Virus or some other bad mojo?

Status
Not open for further replies.

flipper

Posts: 12   +0
Hey all:

The general problem is that my laptop, for the last two months or so, has been freezing a whole bunch, ranging from once a minute to once every five minutes. it just hangs there for 30 seconds or a minute, then frees itself up. or else freezes again. this happens with my browser, firefox, but in other programs too.

I have tried going into msconfig and disabling all start up programs and non-microsoft processes and the thing still freezes. the only time it really doesn't freeze is if I do a safe boot; and then it freezes once in the beginning but then continues without freezing again, generally.

oh, in Firefox, I've tried disabling all add-ons and whatnot and that doesn't change a thing.

so, maybe it's a bug? I've gone through the 8 steps and everything looks pretty clean to me; but maybe you'll see differently. attached are the three requested files.

thanks much for your help!

flippper
 

Attachments

  • hijackthis.log
    5.7 KB · Views: 5
You got rid of tons of nasty cookies... You are missing many Microsoft Updates, including XP Service Pack 3 and IE8. You should apply any critical and hardware updates found when you run Windows Update manually and choose Custom. Update to IE8 for security reasons even if you don't use it. Keep running Windows Update until no more updates are found. Doing all this may not help with freezing and your hijackthis log is not too bad. You may have a driver or other hardware reason for the freezing. Have you run a check disk on reboot, to check your hard drive for problems?
 
hey, thanks for the reply! actually, i'm running vista not xp, so i don't need xp sp3, do i? but the point is well taken: update Windows!

have not run check disk on reboot; will try that today, if i can figure out how to do it.

if the problem is driver related, do you have any suggestions to tracking it down?

any other thoughts?

thanks again!
 
have not run check disk on reboot; will try that today, if i can figure out how to do it.

You have your Vista CD. Boot from it, go to the command prompt and type

CHKDSK C: /p

if your have more drives check them all.
 
actually, no, i don't have a Vista CD, so I went into the safe-mode recovery console and ran chkdsk from there. the /p didn't take. but the report came back with what looks like a clean bill of health -- ie, it said, '0 Kb in bad sectors.' that's the salient fact, right?

now what?
 
flipper, I will be glad to help check for malware on the system. But I must ask that you follow my instructions only. We have as process that we go through because it works. Random suggestions can sometimes cause additional problems.The members who have replied do not have malware training and they may-or may not-luck out in finding something helpful.

Please hold off on the previous directions- I am checking your logs now and will be back shortly.
 
Just in case you have already read my reply, I'm making a new one because an Edit does not send feedback that there has been a reply.

Your logs are all free from malware. But I'm concerned about the antivirus program. The HijackThis log doesn't look like it's displaying correctly- I see a Service for Norton Internet Security but no other processes running which is unusual. Is the subscription up to date and have you scannend recently?

1) How much RAM do you have? Vista requires at least 2GB. It sounds like you may be short. And if you don't do regular maintenance to get rid of old files, you're going to freeze. The system will be forced to restart which frees memory- for a while- but the cycle starts all over again.

2) Let's do some cleaning up:
TFC (Temp File Cleaner)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

3) Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Run Combo-Fix.exe and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

4) Please rescan with HijackThis when done and paste a new log into your next reply

Attach the report from Combofix.

To get the Tracking Cookies under control:

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others.

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

The presence of so many Tracking Cookies can be an indication that you are not doing maintenance on the system such as disc cleanup and defrag.
 
hey, thanks for the reply! actually, i'm running vista not xp, so i don't need xp sp3, do i? but the point is well taken: update Windows!

have not run check disk on reboot; will try that today, if i can figure out how to do it.

if the problem is driver related, do you have any suggestions to tracking it down?

any other thoughts?

thanks again!

My bad! Tired eyes that night I guess...

Carry on Bobbye, good to see that your are helping out :)
 
okay, bobbye, will work through the steps and report back. thanks for your help!

(btw/ i have 3GB RAM ...)

okay, here's my report after doing all the above ...

1/ in terms of the freezing, it's still happening.

2/ i did delete 9738 temp files, freezing up 11.794gb of space!!!

3/ the combofix file is attached.

4/ the hijack this file is pasted.

where do i go and what do i do next?

thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:33 AM, on 10/23/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/Queue?inqt=wn&lnkctr=queueTab-ELECTRONIC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - (no file) (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

--
End of file - 5497 bytes
 
kritius, if you pass by here again, please take a look at the end of HJT log. It doesn't seen to have the correct entries past the 09.

flipper, have you made any changes to the Services? Short route is Start> Run> type in services.msc.
You show only one Service running. Check yours against Black Viper's site:
http://www.blackviper.com/WinVista/servicecfg.htm
 
well, what i have done is disable all non-microsoft services to try to get at the problem. i did that a while ago and haven't gone back and restored those non-M services. but those are the only ones i disabled. the 'load system services' button is still checked and grayed out. also in msconfig, i disabled all but three of the start-up items.

should i restore everything and run the tests again?
 
Please refer to the site I referenced to reset the Services. A TIP: Services are best handled in Safe Mode. That is because you must always check the Dependency tab when changing Services. Other Services may 'depend' on this Service to run-or-this Service may 'depend' on other Services to run.
 
okay, i'll tackle that.

meanwhile, i went to the cookies area in firefox/options, where you can set history settings, etc. well, my FF *only* has the history setting feature and *nothing* about cookies. i looked at the other tabs in options and none of them had anything about cookies either.

what's up w/ that?
 
I think you'll find it flipper if you check the right place. I am going on 5 years with Firefox and it hasn't moved:

There should be three sections in the Privacy section:
History
Cookies
Private Data.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others.

If you still can't find it, please tell me which version of Firefox you're using.
 
maybe i've turned into a complete addlepate and can no longer follow simple directions and that very well may end up being the case. but for the life o me i don't see it.

i've attached a jpg of what i do see. am i simply in the wrong place?

i am using FF 5.2.3

thanks again ... for your patience.
 
There is no FF 5.2.3. Do you mean v3.5.2?

See this please:
c2865a810710523cf0602299e032059d-1244836116-884-1.png

The Private Browsing is optional. I'm leaving this image so you know what I'm referring to.

Edit: the image you left appears to be missing and entire section. Suggest you reinstall FF over the current install.
 
yes, 3.5.2. and i do indeed appear to be missing a whole section.

i'll reinstall ff over my current version and report back.

thanks!

edit: oh, i see what the problem is; you've got to be showing "use custom settings for history" for all the rest of the stuff; the 'remember history' setting doesn't show the cookies settings et al.

one problem solved. many more to go ...
 
Status
Not open for further replies.
Back