Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP freezes after reboot


  • Please log in to reply
2 replies to this topic

#1 scuzzi

scuzzi

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 23 December 2010 - 01:09 PM

Recently, my school kids inherited a Dell system running XP SP3, and things have been generally fine. I had them install AVG 2011 free and MBAM as preventative measures; but left all existing (and some unused/unnecessary) programs. Last week if began running sluggishly, and so I rebooted. The computer seemed to stall after loading Windows fully and I had to reboot again into safe mode, updated MBAM and scanned. After finding some problems, quarantined and rebooted, the computer loads WinXp fully but doesn't respond to opening files or programs such as Mozilla. Unable to access "taskmanager"; Couldn't find it in the Windows file; and installed TaskManagerFix (which improved the accessing tskmngr). The computer under full windows still might open files after 5-10 minutes or completely freeze (clock stopped) and have to hard reboot. The only way to access the machine is thru Safe Mode which is possible with no problems. I have attached original MBAM scan log.

In Safe Mode, no problems found with AVG. Additionally, I installed and ran SAS, found problems, and after rebooting, SAS had been removed(?) and the log seems lost; I reinstalled and found nothing. Some of the issues I remember seeing related to Trend Micro AV 2007 which I can't seem to remove as some files are missing. (I assumed missing links/registry items.) Squirrelly and sluggish response times convince me of deeper issues.

I'd appreciate assistance in diagnosing and solving. Thanks in advance.

scuzzi

MBAM SCAN RESULTS 12.13.2010
Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46C1-8345-B72A4567E486} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E856B973-45FD-4559-8F82-EAB539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{DF058C45-CD18-453e-8745-5A77F60722AB} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{B5A33C35-7298-4D15-8753-A2E851E2EAB3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GTDOWNDE.GTAutoFixDLCtrl.1 (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GTDOWNDE.GTAutoFixDLCtrl (Adware.Gdown) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\gtdownde_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 Computer wiz45

Computer wiz45

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 23 December 2010 - 06:29 PM

Only A part of the log or post the Full Log and please Rerun MalwareBytes do a Full Scan and update before running and post the log the full log please.

You will need Safemode with Networking to do this

Next Run Please download ATF Cleanerby Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.



Notes for Windows Vista users:

On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"

Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function.

Next Scan using Stuper Antispyware do a Full scan and post the log here

Edited by Computer wiz45, 23 December 2010 - 06:33 PM.


#3 scuzzi

scuzzi
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 03 January 2011 - 01:03 PM

OK ComputerWiz45 -

The holidays consumed the last week, and the time lapse didn't solve the issue.

I'm not sure why the MBAM log was only partial; you're right. I downloaded ATF cleaner ran both FF and IE, and have updated SAS and rerun. I posted the log as requested. I can now open WinXP normally, however the machine is very slow (~12 min to open FFox). I'll look at deleting unnecessary programs. Other suggestions?

Thanks, scuzzi

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2011 at 10:42 AM

Application Version : 4.47.1000

Core Rules Database Version : 6116
Trace Rules Database Version: 3928

Scan type : Complete Scan
Total Scan Time : 00:38:03

Memory items scanned : 292
Memory threats detected : 0
Registry items scanned : 9302
Registry threats detected : 0
File items scanned : 28684
File threats detected : 15

Adware.Tracking Cookie
.adserver.adtechus.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]


.serving-sys.com [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Administrator.MLDMACHINE\Application Data\Mozilla\Firefox\Profiles\xwq1t7tv.default\cookies.sqlite ]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users