Computer freezes 2-5 minutes after logging in

[Bobbye]

So i shouldnt worry about those drivers not loading

No. Not if you are in Safe Mode.

error 7 didnt occur for a whole week

It is one you will need to look out for.Anytime you get a hard drive message, it's a reminder to be sure and backup anything you don't want to lose, in case the hard drive does fail.

Please give us your current system status relating it to the original problems.

 

[Gheb]

holidays

sorry for not replying in such a long time but nothing has been fixed yet
and everytime i try to boot up the computer in normal mode it reverts to safe mode without my consent
since its not a driver problem any suggestions?
i dont thinks its malware or spyware
it might be something to do with the registry if so how do you check?
since my absence ive backuped everything and am now currently awaiting any advice
relating to my previous freezing i can't tell if it is fixed as i can't get in the normal boot which is my foremost problem now
i have to leave again in about a weeks time so fixing this long going problem ASAP would be greatly appreciated
Thank you
*note: checking through this log the comp is confused that its in normal boot mode but the restrictions of safe mode still apply anyone noe why?
if you need any other logs tell me
View attachment 39273
since i was bored here's an SDfix report (to prove to those cynics)
View attachment 39277
now for some reason i can't access internet in 'normal' (half safe) mode, was it because of SDfix?
here is another HJT log after the SDfix (in safe mode) though i can't see any differences
View attachment 39278

 

[mflynn]

Hi Gheb

Run HJT Scan only select and remove the below
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -

In Safe Mode networking

Go back to Post #18 and run the ComboFix I fixed the link! Attach its log.

If you can: Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Get as much as you can post logs!

Let us know what does and don't work.

Mike

 

[Bobbye]

Gheb, running a cleaning over a 4 week period with no resolution after 28 posts is getting you nowhere!

I went back a reread all but am uncertain at what point you were forced into Safe Mode. Since you are getting help from several people, it can be counter-productive when no resolution is reached.

The entries you are asking to remove were covered in my See my Post #13:

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
Using the msconfig utility as before, take the following off of Startup if present:
Quote:
ewido
asquared
Grove Office 2007

The two entries are for ewido and asquared online scans as follows:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

 

[Gheb]

it first started booting into safe mode automatically after i uninstalled AVG
ive already done everything in the posts above so any new info/advice? i noe i mentioned this before but a program called startup optimiser (after changing several start up programs) also made my comp start up in half safe mode but it was fixed using last known good config, but since in above posts you've recommended against that i'm now unsure how to act (this was why i asked if the registry and drivers had anything to do with my situation, as last good config restores those so...)
also for some unknown reason
"O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab"
always comes back no matter how many times i delete it using HJT
To mike:
Ive already done the 8 step virus thing but here is another updated one
SAS doesnt work in normal mode (half safe)
w8 for logs plzView attachment 39331

View attachment 39332

 

[mflynn]

Gheb

First do this before proceeding below: https://www.techspot.com/vb/post684649-3.html

then proceed....

After so long you being gone an many updates to MBAM and SAS we need to see these logs again if for nothing else but to confirm you are still clean.

This goes also for ComboFix and SDFix. Do not use the old ones but download the new ones and run.

Additionally uninstall the Startup Optimizer for now, can be reinstalled after clean.

Stick with us until fixed this time.

Mike

 

[Gheb]

mbam should be at the latest update

SAS installer won't run

can https://www.techspot.com/vb/post684649-3.html fix that?

 

[mflynn]

It don't take but a minute to update so UPDATE every time.

Yes that link fixes many things, it may fix SAS and the Safe Mode condition.

Mike

 

[Bobbye]

i noe i mentioned this before but a program called startup optimiser (after changing several start up programs) also made my comp start up in half safe mode but it was fixed using last known good config, but since in above posts you've recommended against that i'm now unsure how to act (this was why i asked if the registry and drivers had anything to do with my situation, as last good config restores those so...)
also for some unknown reason

Startup Optimiser is a download able program. IF you do not want it, uninstall it in Add/Remove Programs. In any event, UNCHECK it on Startup.

You need to understand that whenever you do any type of restore, you undo what has been previously done. IF you have been doing that through this time, then nothing is going to get fixed.

I'm going to look into a way to remove or stop the online scans. I remember I had a problem with Housecall after running a scan. I finally stopped it but don't remember how. I'll post back if I find out how.

