Go Back   Tech Support Forum > Microsoft Support > Windows XP Support

User Tag List

Finally cleared of Malware, Windows keeps crashing

This is a discussion on Finally cleared of Malware, Windows keeps crashing within the Windows XP Support forums, part of the Tech Support Forum category. Hi, I just spent about a week working with Ried over at the Malware forum and have cleared my computer


Closed Thread
 
Thread Tools Search this Thread
Old 08-18-2009, 09:00 PM   #1
Registered Member
 
Join Date: Aug 2009
Posts: 43
OS: Win XP



Hi, I just spent about a week working with Ried over at the Malware forum and have cleared my computer of any malware. Unfortunately the issue of my computer slowing to a halt is continuing. My startups have been much better since I deleted Symantec, but I still run into problems with freezing, especially when I'm running the internet. If I watch a movie online I tend to freeze up even faster. I can often hear when this will start because my laptop will make louder sounds. It almost sounds like an engine shifting into a higher gear. Once it starts doing that I know that the end is near. Thank you very much for any help you can provide me with. Ried was awesome.
Conorh is offline  
Sponsored Links
Advertisement
 
Old 08-21-2009, 07:56 AM   #2
Registered Member
 
Join Date: Aug 2009
Posts: 43
OS: Win XP



bump, please
Conorh is offline  
Old 08-21-2009, 10:59 AM   #3
Part Time Repair Tech
 
Join Date: Feb 2005
Location: Santa Monica, CA
Posts: 1,267
OS: XP, Vista, 7, Ubuntu



Start > Run > eventvwr > look for red errors that occurred when the crashes happened for clues as to what is causing.
How many viruses were removed?
What other programs crash? Just Internet Explorer? How does Firefox hold up?
Blade_Jones is offline  
Sponsored Links
Advertisement
 
Old 08-21-2009, 11:22 AM   #4
Guest
 
Join Date: Jul 2009
Posts: 454
OS:



Install SpeedFan and run a graph showing temps and voltages over a period of a half hour or so. Run your movie and see what happens to the volts & temps. Something could be over-heating, or you could be getting bad power from a failing Power Supply.

Post a screen shot showing the graph.
Johnny Tremaine is offline  
Old 08-21-2009, 05:42 PM   #5
Troubled
 
Join Date: Apr 2009
Posts: 2,854
OS:



The "engine shifting into higher gear" is your fan cutting in to cool the laptop down. Be sure to blow out all dust with Compressed Air. Be sure that the bottom of the laptop has access to ventilation. Definitely purchase a Laptop Cooler
deleted010511 is offline  
Old 08-21-2009, 06:29 PM   #6
Guest
 
Join Date: Jul 2009
Posts: 454
OS:



Quote:
Originally Posted by spike2me View Post
The "engine shifting into higher gear" is your fan cutting in to cool the laptop down. Be sure to blow out all dust with Compressed Air. Be sure that the bottom of the laptop has access to ventilation. Definitely purchase a Laptop Cooler
I use compressed air AND a vacuum. First one way, then the other.
Johnny Tremaine is offline  
Old 08-21-2009, 06:57 PM   #7
Registered Member
 
forumuser10's Avatar
 
Join Date: Mar 2009
Posts: 64
OS: Windows Xp Service Pack 2



Its better if the laptop doesn't sit on your lap as the clothes your wearing can keep the laptop warm and cause it to overheat. If speedfan seems to be a good software i will put it on my freeware site at greateasygames.webs.com
forumuser10 is offline  
Old 08-21-2009, 07:20 PM   #8
Guest
 
Join Date: Jul 2009
Posts: 454
OS:



Quote:
Its better if the laptop doesn't sit on your lap as the clothes your wearing can keep the laptop warm and cause it to overheat.
The fabric (or any other restriction) will reduce airflow and increase heat. I don't think that "clothing" (or body heat) will significantly increase temperatures.
Johnny Tremaine is offline  
Old 08-21-2009, 09:21 PM   #9
Registered Member
 
Join Date: Aug 2009
Posts: 43
OS: Win XP



Quote:
Originally Posted by Blade_Jones View Post
Start > Run > eventvwr > look for red errors that occurred when the crashes happened for clues as to what is causing.
How many viruses were removed?
What other programs crash? Just Internet Explorer? How does Firefox hold up?
It's pretty much the whole computer that crashes. I ran eventvwr and got a lot back. Here's the screen shot. Sorry, I don't know much about computers and have no idea how to interpret this. Please let me know if you understand these errors and have an idea how to fix them:

https://s582.photobucket.com/albums/s...rh98/Computer/
Conorh is offline  
Old 08-22-2009, 04:59 AM   #10
Windows Tech Team
Networking Team |Tech
 
alpenadiver's Avatar
 
Join Date: Jul 2007
Location: NorthEast, Michigan
Posts: 2,247
OS: Windows 10 Pro, Linux, Windows 7 Pro. Work systems - W2K, XP, Win7, RHEL, Solaris.

