Computer freezes 2-5 minutes after logging in

Excuse me Mike, but you are not trained in malware cleaning. If you were, you would resolve more problems in a timely manor because you would have learned how to interpret the logs.

If might be that you did remove a malware infection on a system, but you do not use the orderly way the cleaning is set up. Nor do you open, interpret and have users remove malware entries. You load them down with program after program, only to have many find themselves 2-3 weeks later, 70+ replies down the line, in worse shape that they started with.

You have NOT gone through the malware training and are NOT a recognized trained malware cleaner on this site. All I have to do is see how you are handling these threads to know you are not experienced enough to do so. Working in IT does NOT = trained malware cleaner.

Surely you can't be referring to me here. I tried to guide you, but you ignored it. I have tried to help some of the people out of the mess you made. That isn't whining or complaining.

No Bobbye you are not excused!

I sincerely apologize Gheb!

Bobbye this thread is not your soap box, but Gheb's request for help, please do not intrude on his or anyone else's thread in this way any more.

If you can help, do so otherwise stay out, as Gheb is not interested in this cra*p! He is interested in getting his issue fixed!

This is enough! I will not respond again in any post to you again.

Mike

"Girls, this is just like last time, why can't you settle down. Gheb loves you all."

1. d/l Daft.exe, used it and attached log-nothing found
2. yes everything else installs except for SAS
3. no such file (for the cmd instructions)
4. Xclean_Micro was clean
5. Malware removal tool ran for 2 secs then was done
?? anyway the 2 sec scan was clean
6. Scanned and attached log for combo

View attachment 39512

View attachment 39513

View attachment 39514

To Bobbye:
my brain is like a machine, it can only interpret instructions
so if you are guiding me tell me to do something!!

ALLRIGHT!!

1. ComboFix found and removed items so run it again to confirm they are really gone or it can find nothing else.

2.Malwareremover is fast until it finds something so it found nothing.

3.Try to rename the SuperAntiSpyware installer to say InstallSAS.exe
3a. if it installs browse to Program Files\SuperAntiSpyware and rename SuperAntiSpyware.exe to SAS.exe.

If SAS does run and finds items to remove, then to save time after cleaning run again until clean. But post each log. Then we have another job for SAS!

4. And this is the BIGGIE! I just noticed in this last HJT log that it says you are running from Normal (not safe mode) so then checked back to the last couple HJT logs and they all all report the same! Can you elaborate on this?

Did you mean it automatically loads the Advanced Boot menu where you select?

Or are you going by the look of the Screen?

Whats up?

Again give a status of what don't work. What we need to fix!

Mike

I will leave this thread to you Mike.You've already had over a month and nearly 50 posts to fix. I hope you are more successful in the future.

Gheb, if you require additional assistance, please start a new thread.

ok just for quick clarification
OS selection screen -> XP professional = normal
HOWEVER with safe mode restrictions
SO installers like SAS don't work
the screen doesn't have the big graphics safe mode does*
THIS was why i said the computer THINKS its in safe mode
or as i called it 'half safe mode'...

What don't work is:
normal boot without safe mode restrictions

*taskbar remains the same as safemode

thanks Bobbye
to be honest im getting sick and tired of this problem
im very tempted to clean install right now lol

OK but we are getting somewhere so still get me a new ComboFix and HJT log.

And the results of the SAS renaming if it will work.

It sounds like you have a limited MSConfig set up.

The following link shows how to disable almost everything for a clean boot, you do not want this or may already be in that condition. What you want to do here is reverse any changes back to normal.

http://support.microsoft.com/kb/310353

Also rt click My Computer-Properties-Advanced-Startup and recovery-Settings. Click edit copy for pasting all here. Change nothing close all.

Paste this back to me.

Then go into Services find Windows Installer confirm it is set to Automatic (normal default is manual) and start it.

If it don't start then get back to us.

If it does start try the SAS operation again.

Gheb if we can confirm we are clean of Malware then this is a system misconfiguration likely caused by the Malware and we can fix it.

