What's wrong?

Hi-

I am new even though I have had avast for a couple of years now. It is a Windows XP Home edition, Version 2002 with a service pack 3. I have Avast (of course), Malwarebytes, Ccleaner and Comodo (firewall). Anything else you need to know, I’ll have to look. I have this problem with starting up my computer. When I turn it on, it goes through about three “Windows” logos and sometimes takes a minute to get to the “Account” screen. When I type in my password - it thinks - makes a noise in the tower/modem - and will eventually the wallpaper only on desktop, (and/or) half the icons loaded, (and/or) nothing in the “launch” section on the “task bar”, except, I think something to do with hardware. I push Ctrl-Shift-Esc just to bring up task manager but I can not even log off using that. Click on “Start” button and it immediately is non responsive. The only way I can shut my computer off is by pushing the same button I push to start the computer. This is all done and happens in Normal Mode. I can only access my computer in Safe Mode with or without Networking.

I have searched the internet after running all I have with no avail. of any detections of anything on my computer, tried the explorer.exe in task manager (didn"t do anything). I tried restore and sometimes it makes it better and sometimes worse. I did get it back to normal once with restore, but when I rebooted it went back to non functioning. I have no idea what is going on but I need to find out something else on what to do as I have 10 years of bookkeeping on here that I would like to keep. I do have a hard disk back-up, but still. Do I need to get a new hard drive because mine might be old/worn/outdated maybe? I really haven’t a clue.

Thank you for taking the time to look at this.
TinaJo

see the guide here http://forum.avast.com/index.php?topic=53253.0

run AdwCleaner…click delete, and post log here. this will remove any browser/toolbar crap

then scroll down to OTL run it and attach the log (not copy and paste) …it will produse a diagnostig log

a removal expert will then check it later today…after work hours european time
you may run the tools from safemode if you need

Hi Pondus

Hopefully I can do this as I have to write everything down so may take awhile.

Also my restore is turned off (?) and I guess it can only be turned on in Normal Mode.
Pray for me on this one.

Here goes

Monitoring

Hi

Here is my AdwCleaner - Log:

AdwCleaner v2.110 - Logfile created 02/04/2013 at 10:53:08

Updated 03/02/2013 by Xplode

Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

User : Tina Jo - BARN

Boot Mode : Safe mode with networking

Running from : C:\Documents and Settings\Tina Jo\Desktop\adwcleaner.exe

Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\P2P Networking
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browsers] *****

-\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\ Mozilla Firefox v16.0.1 (en-US)

File : C:\Documents and Settings\Tina Jo\Application Data\Mozilla\Firefox\Profiles\whx2cglv.default\prefs.js

Deleted : user_pref(“browser.search.selectedEngine”, “Search the Web”);

File : C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\huc735n7.default\prefs.js

Deleted : user_pref(“browser.search.selectedEngine”, “Search the Web”);


AdwCleaner[S1].txt - [2915 octets] - [04/02/2013 10:53:08]

########## EOF - C:\AdwCleaner[S1].txt - [2975 octets] ##########

Here is my OTL - Logs (Otl.Txt & Extras.Txt): Attachments

I tried over ten times to uncheck the box to enable restore, but soon as I click apply it becomes non responsive. I have to get in my account and do what I want to do super fast before that noise makes it’s sound or everything freezes up. It’s just not happening. Also when I downloaded both of these programs, I checked in my Program Files and seen both software folders. Since rebooting all them times, they are now gone and in the Program Files folder there are empty two spaces between folders. No idea what is happening.

Will check back later
Thank you

We may be looking at hardware but first lets confirm that it is clean

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
FF - prefs.js..network.proxy.http_port: 12080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,12080"
O3 - HKU\S-1-5-21-1708537768-1202660629-682003330-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-1202660629-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe" File not found
O4 - HKU\S-1-5-21-1708537768-1202660629-682003330-1004..\Run: [] File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-21-1708537768-1202660629-682003330-1004..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi]
"Description"="Provides systems management information to and from drivers."
"DisplayName"="Windows Management Instrumentation Driver Extensions"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"ServiceMain"="WdmWmiServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and run farbar service scanner

http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FSS-1.jpg

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Hi

Will do this. One question though. In the OTL Software under the “Extra Registry”, your picture shows the “None” option checked. Do I also check that option? Mine is checked “Use SafeList” option.

Just to remind anyone viewing/helping, I can only go into Safe Mode with Networking. Someone needs to let me know when I have to go into Normal Mode - for start-up.

Thank you again

i dont think those options are in use when you run the script…only when you scan for a diagnostic log
just leave them as they was default and essexboy will give you new instructions if needed

Hi

Was able to do what you asked. And before I forget again, when I ran Avast not long ago, it did catch one thing which I put in the virus chest along with two others that were in there I noticed. Starting with the most recent, here they are:

File name: C:\Documents and Settings\Tina Jo\Local Settings\Application Data(4F3ACC66-73A1-45D0-A21C-1700873E9C55)\chrome\content\overlay.xul Threat: JS:lframe-QO[Trj]

Both other two: C:\System Volume Information_restore{#'s and letters… Virus Desc.: MalOb-GC[Cryp]
A0348136.dll & A0349244.dll

Not trying to interupt, just thought it may be crucial information that was needed, sorry.