 

[Gheb]

To mike:
Yes it is already at its latest update

The link still didn't fix SAS or safe mode boot
the warning problem with shortcut pops up when sas shortcut was run

However will this help in installing SAS http://forums.superantispyware.com/viewtopic.php?=&p=2267

Have uninstalled startup optimiser

To Bobbye
I do understand which was why i haven't done anything the restore the system....
it was just a suggestion

View attachment 39364

View attachment 39365

View attachment 39366

View attachment 39367

 

[mflynn]

Clarify SAS does not run at all or will not update?

Go into Add/Remove Programs and uninstall SAS. Then reboot d/l a new SAS and reinstall. If it works and don't update scan unupdated.

Yes do the link, looks like it will work.

Mike

 

[Gheb]

it does not install
therefore does not run or update
the registry link did not work
safe mode doesnt allow its installation
i'm fairly sure its nothing is infected so is this really useful?
is there any SAS equivilent
Bobbye any input?

 

[mflynn]

Well Gheb

1. Can only boot to Safe Mode (can and likely is a system issue or a system issue caused by now cleaned malware) but IMHO highly likely you do still have a malware issue.

2. Can not install a simple program SAS but others did install MBAM, there is also a reason for this.

The main reason I wanted to run SAS is not only to let it do its job but it has a Tools Tab that offers other repair options.

Yes there are other options here are a couple:

D/L Daft to repair file associations http://www.bleepingcomputer.com/forums/topic182503.html

Copy all in Box below then paste directly to the black screen of an open command prompt.

@echo off
sc stop TDSSserv.sys
sc delete TDSSserv.sys
exit
exit

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.

Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html

ComboFix was requested (at bottom of post #18) but never ran:

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike

 

[Bobbye]

This thread is over a month old. I am not in agreement with the way it has been handled. But now Mike will have to figure out how to get you out of the mess! He is not a trained malware cleaner.

 

[mflynn]

Gheb

I've been doing this for 30 years do it professionally for a living and Bobbye knows nothing about my training. My record speaks for it self!

His record shows he is very good at text removed

Do the post and we will fix your issue.

Mike

 

[Bobbye]

Excuse me Mike, but you are not trained in malware cleaning. If you were, you would resolve more problems in a timely manor because you would have learned how to interpret the logs.

If might be that you did remove a malware infection on a system, but you do not use the orderly way the cleaning is set up. Nor do you open, interpret and have users remove malware entries. You load them down with program after program, only to have many find themselves 2-3 weeks later, 70+ replies down the line, in worse shape that they started with.

You have NOT gone through the malware training and are NOT a recognized trained malware cleaner on this site. All I have to do is see how you are handling these threads to know you are not experienced enough to do so. Working in IT does NOT = trained malware cleaner.

His record shows he is very good at whining and complaining!

Surely you can't be referring to me here. I tried to guide you, but you ignored it. I have tried to help some of the people out of the mess you made. That isn't whining or complaining.

 

[mflynn]

No Bobbye you are not excused!

I sincerely apologize Gheb!

Bobbye this thread is not your soap box, but Gheb's request for help, please do not intrude on his or anyone else's thread in this way any more.

If you can help, do so otherwise stay out, as Gheb is not interested in this cra*p! He is interested in getting his issue fixed!

This is enough! I will not respond again in any post to you again.

Mike

 

[Gheb]

"Girls, this is just like last time, why can't you settle down. Gheb loves you all."

1. d/l Daft.exe, used it and attached log-nothing found
2. yes everything else installs except for SAS
3. no such file (for the cmd instructions)
4. Xclean_Micro was clean
5. Malware removal tool ran for 2 secs then was done
?? anyway the 2 sec scan was clean
6. Scanned and attached log for combo

View attachment 39512

View attachment 39513

View attachment 39514

To Bobbye:
my brain is like a machine, it can only interpret instructions
so if you are guiding me tell me to do something!!

 

[mflynn]

ALLRIGHT!!

1. ComboFix found and removed items so run it again to confirm they are really gone or it can find nothing else.

2.Malwareremover is fast until it finds something so it found nothing.

3.Try to rename the SuperAntiSpyware installer to say InstallSAS.exe
3a. if it installs browse to Program Files\SuperAntiSpyware and rename SuperAntiSpyware.exe to SAS.exe.

If SAS does run and finds items to remove, then to save time after cleaning run again until clean. But post each log. Then we have another job for SAS!

