My computer keeps freezing help

By ghunde
Jun 7, 2009
Topic Status:
Not open for further replies.
  1. so...my computer keeps freezing. Internet explorer, firefox, and msn work properly in safe mode but not in normal mode. They don't even open. I did a full scan with my Mcafee total protection which found the VBS keylog refog and since it didn't remove it i got rid of it with spyware doctor. After i did this, the computer was running normally and then it froze and when i restarted the same problems were back. I did another full scan with spyware doctor but it didn't find anything. i'm writing from the safe mode right now! what should i do with my pc? thx
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If you would like help with malware, please follow the steps here: http://www.techspot.com/vb/topic58138.html

    Attach the three logs when through. Please also include log from full system scan with your AV program.

    Since you can't access Normal Mode, please use a flash drive to download the cleaning programs, then run them on the problem computer.
  3. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    ok, i'll attach everything this afternoon i guess, when i'm finishing with my AV scan! :)
  4. ThexDarksider

    ThexDarksider Newcomer, in training Posts: 28

    Are you sure it's malware? Did you install any new drivers lately (or changed hardware)? If the protection programs don't find anything, maybe it's a driver issue. My friend had the same problem: everything was freezing, after opening IE (to get Firefox) he had to do a hard-reset. How I fixed it: booted into safe mode (like you do) and installed the right drivers (from a flash drive, downloaded from another PC).
  5. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    The only thing I have installed before this happened was windows service pack three and that's all. But I'm pretty sure it's a malware or spyware because spyware doctor removed it and for like five minutes it was working fine in normal mode, I still don't know!
  6. ThexDarksider

    ThexDarksider Newcomer, in training Posts: 28

    That seems kinda illogical... If you have only SP3, what would get you a virus? Except if you got the SP3 from an...unreliable source.

    Anyway, if it freezes again, and Spyware Doctor doesn't show anything, while it showed before, it's at least another software (if not a hardware) problem. Since you said you have only the SP installed, I assume you don't have much data on the disk, so you could try to reformat and see does the problem come back. (Backup what you want if you have anything.) If it comes back, it's a hardware-related issue, and in that case, you should determine what's wrong.

    Also, post some logs plz.
  7. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    well, i have important files and i know that with the format i would solve everything but i don't want to do that! however here's the logs, i was waiting for my AV to finish! in the mcafee log you will find information about previous scans but the last one is the one i did 10 min ago! :)

    Attached Files:

  8. ThexDarksider

    ThexDarksider Newcomer, in training Posts: 28

    SUPERAntiSpyware found most baddies, as usual.
    However, I noticed some IGOOGLE.EXE in HJT log, does it look familiar to you?
    Also, it seems that McAfee doesn't like something in Spyware Doctor... Are you sure it's not rogue?
  9. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    well i don't know anything about igoogle.exe however i don't think the problem is in spyware doctor, because i only installed it like 2 days ago and i've got this problem since the 30-th of may! however trying to get into normal mode i was noticing that windows doesn't recognize the mcafee antivirus software, the red x appears in the tray saying that the computer is not protected by an antivirus and previously the firewall was disabled too, i had to turn it on! :( and superantispyware isn't running on normal mode, only in safe mode
  10. clickit

    clickit Newcomer, in training Posts: 37

    ghunde, how many antivirus programs are you running on your system?
  11. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    mcafee and spyware doctor are actually running in my tray now... why? i don't think superantispyware or other programs isn't opening because are already running two of them! i mean, in safe mode they all work....
     
  12. kritius

    kritius TechSpot Guru Posts: 2,087

    From looking at the logs, 1.

    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3

    [​IMG]

    [​IMG]
    --------------------------------------------------------------------

    Double click on Combo-Fix.exe & follow the prompts.

    When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
  13. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    here are the files you asked for..
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    To the newbies who are attempting to 'help: It will be of more help to the user if someone experienced and noted as a helper takes him through the cleaning. Please make comments at the end if you want, but not 'during'. Thanks you.

    The McAfee logs shows you also have Spyware Doctor with Anti-Virus V6.0.1.440. Please remove one of the AV programs.