My System


I don't get a screen shot with your photobucket link
alpenadiver is offline  
Old 08-22-2009, 05:50 AM   #11
God (TSF Enthusiast)
 
ahmorrow's Avatar
 
Join Date: May 2009
Location: Jeffersonville, IN
Posts: 1,118
OS: Ubuntu 9.10 [Karmic Koala]

My System

Send a message via AIM to ahmorrow Send a message via Yahoo to ahmorrow

There is nothing in the album lol.
ahmorrow is offline  
Old 08-22-2009, 10:26 AM   #12
Registered Member
 
forumuser10's Avatar
 
Join Date: Mar 2009
Posts: 64
OS: Windows Xp Service Pack 2



Sorry Johnny Tremaine, thats what i meant the fabric will restrict airflow. Thanks for clearing that up
forumuser10 is offline  
Old 08-24-2009, 07:55 AM   #13
Registered Member
 
Join Date: Aug 2009
Posts: 43
OS: Win XP



Sorry guys. I tried to upload the picture again, but it wasn't working. I think it might be because I'm running in safe mode. The problem is that I can't get enough time in regular Windows to complete the upload. Any ideas? I was thinking of clearing the event viewer and then restarting my computer and just typing out the messages that come up. Does that work?
Conorh is offline  
Old 08-24-2009, 08:16 AM   #14
Guest
 
Join Date: Jul 2009
Posts: 454
OS:



You can upload pics directly to TSF's server without having to go through photobucket.
Johnny Tremaine is offline  
Old 08-25-2009, 06:55 AM   #15
Registered Member
 
Join Date: Aug 2009
Posts: 43
OS: Win XP



This is driving me nuts. I tried posting the application and system logs but I guess they didn't go through. Here goes again. Please let me know if you'd like details on any of the items or if you see something funny. Thanks a lot.
Attached Files
File Type: txt application log.txt (77.0 KB, 21 views)
File Type: txt system log.txt (81.5 KB, 23 views)
Conorh is offline  
Old 08-25-2009, 11:25 PM   #16
Guest
 
Join Date: Jul 2009
Posts: 454
OS:



Post full text of each individual error.
Johnny Tremaine is offline  
Old 08-26-2009, 06:46 PM   #17
Registered Member
 
Join Date: Aug 2009
Posts: 43
OS: Win XP



No problem. Here are the most recent errors (system and application). Thanks for looking at this.

System Error:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 8/26/2009
Time: 8:54:07 PM
User: N/A
Computer: CONOR
Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSP
Fips
intelppm

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

System Error:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/26/2009
Time: 8:53:05 PM
User: NT AUTHORITY\SYSTEM
Computer: CONOR
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.


System Error:
Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 8/26/2009
Time: 8:52:35 PM
User: N/A
Computer: CONOR
Description:
The IP address lease 192.168.1.110 for the Network Card with network address 001302C84D02 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

System Error:
Event Type: Error
Event Source: Windows Update Agent
Event Category: Installation
Event ID: 20
Date: 8/26/2009
Time: 12:16:57 AM
User: N/A
Computer: CONOR
Description:
Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Windows XP (KB973354).

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 38 sult=0x8
0010: 30 30 37 30 30 30 33 20 0070003
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 39 31 30 35 37 36 ={910576
0028: 35 39 2d 39 42 41 41 2d 59-9BAA-
0030: 34 37 38 31 2d 38 30 34 4781-804
0038: 31 2d 37 33 36 36 30 43 1-73660C
0040: 43 30 42 38 30 35 7d 20 C0B805}
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 31 Number=1
0058: 30 31 20 00 01 .




Application Error:
Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 8/26/2009
Time: 12:13:49 AM
User: N/A
Computer: CONOR
Description:
Faulting application iexplore.exe, version 7.0.6000.16876, faulting module unknown, version 0.0.0.0, fault address 0x01681dd6.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 37 2e 30 2e 36 30 e 7.0.60
0028: 30 30 2e 31 36 38 37 36 00.16876
0030: 20 69 6e 20 75 6e 6b 6e in unkn
0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 30 31 ffset 01
0050: 36 38 31 64 64 36 0d 0a 681dd6..

Application Warning:
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 8/26/2009
Time: 12:16:30 AM
User: NT AUTHORITY\SYSTEM
Computer: CONOR
Description:
Windows saved user CONOR\Conor H registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Conorh is offline  
Old 08-30-2009, 10:15 AM   #18
Registered Member
 
Join Date: Aug 2009
Posts: 43
OS: Win XP



bump, please
Conorh is offline  
Old 08-30-2009, 08:29 PM   #19
Guest
 
Join Date: Jul 2009
Posts: 454
OS:



Okay, good work. Something substantive to work with.

First, it looks like you are using "Selective Startup" from msconfig. Are you ?

