pc completely crashes/freezes

When i've got some program executing at my computer that takes up a lot of cpu (close to 100%), like john the ripper or the drive cleaner, after some time my computer completely freezes. I can't really do anything with it (only reset it), can't move the mouse, time stops, can't bring up the task manager, basicaly it completely freezes.

There's probably a specific word to describe this rather than freezing, but since english isn't my native language i coudn't come up with it.

Thanks in advance for your help, because it's really frustrating not having a challenge done because of not being able to decrypt an hash.

It's possible it might be a currupted RAM memory module, if you have any spare RAM memory modules try swapping them for new ones.

I don't have 1. But that probably isn't what's causing it to freeze because i previously didn't have this problem (and had the same ram memory modules). Unless they get corrupted with time.

make sure you kill all non essential tasks like torrent downloaders. that may seem simple and instinctive but some people cant understand why there pc is slow because they dont know about hidden tasks

When something runs using a high CPU percentage you should always do your best to close all non-essential processes as people have already said. But if, as someone said, the problem is your RAM, try running a memtest, i got a program to do this wit my copy of XP but i expect you can find one with a quick google. I have no idea if it will fix the problem but it will most likely be able to tell you if it is RAM or not.

Also is your computer set to turn off/stand by or show a screen saver after a certain time, if so, try tuning these 'features' off. the problem might be caused by those.

It happened too when running only john the ripper (and the processes that automaticaly run at computer startup). I usually pay attention to programs running and there aren't a lot i will be able to kill, cause at startup almost all of them are system only processes. The RAM part i will try to see if it works. By the way, i have been having problems with svchost.exe too. It takes like 30 mb of RAM, sometimes reaching 50/100mb. Maybe the problem is related. To solve the latest one i'm going to uninstall symantec corporate edition (doesn't do the job ) and i'm going to install AVG or some antivirus like that, cause i think the problem is that the svchost.exe is running a virus or something like that, that's contained in itself.

Would appreciate if someone could help me with that problem too. ;)

p.s - i tought of the screen saver problem too, so that isn't the problem (have it to run only after like 100mins)

did these problems just start? if so, you could do a system restore. Also try starting in safe mode.

Disable files running at startup using

Start > Run > MsConfig

Go to Services and click the tab that says "Hide all Microsoft Products" then uncheck the software that runs.

after that go to the tab that says

Startup

Uncheck all aplications that you don't know, so if it is some name like M345sdll.exe it is a good chance that is a malicious program. Important Microsoft applications don't show up here, so don't worry about messing anything up terribly. I hope this helps you.

Yeah the problems just started at least with the drive cleaner and with the svchost.exe. JTR is think always gave me problems when decrypting NT LM DES and Traditional DES encryptions, but MD5 goes well. Maybe because it gets decrypted fast, since JTR only crashes after like 10-15 mins of being running.

I can't do a system restore, i don't know why but it doesn't work (as you can see my pc is running really smooth). Whenever i try to restore it to a previous point it just says, after the computer restarts, that it wasn't able to restore it to that point. Another problem my pc has. I just disabled system restore since it doesn't work.

I tryed msconfig as Tao said, but nothing running strangely on the services tab. I only disabled one process (that had no name, so i found it strange) on the startup tab.

The problem is deeper than i thought cause i tryed decrypting an NT LM DES hash in safe mode (just to see if the problem where the processes running), using lanman option and after 10 + mins my pc freezed as usuall, despite the fact it was the only process i had running (and the processes that run with safe mode automaticaly which where necessary ones).

Tryed a memtest like PureEvil said, and despite the fact that it is a bootable program (so i wasn't even "in" windows) the computer still manged to crash when doing random number sequences i think. This happened after 19 mins of it being running (the program has a cronometer), so this problem (JTR one) isn't probably related to processes. The svchost one i will investigate, but is probably related to malicious programs contained in the system file.

run the program HiJack-This. Post the Log it gives you let us look it over.

I can see that if it is just one or two applications perhaps a little more information into the specs of your computer would also help greatly. Because if you are running a PII 400MHz with Windows XP and attempting to use high resource systems like JTR you will kill it ;)

Stats and Log. Please and I will run it all over for you.

I had a problem with an instance of svchost.exe eating resources, too… it would spike my CPU up to 100%. If you're having problems with that file in your processes, then Google "svchost fix" or "svchost 100%" and you'll find lots of info on fixing it.

Other than that, I'd use a virus scanner that can schedule a scan before Windows boots (like Avast or Norton) and let that run. Maybe use a Registry Cleaner in case a rogue has been set to run and doesn't show up in Processes in Task Manager. Go to System, Advanced, Performance, click Settings, and adjust for Best Performance. Defrag wouldn't hurt, uninstall anything in Add/Remove Progs that you don't recognize / need.

Oh, and you might need to do all of that in Safe Mode if you can't run anything for extended periods of time normally.

Not a comprehensive solution… just some suggestions.

I'm running windows XP SP2 on a Pentium 4 2.00 GHz CPU, 480 MB of RAM (32 MB are for the grafics, because i don't have a grafics card, so i have 512 MB of RAM), so i think this isn't the problem (AldarHawk if you need more info tell me).

My problem with svchost in not that it is using too much CPU but instead it is using too much RAM. I will try running a boot scan like you said Zephyr_Pure and see what i get. I've already tryed a registry cleaner, but it gives you so much info that is hard to understand if you can delete the results you get or not. I might have some programs that i don't REALLY need, but none that i don't recognize. The best performance thing i can't permanently do because i'm not the only one using my pc (other people wouldn't appreciate me taking out all the animations and things of windows, but i'll give it a try just to see the difference). I will try to google it (svchost fix) too, despite the fact that i've already done it, maybe i get soimething.

The log from HiJack-This:

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:14:06, on 26-04-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal

Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programas\Symantec AntiVirus\DefWatch.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Programas\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\rundll32.exe C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA1\SYMANT1\VPTray.exe C:\Programas\Java\jre1.5.0_11\bin\jusched.exe C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Programas\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programas\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\PROGRA1\MOZILL1\FIREFOX.EXE C:\Documents and Settings\ASP\Os meus documentos\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0FB9E09C-6986-4D41-8D6D-056FC3D020A1} - C:\WINDOWS\system32\efeeb.dll (file missing) O2 - BHO: (no name) - {165E2DA8-C7CD-40A5-B32B-CBD4F75DDF90} - C:\WINDOWS\system32\xxwur.dll (file missing) O2 - BHO: (no name) - {57A62825-840C-4FFE-8717-80A308558154} - C:\WINDOWS\system32\nnnmkll.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programas\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA1\SYMANT1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [df.exe] C:\Programas\Dark Files\df.exe /S O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Programas\Video ActiveX Object\pmsngr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Clean Traces - C:\Programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA1\MICROS2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA1\DAP\DAP.EXE O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA1\MICROS2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA4A0951-7F38-458F-997D-4AE63BBD11B2}: NameServer = 195.23.129.126,194.79.69.222 O20 - Winlogon Notify: efeeb - C:\WINDOWS\system32\efeeb.dll (file missing) O20 - Winlogon Notify: nnnmkll - nnnmkll.dll (file missing) O20 - Winlogon Notify: winrbr32 - winrbr32.dll (file missing) O20 - Winlogon Notify: xxwur - C:\WINDOWS\system32\xxwur.dll (file missing) O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programas\WinPcap\rpcapd.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA1\FICHEI1\SYMANT1\SCRIPT1\SBServ.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: SysEnforce - Unknown owner - C:\PROGRA1\TRISNA1\SSI\SYSENF1.EXE (file missing)

– End of file - 10313 bytes