Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Freezes When I Open Anything


  • Please log in to reply
18 replies to this topic

#1 applesauce1234

applesauce1234

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:51 PM

Posted 22 November 2011 - 01:12 PM

Hi there

So randomly, my PC with windows xp has started freezing everytime I boot up. It operates fine in safe mode with networking, and from there i ran MBAM and it came up clear. I tried system restoring it to a several weeks ago, but the problem remains.

I use Online Armour Firewall and Avast Antivirus.

Where should I go from here?

Thank you

BC AdBot (Login to Remove)

 


#2 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:51 PM

Posted 01 December 2011 - 08:38 PM

UPDATE:

so when i boot up in normal mode, everything seems fine, except that it freezes when i try to open anything... sometimes it says that it cannot find the specified file (e.g. notepad, or firefox), and other times it just freezes...

however, if i let it sit for about 20 minutes or so, sometimes it unfreezes... and i can then access programs... it still runs very slowly, and sometimes randomly turns off... i don't seem to have any problems in safe mode.

if i try to do a system restore from more than a couple weeks ago, it goes through the whole process, but then says it is unable to complete the restore...

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 01 December 2011 - 08:53 PM

Hello, lets look at 2 logs please.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:51 PM

Posted 02 December 2011 - 04:11 PM

thank you so much for helping me.

so this was all done in safe mode, by the way... let me know if it should be done in normal mode... as i said, normal mode doesn't really seem to be working perfectly (sometimes it does, sometimes it doesn't)

MINITOOLBOX LOG:

MiniToolBox by Farbar
Ran by Colin (administrator) on 02-12-2011 at 12:57:19
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection 4 (Disconnected)
802.11 USB Wireless LAN Card = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : POOPSICLES

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : cgocable.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : cgocable.net

Description . . . . . . . . . . . : 802.11 USB Wireless LAN Card

Physical Address. . . . . . . . . : 00-0C-0A-42-0D-B0

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.125

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : December 2, 2011 12:41:25

Lease Expires . . . . . . . . . . : December 9, 2011 12:41:25

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.226.20, 74.125.226.16, 74.125.226.17, 74.125.226.18
74.125.226.19



Pinging google.com [74.125.226.19] with 32 bytes of data:



Reply from 74.125.226.19: bytes=32 time=21ms TTL=58

Reply from 74.125.226.19: bytes=32 time=43ms TTL=58



Ping statistics for 74.125.226.19:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 43ms, Average = 32ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=107ms TTL=49

Reply from 72.30.2.43: bytes=32 time=105ms TTL=49



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 105ms, Maximum = 107ms, Average = 106ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c 0a 42 0d b0 ...... 802.11 USB Wireless LAN Card
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.125 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.125 192.168.0.125 20
192.168.0.125 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.125 192.168.0.125 20
224.0.0.0 240.0.0.0 192.168.0.125 192.168.0.125 20
255.255.255.255 255.255.255.255 192.168.0.125 192.168.0.125 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:WINDOW\Windows\System32\mswsock.dll [File Not found] ()
Catalog5 02 C:WINDOW\Windows\System32\winrnr.dll [File Not found] ()
Catalog5 03 C:WINDOW\Windows\System32\mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 02 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 03 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 04 C:WINDOW\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 05 C:WINDOW\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 06 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 07 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 08 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 09 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 10 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 11 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 12 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 13 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 14 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 15 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 16 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 17 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 18 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 19 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 20 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 21 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 22 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 23 C:WINDOW\Windows\system32\mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/30/2011 02:17:45 PM) (Source: MsiInstaller) (User: Colin)Colin
Description: Product: VC80CRTRedist - 8.0.50727.6195 -- Error 1714. The older version of VC80CRTRedist - 8.0.50727.6195 cannot be removed. Contact your technical support group. System Error 1612.

Error: (11/24/2011 01:08:15 PM) (Source: Application Error) (User: )
Description: Faulting application superantispyware.exe, version 5.0.0.1136, faulting module superantispyware.exe, version 5.0.0.1136, fault address 0x00076988.
Processing media-specific event for [superantispyware.exe!ws!]

Error: (11/24/2011 03:41:29 AM) (Source: Application Error) (User: )
Description: Faulting application oaui.exe, version 4.5.1.431, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [oaui.exe!ws!]