Mike

Out of Half safe boot YAY!!!

Sorry for not getting back to you but i've seemed to solve the half safe boot problem and the computer seems to run fine
However i still have problems with two main BSOD
Kernel_Data_Inpage_error
and stop errors like:
0x000000F4
i encountered these errors only when trying to use sfc /scannow
it gets about 50% then weird creaking noises sound and laptop dies
disk error keep coming also and so do some of these
Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 7
Date: 20/12/2008
Time: 23:57:08
User: N/A
Computer: LG-M1
Description:
The device, \Device\Harddisk0\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 1e 99 23 0e 00 00 00 ..™#....
0028: b4 72 18 00 00 00 00 00 ´r......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 84 02 00 00 00 @..„....
0040: 00 20 0a 12 40 03 20 40 . ..@. @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 40 5c 2c 86 ....@\,†
0058: 00 00 00 00 e0 75 54 86 ....àuT†
0060: 02 00 00 00 8f cc 11 07 ....Ì..
0068: 28 00 07 11 cc 8f 00 00 (...Ì..
0070: 08 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 00 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: MPSampleSubmission
Event Category: None
Event ID: 5000
Date: 19/12/2008
Time: 01:20:44
User: N/A
Computer: LG-M1
Description:
EventType mptelemetry, P1 80070652, P2 updatedefinitions, P3 unspecified, P4 1.1.2965.0, P5 mpsigstub.exe, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 70 00 74 00 65 00 m.p.t.e.
0008: 6c 00 65 00 6d 00 65 00 l.e.m.e.
0010: 74 00 72 00 79 00 2c 00 t.r.y.,.
0018: 20 00 38 00 30 00 30 00 .8.0.0.
0020: 37 00 30 00 36 00 35 00 7.0.6.5.
0028: 32 00 2c 00 20 00 75 00 2.,. .u.
0030: 70 00 64 00 61 00 74 00 p.d.a.t.
0038: 65 00 64 00 65 00 66 00 e.d.e.f.
0040: 69 00 6e 00 69 00 74 00 i.n.i.t.
0048: 69 00 6f 00 6e 00 73 00 i.o.n.s.
0050: 2c 00 20 00 75 00 6e 00 ,. .u.n.
0058: 73 00 70 00 65 00 63 00 s.p.e.c.
0060: 69 00 66 00 69 00 65 00 i.f.i.e.
0068: 64 00 2c 00 20 00 31 00 d.,. .1.
0070: 2e 00 31 00 2e 00 32 00 ..1...2.
0078: 39 00 36 00 35 00 2e 00 9.6.5...
0080: 30 00 2c 00 20 00 6d 00 0.,. .m.
0088: 70 00 73 00 69 00 67 00 p.s.i.g.
0090: 73 00 74 00 75 00 62 00 s.t.u.b.
0098: 2e 00 65 00 78 00 65 00 ..e.x.e.
00a0: 2c 00 20 00 31 00 2e 00 ,. .1...
00a8: 31 00 2e 00 31 00 35 00 1...1.5.
00b0: 39 00 33 00 2e 00 30 00 9.3...0.
00b8: 2c 00 20 00 77 00 69 00 ,. .w.i.
00c0: 6e 00 64 00 6f 00 77 00 n.d.o.w.
00c8: 73 00 20 00 64 00 65 00 s. .d.e.
00d0: 66 00 65 00 6e 00 64 00 f.e.n.d.
00d8: 65 00 72 00 2c 00 20 00 e.r.,. .
00e0: 4e 00 49 00 4c 00 2c 00 N.I.L.,.
00e8: 20 00 4e 00 49 00 4c 00 .N.I.L.
00f0: 20 00 4e 00 49 00 4c 00 .N.I.L.
00f8: 0d 00 0a 00 ....
Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3011
Date: 18/12/2008
Time: 19:18:51
User: N/A
Computer: LG-M1
Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: f2 03 00 00 3b 07 00 00 ò...;...
Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4609
Date: 18/12/2008
Time: 19:08:36
User: N/A
Computer: LG-M1
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

also should i switch all my services back to auto?

some other stuff ive done:
chkdsk /f/r (replaced some bad clusters)
ran memtest (results were fine)

Also minor problem but my laptop doesn't know when my earphones are plugged in, speakers are working fine

Dude.. Your hard drive.. It's.. ummm.. Toast.

