Author Topic: Desktop screen freezes on start up  (Read 2793 times)

0 Members and 1 Guest are viewing this topic.

Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 519
  • Formerly known as gr277
    • View Profile
Desktop screen freezes on start up
« on: January 07, 2013, 08:23:46 AM »
For the past three weeks, I have been having a persistent problem. When I power up the desktop, as soon as the desktop screen with all the icons appear, and before a connection with the modem gets established, the screen freezes up and no further loading takes place. None of the icons respond to the mouse.
The only way to overcome this problem is to hold the power button in, shut the computer down and re-power up. I know this is not advisable, but I have not got another option. I might have to repeat that several times before the desktop decides to power  up fully/correctly.

Once the desktop powers up correctly, it behaves perfectly well at all times, with no hint of a problem.
Full scans with both, Malwarebytes Anti-Malware PRO and Eset NOD32 Antivirus 5, do not detect any problem!

Last night, however, I did notice that in the log files "Detected threats", of my Eset NOD32 Antivirus, there are two entries shown.

The first one, in black lettering reads:
14/12/2012 -  Real time file system protection - File - C:\Users\Basil\AppData\Local\Temp\AskSLib.dll - a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application - cleaned by deleting (after the next restart) - Quarantined - Event occurred on a file modified by the application: C:\Windows\System32\svchost.exe

Te second one, in RED lettering reads:
14/12/2012 - Real time file system protection - File - C:\Users\Basil\AppData\Local\Temp\BIT632.tmp - a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application - NT AUTHORITY\SYSTEM - Event occurred on a file modified by the application: C:\Windows\System32\cvchost.exe

Above entry is NOT stated as cleaned !
I am very surprised by that, as I am always careful when using the net and never select to download useless toolbars.

I would be grateful for any advice on how to handle/resolve the problem I have with my desktop.

Firefox, is my default browser, with the following add-ons: WOT, Adblock Plus, NoScript, Ghostery, Better Privacy, KeyScrambler.

