Computer freezes 2-5 minutes after logging in

1.Yes I read the logs
2. and see he is locked in Safe Mode
3. he bumped
4. and that is exactly why I made my recommendation, fix the other issues and get him back to Normal mode!

No problemo!

Mike

What "boot things" are you referring to? Some devices, drivers and Services do not startup in Safe Mode.

Give me copy of any Event Error corresponding to either freeze or starting up in Safe Mode:

Please Ignore Warnings. You do not need to include the lines of code in the box below the Description- if an. Please do not copy the entire Event Log.

Although some processes do not start up in Safe Mod, this may give us a clue if it is due to a Service that remained disabled. I'll sort through that.

i am referring to one of the main system files when i say boot things, as in XP when you boot in safe mode it goes through steps shown in white writing on a black screen
disk errors stopped a week ago (16th?), nowadays there isn't much except for reoccuring DCOM error etc, which i have said before
Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 16/11/2008
Time: 23:19:42
User: N/A
Computer: LG-M1
Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 16/11/2008
Time: 15:01:32
User: LG-M1\user
Computer: LG-M1
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Service control manager (errors) also appears often which variations such as:
7026
7023
7011
7006
for example 7026
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 7/11/2008
Time: 18:41:04
User: N/A
Computer: LG-M1
Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSP
AVG Anti-Spyware Driver
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 7/11/2008
Time: 18:25:18
User: N/A
Computer: LG-M1
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
The system cannot find the file specified.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 18/11/2008
Time: 16:22:10
User: N/A
Computer: LG-M1
Description:
The Computer Browser service terminated with the following error:
This operation returned because the timeout period expired.

Due to space ill shorten this one

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 7/11/2008
Time: 21:04:32
User: N/A
Computer: LG-M1
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the AVGFwSrv service.
or (same date some everything except)
Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
or
Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
or
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
or
Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
or
Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
or (15th)
The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

oh and found the 2 online scanner still there in new HJT log even though ive checked and deleted them twice already now any suggestions?

To Mike & sent: thanks you for all the effort you have put in and it is true i bumped for an answer but until Bobbye runs into a wall and can't help you guys are straight after him
To Bobbye: thank you for your continued support (and comp is still locked in safe mode) View attachment 37980

You are being sent in different directions and that's not helpful. You were told specifically to boot into Safe Mode, now you can't get out! Try and undo whatever you did in Post #3. Then we need to make sure the necessary Services are set to Automatic or Manual:

Services to be set, and this "can" be done in Safe Mode:
DCOM> Automatic

Of all the Events you posted, this is the only one with significance: Harddisk0 Usually refers to C: drive with the OS on it.
Event Error #7, Source: Disc: Desc: The device, \Device\Harddisk0\D, has a bad block.

"The device has a bad block of memory, which Windows attempted to read. The data might be missing or corrupted".

This Event may also be caused by a CD or CDRom drive.

It is also possible that some of the Services you were told to stop did not get re-started. For instance, FIPS uses Cryptography- the Cryptography Services should be set to Automatic.
Please list the Services you have set to Disabled:
Start> Run> services.msc.
This is important. I think we are going to have to undo some of what you were told to do.

Service resetting calls for careful fine-tuning. Dependencies must always be checked. Changing the Startup Type can't be a random process.

These are drivers that won't load in Safe Mode.
Aavmker4>> Base Kernel-Mode DeviceDriver for Windows NT/2000/XP (Avast)
aswSP>> avast! self protection module
AVG Anti-Spyware Driver
Avg7Core
Avg7RsW
Avg7RsXP
Fips: need Cryptography. That services should be set to Automatic
intelppm
DCOM>> "This service cannot be started in Safe Mode "

ScRegSetValueExW is a Kaspersky related process. It was found in KIS v202 and supposedly fixed in KIS v207, which means you need to update.. But it also means you are running two antivirus programs and that need to be reconciled.

Try to resolve Event #7, then reboot into Normal Mode and recheck the Event Viewer for Error occurring in Normal Mode.

for some reason DCOM and Cryptography is already on automatic and the errors occur
Services disabled
View attachment 38059

So i shouldnt worry about those drivers not loading
error 7 didnt occur for a whole week so hmm but ill see what i can do

No. Not if you are in Safe Mode.

It is one you will need to look out for.Anytime you get a hard drive message, it's a reminder to be sure and backup anything you don't want to lose, in case the hard drive does fail.

