[raikyaku]

This is getting frustrating. You say my hijackthis log looks clean now, but if I shut down the computer...it still freezes as soon as I try to type in my password to boot into Windows. I notice (when I am able to boot normally after first booting in Safe Mode) something took away all of the fancy Windows graphics settings...so it looks like it's in Classic Mode....and it works great. In fact, just rebooting, everything is fine. But if I shutdown, and start from a cold boot, it will lockup (and I notice the visuals are back to the default Windows XP look) and I have to restart into Safe Mode, run ad-aware or something like that (and it doesn't even find anything), reboot back to normal mode and it will work fine (and again be in the Classic Mode with the plain visuals). Do you follow what I'm trying to say? I apologize for all the difficulty...it's getting frustrating. I thought we had this thing licked like 3 days ago (again, sorry about the length...part of that is I'm not always able to be at the computer when you respond). Thanks for all your help, it's much appreciated.

[Advertisements]

Don't be sorry. It's my duty to help you clean up, no matter how long we take. I'm not always around when you are, so we're taking more time than we would have if I would live nextdoor.


Let's look at the classic view thing:

To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.

If after a reboot it still not like it should be, move on to the next step.

Use the original windows xp installation CD.
I assume your cd drive is called D:, if that’s different you need to change the D: in the fix for the one you are using.
In dos interpunction is really important especially spaces.
Be very secure when typing or reading.
For an empty space I will use # in this fix.
Do not type the quotes

Go to
Start
Run
Type "cmd" press enter
Type “d:” press enter
Type “cd#\i386” press enter
Type “expand luna.ms_#c:\windows\resources\themes\luna\luna.msstyles” press enter
Type “C:” press enter
Type “cd#\windows\resources\themes\luna” press enter
Type “luna.msstyles” press enter
A dialog box display properties will appear.
Press “apply ” and then "ok"

Reboot again and see how things are now.

[g2i2r4]

Don't be sorry. It's my duty to help you clean up, no matter how long we take. I'm not always around when you are, so we're taking more time than we would have if I would live nextdoor.


Let's look at the classic view thing:

To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.

If after a reboot it still not like it should be, move on to the next step.

Use the original windows xp installation CD.
I assume your cd drive is called D:, if that’s different you need to change the D: in the fix for the one you are using.
In dos interpunction is really important especially spaces.
Be very secure when typing or reading.
For an empty space I will use # in this fix.
Do not type the quotes

Go to
Start
Run
Type "cmd" press enter
Type “d:” press enter
Type “cd#\i386” press enter
Type “expand luna.ms_#c:\windows\resources\themes\luna\luna.msstyles” press enter
Type “C:” press enter
Type “cd#\windows\resources\themes\luna” press enter
Type “luna.msstyles” press enter
A dialog box display properties will appear.
Press “apply ” and then "ok"

Reboot again and see how things are now.

[raikyaku]

Well, I changed the appearance back to XP style...but that wasn't really my concern.
It's weird, I just did it a minute ago. It's been very consistant. If I shutdown, and then power on, the PC will lock up when I try to type in my password to log in (keyboard stroke obviously triggers it). The text field I-bar will continue to blink...but after I press a key, the mouse and keyboard will cease to respond.
However, if I press the power button it will shut down. So, then I press the power button again to start up and this time I press F8 to boot into safe mode, I log on as administrator (It does not ask for a password). Then, I don't even do ANYTHING, I just immediatly click the start menu and then restart and let it boot normally and everything will be fine. I can type in my password and all is well. But if I ever shutdown...I have to first boot into safemode or the keyboard and mouse functions will lockup again.

[g2i2r4]

Let me consult my colleagues on this.

[g2i2r4]

Perculator noticed something, let's see if that helps us.

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINDOWS\System32\imode.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

***

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

***

Let me know how things are now.

[raikyaku]

:-( Same thing. Still locks up after a cold boot.

[g2i2r4]

Let's see if anything got damaged:

• From the Start menu, select Run.
• In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
• Select the OK button.
• Follow the prompts throughout the System File Checker process.
• Reboot the computer when System File Checker completes.

***

Trend-Micro Housecall Scan

• Please go HERE to run Housecall.
• Note: you must use Internet Explorer, other browsers will not work.
• Under "Scan your PC", please click Scan now. It's free!
• Select your location and click the Go button.
• Click the red magnifying glass button.
• Select Complete Scan.
• Please be patient while Housecall downloads.
• Please allow the ActiveX Control and when prompted click install
• Put a check next to My Computer
• Leave the following checked:
  • Scan for Spyware
    Check security vulnerabilities
• Click the Next button.
• It will download the latest scan engine and pattern files.
• When the definitions have been downloaded, the scan will start.
• After it's done scanning it will take you to the summary page.
• Click the Next button.
• Click the drop-down to choose delete or remove on each bad guy found, if you receive a prompt click OK.
• Click the Next button to move onto the recovery (final) portion of the scan.
• After everything has been removed, please click the show button on everything.
• Highlight all the of text and press CTRL + C to copy the text.
• Please post the contents into your next reply.

[raikyaku]

OK, I ran sfc /scannow...it didn't seem to have any prompts, it just scanned and then was done. Then I rebooted.
I ran Trend-Micro Housecall Scan, it found one instance of spyware that it removed...here's the log:

Virus Scan 0 virus cleaned, 0 virus deleted


Results:
We have detected 0 infected file(s) with 0 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken




Trojan/Worm Check 0 worm/Trojan horse deleted

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken




Spyware Check 1 spyware program removed

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 1 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 0 spyware(s) passed, 0 spyware(s) no action available
- 1 spyware(s) removed, 0 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
ADW_SIDESEARCH.A Adware Removal successful




Microsoft Vulnerability Check No vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 0 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix

--------------------------------------------------------------------------------------------

Then I went to see if the keyboard and mouse will still lock up after I try to enter my password from a cold boot to log into Windows. They did. However, the funny thing is...I found out if I turn the PC on from a cold boot, when it gets to the Windows screen where I type in my password...I can just tell it to reboot, and then when it gets to that screen again...everything is fine. They won't lock up on me. Really weird, but at least I know how to get around it.

[g2i2r4]

I must say I still don't know what's causing it. That's why I'd like you to post a topic at the hardware forum to let them help you. You shouldn't have to take this detour to use your computer.

Other than this issue, is the computer running okay?
Shall I post you some tips for the future and close this topic?

[raikyaku]

Yeah, other than this oddity, everything is fine. I thank you for all your help.

[g2i2r4]

You're welcome. Good luck on the hardware forum!

Please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and re-enable system restore here:
  
  Managing Windows Millenium System Restore
  
  or
  
  Windows XP System Restore Guide
  
  Re-enable system restore with the instructions from the tutorial above
  
  
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & Hijacker protection on your computer alongside your virus protection. You should also scan your computer with this program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware – Download and install Ad-Aware. You should also scan your computer with this program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.