    Mbam shows malware in a restore point. We will emove that at the end. In the meantime, do NOT use system Restore.

    EDIT: Whoops! I just finished a post I had started earlier. Didn't know about Combofix.
    Thank you kritius. I'll leave this one to you. You have prepared such an excellent P2P warning.
    Some globally open ports also along with Blizzard download.
    And maybe you can tell me what IGOOGLE.EXE?bullshit?##spoof? is.
  15. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    So should I uninstall spyware doctor and then wait for further instructions?
  16. kritius

    kritius TechSpot Guru Posts: 2,087

    Please download FileFind from Atribune.
    Unzip the file and save it to your desktop.

    To run FileFind, please do the following:
    • Click on FileFind.exe
    • In the box labeled "Directory"
      • Enter Drive eg.. C:\
    • In the box labeled "File"
      • Enter IGOOGLE.EXE
    • Now click on the "Search" button
    • Once the utility has found the files click on "Export"
    • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
    • NOTE: The notepad is saved on your C:\ drive as "Export.txt"

    Uninstall uTorrent and Frostwire,

    Run CFScript
    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
  17. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    before doing that, i would like to let you know that yesterday evening i decided to do a spybot search for virus and in the bottom of the page as you may know, there are the files being scanned, and guess what it was scanning virtumonde.dll , virtumonde.prx , virtumonde.sci and other virtumonde stuff, but it didn't identify anyone as a malware or trojan! i know a lot about virtumonde because i had it last year although i had to reboot because nothing was working in my computer, but now in safe mode i can do somethin! and of course it might be virtumonde because it stops the antivirus... do you think it might be vundo?
    i'll send you the results of the instructions you gave me in a while.. :) thanks
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    FYI: what you are seeing on the lower left of the screen are the names in the Spybot database as it compares them to your system. It is NOT indicating the system has them! The entries wouldn't be on the database if they weren't malware of some sort.

    So let's not try to second guess. The logs will show the malware- not the database as it is checked!
  19. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    oh, that explains everything, my bad... however here the logs: the filefind didn't found anything, i tried with IGOOGLE.EXE and with igoogle.exe but nothing!! i did the rest and this time i ran HJT in normal mode!

    Attached Files:

  20. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    Hey, I'm noticing something! Windows update finds the updates but it does not install them, even when I turn my computer off with the turn off computer installing important updates it just freezes while saying 1 of 13 updates installing! Maybe this information may be useful... Thx

    EDIT: AN ERROR SCREEN APPEARED, I COPY WHAT WAS WRITTEN IN THAT: run the driver verifier against any new (suspect) drivers. if that doesn't reveal the corrupting driver, try enabling special pool. both of these features are intended to catch the corruption at an earlier point where the offending driver can be identified. if you nedd to use safe mode to remove or disable components, restart your computer, press f8 to select advanced startup options, and then select safe mode. if this is the first time you've seen this stop error screen restart your computer, if this screen appears again, follow these steps: check to make sure any new hardware or software is properly installed. if this is a new installation ask your hardware or software manufacturer for any windows updates you might need . if problems continue disable or remove any newly installed hardware or software. disable bios memory options such as caching or shadowing. if you need to use safe mode to remove or disable components, restart your computer, press f8 to select advanced startup options, and then select safe mode. technical information: *** stop: 0x000000c5 (0x00810004, 0x00000002, 0x00000001, 0x8054bfd2)
    i don't understand what does all this mean... i'll leave you to check! :)
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please follow the directions from krtius in Post #16.
  22. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    yeah, i've already done and post the combofix and the hjt file in the 19 post!!! :)
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Where are the reports?
  24. ghunde

    ghunde Newcomer, in training Topic Starter Posts: 23

    i had attached them, i don't know why this problem coming out!... now it won't let me attach them again because i've already done it! what should i do?
    they''re in the post #19
  25. ThexDarksider

    ThexDarksider Newcomer, in training Posts: 28

    Is this gonna be of any help? I attached ghunde's logs from post #19 to this post. I hope I'm not getting in the way. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.