Error: (11/17/2011 10:27:59 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 12996, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/17/2011 10:27:56 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/17/2011 10:27:56 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 12996, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/17/2011 02:50:09 AM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 12996, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/17/2011 02:50:06 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/17/2011 02:50:06 AM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 12996, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/14/2011 04:47:35 PM) (Source: Application Error) (User: )
Description: Faulting application oaui.exe, version 4.5.1.431, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [oaui.exe!ws!]


System errors:
=============
Error: (12/02/2011 00:43:50 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/02/2011 00:42:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
Fips
intelppm
khips
OADevice
oahlpXX
SASDIFSV
SASKUTIL
sptd

Error: (12/02/2011 00:41:25 PM) (Source: 0) (User: )
Description:

Error: (12/01/2011 08:43:43 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/01/2011 08:24:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
Fips
intelppm
khips
OADevice
oahlpXX
SASDIFSV
SASKUTIL

Error: (12/01/2011 08:23:41 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/01/2011 02:53:30 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (12/01/2011 02:53:00 AM) (Source: 0) (User: )
Description: 1394 Net Adapter #2

Error: (12/01/2011 02:49:28 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/01/2011 02:30:30 AM) (Source: DCOM) (User: Colin)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Microsoft Office Sessions:
=========================
Error: (11/30/2011 02:17:45 PM) (Source: MsiInstaller)(User: Colin)Colin
Description: Product: VC80CRTRedist - 8.0.50727.6195 -- Error 1714. The older version of VC80CRTRedist - 8.0.50727.6195 cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)(NULL)

Error: (11/24/2011 01:08:15 PM) (Source: Application Error)(User: )
Description: superantispyware.exe5.0.0.1136superantispyware.exe5.0.0.113600076988

Error: (11/24/2011 03:41:29 AM) (Source: Application Error)(User: )
Description: oaui.exe4.5.1.431ntdll.dll5.1.2600.605500019af2

Error: (11/17/2011 10:27:59 PM) (Source: LoadPerf)(User: )
Description: 12996

Error: (11/17/2011 10:27:56 PM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (11/17/2011 10:27:56 PM) (Source: LoadPerf)(User: )
Description: 12996

Error: (11/17/2011 02:50:09 AM) (Source: LoadPerf)(User: )
Description: 12996

Error: (11/17/2011 02:50:06 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (11/17/2011 02:50:06 AM) (Source: LoadPerf)(User: )
Description: 12996

Error: (11/14/2011 04:47:35 PM) (Source: Application Error)(User: )
Description: oaui.exe4.5.1.431ntdll.dll5.1.2600.605500019af2