As per Forum Log Posting Instructions:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Basil at 20:11:12 on 2013-01-06
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2047.1226 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://encrypted.google.com/
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BB6AFFB8-DBEE-4C41-AB0D-69A4D1F83B1C} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\basil\appdata\roaming\mozilla\firefox\profiles\1ojin1ey.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-19 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-5 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-5 682344]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-4-14 173880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-5 21104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98b68edccaa68;Google Update Service (gupdate1c98b68edccaa68);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\sdfssvc.exe --> c:\program files\spybot - search & destroy 2\SDFSSvc.exe [?]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\sdupdsvc.exe --> c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\sdwscsvc.exe --> c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [?]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-12-16 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2011-1-15 53312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\system32\drivers\ioatdma.sys [2007-10-10 36744]
S4 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-10-10 34176]
S4 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-10-10 28800]
S4 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-10-10 210224]
.
=============== Created Last 30 ================
.
2013-01-05 17:30:59   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-01-05 17:30:59   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-01-05 10:35:06   34304   ----a-w-   c:\windows\system32\atmlib.dll
2013-01-05 10:35:06   293376   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-14 16:42:41   --------   d-----w-   c:\users\basil\appdata\local\ESET
2012-12-12 21:37:56   4472832   ----a-w-   c:\windows\system32\GPhotos.scr
2012-12-11 19:23:59   678912   ----a-w-   c:\program files\internet explorer\iedvtool.dll
2012-12-11 19:23:59   387584   ----a-w-   c:\program files\internet explorer\jsdbgui.dll
2012-12-11 19:23:58   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-12-11 19:22:29   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2012-12-11 19:22:20   66560   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2012-12-11 19:22:20   155136   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2012-12-11 19:22:19   16896   ----a-w-   c:\windows\system32\winusb.dll
2012-12-11 19:22:18   73216   ----a-w-   c:\windows\system32\WUDFSvc.dll
2012-12-11 19:22:18   172032   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2012-12-11 19:22:17   526952   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2012-12-11 19:22:17   47720   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2012-12-11 19:22:16   38912   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2012-12-11 19:22:14   613888   ----a-w-   c:\windows\system32\WUDFx.dll
2012-12-11 19:22:14   196608   ----a-w-   c:\windows\system32\WUDFHost.exe
2012-12-11 19:19:22   2048000   ----a-w-   c:\windows\system32\win32k.sys
2012-12-11 19:19:16   224640   ----a-w-   c:\windows\system32\drivers\volsnap.sys
2012-12-11 19:19:13   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-12-11 19:19:10   376320   ----a-w-   c:\windows\system32\dpnet.dll
2012-12-11 19:19:10   23040   ----a-w-   c:\windows\system32\dpnsvr.exe
.
==================== Find3M  ====================
.
2012-11-14 02:09:22   1800704   ----a-w-   c:\windows\system32\jscript9.dll
2012-11-14 01:57:37   1129472   ----a-w-   c:\windows\system32\wininet.dll
2012-11-14 01:49:25   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27   420864   ----a-w-   c:\windows\system32\vbscript.dll
2012-11-14 01:44:42   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-11-06 18:20:08   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-06 18:20:08   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 20:12:25.28 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/11/2007 19:45:55
System Uptime: 06/01/2013 15:59:16 (5 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD |  | MS-7357
Processor: Intel(R) Core(TM)2 Duo CPU     E6750  @ 2.66GHz | CPU 1 | 2333/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 294 GiB total, 213.359 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2597: 18/12/2012 10:48:57 - Scheduled Checkpoint
RP2598: 19/12/2012 10:14:24 - Scheduled Checkpoint
RP2599: 20/12/2012 10:47:33 - Scheduled Checkpoint
RP2600: 21/12/2012 09:11:54 - Windows Update
RP2601: 22/12/2012 11:21:12 - Scheduled Checkpoint
RP2602: 23/12/2012 09:57:47 - Scheduled Checkpoint
RP2603: 24/12/2012 09:46:49 - Scheduled Checkpoint
RP2604: 25/12/2012 07:10:26 - Scheduled Checkpoint
RP2605: 26/12/2012 08:58:08 - Scheduled Checkpoint
RP2606: 27/12/2012 08:40:01 - Scheduled Checkpoint
RP2607: 28/12/2012 09:08:43 - Scheduled Checkpoint
RP2608: 29/12/2012 10:10:31 - Scheduled Checkpoint
RP2610: 29/12/2012 16:10:25 - Revo Uninstaller's restore point - Spybot - Search & Destroy
RP2611: 30/12/2012 12:42:59 - Scheduled Checkpoint
RP2612: 31/12/2012 17:08:32 - Scheduled Checkpoint
RP2613: 01/01/2013 10:55:47 - Scheduled Checkpoint
RP2614: 02/01/2013 10:37:59 - Scheduled Checkpoint
RP2615: 03/01/2013 09:22:10 - Scheduled Checkpoint
RP2616: 04/01/2013 09:09:11 - Scheduled Checkpoint
RP2617: 05/01/2013 10:06:47 - Scheduled Checkpoint
RP2618: 05/01/2013 10:16:16 - Restore Operation
RP2619: 05/01/2013 10:31:14 - Windows Update
RP2621: 05/01/2013 11:46:09 - Revo Uninstaller's restore point - Spybot - Search & Destroy
RP2622: 06/01/2013 10:23:14 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Auslogics Disk Defrag
CCleaner
Choice Guard
ESET NOD32 Antivirus
FileHippo.com Update Checker
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ieSpell
K-Lite Codec Pack 9.4.0 (Basic)
KeePass Password Safe 1.23
KeyScrambler
LibreOffice 3.3
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.1.0.530
Nikon File Uploader 2
Nikon Message Center 2
NVIDIA Drivers
Picasa 3
Picture Control Utility
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Speccy
SpywareBlaster 4.6
SumatraPDF
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
ViewNX 2
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.4
Windows Live installer
Windows Live Photo Gallery
Windows Live Sign-in Assistant
WinPatrol
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
06/01/2013 15:59:50, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Updating Service service failed to start due to the following error:  The system cannot find the file specified.
06/01/2013 15:59:50, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Security Center Service service failed to start due to the following error:  The system cannot find the file specified.
06/01/2013 15:59:50, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The system cannot find the file specified.
05/01/2013 11:43:02, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
05/01/2013 11:43:02, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
05/01/2013 11:43:02, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Updating Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
05/01/2013 11:43:02, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
05/01/2013 10:46:29, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
05/01/2013 10:46:29, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ESET Service service to connect.
05/01/2013 10:46:29, Error: Service Control Manager [7000]  - The ESET Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
05/01/2013 10:28:12, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
05/01/2013 10:28:12, Error: Service Control Manager [7000]  - The MBAMService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================




