Various Issues- Malware or Hardware Probs...?

So this will likely be a very long post, as I go about attempting to explain the problems I've been having. I apologize in advance! They actually started a few months ago, where my computer would reach the windows splash screen with the little blue loady bar but would not progress any further. I would have to restart my computer a few times before it would finally reach the login screen, though everything would seem fine once logged in. At the time of these problems, I had no internet connection. I figured that, since my computer was a few years old, I just needed to format it and start over.

My brother-in-law did this for me and also added a new hard drive (as a slave) and also a new graphics card. Reinstalled with WindowsXP Pro. Everything was beautiful. Found your forum by accident, and ended up following a lot of the advice I found here, such as programs to install, software to use, cleaning up, etc.

Well... I had done scans with a few malware scanners, as well as using avast as an anti-virus program, and everything seemed peachy. I decided to install a software firewall, rather than use windows, as added security over top my hardware firewall. I chose Online Armor. After installation, I think I installed something else, can't remember what, and had to restart. Did, and got to the windows login screen. I'd log in, it'd say "loading preferences" or whatever, I'd get as far as being able to see my wallpaper but no toolbar or icons yet, and it would log me immediately back out. I tried several times, restarted several more times, kept trying, nothing. Brother-in-law had to take it again, managed to save one of my folders of stuff and ended up having to format and reinstall windows. Again. Said that he found so much adware and virus crap on here it wasn't even funny. Apparently when running the scanners from the drive it was all installed on, it wasn't picking up anything, but when he did it from a different drive, he found everything? He didn't quite explain it all to me, but... Yeah. So I reinstalled the software I had been using, and everything seemed fine again.

Well... It wasn't. Few days later, I had restarted the computer and it got to where it begins loading the login screen... But hung. No bar to input my password, nothing. Waited, nothing. Restarted, same thing happened. Tried several times to get it to let me get to the login screen, nothing. So, similar to my previous problem, but not exactly. It would also get to the splash screen, as before, then go black as if it was about to show my login screen, but would stay black. It would go back and forth between doing these to things, but never got me all the way to the login screen. I had to reboot into safe mode, which allowed me to log in just fine, and used system restore to put my computer back a day. Restarted, everything seemed fine again. I did several scans in safe mode with avast, a2, and spybot. I will post the logs to those momentarily. Don't know if they will help, but.. why not? Oh, and somewhere around the same time I did another scan with avast, where it found two supposed win32:TROJAN-GEN {Other} files, which were moved to the vault and then deleted.

So after rescanning again and finding nothing, I rebooted a few times just to make sure I could get in and out fine, and I thought I was in the clear. Turned off system restore, rebooted, turned it back on. All good. So I put my computer into sleep mode while I went away for a day (was scared to turn it off...), come back and I see a memory dump screen. I dunno if this info will be of any use to you, but here it is:

It said "PAGE_FAULT_IN_NONPAGED_AREA" and then, at the bottom of the screen, said "***STOP:0x00000050 (0xBBE60548, 0x00000001, 0x80573F8D, 0x00000000)." Course it said some other stuff, but that looked like it might be important. I'm sure you guys know what a memory dump screen looks like!

At any rate... This post will have my results prior to the memory dump and prior following your "READ & RUN ME FIRST," and then I will post again shortly afterwards with my results from doing all that. Here are the results from a couple days ago, before memory dump.

Spybot only found one result, this: Alexa Related (SBI $9263101F) Link C:\WINDOWS\Web\related.htm ((which I of course had fixed)). The other two are attached.

 

Just following up with... well, what I said I'd follow up with. o.o After following all required steps....

superantispyware- found nothing
spybot- found nothing
malwarebytes'- found nothing


The logs for combofix and MGtools are attached, though. Also, I thought I would note, which I should've done before:


I'm running WindowsXP. All updates. All software updated, as well as drivers. I use Avast! for antivirus, Online Armor for firewall, as well as Spybot S&D, asquared, ComodoBOClean, SuperAntiSpyware, and SpywareBlaster. Also CCleaner for, well, cleaning. And Diskeeper to keep from fragments. I've still got Malwarebytes' installed, should I get rid of that? And am I over-using stuff? Or overprotecting myself? 'Cause I've only got the one anti-virus and the one firewall. So yeah... And, since most everything is clean... I don't know what to think from here. Could it honestly be a hardware issue? Though... Scans from before showed stuff. Hrm... Any advice would be greatly appreciated.

 

Hi faeriexdecay,
Welcome to Major Geeks!

One thing I noticed in going through your logs is that you seem to be missing a lot of Windows Security Updates including SP2. This leaves you open to everything which has learned to take advantage of all the weak spots in the operating system for which all the various updates were made.