=========================== Installed Programs ============================

{403EF592-953B-4794-BCEF-ECAB835C2095} (Version: 8.00.0005)
Ad-Aware (Version: 8.1.0)
Addictive Drums 1.5
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 7.0.9 (Version: 7.0.9)
AmpliTube Fender (Version: 1.0.0)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Audacity 1.3.11 (Unicode)
Audacity Recovery Utility
Autorun Eater v2.5 (Version: 2.5)
avast! Free Antivirus (Version: 6.0.1289.0)
AviSynth 2.5
Batch PPTX to PPT Converter 2009
Blender (Version: 2.59-release)
Bonjour (Version: 3.0.0.10)
Canon MP Navigator 3.1
CCleaner (Version: 3.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
ConvertHelper 2.2
Cool Timer 3.7
Creative Audio Console
Creative Audio Console (Version: 1.33)
Creative Software AutoUpdate (Version: 1.40)
DeepBurner v1.8.0.224
DeepBurner v1.9.0.228
DeepRipper v 1.1
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support 5.0.0 (630)
DivX Setup (Version: 2.2.1.2)
DScaler 5 Mpeg Decoders
eLicenser Control
eReg (Version: 1.20.138.34)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FruityLoops v3.56 Full
Gabest MPEG Splitter (remove only)
GOM Player (Version: 2.1.28.5039)
Google Update Helper (Version: 1.2.183.23)
Haali Media Splitter
Intel® 537EP V9x DFV PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
iTunes (Version: 10.5.0.142)
IZArc 3.81 (Version: 3.81 Build 1550)
jahPlayer
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 7 (Version: 1.6.0.70)
K-Lite Mega Codec Pack 3.8.0 (Version: 3.8.0)
LAME v3.98.2 for Audacity
Lernout & Hauspie TruVoice American English TTS Engine
Lexicon Alpha Driver
Lexicon Alpha Driver (Version: 2.6)
Lexicon Pantheon VST Plug-in (remove only)
Machete Lite 3.7 (Version: 3.7.33)
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MediaMonkey 3.2 (Version: 3.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Bootvis (Version: 1.3.37)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0080)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight (Version: 3.0.50106.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WinUsb 1.0
MobileMe Control Panel (Version: 3.1.6.0)
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox 8.0.1 (x86 en-GB) (Version: 8.0.1)
MP3 Player Utilities 4.00 (Version: 4.00)
Mp3 Song Plays Increaser (Version: 1.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
msxml4 (Version: 1.0.0)
MSXML4 Parser (Version: 1.0.0)
Music AlarmClock v2.1.0 (Version: 2.1.0)
Musicnotes Player V1.23.1 and Viewer (Version: 1.23.1)
Native Instruments FM8
Native Instruments Guitar Rig 3
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
NVIDIA Drivers
Online Armor 4.5 (Version: 4.5)
OpenLibraries
OpenOffice.org 3.1 (Version: 3.1.9420)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.3.6.0)
Perfect Uninstaller v6.3.3.8
Picasa 3 (Version: 3.8)
Picture2avi uninstaller (Version: 3.3.0.0)
Pixillion Image Converter
Prism Video Converter
QuickTime (Version: 7.69.80.9)
Ralink RT2860 Wireless LAN Card (Version: 1.5.4.0)
Ralink RT2870 Wireless LAN Card (Version: 1.5.5.0)
REAPER
Recuva
ReNamer (Version: 4.65)
Revo Uninstaller 1.92 (Version: 1.92)
Segoe UI (Version: 14.0.4327.805)
Sibelius Scorch (Version: 1.0.0)
Skype™ 4.2 (Version: 4.2.169)
Smart Defrag (Version: 1.5.0)
Sony Vegas Pro 8.0 (Version: 8.0.144)
SoulSeek Client 156c
Sound Blaster Audigy
Speccy (Version: 1.08)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.4 (Version: 4.4.0)
StudioTax 2009 (Version: 5.0.4.9)
SUPERAntiSpyware (Version: 5.0.1136)
Switch Sound File Converter
System Requirements Lab
System Requirements Lab (Version: 4.1.71.0)
System Requirements Lab CYRI (Version: 4.4.16.0)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VideoCap (Version: 1.0.0.0)
VideoLAN VLC media player 0.8.6b (Version: 0.8.6b)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Wii Video 9 6 (Version: 6)
Winamp (remove only)
Windows Defender (Version: 1.1.1593.0)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 2.05.00.0000)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)
Windows Support Tools (Version: 5.1.2600.2180)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 19.3.2010.5)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Zwei-Stein Video Compositor 3.01 (Beta 2).

========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 2045.98 MB
Available physical RAM: 1720.42 MB
Total Pagefile: 4456.07 MB
Available Pagefile: 4355.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.12 MB

========================= Partitions: =====================================

1 Drive c: (Hard Drive) (Fixed) (Total:146.01 GB) (Free:77.37 GB) NTFS
3 Drive e: (Music) (Fixed) (Total:86.85 GB) (Free:31.67 GB) NTFS
4 Drive f: (PENDRIVE) (Removable) (Total:3.84 GB) (Free:3 GB) FAT32

========================= Users: ========================================

User accounts for \\POOPSICLES

Administrator ASPNET Colin
Guest HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOW\Minidump\Mini120111-01.dmp

**** End of log ****


ESET LOG:

C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\6.0\49\3523cdb1-3973b5e1 Java/Agent.DJ trojan deleted - quarantined
C:\Documents and Settings\Colin\Desktop\Sony Vegas Movie Studio HD Platinum 10.0.179 + Keygen [RH]\SV.MST.HD.PE.10.0.179_[RH].rar multiple threats deleted - quarantined
C:\Documents and Settings\Colin\Local Settings\Application Data\Mozilla\Firefox\Profiles\p9hjvbi3.default\Cache(2)\C1D04375d01 Win32/Toolbar.Zugo application deleted - quarantined
C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP572\A0145360.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP572\A0145361.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP572\A0145365.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP572\A0145368.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP632\A0156938.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP632\A0156939.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP632\A0156949.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP632\A0156957.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP634\A0161597.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP634\A0161598.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP634\A0161608.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP634\A0161616.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP635\A0166551.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP635\A0166552.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP635\A0166562.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP635\A0166568.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0176356.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 02 December 2011 - 04:39 PM

Hello and you're welcome. It appears you may have picked up a rootkit probably from using a Keygen.