Results of screen317's Security Check version 0.99.56 
 Windows Vista Service Pack 2 x86 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
ESET NOD32 Antivirus 5.2   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 WinPatrol
 MVPS Hosts File 
 SpywareBlaster 4.6   
 Malwarebytes Anti-Malware version 1.70.0.1100 
 CCleaner     
 Adobe Flash Player    11.5.502.110 
 Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
 WinPatrol winpatrol.exe
 ESET NOD32 Antivirus egui.exe 
 ESET NOD32 Antivirus ekrn.exe 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````[/u]



Thank you in advance,
Basil


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14687
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Desktop screen freezes on start up
« Reply #1 on: January 07, 2013, 01:22:12 PM »
Hi, Basil.

If anything, you almost seem to have more "protection" than is required.  Your computer is over five years old and that could be the source of the problem.  However, what concerns me is the entry you indicated ESET could not remove.  I did not see any indication of cvchost.exe and believe that it was a typo.  However, since DDS does not show the "current control set", I'd like you to run ComboFix.

Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 519
  • Formerly known as gr277
    • View Profile
Re: Desktop screen freezes on start up
« Reply #2 on: January 07, 2013, 02:30:40 PM »
Hi Corrine,
Thank you for the response.

I have run ComboFix as instructed, and here is the log:


ComboFix 13-01-06.01 - Basil 07/01/2013  16:12:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2047.1240 [GMT 0:00]
Running from: c:\users\Basil\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Basil\jre-6u7-windows-i586-p.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-12-07 to 2013-01-07  )))))))))))))))))))))))))))))))
.
.
2013-01-07 16:18 . 2013-01-07 16:18   --------   d-----w-   c:\users\Basil\AppData\Local\temp
2013-01-07 16:18 . 2013-01-07 16:18   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-01-05 17:30 . 2013-01-05 17:31   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-01-05 17:30 . 2012-12-14 16:49   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-01-05 10:35 . 2012-12-16 13:12   34304   ----a-w-   c:\windows\system32\atmlib.dll
2013-01-05 10:35 . 2012-12-16 10:50   293376   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-14 16:42 . 2012-12-14 16:42   --------   d-----w-   c:\users\Basil\AppData\Local\ESET
2012-12-12 21:37 . 2012-12-12 21:37   4472832   ----a-w-   c:\windows\system32\GPhotos.scr
2012-12-11 19:23 . 2012-11-14 02:01   678912   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2012-12-11 19:23 . 2012-11-14 02:00   387584   ----a-w-   c:\program files\Internet Explorer\jsdbgui.dll
2012-12-11 19:23 . 2012-11-14 01:58   1427968   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-12-11 19:22 . 2012-07-26 02:46   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2012-12-11 19:22 . 2012-07-26 02:33   66560   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2012-12-11 19:22 . 2012-07-26 02:32   155136   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2012-12-11 19:22 . 2009-07-14 12:12   16896   ----a-w-   c:\windows\system32\winusb.dll
2012-12-11 19:22 . 2012-07-26 03:20   73216   ----a-w-   c:\windows\system32\WUDFSvc.dll
2012-12-11 19:22 . 2012-07-26 03:20   172032   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2012-12-11 19:22 . 2012-07-26 03:39   526952   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2012-12-11 19:22 . 2012-07-26 03:39   47720   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2012-12-11 19:22 . 2012-07-26 03:20   38912   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2012-12-11 19:22 . 2012-07-26 03:21   196608   ----a-w-   c:\windows\system32\WUDFHost.exe
2012-12-11 19:22 . 2012-07-26 03:20   613888   ----a-w-   c:\windows\system32\WUDFx.dll
2012-12-11 19:19 . 2012-11-13 01:36   2048000   ----a-w-   c:\windows\system32\win32k.sys
2012-12-11 19:19 . 2012-08-21 11:47   224640   ----a-w-   c:\windows\system32\drivers\volsnap.sys
2012-12-11 19:19 . 2012-11-13 01:29   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-12-11 19:19 . 2012-11-02 10:18   376320   ----a-w-   c:\windows\system32\dpnet.dll
2012-12-11 19:19 . 2012-11-02 08:26   23040   ----a-w-   c:\windows\system32\dpnsvr.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 18:21 . 2012-11-09 18:21   784144   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-06 18:20 . 2012-06-10 11:28   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-06 18:20 . 2012-06-10 11:28   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-11-30 20:49 . 2012-11-30 20:49   262112   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-12-10 363752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2158799474-4129856740-915999842-1000]
"EnableNotificationsRef"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 10:18]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = https://encrypted.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Basil\AppData\Roaming\Mozilla\Firefox\Profiles\1ojin1ey.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 16:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-01-07  16:20:23
ComboFix-quarantined-files.txt  2013-01-07 16:20
.
Pre-Run: 227,560,591,360 bytes free
Post-Run: 227,467,706,368 bytes free
.
- - End Of File - - 46C16C64671A96EAE4FD1F8043A8B417