Download and install Speedfan.

Go to the S.M.A.R.T. tab. Select your hard drive. Click on the "Perform an in-depth online analysis of this disk". View the online results to help you interpret them.

You're getting read errors. I'll bet on it. Windows is shutting down to protect itself. If the S.M.A.R.T. test passes, boot into a recovery console and do another chkdsk c: /r on it (/f doesn't work anymore in the newer versions of XP. It's been phased out).

You have infections, as has been skillfully pointed out, as well as a way to clean them, also skillfully handled. However, I think your drive is in trouble and one of these days in the not so distant future it's going to stop loading into Windows altogether.

Yes, maybe I'm wrong.. It's happened.. But I'm almost willing to put money on it.... Particularly if it's a Toshiba drive (or Western Digital Caviar SE in the case of a desktop).

Edit: I don't know if this has been handled, as I didn't read the whole thread.. But when you have a lot of infection, you need to be looking for rootkits. Combofix is pretty good at finding them and getting rid of them. Another good program is Rootkit Hook Analyzer. Not the easiest tool in the world to use, maybe, but deadly effective. Hijack this is NOT capable of finding these. If you leave them, infection WILL return in short order.

You may also need to consider the possibility of key system file damage. Given the infections, plus the damaged drive, I'd say chances are pretty good. Back up your important data as soon as possible and then look at your repair options, which include drive cloning, XP repair installs, sfc /scannow, drive repairs, deleting and recreating your swap file, recovering former registries, etc, depending on the nature of the damage.

One thing I'm highly recognized for in my community as a technician is my ability to repair Windows without reinstalls, even when Windows refuses to boot in any mode, or gives the now infamous c0000021a error.. It's not always possible, but it's safe to say my success rate is 98%.

d/l speedfan

nothing looked almaring in results only some parts said: watch; they were
Start/Stop Count 96 7480 Watch
Warning: Start/Stop Count is below the average limits (99-100).
Reallocated Sector Count 70 0 Watch
Warning: Reallocated Sector Count is below the average limits (100-100).
0 Seek Error Rate 77 2949137 Watch
Warning: Seek Error Rate is below the average limits (100-100).
Power Cycle Count 97 4739 Watch
Warning: Power Cycle Count is below the average limits (99-100).
Reallocated Event Count 85 908 Watch
Warning: Reallocated Event Count is below the average limits (100-100).
Current Pending Sector 86 854 Watch
Warning: Current Pending Sector is below the average limits (100-100).
Fitness at 0% performace at 90%

I have done a combofix, SDfix, SAS, mbam all updated all clean

?

so is there any way to fix my HD without replacing it?


******
UH-oh
Another stop to add to the list
Kernel Stack inpage error
0x00000077
laptop made weird loud clicking noises then freeze then BSOD
aiye
after reset it couldnt find boot.ini but hard reset fixed that
close call...

As one so poetically put it: "this is the harbinger of impending disk failure"

It may be possible to remap the bad area of the hard drive so its not used without affecting XP but generally speaking, No.

Probably your last chance. Advise back up anything you don't want to lose.

Turn off the computer and go buy your new hard drive now. If you get it retail, the new drive will come with software that will copy the old drive to the new one. Just follow the instructions.

The new drive should come with software to copy the old drive to the new. Follow the directions exactly. Once copied remove the old drive, and boot only with the new drive in the system. If the new drive doesn't have the software with it download it from the drive manufacturer's web site. I would suggest you do this asap. You don't know when the old drive may fail and then you won't be able to copy it.

That S.M.A.R.T. status is very clear indication your hard drive is pretty much done. Replace it immediately.