Suspected Virus/Malware freezing computer

[alligatoring]

I have a Toshiba Satellite P100 running Windows XP that has recently started freezing. I was directed here after posting in the BSOD, Freezing section. I am unable to complete the steps in the 8-step guide as my computer freezes before it's able to complete a scan, by freeze I mean it becomes completely unresponsive, there is no BSOD but Ctrl Alt Del doesn't work either. I can run boot time scans without freezing but Avast! did not pick anything up and I'm not sure what else to try. I do have Hiren's Boot CD but none of the anti virus/anti malware programs show up in the boot menu oddly enough.

I was hoping for some advice on a few things:

Can I backup any of my files onto an external drive, then format, reinstall the AV programs and scan my external drive? (and then transfer the data back). I have some PSDs and other media files from projects that I would really love if I could backup.
edit: my external drive may or may not also be infected already since I do not know when the infection actually occurred and I was working on backing up data before it started freezing up.

I have also read the post on identity theft, since my laptop is on a network how likely is it that whatever is afflicting my computer has spread? There has been no file active sharing (generated by us the users), the computers are running the same up-to-date AV program that I was (Avast!) I am concerned since I wanted to change my important passwords but am unsure whether they could be infected as well. I am currently running scans on them.

What would the best course of action be from here? Being unable to run scans in normal windows mode or even in safe mode. I really am trying to exhaust all other options until I am left with only formatting and deleting all my hard worked on projects. This is a wakeup call to backup more frequently.

Thank you for any advice or suggestions, I really appreciate them!

 

[Bobbye]

I don't want you to feel like we're bouncing you back and forth between forums-but:

The suggestion to check the Event Viewer is exactly what I recommend. We can't check for malware if you can't run any programs. Please see if this will work for you:

Important! When the systems freezes, I want you to note the time on the computer clock. Events are time coded and you need to look for Error at time of freeze

Please download VEW and save it to your Desktop:

Setting up the program

Double-click VEW.exe then under Select log to query, select:

• Application
  [*] System
  
  Under Select type to list, select:
  
• Critical (Vista only)
• Error
  
  Click the radio button for Number of events
  
• Type 20 in the 1 to 20 box
• Then click the Run button.
• Notepad will open with the output log.
  
  Load the log
  
• In Notepad, click Edit> Select all
• Then press Edit > Copy
• Press Ctrl+V on your keyboard to paste the log to your next reply.

(Courtesy rev-Olie)

Give me the time of the freeze- I will check for corresponding Errors in the log. I read your other thread and it wasn't clear to me what happened with the Event Viewer. If this works, give me the time and the log- we'll go from there.

 

[alligatoring]

The last two freezes: 7:35 pm and 7:41 pm


Vino's Event Viewer v01c run on Windows XP in English
Report run at 24/02/2010 7:46:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/02/2010 7:44:57 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi

Log: 'System' Date/Time: 24/02/2010 7:44:56 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The avast! Antivirus service depends on the avast! Standard Shield Support service which failed to start because of the following error: The specified driver is invalid.

Log: 'System' Date/Time: 24/02/2010 7:44:56 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The avast! Standard Shield Support service failed to start due to the following error: The specified driver is invalid.

Log: 'System' Date/Time: 24/02/2010 7:44:56 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The aswFsBlk service failed to start due to the following error: The specified driver is invalid.

Log: 'System' Date/Time: 24/02/2010 7:22:18 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:18 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:16 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:16 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:16 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 24/02/2010 7:22:16 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

 

[Bobbye]

The following are all Errors from Avast. If you have Norton/Symantec, you shouldn't be running Avast also. Uninstall Avast.

Event: 7000 Source: Service Control Manager
Event: 7001 Source: Service Control Manager
Event: 7026 Source: Service Control Manager
Log: 'System' Date/Time: 24/02/2010 7:44:56-7:44:58 PM

• The aswFsBlk service (Avast! antivirus system system driver file) failed to start due to the following error: The specified driver is invalid.
• The avast! Standard Shield Support service failed to start due to the following error: The specified driver is invalid.
• The avast! Antivirus service depends on the avast! Standard Shield Support service which failed to start because of the following error: The specified driver is invalid.
• The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi

It is probable that the application referred to here might be part of Avast:
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.
Log: 'System' Date/Time: 24/02/2010 7:22:16 PM>> x5
Log: 'System' Date/Time: 24/02/2010 7:22:17 PM>> x10
Log: 'System' Date/Time: 24/02/2010 7:22:18 PM>> x2

So, between 7:22:16 PM and 7:22:18, an application attempted to run but shut down 17 times because it couldn't find what it needed to run.

Then, between 7:44:56 PM and 7:44:58, Avast tried to load and run 4 times, but could not because the driver wasn't any good!

The first freeze at 7:35 pm probably happened because the system was tired of trying to do something it couldn't. I'll guess that second freeze, 7:41 pm came around the time that the failed Avast loads taxed the system so much that it shut down.

Do this: Avast Removal

Reboot. then run the following:

TFC (Temp File Cleaner)

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. . TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Empty the Recycle Bin

 

[alligatoring]

I did as instructed and now I'm getting all of these errors in the event log. (I have no devices plugged into my computer). Lastest freeze time: 8:57 pm
I'm thinking it might be better to just try and save what I can and then format.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 25/02/2010 9:03:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/02/2010 8:36:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2010 8:36:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2010 8:36:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2010 8:36:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2010 8:36:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2010 8:36:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2010 8:36:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2010 8:36:49 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 25/02/2010 8:34:14 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 25/02/2010 8:32:16 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Log: 'System' Date/Time: 25/02/2010 8:32:16 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 25/02/2010 8:32:16 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 25/02/2010 8:32:16 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 25/02/2010 8:32:16 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 25/02/2010 8:31:56 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 25/02/2010 8:31:51 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 25/02/2010 8:31:49 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 25/02/2010 8:31:44 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 25/02/2010 1:50:08 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 25/02/2010 1:49:26 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

 

[Bobbye]

I can't help you anymore with respect to malware. Many of the current errors appear to have occurred while the system was in Safe Mode. The drivers that didn't start don't start in Safe Mode.

We aren't getting anywhere here. You posted in the correct forum to begin with and they should have tried to deal with the Event Errors there.

 

[alligatoring]

Thanks for your help. I'm just going to format.

 

[Bobbye]

Sorry it came to that, but I don't know where the problem is. Let us know after you get set up again if you need any help. I will close this thread.