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14687
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Desktop screen freezes on start up
« Reply #3 on: January 07, 2013, 05:38:12 PM »
Hi, Basil.

Please rescan with ESET and let me know the results of the scan.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 519
  • Formerly known as gr277
    • View Profile
Re: Desktop screen freezes on start up
« Reply #4 on: January 07, 2013, 06:13:34 PM »
I did that about an hour ago, Corrine, and ESET did not find anything wrong !

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14687
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Desktop screen freezes on start up
« Reply #5 on: January 07, 2013, 10:27:46 PM »
That part is good but we won't know if any of this fixed the problem until you restart.  If it continues, please see if System File Checker helps.

Please perform a SFC (System File Checker) scan which will check and fix any corrupted files on your system.
  • Click Start, and then type cmd in the Start Search box.
  • Right-click cmd in the Programs list, and then right-click Run as administrator.
  • If you are prompted for an administrator password or confirmation, type your password or click Continue
  • At the command prompt, type the following line, and then press ENTER:  sfc /scannow (note the space before the backslash)
  • When the scan is complete, if no errors are found, restart your computer and post back
  • If the message does not say "Windows resource protection did not find any integrity violations", restart your computer and run System File Checker again.
Note:  You may need to run System File Checker up to three times to resolve all corrupted files.  Please advise if you still have corrupted files after a fourth run.



Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 519
  • Formerly known as gr277
    • View Profile
Re: Desktop screen freezes on start up
« Reply #6 on: January 08, 2013, 06:14:26 AM »
Good morning Corrine,
This morning I got the frozen screen three times. The desktop fired up correctly on the fourth attempt.
I will be carrying out your latest instructions shortly and report back.

Thank you Corrine.

Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 519
  • Formerly known as gr277
    • View Profile
Re: Desktop screen freezes on start up
« Reply #7 on: January 08, 2013, 08:16:32 AM »
Hi Corrine,
One quick question before I use the SFC scan.
Is it advisable to switch off my "defence" prior to starting the SFC process?

I am wandering about that, as I will probably be "modifying" files.....and I don't want ESET NOD32 , Malwarebytes Anti-malware or WinPatrol Plus to "interfere" with the process.

Thank you Corrine

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14687
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Desktop screen freezes on start up
« Reply #8 on: January 08, 2013, 06:03:08 PM »
Hi, Basil.

