[DarkPhase]

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.75 0 K 28 K
procexp.exe 3580 3.13 12,144 K 16,980 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
TeaTimer.exe 1740 1.56 55,416 K 57,112 K System settings protector Safer-Networking Ltd.
explorer.exe 1732 1.56 24,580 K 13,536 K Windows Explorer Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wmiprvse.exe 4072 2,796 K 5,460 K WMI Microsoft Corporation
winlogon.exe 728 18,708 K 1,952 K Windows NT Logon Application Microsoft Corporation
ViewpointService.exe 1452 1,036 K 3,076 K ViewMgr Viewpoint Corporation
TSVNCache.exe 1800 2,132 K 5,104 K TortoiseSVN status cache http://tortoisesvn.net
taskmgr.exe 2560 1,740 K 1,616 K Windows TaskManager Microsoft Corporation
System 4 0 K 260 K
svchost.exe 1140 15,932 K 27,800 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 940 3,556 K 5,732 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1032 2,144 K 4,828 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1172 2,788 K 3,948 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1324 1,712 K 4,160 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1424 1,876 K 4,428 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1692 1,744 K 4,392 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 108 2,772 K 4,748 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 492 3,608 K 5,536 K Spooler SubSystem App Microsoft Corporation
smss.exe 616 176 K 432 K Windows NT Session Manager Microsoft Corporation
services.exe 772 2,168 K 4,100 K Services and Controller app Microsoft Corporation
rundll32.exe 1456 5,116 K 6,564 K Run a DLL as an App Microsoft Corporation
realsched.exe 664 1,344 K 208 K RealNetworks Scheduler RealNetworks, Inc.
nvsvc32.exe 308 5,296 K 7,052 K NVIDIA Driver Helper Service, Version 275.33 NVIDIA Corporation
lsass.exe 784 4,300 K 1,240 K LSA Shell (Export Version) Microsoft Corporation
jusched.exe 1776 1,224 K 3,388 K Java™ Update Scheduler Sun Microsystems, Inc.
jqs.exe 2016 2,656 K 1,424 K Java™ Quick Starter Service Sun Microsystems, Inc.
firefox.exe 3956 173,772 K 188,892 K Firefox Mozilla Corporation
csrss.exe 704 1,960 K 4,652 K Client Server Runtime Process Microsoft Corporation
AvastUI.exe 3564 16,052 K 8,768 K avast! Antivirus AVAST Software
AvastSvc.exe 1584 14,260 K 23,924 K avast! Service AVAST Software
alg.exe 2616 1,572 K 4,152 K Application Layer Gateway Service Microsoft Corporation
aim.exe 300 47,860 K 25,428 K AOL Instant Messenger AOL Inc.

[Advertisements]

sigverif files are OK.

You have a file missing:
"The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified."

This is a third party file used to allow a program to talk to a PC's ports directly. It says it is a service so you could right click on My COmputer and select Manage then Services and Applications then Services then find NTPosrt Library service. Right click and select Properties then change the Startup Type to Disabled. OK.

Alternatively you could download the program:

http://www.zealsofts...rt/ntportev.zip

Unzip it and then put it where the service thinks it should be. (Should tell you in Properties)

Your Process Explorer log looks clean. Perhaps you could keep it open and if you notice a slowdown, create a new log and capture the problem that way.

[RKinner]

sigverif files are OK.

You have a file missing:
"The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified."

This is a third party file used to allow a program to talk to a PC's ports directly. It says it is a service so you could right click on My COmputer and select Manage then Services and Applications then Services then find NTPosrt Library service. Right click and select Properties then change the Startup Type to Disabled. OK.

Alternatively you could download the program:

http://www.zealsofts...rt/ntportev.zip

Unzip it and then put it where the service thinks it should be. (Should tell you in Properties)

Your Process Explorer log looks clean. Perhaps you could keep it open and if you notice a slowdown, create a new log and capture the problem that way.

[DarkPhase]

I'll do that, how do we go about fixing the visible hidden albumart and desktop.ini's along with the recovery console debug mode thing.

[RKinner]

Look for the file C:\boot.ini

Open it in notepad. Copy and paste the text into a reply.

You may want to hold off on this next one until we are finished with boot.ini:

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

Ron

[DarkPhase]

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

[RKinner]

Make a backup copy then right click on boot.ini and uncheck the read only box then OK and then edit boot.ini to say:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

(We are just deleting the one line)

[DarkPhase]

Ok, I've done all that what should we do now?

[RKinner]

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

[DarkPhase]

Ok, I've done that aswell.

[RKinner]

Now we just wait until you get a process explorer log during a spike.

Ron

[DarkPhase]

It looks like it's SF.bin that's causing it, which is apparently related to avast. I'll keep looking for other things.

[RKinner]

That's their definitions - can't see it as a cause of system lockups tho.

[DarkPhase]

Could it possibly be a hardware related issue?

[RKinner]

Looking back at your last Combofix log. I see signs of Symantec still there. I think we need to run the Norton Removal tool:

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Download , Save and Run it.

I'd also uninstall SuperAntiSpyware just in case it is fighting with Avast.

As for hardware, it's always a possibility. You could run one of the free benchmarking programs:

http://www.makeuseof...hmark-programs/

and see if they find any problems.

Ron

[DarkPhase]

I'll run the benchmarking tests, and i had already previously ran the norton removal tool as you had requested a couple days back, do you want me to run it again?