If so, and you have certain things turned off, it's going to cause problems. The first message with the services/startups that failed to load:

Aavmker4 belongs to Avast! . If this is installed, it's either not working, or someone/something turned it off; either you or the malware. Give some background on this thing's existance on your computer. Is it supposed to be there ? If so, it's supposed to be working.

aswSP is also part of Avast!, and it should also be working or not there at all.

fips appears to be part of XP's "Crypto Driver". I have no idea what it is or what it does, but it seems legit and it's not working.

intelppm seems to be part of the processor's drivers. This might explain some of your problems. I can't say anything with certainty, but it might be worth trying to reinstall your motherboard drivers and see if this part gets fixed. It won't hurt and might help.

Post your CPU & motherboard specs if you need help with finding the right drivers.

DCOM thinks you are in Safe Mode. If you are not, I've seen this before where the computer thinks it's in Safe Mode and it's not. Verify that you are not in some kind of "Selective Startup" situation.

Your DHCP server (do you have a router, or what?) has an IP address of "0.0.0.0" which seems unusual to the point of being wrong. It might be the computer's fault, or the router's. How do you connect to the internet ?

You have a Windows Update that is failing to install. That might also be the cause of your problems, or a contributor. Run Dial-a-Fix and have it reinstall/re-register Windows Update. Report results. You might get lucky with a "blanket fix" and save us some time trying to focus in on the specific problem. I'm really bad at troubleshooting Windows Update, although there seems to be a few people here that are good at it, so we've got resources available should they become necessary.

The update is a Security Update for Outlook Express, and it was only released on Aug. 11th.

https://support.microsoft.com/kb/973354

I wouldn't worry too much about getting the update, but Windows Update not working is a BIG problem. Fix that, and worry about installing the update later.

Internet Explorer is causing a problem. I wouldn't play with it, given you've been infected. Uninstall IE by using Control Panel>Add/Remove Programs>Add/Remove Windows Components and reboot. Oops. First, download IE8 (standalone) here, and save it where you can find it on reboot. On reboot, reinstall IE8. Don't be surprised if it fails; you've got problems. Might be a good idea to have Mozilla installed as a back-up browser before you do this, so you can get online if it IE8 fails for some reason. Report results.

This one:

Quote:
Windows saved user CONOR\Conor H registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
Means that a program is not shutting down when XP tells it to (when you shut down the computer). It means some software is messed up, and needs to be uninstalled and reinstalled. This would explain any delay/lag you may have on shut-down. The hard part is figuring out which program it is. My first suspect would be Avast!, since we already know it's messed-up. There are ways to figure-out which software it is by process of elimination. You can either turn off certain programs by msconfig (so they don't start), or you can turn them off using Task Manager (ctrl+alt+del). You figure out which program it is by comparing what you've got turned off at shut-down to when Event Viewer no longer records an error. For example, if you turn off "PunkbusterA" in Task Manager, and then suddenly you don't get this error anymore on shut-down, you'll know it's PunkbusterA that is causing the error. Time consuming....

Most important thing here/now is whether you are in Selective Startup of Normal Mode.
Johnny Tremaine is offline  
Old 08-31-2009, 08:18 PM   #20
Registered Member
 
Join Date: Aug 2009
Posts: 43
OS: Win XP



Awesome. Thanks so much for looking into this for me. I'll try to answer as many questions the best that I can, although my computer knowledge is limited:

1. I am now running the computer in Normal Mode. When I first started noticing problems with my system after the malware took over, I had switched to selective startup, but have been working in Normal Mode after the computer was cleared of malware in the other forum.

2. I was probably running in "safe mode" when I posted that. It's hard for me to get more than 5-10 good minutes if I boot up in regular Windows, so I have been working in safe mode for the most part.

3. Avast! There's a good chance it is the Avast that is causing the problems. After working in the malware forum, I uninstalled Symantec and installed Avast instead because I thought Symantec was causing problems. Things cleared up for a little while, but now they're back to the same speed as when I had problems with Symantec. How safe is it to run a computer with no anti-virus? I think the best thing would be to uninstall Avast. Does that mean that I actually do have some malware lurking on the system that is attacking the antivirus software maybe? I will now uninstall Avast and see if things improve. Please let me know ASAP if I should reinstall Avast or another anti-virus.

Sorry, for most of the other stuff that you've suggested, I'm not entirely sure what you mean. Would you mind providing a few more specifics to help me out?
1. I'm not sure what fips is? Is there any way to find out what it does or delete it? Or should we ignore for now?
2. Reinstalling motherboard drivers-- how do I do this? Will it erase my data? I was able to put all the files I needed saved into a folder, but have not had enough time to transfer to an external hard drive without my computer freezing up on me. If the motherboard reinstallation erases everything, then I'll have to figure out how to transfer everything first. Also, my Windows disk is at my parents' house, so I probably won't be able to get it until Thanksgiving if it's needed. Is there any other way to reinstall Windows if that's necessary?

3. I run my internet off a wireless router. Please let me know if you need any more info on that and how I can find the info you need.


Right now, I will uninstall Avast and Internet Explorer and see what happens. I'll report back and then see what else can be done. Thanks again for all of your help.
Conorh is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:19 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts