uninstall. restart the computer, then it works!
Good night!
Moshe







- Show quoted text -

Oh, i cannot disable Tcpi/ip as you know it is the main and critical
protocol used by networking.

I disabled MDM.exe under msconfig's servives tab. If the problem still
exists i will inform.

Thank you.

 

[kimiraikkonen]

Oh, i cannot disable Tcpi/ip as you know it is the main and critical
protocol used by networking.

I disabled MDM.exe under msconfig's servives tab. If the problem still
exists i will inform.

Thank you.- Hide quoted text -

- Show quoted text -

Update with bad Although mdm.exe is disabled, the computer still
hangs sometimes after desktop and start-up icons successfully loaded.
For example i launch IE6 or 7 it does not open. It runs as
iexplore.exe in background and i cannot terminate process.
I had to power off the machine.

I'm putting link of screenshot of my services and processes here and
please help after investigating this: http://img401.imageshack.us/
img401/8140/processservicesc0.jpg

I need help. Thank you!

 

[kimiraikkonen]

Link of screenshotif displayed not properly, please combine
addresses with copy paste or sth)

http://img401.imageshack.us/img401/8140/processservicesc0.jpg

 

[kimiraikkonen]

Link of screenshotif displayed not properly, please combine
addresses with copy paste or sth)

http://img401.imageshack.us/img401/8140/processservicesc0.jpg

help please. After desktop is loaded successfully including startup
icons and tray icons, the system stops responding apps like IE or
MSN...
No virus or trojan found with the latest release od McAfee.

 

[Guest]

Open Network connections, right click on Local Area Network Connection, click
on Properties. You should see several files with boxes. One of them is
"Internet Protocol (TCP/IP)" and another is "Windows TCP/IP version 6". That
second one can be removed, as I have done, and it will only make your system
run normally again without damaging your connectivity. In fact, the reason
you're having problems at startup is because your computer automatically
connects to the internet at startup. If you want to have proof that the
internet connection protocol is the problem, try disabling your LAN (by right
clicking on the Local Area Network, and clicking on Disable). Then your
computer won't automatically connect to the internet with startup, and should
start up without freezing. I hope I'm right, and that you will see that the
'version 6' protocol needs to be uninstalled.
MKSafer

 

[kimiraikkonen]

Open Network connections, right click on Local Area Network Connection, click
on Properties. You should see several files with boxes. One of them is
"Internet Protocol (TCP/IP)" and another is "Windows TCP/IP version 6". That
second one can be removed, as I have done, and it will only make your system
run normally again without damaging your connectivity. In fact, the reason
you're having problems at startup is because your computer automatically
connects to the internet at startup. If you want to have proof that the
internet connection protocol is the problem, try disabling your LAN (by right
clicking on the Local Area Network, and clicking on Disable). Then your
computer won't automatically connect to the internet with startup, and should
start up without freezing. I hope I'm right, and that you will see that the
'version 6' protocol needs to be uninstalled.
MKSafer






- Show quoted text -

There is only TCP/IP, no tcp.ip V6.

I strongly think that having trouble with connection automatically in
every Windows boot, drives me crazy with MS!

Don't you know removing tcp/ip protocol also affects or disconnects
your internet connection. It is true for tcp/ip but there is no tcp/ip
V6 althoigh i had MDM.exe. (Framework 1.1 installed maybe because of
this)

Lastly, is that your suggestion: Do not allow Windows to connect the
internet automatically after everyboot. Connect manually after
everyboot?

 

[Guest]

Dear kimiraikkonen,
Sorry for the delay, I don't check everyday.
I'm not a professional IT person, and if you do not have the 'Microsoft
TCP/IP version 6' installed, then perhaps we're not talking about the same
problem after all. At this point, MDM.exe does run on my computer, but is
not getting in the way of anything or causing system freezes. On my system
is was definitely that 'version 6' protocol. No, I would not uninstall your
other TCP/IP protocol. I had jitters even before uninstalling the 'version
6' one.

As for my suggestion to disable your connection. It's a 'lame' solution;
only an easily reversable temporary solution until you find a better one.
BUT, I'm not even sure it will help you. Perhaps your freeze has nothing to
do with connectivity at all...

I wish you good luck in finding a permanent solution to your difficulties.

Moshe