Help

[Bluemeanie]

And the log in normal mode, just after cloning.

[jeffce]

Hi,

Do you recognize this C:\Documents and Settings\Bill\My Documents\1700voyageridle.rtf<----------


Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

Code: [Select]

:Services

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2025429265-790525478-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.huffingtonpost.com/?icid=NSCPnavbar_News"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP:  File not found
O15 - HKU\S-1-5-21-2025429265-790525478-839522115-1004\..Trusted Domains:   ([]msn in My Computer)
O15 - HKU\S-1-5-21-2025429265-790525478-839522115-1004\..Trusted Domains: aol.com ([free] http in Trusted sites)

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered.  There will be a log created when it completes that I will need in your next reply.  Reboot when it is done.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

[Bluemeanie]

Yes, I wrote that file, it contains the text that was going into an email about a problem with my bike.
And so I do this right, you want a scan, not a quick scan, correct? And do you want it from safe mode, or would you rather I do a reclone and then do the scan?

[Bluemeanie]

Almost forgot. I got to looking at the event log this morning, I could view it while it was in the condition where exe's wouldn't run. I compared what was logged in that startup to a startup back in March (way before this problem started), what I see is that in a good boot there are a lot of Service Control Manager entries and in this morning's where things weren't right those entries weren't there. So I attempted to start a service and it timed out with a 1053 error logged. Maybe this means something, maybe it doesn't.

[jeffce]

Hi,

I want you to copy the text I provided into the Custom Scans/Fixes box and then press Run Fix.  Then once the fix has been completed just run a new scan by pressing the Run Scan button. 

Please run both of these in Normal Mode. 

[Bluemeanie]

The latest scan.

[jeffce]

Hi,

I am not seeing anything that is just jumping out at me malware related.  Could you explain to me exactly what symptoms you are experiencing?  We may be dealing with a software problem of sorts?

[Bluemeanie]

In a way I'm glad you're not seeing anything. What happens is that after a reboot things don't work, that is any .exe file will not run, double clicking or doing an open results in nothing, sometimes I get an hour glass. The very first indication of this is that there is no startup sound. Note that I first noticed this last Thursday morning, Wednesday I did a backup, so I did a restore to that and all seemed well until a reboot later in the day. What I learned yesterday is that it doesn't always happen on a reboot, it seems to take some amount of time of running before it will happen. What I noticed in the logs this morning is that when it happens there are no service control manager things in the event log during startup. What I was doing yesterday was trying to eliminate hardware, and I'm still not sure I have done that. I did try doing a reclone last night, then booting once, then powering off for about an hour, then powered up and wound up in the failing state, so it seems whatever is causing this happens regardless as to whether the machine is powered up or not.

[jeffce]

Looks like we may need to do a Clean Boot....

Step 1:

Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box is displayed.

Step 2:

Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.

Now we get to the tedious part,:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present ?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem

[Bluemeanie]

I was afraid I'd get to this point. Starting to think a clean install may be the way to go. I did try a repair install yesterday, and received a bsod both times (7b, saying to run chkdsk). So for laughs I did a clean install and all is working well with that, so I don't suspect hardware at this point. I do have to restore anyway to try to get some licenses, so I'll give this a shot at that time.

[jeffce]

Ok...sounds good.  Let me know how it works for you and if you still need help. 

[Bluemeanie]

Tried the clean boot tonight. No go, still failed.

[jeffce]

Hi,

Since the clean boot is not working I think we are dealing with a possible software/hardware problem.  I would advise that you go here >> http://www.geekstogo.com/forum/forum/5-windows-xp-2000-2003-nt/ and start a new topic in the Windows XP forum at Geeks2Go.  Let the techs there look things over.  You will have to register there but it is free just so you know.    Be sure to post a link to the topic here so that they can take a look and see what we have done.