Programs don't work on start up; Logs attached

[BKLfarhang]

I posted this earlier in the WIndows OS subforum. They directed me here.
I have attached the logs you requested.

Sometimes (randomly approximately 6 out of 10 times) when my computer starts up, none of the programs work.
I can only open folders, but no files or programs.
Even the task manager doesn't show up with Ctrl+Alt+Delete. Even tried typing 'taskmgr' in Start > Run. But got nothing.
AND the computer doesn't even shut down. It just gets stuck in the Shutting Down screen.

When I try to open files or run programs or shut down, nothing happens. Nothing at all.
The only thing I can do it turn the power off and on again and hope it works.

At first I thought it happens because of not shutting down properly (power cuts). But then I noticed it happens even when I shut down properly.

Any suggestions?

Thanks
-Farhang

PS: I don't want to act like a patient diagnosing himself, but I think my processes don't start up properly.
Because you know the 'Windows Updates' icon that appears in the system tray on start up? It doesn't show up sometimes. And I noticed that the programs work properly when 'Windows Updates' icon shows up. When it doesn't appear on start up, thats when the programs don't work.
Also I don't hear the Windows startup sound when the problem occours.
Don't know if that will help, but just thought you might want to know.

I have Windows XP installed, Pentium 4, 3.06GHz, 2GB RAM.

 

[DelJo63]

MBAM did a good job clean up for you.

FYI: O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
is part of a TCP Packet sniffing tool which is well known -- you should have knowingly installed this.

If not, take steps to delete it.

 

[BKLfarhang]

MBAM did a good job clean up for you.

FYI: O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
is part of a TCP Packet sniffing tool which is well known -- you should have knowingly installed this.

If not, take steps to delete it.

Yea my PC became noticibly fast after the MBAM cleaup.
I have uninstalled WinPcap as you said. (Don't remember installing it)

But how do I solve the problem? (Programs not working on startup)

Help is really appreciated. Thanks for taking time out.

 

[BKLfarhang]

Hello? No help?!

 

[Bobbye]

I'm checking your logs now. I will come back and edit this reply when I have finished.

Right off the top, I see that you are running both AVG and McAfee antivirus. Please decide which you want to keep and uninstall the other.

I note that you are also using a music sharing site: D:\Last.fm\LastFM.exe
P2P programs are a straight ticket to malware- Please do not use it while cleaning.

 

[BKLfarhang]

I'm checking your logs now. I will come back and edit this reply when I have finished.

Right off the top, I see that you are running both AVG and McAfee antivirus. Please decide which you want to keep and uninstall the other.

I note that you are also using a music sharing site: D:\Last.fm\LastFM.exe
P2P programs are a straight ticket to malware- Please do not use it while cleaning.

Yes I realized that and I've removed McAfee.

LastFM is not a music sharing site. You can't download music from there. And its not a P2P program. It just keeps track of my music (number of plays, artists, albums etc) and displays it online on the site.
But if you still think its harmful I'll remove it.

 

[Bobbye]

I'm making a separate reply because you don't get notice when I edit.

Since you removed McAfee, it's a good idea to run this removal program to be sure all the files and folders are gone. Download to desktop, run from there following onscreen prompts:
http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

To prevent Tracking Cookies reset as follows:
For Firefox:

• Tools> Options> Privacy> Cookies>
• CHECK ‘accept Cookies from Sites’>
• UNCHECK 'accept third party Cookies>
• Set Keep Until> They expire
• I strongly suggest using the following add-ons to prevent the third party Cookies:
• AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
• Easy List: http://easylist.adblockplus.org/

For Internet Explorer:

• Internet Options (through Tools or Control Panel) Privacy tab> Advanced button>
• CHECK 'override automatic Cookie handling'>
• CHECK 'accept first party Cookies'>
• CHECK 'Block third party Cookies'>
• CHECK 'allow per session Cookies'> Apply> OK.

1. Temporarily turn off the Windows Updates:
Control Panel> Security Center> Automatic Updates> CHECK 'Turn off Automatic updates'> Apply> OK. That will temporarily remover that from the problem area.

2. It is difficult on a global board to determine if IP would be appropriate, so please verify the following:
Is MTLN in India your ISP and/or company network.
Why do you have connections to MTLN with 2 different IPs?
59.179.243.70 and 203.94.243.70

Most of the IPs assigned to MTNL are blacklisted at SORBS and other popular blacklist providers. It can be for spam, open relay, anti-spam or open proxy relay. When someone is blacklisted, it means that he or she is put on a list of individuals and organizations which have been singled out as deserving of some sort of denial or punishment, with the assumption that they deserve such treatment because of their behavior.

3. Have you configured this ProxyServer setting?
ProxyServer = 10.205.46.22:8080 which is a private IP

4. Uninstall the following programs if present using: Control Panel> Add/Remove Programs:
MyWebSearch
FunWebProducts
When done: Right click on Start> Explore> Programs> right click> Delete these folders if present:
MyWebSearch
SmileyCentral
Cursor Mania
FunWebProducts

Reboot after finishing the above. (you will need to update the AdobeReader when we are through as your version v6, is way out of date)

4. Please download ComboFix HERE and save to your desktop.

With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
• Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run a full system scan with AVG. If any malware is found, include the log with your next reply.
Follow with a new scan by HijackThis. Attach Combofix report and new HijackThis log.

 

[BKLfarhang]

1. Turned automatic updates off.

2. Yes my ISP is MTNL.
I don't know why there are 2 connections. 59.179.243.70 was my computers IP I think and 203.94.243.70 is my DNS server(Whatever that is. I saw it in the network connection properties).
The people at MTNL are not very knowledgable. They just come and configure the connection as they are told. Its more of a hit and trial they do. They try "Obtain an IP address automatically.". If that doesn't work then they try some IP's they know.
I do not know why I have been blacklisted. But MTNL itself as an ISP is horrible. Get disconnected frequently, poor service etc etc.
Also I noticed that when I play games online, I can only view servers whose IP also starts with 59.178... or 59.179.... Anyways thats not the problem right now.

3. No I have not configured any proxy server. Don't even know what they are.

4. Don't have any of those programs on my computer.

5. I couldn't find the AVG log you requested. The log folder of AVG is empty. I can only see the scan in the event history. Thats it.
I am attaching the ComboFix report and the HJT log.

 

[Bobbye]

For the AVG log, see if this will work for you:
AVG : Settings and log:
The log is separated into two parts listed as "Virus Results" and "Spyware Found". Open AVG:

• Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
• Under "Reports" select "Do not automatically generate report after every scan" and UNcheck "Only if threats were found".
• Click the "Scan" tab to return to scanning options.
• Click "Complete System Scan" to start.
• When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
• Click on "Report" button to view all completed scans.
• Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.

Once you have set this, a log should be available after a scan.

Please note that I put the information about the MTLM IP blacklisting in quotes. "I" was not saying your IP was blacklisted, only quoating a comment I found.

I'm going to pin you down to a more accurate description of what you means by saying:

Programs don't work on start up]

Sometimes (randomly approximately 6 out of 10 times) when my computer starts up, none of the programs work. I can only open folders, but no files or programs.]

1. Do the programs you have set up on the startup menu start on boot? Or not?
2. Once you have started, can you open program through All Programs?
3. Where are the folders you can open?

Please open HijackThis, and select Do a system scan only.
(NOTE: IF you have set one home page to come up as a blank home page, leave the first R0 entry. If you have NOT, check for HJ to remove)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.205.46.22:8080
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Then, close all other open windows, leaving only HijackThis open, and select Fix checked.

Please rescan with HijackThis and attach a new log. Also include the AVG log.
Please answer the questions I asked about 'programs don't work on startup.'

 

[BKLfarhang]

I can't see any of the options you stated in AVG. I have the free version (AVG 8).

About the programs:
1. I'm not sure if all the start menu programs start. I think that some of my processes don't start properly. Like as I said I can't see the 'Windows Updates' icon. And I think the sound driver also does not load because I don't hear the Windows startup sound.
2. No the programs don't even work from All Programs. I click them, the CPU processes for just 1 second (I see the hourglass) and then nothing happens.
3. Any folder. I can open and view 'My Computer', C drive D drive... and all folders inside the drives, but I can't open any file.

 

[Bobbye]

I asked you to disable the Windows Updates temporarily.

As for the sound 'sound':
Control Panel> Sounds & Audio Devices> Sounds tab> find the feature you want to have a sound for and click to highlight> preview the sound until you find the one you want in the dialog box below and choose the sound.

The question is: are you missing any sound features. Not the 'ding' you think you need to get when it loads, but sounds coming from a site? IF so, that's one matter. If it's just a 'load' sound and the sound itself works, then it's no problem- just a matter of choosing a particular sound type.

Do you hear the sound when you use Real Player, Quick Time or iTunes? If you play a video through CyberLink, do you hear the sound?

Do you remember doing anything special before this began like update, install, uninstall"

And regarding this:

And I noticed that the programs work properly when 'Windows Updates' icon shows up. When it doesn't appear on start up, thats when the programs don't work.

Do you have Windows Updates downloaded and ready to install? Have you gotten the message' don't shut the computer down. After updates are installed, the system will be shut down'?

Please do an online scan with Kaspersky WebScanner.

1. Please visit the Kaspersky Online Scanner website HERE.
2. Click on the Accept button and install any components it needs.
3. The program will install and then begin downloading the latest definition files.
4. After the files have been downloaded on the left side of the page in the Scan section select My Computer
5. This will start the program and scan your system.
6. The scan will take a while, so be patient and let it run.
7. Once the scan is complete, click on View scan report
8. Now, click on the Save Report as button.
9. Save the file to your desktop.
10. Copy and paste that information in your next post.

Please view the startup menu and copy the processes that are CHECKED. Paste the list here in your next reply:
Start> Run> msconfig> enter> Selective Startup> Startup menu> copy the process names from the left column.

Any folder. I can open and view 'My Computer', C drive D drive... and all folders inside the drives, but I can't open any file.

Are you using Windows Explorer to do this?
Right click on Start> Explore> Programs> right click on one of the programs you want to open> Properties> look for the .exe file on the right screen and click on it> does the program open correctly?

 

[BKLfarhang]

No you don't understand.
I have the sounds. And I listen to music and it works fine.
Its just that the sound doesn't work when that problem occours(programs not working).

Its no use. This isn't going anywhere. I think I'll have to reinstall Windows.

Thanks a lot for your help Bobbye. Really appreciate that you took out your time.
Thank you.

PS: BTW is there any software that backs up the programs on your computer so that when I reinstall Windows I can get all my programs back as they were.
Data is not a problem I can always use an external storage for backing up data.
But programs need to be installed again.
Any idea?

 

[Bobbye]

So you're missing the 'error bleep' sound: make sure it's set:

For the error bleep':
Control Panel> Sounds & Audio Devices> Sounds tab> scroll down to 'Program error'> if there is not a sound icon there, you won't hear a sound so highlight 'Program error'> click on Arrow that becomes available to right of sound dialog box> Choose a sound> Preview by clicking on Arrow to left of the word 'Browse" if okay click on Apply> OK.

Look over the other available features that you can choose (or change) sound for and follow same as above.
If the Program Error didn't have sound with it, you wouldn't hear it.
IF the Program Error did have sound with it and you don't hear it, then it may be something other than a Program Error' that doesn't have a sound with it.

I hope that helps. These sounds are entirely customizable. You can have 'sound' come up for all those functions, for none of those functions or some of those functions.

 

[BKLfarhang]

I am not missing any sound.
I know how to customize the sounds. I know I can add sounds to even maximizing and minimizing windows.
I know how to add the error bleep sound too.

And my Windows Startup sound is customized too. Its there.
I know all that.

What I said was that my sound does not work when the problem occours. The problem that the programs don't work on start up.
Like when I start the computer sometimes, no program works. (I said this earlier) When this happens I cannot hear sounds.
Thats it. I was telling you a symptom of the main problem (which is that sometimes programs don't work on start up, thats when I can't hear the sounds and I don't see the Windows Updates Icon)
Anyways there no point.


Is there any software that backs up the programs on your computer so that when I reinstall Windows I can get all my programs back as they were.
Data is not a problem I can always use an external storage for backing up data.
But programs need to be installed again.
Any idea?

 

[Bobbye]

OK, you made that clear. Sometimes it can be frustrating on both sides!

I can open and view 'My Computer', C drive D drive... and all folders inside the drives, but I can't open any file.

Right click on Start> Explore> Programs> choose a program you don't think is working> double click to open> folders and files will open on the right> find the file that ends in .exe and double click on it> what happens?
Do you get an message?
Make sure 'Read Only' isn't checked.
Find another file in the program that's not.exe and double click to open> what happens?
Do you get any message>
Make sure 'read Only' isn't checked
Now please describe what is meant by:

no program works.

Can you launch the program manually?
Start> All Programs> click on program to start it.

1. I'm not sure if all the start menu programs start. I think that some of my processes don't start properly.

For instance?

Programs that launch on boot are found here:
Start> Run> msconfig> enter> Selective Startup> Startup menu> whatever is checked should start when you boot-unless-if corrupt or possibly disabled from malware.

Control Panel> Security enter> Automatic Updates> which line is checked?

You had a significant malware infection. Malwarebytes removed what it found. but the malware could have damaged some of the system functions and/or all of the malware might not be found and removed.

IF you would like to continue, please let me know. If not, reformat and reinstall.

Is there any software that backs up the programs on your computer so that when I reinstall Windows I can get all my programs back as they were.

No.