My computer keeps freezing help

Status
Not open for further replies.

ghunde

Posts: 23   +0
so...my computer keeps freezing. Internet explorer, firefox, and msn work properly in safe mode but not in normal mode. They don't even open. I did a full scan with my Mcafee total protection which found the VBS keylog refog and since it didn't remove it i got rid of it with spyware doctor. After i did this, the computer was running normally and then it froze and when i restarted the same problems were back. I did another full scan with spyware doctor but it didn't find anything. i'm writing from the safe mode right now! what should i do with my pc? thx
 
Are you sure it's malware? Did you install any new drivers lately (or changed hardware)? If the protection programs don't find anything, maybe it's a driver issue. My friend had the same problem: everything was freezing, after opening IE (to get Firefox) he had to do a hard-reset. How I fixed it: booted into safe mode (like you do) and installed the right drivers (from a flash drive, downloaded from another PC).
 
The only thing I have installed before this happened was windows service pack three and that's all. But I'm pretty sure it's a malware or spyware because spyware doctor removed it and for like five minutes it was working fine in normal mode, I still don't know!
 
The only thing I have installed before this happened was windows service pack three and that's all.

That seems kinda illogical... If you have only SP3, what would get you a virus? Except if you got the SP3 from an...unreliable source.

Anyway, if it freezes again, and Spyware Doctor doesn't show anything, while it showed before, it's at least another software (if not a hardware) problem. Since you said you have only the SP installed, I assume you don't have much data on the disk, so you could try to reformat and see does the problem come back. (Backup what you want if you have anything.) If it comes back, it's a hardware-related issue, and in that case, you should determine what's wrong.

Also, post some logs plz.
 
Well, I have important files and I know that with the format I would solve everything but I don't want to do that! however here's the logs, I was waiting for my AV to finish! in the mcafee log you will find information about previous scans but the last one is the one I did 10 min ago! :)
 

Attachments

  • McAfee.Log
    2 KB · Views: 5
SUPERAntiSpyware found most baddies, as usual.
However, I noticed some IGOOGLE.EXE in HJT log, does it look familiar to you?
Also, it seems that McAfee doesn't like something in Spyware Doctor... Are you sure it's not rogue?
 
SUPERAntiSpyware found most baddies, as usual.
However, I noticed some IGOOGLE.EXE in HJT log, does it look familiar to you?
Also, it seems that McAfee doesn't like something in Spyware Doctor... Are you sure it's not rogue?

well i don't know anything about igoogle.exe however i don't think the problem is in spyware doctor, because i only installed it like 2 days ago and i've got this problem since the 30-th of may! however trying to get into normal mode i was noticing that windows doesn't recognize the mcafee antivirus software, the red x appears in the tray saying that the computer is not protected by an antivirus and previously the firewall was disabled too, i had to turn it on! :( and superantispyware isn't running on normal mode, only in safe mode
 
mcafee and spyware doctor are actually running in my tray now... why? i don't think superantispyware or other programs isn't opening because are already running two of them! i mean, in safe mode they all work....
 
From looking at the logs, 1.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

CF_download_FF.gif


CF_download_rename.gif

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
 
To the newbies who are attempting to 'help: It will be of more help to the user if someone experienced and noted as a helper takes him through the cleaning. Please make comments at the end if you want, but not 'during'. Thanks you.

The McAfee logs shows you also have Spyware Doctor with Anti-Virus V6.0.1.440. Please remove one of the AV programs.

Mbam shows malware in a restore point. We will emove that at the end. In the meantime, do NOT use system Restore.

EDIT: Whoops! I just finished a post I had started earlier. Didn't know about Combofix.
Thank you kritius. I'll leave this one to you. You have prepared such an excellent P2P warning.
Some globally open ports also along with Blizzard download.
And maybe you can tell me what IGOOGLE.EXE?bullshit?##spoof? is.
 
Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Enter IGOOGLE.EXE
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"

Uninstall uTorrent and Frostwire,

Run CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::

Folder::
c:\program files\uTorrent
c:\Program Files\FrostWire

Driver::

FileLook::
c:\windows\system32\XDva039.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=-
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
 
before doing that, i would like to let you know that yesterday evening i decided to do a spybot search for virus and in the bottom of the page as you may know, there are the files being scanned, and guess what it was scanning virtumonde.dll , virtumonde.prx , virtumonde.sci and other virtumonde stuff, but it didn't identify anyone as a malware or trojan! i know a lot about virtumonde because i had it last year although i had to reboot because nothing was working in my computer, but now in safe mode i can do somethin! and of course it might be virtumonde because it stops the antivirus... do you think it might be vundo?
i'll send you the results of the instructions you gave me in a while.. :) thanks
 
FYI: what you are seeing on the lower left of the screen are the names in the Spybot database as it compares them to your system. It is NOT indicating the system has them! The entries wouldn't be on the database if they weren't malware of some sort.

So let's not try to second guess. The logs will show the malware- not the database as it is checked!
 
Oh, that explains everything, my bad... however here the logs: the filefind didn't found anything, I tried with IGOOGLE.EXE and with igoogle.exe but nothing!! I did the rest and this time I ran HJT in normal mode!
 

Attachments

  • combofix.txt
    21.8 KB · Views: 6
Hey, I'm noticing something! Windows update finds the updates but it does not install them, even when I turn my computer off with the turn off computer installing important updates it just freezes while saying 1 of 13 updates installing! Maybe this information may be useful... Thx

EDIT: AN ERROR SCREEN APPEARED, I COPY WHAT WAS WRITTEN IN THAT: run the driver verifier against any new (suspect) drivers. if that doesn't reveal the corrupting driver, try enabling special pool. both of these features are intended to catch the corruption at an earlier point where the offending driver can be identified. if you nedd to use safe mode to remove or disable components, restart your computer, press f8 to select advanced startup options, and then select safe mode. if this is the first time you've seen this stop error screen restart your computer, if this screen appears again, follow these steps: check to make sure any new hardware or software is properly installed. if this is a new installation ask your hardware or software manufacturer for any windows updates you might need . if problems continue disable or remove any newly installed hardware or software. disable bios memory options such as caching or shadowing. if you need to use safe mode to remove or disable components, restart your computer, press f8 to select advanced startup options, and then select safe mode. technical information: *** stop: 0x000000c5 (0x00810004, 0x00000002, 0x00000001, 0x8054bfd2)
i don't understand what does all this mean... i'll leave you to check! :)
 
i had attached them, i don't know why this problem coming out!... now it won't let me attach them again because i've already done it! what should i do?
they''re in the post #19
 
Status
Not open for further replies.
Back