It shouldn't be necessary to turn off your security programs.  However, if you aren't connected to the Internet, it can't hurt.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 519
  • Formerly known as gr277
    • View Profile
Re: Desktop screen freezes on start up
« Reply #9 on: January 08, 2013, 10:15:37 PM »
Hi Corine,
Used the System File Checker scan 4 times.
On each occasion I got the message:
"Windows Resource Protection found corrupt files and successfully repaired them"
Details are included in the CBS.Log Windir\Logs\CBS\CBS.log
for example  C:\Windows\Logs\CBS\CBS.log

On each occasion, I had to restart a few times as  the screen kept again freezing.

On each scan, I had the message "Configuring Updates Stage 1-3"  and then 2-3, during shut-down. However, I never got the message "Configuring Updates stage 3-3" on any of the start-ups, which I think is the norm.  I wonder, therefore, if any of the repairs have actually been implemented, as I have to use the Power Button to manually shut-down after each frozen screen.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14687
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Desktop screen freezes on start up
« Reply #10 on: January 08, 2013, 11:50:26 PM »
Hi, Basil.

I considered asking you to do a chkdsk /r but, although the chance is small, chkdsk can result in dataloss.  As a result, I'd like to take you to Sysnative.com so Richard or Tom can take a look at your CBS.log and determine first if that is necessary. 

Please do the following:

Export CBS folder
  • Click the Start button then click Computer.
  • Double-click on the C: drive, under the Hard Disk Drives category, and then scroll down to, and double click on the Windows folder.
  • Find and double click on the Logs folder.
  • Right-click on the CBS folder, and select Copy.
  • Go back to your Desktop, right-click on it, and select Paste. You should now see a copy of the CBS folder appear on your Desktop called CBS.
  • Right-click on this new folder, and navigate through Send to, and select Compressed (zipped) folder.
  • A new file, also called CBS (CBS.zip), but this time with a different icon, will be created.
Then, please register at Sysnative.com and create a new topic in the Windows Update Forum.  In your topic, please explain what is happening and provide a link back to this thread.  In addition, you will need to attach the zipped CBS file to your post:
  • Click the paper clip icon in the topic toolbar which will open a new window.
  • Click Add Files in the upper right corner
  • Click Select Files
  • Navigate to your desktop and select the saved zip file (i.e., C:\Users\{Your Username}\Desktop\CBS.zip)
  • The attached file will be highlighted and have a check mark in the box.
  • Click Done.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 519
  • Formerly known as gr277
    • View Profile
Re: Desktop screen freezes on start up
« Reply #11 on: January 09, 2013, 07:23:43 AM »
Hi Corrine,

After the exiting time I had last night with the computer, I finally decided to switch off and go to bed.
This morning, I switched the machine on, and miracle of miracles, it fired up correctly on the FIRST attempt. It has not done that for over a month !!
I then restarted it (yes....I like living dangerously!) and it again fired up correctly.

A few minutes later, I got a notification (via Windows updates) that there are 9 new updates available.
I deselected the .NET Framework updates, and started the process of downloading/installing the Vista updates.
This process got stuck during restart on "Configuring Updates Stage 3-3....Please do not turn off your computer"

After 20 minutes of waiting and nothing happening, I had no option but to force a shut-down with the Power button. On restart, it started fine and to my amazement, all the Vista updates I had selected, had been successfully installed. I am not going to try the .NET Framework updates.....I don't want to push my luck too much at the moment!!

I want to thank you for your patience and kindness in trying to help me. I will, of course, carry out your suggestion later today.
However, I can't help feeling that my Desktop is probably on its last legs!!

Thank you again
Basil


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14687
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Desktop screen freezes on start up
« Reply #12 on: January 09, 2013, 11:58:12 AM »
You may be right about your desktop being on its last legs, Basil. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Basil

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 519
  • Formerly known as gr277
    • View Profile
Re: Desktop screen freezes on start up
« Reply #13 on: January 09, 2013, 03:17:58 PM »

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14687
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Desktop screen freezes on start up
« Reply #14 on: January 09, 2013, 03:35:44 PM »
Thank you!  I had already notified them that you would likely be posting your log and will be following your thread there.

(Edit note:  I see you had registered at Sysnative in November.  Sorry I missed it or would have welcomed you then.)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.