4. And this is the BIGGIE! I just noticed in this last HJT log that it says you are running from Normal (not safe mode) so then checked back to the last couple HJT logs and they all all report the same! Can you elaborate on this?

Did you mean it automatically loads the Advanced Boot menu where you select?

Or are you going by the look of the Screen?

Whats up?

Again give a status of what don't work. What we need to fix!

Mike

 

[Bobbye]

I will leave this thread to you Mike.You've already had over a month and nearly 50 posts to fix. I hope you are more successful in the future.

Gheb, if you require additional assistance, please start a new thread.

 

[Gheb]

ok just for quick clarification
OS selection screen -> XP professional = normal
HOWEVER with safe mode restrictions
SO installers like SAS don't work
the screen doesn't have the big graphics safe mode does*
THIS was why i said the computer THINKS its in safe mode
or as i called it 'half safe mode'...

What don't work is:
normal boot without safe mode restrictions

*taskbar remains the same as safemode

thanks Bobbye
to be honest im getting sick and tired of this problem
im very tempted to clean install right now lol

 

[mflynn]

OK but we are getting somewhere so still get me a new ComboFix and HJT log.

And the results of the SAS renaming if it will work.

It sounds like you have a limited MSConfig set up.

The following link shows how to disable almost everything for a clean boot, you do not want this or may already be in that condition. What you want to do here is reverse any changes back to normal.

http://support.microsoft.com/kb/310353

Also rt click My Computer-Properties-Advanced-Startup and recovery-Settings. Click edit copy for pasting all here. Change nothing close all.

Paste this back to me.

Then go into Services find Windows Installer confirm it is set to Automatic (normal default is manual) and start it.

If it don't start then get back to us.

If it does start try the SAS operation again.

Gheb if we can confirm we are clean of Malware then this is a system misconfiguration likely caused by the Malware and we can fix it.

Mike

 

[Gheb]

Out of Half safe boot YAY!!!

Sorry for not getting back to you but i've seemed to solve the half safe boot problem and the computer seems to run fine
However i still have problems with two main BSOD
Kernel_Data_Inpage_error
and stop errors like:
0x000000F4
i encountered these errors only when trying to use sfc /scannow
it gets about 50% then weird creaking noises sound and laptop dies
disk error keep coming also and so do some of these
Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 20/12/2008
Time: 23:57:08
User: N/A
Computer: LG-M1
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 1e 99 23 0e 00 00 00 ..™#....
0028: b4 72 18 00 00 00 00 00 ´r......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 40 . ..@. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 40 5c 2c 86 ....@\,†
0058: 00 00 00 00 e0 75 54 86 ....àuT†
0060: 02 00 00 00 8f cc 11 07 ....Ì..
0068: 28 00 07 11 cc 8f 00 00 (...Ì..
0070: 08 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 19/12/2008
Time: 01:20:44
User: N/A
Computer: LG-M1
Description:
EventType mptelemetry, P1 80070652, P2 updatedefinitions, P3 unspecified, P4 1.1.2965.0, P5 mpsigstub.exe, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 38 00 30 00 30 00 .8.0.0.
0020: 37 00 30 00 36 00 35 00 7.0.6.5.
0028: 32 00 2c 00 20 00 75 00 2.,. .u.
0030: 70 00 64 00 61 00 74 00 p.d.a.t.
0038: 65 00 64 00 65 00 66 00 e.d.e.f.
0040: 69 00 6e 00 69 00 74 00 i.n.i.t.
0048: 69 00 6f 00 6e 00 73 00 i.o.n.s.
0050: 2c 00 20 00 75 00 6e 00 ,. .u.n.
0058: 73 00 70 00 65 00 63 00 s.p.e.c.
0060: 69 00 66 00 69 00 65 00 i.f.i.e.
0068: 64 00 2c 00 20 00 31 00 d.,. .1.
0070: 2e 00 31 00 2e 00 32 00 ..1...2.
0078: 39 00 36 00 35 00 2e 00 9.6.5...
0080: 30 00 2c 00 20 00 6d 00 0.,. .m.
0088: 70 00 73 00 69 00 67 00 p.s.i.g.
0090: 73 00 74 00 75 00 62 00 s.t.u.b.
0098: 2e 00 65 00 78 00 65 00 ..e.x.e.
00a0: 2c 00 20 00 31 00 2e 00 ,. .1...
00a8: 31 00 2e 00 31 00 35 00 1...1.5.
00b0: 39 00 33 00 2e 00 30 00 9.3...0.
00b8: 2c 00 20 00 77 00 69 00 ,. .w.i.
00c0: 6e 00 64 00 6f 00 77 00 n.d.o.w.
00c8: 73 00 20 00 64 00 65 00 s. .d.e.
00d0: 66 00 65 00 6e 00 64 00 f.e.n.d.
00d8: 65 00 72 00 2c 00 20 00 e.r.,. .
00e0: 4e 00 49 00 4c 00 2c 00 N.I.L.,.
00e8: 20 00 4e 00 49 00 4c 00 .N.I.L.
00f0: 20 00 4e 00 49 00 4c 00 .N.I.L.
00f8: 0d 00 0a 00 ....
Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3011
Date: 18/12/2008
Time: 19:18:51
User: N/A
Computer: LG-M1
Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: f2 03 00 00 3b 07 00 00 ò...;...
Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4609
Date: 18/12/2008
Time: 19:08:36
User: N/A
Computer: LG-M1
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