Here is the OTL log and the FSS logs:

Thank you

A fair few services are in an inconsistent state, lets see if we can repair them next. Again can be run from safe mode

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

Ok, I guess I just don’t get it. I downloaded the software, installed and went to Step 3. I then put my xp reinstall cd in and clicked the “Do It” button and the command prompt came up with information regarding Tweaking.com, all in less than three seconds. After the last line in command prompt, it said “press any key to continue” and all it did was minimize to the task bar. So I restarted window, again back in Safe Mode, pulled up tweaking.com, went to Step 3 and clicked the "Do It’ button and not only did the command prompt (with same information) come up but also the window with all the icons on that cd.

Please be aware, I dairy farm for a living and am a novice about computers. Any problems that has to do with a computer, I ask and do what I’m told.

Also one thing I did notice, by last post (essexboy), there was not a comment to post a log or reporting results of any sort, unless it is on my part, right?

Thank you

Correct , about the log I forgot to ask for a fresh FSS scan :-[

Reference step 3 and SFC as it is a manufacturers disc it will not have the necessary information so skip that step and go to the next one

Hi

I did the Step 4 (have no clue where that all went) and then the “Start Repairs” tab. There were a total of eight texts. I don’t know if you wanted me to include them all so I will include the first three (attachment note policy) and the fourth being the log from FSS.

Any more needed from Tweaking.com (last five) please let me know.

Thank you

Could you now boot to normal mode please and let me know how the system behaves

Hi

WaaaahLaaaaah…I got into Normal Mode no problem. At start-up I only seen one “Windows Logo” screen instead of three. When I logged into my account, it took seconds to get to my desktop. And all of a sudden everything started up at once. In other words desktop and launch area on task bar loaded in about 30 seconds. And I hope you don’t mind but I immediately right clicked on “My Computer” and turned restore back on. I checked my firewall and Avast and both say all systems running. Also checked my Audio are as I was not getting any, that’s back on. Also checked to see if my folders were hidden - Tools - folder options - view, as at times they were exposed, that is also good. Looks as if my computer is restored to normal.

You are a genius, thank you, and what ever you and the software programs did please do not tell me the story as I would have no idea what you are talking about. I am just greatfull that there are knowledgable and blessed) people like you folks out there to help those that don’t have the knowledge.

Unless there is anything else you would like me to do or obtain I will close with…

Best Regards To All and God Bless,
TinaJo

Two further things now before I remove my tools and tidy up

First try windows updates and let me know if it works
Second run a final FSS scan for me please

Hi

Oh boy! After I logged off with Avast I decided to down load most of my updates from Windows, quite a few, and when done I was coming back here to check on my last post and Internet Explorer couldn’t load the page. So I didn’t think much of it then, as I mainly use FireFox as my browser, so I closed Internet Explorer and opened up FireFox to come here and I couldn’t get in either. Just shows a blank page while loading continuously.

So I got off the internet to reboot and shut down the computer to skip the installation of the Windows downloads, started back up in Normal Mode, when I got to the desktop only 3/4 of the icons appeared, tried to open Task Manager - Ctrl-Shift-Esc that would not come up at all and so I proceeded to the Start button and soon as my curser hit the Task Bar the curser changed to busy mode.

So yeah, now I’m back in Safe Mode again. Did I do any wrong that I said in my last post?

Thank you

P.S. - I just seen the Warning when I pushed the Post button. Will run the FSS scan and post again.

Hi

Had no problem downloading the Windows Updates, just didn’t install them yet.

Here is the FSS log, done in Safe Mode only.

Could you install all of the updates and allow to reboot to normal mode. Once there let me know what problems there are

Hi

I would install my updates if I can find them. I show no “Notification” area (sorry, I called it the Launch area in a previous post) where the updates icon would be and I went to shut down the computer and saw no update icon on shut down. Also went to Windows Updates site and scanned my computer for updates and only one new one showed. I was then going to view updates on my computer at their site, but it is “grayed” out. Tried it in both accounts. My account screen has an “Administrator” account as computer administrator and a “Tina Jo” account as Administrator, no other accounts. Unless I couldn’t do it because I am in Safe Mode. I don’t really know.

I did try to get in on Normal Mode a couple of times and the first time I had all icons and had Avast icon spinning in the Notification area and the computer made an er-er (?) noise and then couldn’t do anything. Second time trying to get into Normal Mode the icons loaded and Avast icon - not spinning, came up in the Notification area and no noise, but when I moved my mouse down to the Task Bar my curser was busy.

I don’t have any idea where else to look to find the updates that were downloaded yesterday.

Thank you