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!


Go into the Control panel,Add/Remove programs... Uninstall these Java™ 6 Update 7 (Version: 1.6.0.70) and
Adobe Reader 7.0.9 (Version: 7.0.9)...Reboot.

Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional




Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:51 PM

Posted 05 December 2011 - 11:57 AM

Ok, noted. I had one keygen on my desktop (think my roommate downloaded it... not sure what it was for) and I deleted the entire folder. There shouldn't be any other keygens or cracks on my computer.

I uninstalled the two programs as you suggested, and then re-installed adobe reader.

I ran the TDSS Killer. One file came up as suspicious - sptd (lockedfile.multi.generic). But overall it said there were no threats. I was given no options, and it said that the suspicious file was quarantined.

The only thing that seems unusual now is that there is a long pause when i reboot my computer... windows appears to load normally, but if i try to open a program, nothing happens for about fifteen minutes. Then finally a message comes up saying that the specified file could not be found.

At that point, a window pops up saying that Online Armor (my firewall) has had an error and will close. However, after that, everything works fine.

Should I reinstall my firewall?

Thanks

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 05 December 2011 - 03:19 PM

Does it say the name of the file??
Then finally a message comes up saying that the specified file could not be found.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:51 PM

Posted 05 December 2011 - 04:35 PM

Sorry, the full message is this:

'windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.' I can click OK after that.

So basically what happens is that everything appears to boot up normally, except for the fact that my firewall icon and an antivirus program do not appear in the lower right corner of the screen on the taskbar. Everything else does.

If I right click, or try to access the start menu, the system freezes indefinitely. I am able to double click on any file or program on the desktop (a notepad file, firefox, e.g.)... after about a minute or so, the above message will display. I can try again as many times as I like, but it keeps happening.

Eventually, however, my firewall (online armor) and the program 'super antispyware' will load... this usually takes about twenty minutes.

After that, everything seems to work fine.

Should I remove the firewall (replacing it with something else) and super antispyware, and see if that makes a difference? Or I could temporarily disable them from loading in CCleaner?

thanks!

Edited by applesauce1234, 05 December 2011 - 04:36 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 05 December 2011 - 05:00 PM

Restart your computer in Safe Mode and see if you can open the file or programs in question,this will tell us if it is a permissions issue as many times it is not.

Yes, try the firewall also if needed.

Edited by boopme, 05 December 2011 - 05:00 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:51 PM

Posted 05 December 2011 - 08:16 PM

sorry, what i mean is that when i open ANY file or program i get that message, BUT ONLY until online armor and super antispyware load (which takes about twenty mins)... after that point, I can open any file or program immediately without any messages popping up.

ill try removing superantispyware for now, and reinistalling my firewall...

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 05 December 2011 - 11:16 PM

You can also try

Please download GrantPerms.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

path1
path2
...


Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:51 PM

Posted 06 December 2011 - 12:03 PM

sorry, your message was cut off... you said i could also try something? was it another firewall? do you prefer that one over Online Armor?

i reinstalled OA and uninstalled super antispyware

it seems to have solved that problem... it boots up normally now.

here's the perms log:

GrantPerms by Farbar
Ran by Colin (administrator) at 2011-12-13 12:00:45

===============================================
ERROR: Parsing the SD of <path1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
ERROR: Parsing the SD of <path2> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
...

Owner: POOPSICLES\Colin

DACL(NP)(AI):
BUILTIN\Users READ/EXECUTE ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)
POOPSICLES\Colin FULL ALLOW (I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:51 PM

Posted 06 December 2011 - 01:56 PM

I meant the Grant Perms tool.. Can you open the programs now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 34BLEEP00XX

34BLEEP00XX

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:51 PM

Posted 06 December 2011 - 04:36 PM

Sorry for posting this topic but I am experiencing SAME problems ON my computer.
Computer is slow. Programs take many seconds to open.

My thread is: WINDOWS XP Startup Problems.

#15 applesauce1234

applesauce1234
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:51 PM

Posted 06 December 2011 - 04:52 PM

yes, i can open everything fine now...

unless you had any other suggestions, everything seems to be running smoothly...

thank you so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users