also should i switch all my services back to auto?

some other stuff ive done:
chkdsk /f/r (replaced some bad clusters)
ran memtest (results were fine)

Also minor problem but my laptop doesn't know when my earphones are plugged in, speakers are working fine

 

[adweston]

Dude.. Your hard drive.. It's.. ummm.. Toast.

Download and install Speedfan.

Go to the S.M.A.R.T. tab. Select your hard drive. Click on the "Perform an in-depth online analysis of this disk". View the online results to help you interpret them.

You're getting read errors. I'll bet on it. Windows is shutting down to protect itself. If the S.M.A.R.T. test passes, boot into a recovery console and do another chkdsk c: /r on it (/f doesn't work anymore in the newer versions of XP. It's been phased out).

You have infections, as has been skillfully pointed out, as well as a way to clean them, also skillfully handled. However, I think your drive is in trouble and one of these days in the not so distant future it's going to stop loading into Windows altogether.

Yes, maybe I'm wrong.. It's happened.. But I'm almost willing to put money on it.... Particularly if it's a Toshiba drive (or Western Digital Caviar SE in the case of a desktop).

Edit: I don't know if this has been handled, as I didn't read the whole thread.. But when you have a lot of infection, you need to be looking for rootkits. Combofix is pretty good at finding them and getting rid of them. Another good program is Rootkit Hook Analyzer. Not the easiest tool in the world to use, maybe, but deadly effective. Hijack this is NOT capable of finding these. If you leave them, infection WILL return in short order.

You may also need to consider the possibility of key system file damage. Given the infections, plus the damaged drive, I'd say chances are pretty good. Back up your important data as soon as possible and then look at your repair options, which include drive cloning, XP repair installs, sfc /scannow, drive repairs, deleting and recreating your swap file, recovering former registries, etc, depending on the nature of the damage.

One thing I'm highly recognized for in my community as a technician is my ability to repair Windows without reinstalls, even when Windows refuses to boot in any mode, or gives the now infamous c0000021a error.. It's not always possible, but it's safe to say my success rate is 98%.

 

[Gheb]

d/l speedfan

nothing looked almaring in results only some parts said: watch; they were
Start/Stop Count 96 7480 Watch
Warning: Start/Stop Count is below the average limits (99-100).
Reallocated Sector Count 70 0 Watch
Warning: Reallocated Sector Count is below the average limits (100-100).
0 Seek Error Rate 77 2949137 Watch
Warning: Seek Error Rate is below the average limits (100-100).
Power Cycle Count 97 4739 Watch
Warning: Power Cycle Count is below the average limits (99-100).
Reallocated Event Count 85 908 Watch
Warning: Reallocated Event Count is below the average limits (100-100).
Current Pending Sector 86 854 Watch
Warning: Current Pending Sector is below the average limits (100-100).
Fitness at 0% performace at 90%

I have done a combofix, SDfix, SAS, mbam all updated all clean

Toshiba drive

?

so is there any way to fix my HD without replacing it?


******
UH-oh
Another stop to add to the list
Kernel Stack inpage error
0x00000077
laptop made weird loud clicking noises then freeze then BSOD
aiye
after reset it couldnt find boot.ini but hard reset fixed that
close call...