You've been thorough in your sweep for malware and you have a decent restore point for the moment, so before I give you yet another scan to run, please read the following:

Look for some more information there. There are instrucitons for rrunning chckdsk - Go to Start / Run and copy-paste in Chkdsk /f /r to detect and repair disk errors. Let me know if this turns up anything.

abri

 

Now is where I get confused. "You seem to be missing a lot of Windows Security Updates including SP2"? I've been to windows update so many times, it's not even funny. Every time I go, it tells me that I have no updates available, as if I've downloaded them all. I've checked and double-checked. Only update that pops up is one for my old graphics card, the one built into the computer, but I've got another installed, as I mentioned before. So... if you're seeing that I'm missing all these updates, and yet windows update shows that there are none available...?

Also, after my original two posts, I shut down the computer because I had to run off somewhere for a bit. Returned, started up, and it got to the windows login screen, as usual, but... my name wasn't there! To the right, where usually it shows a list of the users, there was nothing. No name, nowhere to input a password, nothing. Had to restart, and it showed up then like normal. Oh... And, for some reason, my avast! icon has disappeared. Checked my running processes, and all the avast processes are there and running, yet my icon is missing. I checked avast's settings to make sure it was still supposed to be displayed down there, and yep, it is, but it's MIA. I restarted a couple times to see if it would return, but no dice.

And, I did the chkdsk as you recommended, and it went through all five steps, completing each successfully. It then said a bunch of stuff that I didn't have a chance to read, but it showed no mention of any errors or anything, so I'm assuming it was completely successful.

So if it's not malware, it'd have to be a hardware issue? 'Cause I DID put in the new hard drive and graphics card, plus I had put in more ram a while back. Could these be clashing somehow...? The person who bought me the hard drive and graphics card checked to see if they were compatible with my computer, and he said they were, soooo I dunno... Mine's just a lame HP. =/

So, all my logs looked normal other than missing updates? 'Cause I have no idea what all the combofix and mglogs stuff meant. It looked confusing and possibly not good! Haha. I'm starting to wonder if Online Armor is possibly causing problems... 'cause it seems like when I downloaded and installed it was when my problems began (other than the hanging at the splash screen from months ago).


PS: And thanks for the welcome. ;D

 

So I was attempting to figure out a way to get my avast to come back up. Its resident shield isn't wanting to stay up for some reason. I noticed that, when I run the program, it shows the state of the resident shield. Click it, and choose the level of protection. No matter how many times I change it to what I normally have on, it continues to go back to disabled- hence the lack of the avast icon. So... I restarted, trying to get it to come back.

During the restart, it gets to a screen that, at the top, says "Phoenix BIOS 4.0 release 6.0" and some other junk. I don't remember this ever showing up except for in the past couple days ago, while I've been having problems... So I'm not sure if this may have anything to do with anything. Usually it only stays on this screen for a brief moment, but during this restart it actually got stuck. Instead of progressing by itself, it stuck on "press F1 to enter setup" at the bottom... so I pressed F1, it said "entering setup..." and stuck there, would not go further. Restarted, computer got stuck on the windows splash screen with the loady bar. Restarted several more times, all the same problem. Again!! Attempted boot into safe mode, worked just fine. Restarted immediately, trying to get normal to work, and it worked. Logged in just fine, didn't get stuck on the splash screen, nothing. Wtf. -_-

 

Hi faeriexdecay,

Sorry if I caused you undo worry. I should have checked your uninstalls list for the Windows updates when I didn't see them in your add/remove programs list. My bad.

Have you tried uninstalling Online Armor? If not, please try this. You can run your Windows Firewall while you're without another one.

Also, did your hardware work together prior to Online Armor being installed?

I think it would be a good idea to start a thread in the hardware forum and get some information from them before you continue the search for malware. Although the symptoms you describe could be caused by malware, they are not consistently malware like, so it would be helpful if you could get more feedback from other areas.

Let me know if you make any progress there.

abri

 

I've just uninstalled Online Armor. I had been considering doing that anyway, since it almost seemed like the installation of that was when the problems began. Weird thing is, I disabled Online Armor first and was gonna turn on windows firewall before I uninstalled it completely, and when I got to the firewall menu, it was already enabled again. And I know 100% for sure that I had it disabled before.

And as far as the hardware working before Online Armor's installation, it's hard to say. I would say yes, but, to be honest, after putting the new hardware in, I didn't use the computer very long before installing Online Armor. But, for the short period that I did use it without that software installed, I would say that yes, it functioned fine. But don't ask me how long the time period was, I totally can't remember!

I'm gonna hope over to the hardware forum I guess. I'm debating on whether or not to just snatch that stupid slave out of there. >.> Oh, and so my windows updates are all good? Lol. No worries.

 

SO as of right now, I'm thinking it's an issue with my hard drive. The original one that came with my computer. I'm going to attempt to format again and just install windows on the new HD and get rid of the old one. Thanks for your help. =D

 

Hi faeriexdecay,
Thanks for posting back. I wish you good luck with all that and hope that you will be back to a more predicatable machine soon.
Happy surfing!
abri