Please give us your current system status relating it to the original problems.

holidays

sorry for not replying in such a long time but nothing has been fixed yet
and everytime i try to boot up the computer in normal mode it reverts to safe mode without my consent
since its not a driver problem any suggestions?
i dont thinks its malware or spyware
it might be something to do with the registry if so how do you check?
since my absence ive backuped everything and am now currently awaiting any advice
relating to my previous freezing i can't tell if it is fixed as i can't get in the normal boot which is my foremost problem now
i have to leave again in about a weeks time so fixing this long going problem ASAP would be greatly appreciated
Thank you
*note: checking through this log the comp is confused that its in normal boot mode but the restrictions of safe mode still apply anyone noe why?
if you need any other logs tell me
View attachment 39273
since i was bored here's an SDfix report (to prove to those cynics)
View attachment 39277
now for some reason i can't access internet in 'normal' (half safe) mode, was it because of SDfix?
here is another HJT log after the SDfix (in safe mode) though i can't see any differences
View attachment 39278

Hi Gheb

Run HJT Scan only select and remove the below
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -

In Safe Mode networking

Go back to Post #18 and run the ComboFix I fixed the link! Attach its log.

If you can: Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

Get as much as you can post logs!

Let us know what does and don't work.

Mike

Gheb, running a cleaning over a 4 week period with no resolution after 28 posts is getting you nowhere!

I went back a reread all but am uncertain at what point you were forced into Safe Mode. Since you are getting help from several people, it can be counter-productive when no resolution is reached.

The entries you are asking to remove were covered in my See my Post #13:

The two entries are for ewido and asquared online scans as follows:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

it first started booting into safe mode automatically after i uninstalled AVG
ive already done everything in the posts above so any new info/advice? i noe i mentioned this before but a program called startup optimiser (after changing several start up programs) also made my comp start up in half safe mode but it was fixed using last known good config, but since in above posts you've recommended against that i'm now unsure how to act (this was why i asked if the registry and drivers had anything to do with my situation, as last good config restores those so...)
also for some unknown reason
"O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab"
always comes back no matter how many times i delete it using HJT
To mike:
Ive already done the 8 step virus thing but here is another updated one
SAS doesnt work in normal mode (half safe)
w8 for logs plz View attachment 39331

View attachment 39332

Gheb

First do this before proceeding below: http://www.techspot.com/vb/post684649-3.html

then proceed....

After so long you being gone an many updates to MBAM and SAS we need to see these logs again if for nothing else but to confirm you are still clean.

This goes also for ComboFix and SDFix. Do not use the old ones but download the new ones and run.

Additionally uninstall the Startup Optimizer for now, can be reinstalled after clean.

Stick with us until fixed this time.

Mike

mbam should be at the latest update

SAS installer won't run

can http://www.techspot.com/vb/post684649-3.html fix that?

It don't take but a minute to update so UPDATE every time.

Yes that link fixes many things, it may fix SAS and the Safe Mode condition.

Mike

Startup Optimiser is a download able program. IF you do not want it, uninstall it in Add/Remove Programs. In any event, UNCHECK it on Startup.

You need to understand that whenever you do any type of restore, you undo what has been previously done. IF you have been doing that through this time, then nothing is going to get fixed.

I'm going to look into a way to remove or stop the online scans. I remember I had a problem with Housecall after running a scan. I finally stopped it but don't remember how. I'll post back if I find out how.

To mike:
Yes it is already at its latest update

The link still didn't fix SAS or safe mode boot
the warning problem with shortcut pops up when sas shortcut was run

However will this help in installing SAS http://forums.superantispyware.com/viewtopic.php?=&p=2267

Have uninstalled startup optimiser

To Bobbye
I do understand which was why i haven't done anything the restore the system....
it was just a suggestion

View attachment 39364

View attachment 39365

View attachment 39366

View attachment 39367

Clarify SAS does not run at all or will not update?

Go into Add/Remove Programs and uninstall SAS. Then reboot d/l a new SAS and reinstall. If it works and don't update scan unupdated.

Yes do the link, looks like it will work.

Mike

it does not install
therefore does not run or update
the registry link did not work
safe mode doesnt allow its installation
i'm fairly sure its nothing is infected so is this really useful?
is there any SAS equivilent
Bobbye any input?

Well Gheb

1. Can only boot to Safe Mode (can and likely is a system issue or a system issue caused by now cleaned malware) but IMHO highly likely you do still have a malware issue.

2. Can not install a simple program SAS but others did install MBAM, there is also a reason for this.

The main reason I wanted to run SAS is not only to let it do its job but it has a Tools Tab that offers other repair options.

Yes there are other options here are a couple:

D/L Daft to repair file associations http://www.bleepingcomputer.com/forums/topic182503.html

Copy all in Box below then paste directly to the black screen of an open command prompt.

Code:

@echo off
sc stop TDSSserv.sys
sc delete TDSSserv.sys
exit
exit

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.

Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html

ComboFix was requested (at bottom of post #18) but never ran:

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike

This thread is over a month old. I am not in agreement with the way it has been handled. But now Mike will have to figure out how to get you out of the mess! He is not a trained malware cleaner.

Gheb

I've been doing this for 30 years do it professionally for a living and Bobbye knows nothing about my training. My record speaks for it self!

His record shows he is very good at text removed

Do the post and we will fix your issue.

Mike