Recurring Startup/Shutdown Problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by cmalear, Jan 27, 2006.

  1. cmalear

    cmalear Private E-2

    Progress:

    I have followed the instructions in the "before you post a hijack this log". I use Spyware Doctor instead of Spybot S&D. Is this acceptable? Microsoft Antispyware removed ShotAtHome and KaZaA. KaZaA was once on this computer but was removed long ago. Why is this stuff still there? I did not use the online virus/trojan scans because they showed that it would take over 7 hours to scan my drive. I instead have used an updated Norton Antivirus to scan for viruses. I deleted my restore points after getting my system as clean as possible.

    History:

    A while back my startup/shutdown became so slow that, after many attempted repairs, I had to restore my system with a Norton Ghost image. I immediately ran all available scans after the restore. At that point Spyware Doctor found RegFreeze Hijacker, which it was unable to find before the restoration of the c: image. I have been having recurring problems ever since. Usually the shutdown takes forever after ccapp fails to end properly. The startup problems have been minimal since all of my repair efforts.

    Setup:

    I have a home network with two computers running Windows XP. One computer has Service Pack 2 and the other has Service Pack 1 (due to issues with certain pre-installed programs after an attempt to update to Service Pack 2 long ago). My cable internet service goes into a cable modem, then into a Lynksys router, then to two different computers. I can communicate between the computers and am not using ICS or ICF. I use Norton Antivirus and Norton Personal Firewall on both computers. I keep both computers up to date with windows updates, spyware doctor, ad-aware, and now all the new programs I learned of in your "before you post" instructions.

    Questions:

    I have sent both hijack this logs for a quick review. Do you need system information attached for each computer or can you get this from the hijack this log?

    I often run windows media player from one computer and have it play media files from the other computer. Could constantly communicating between the two computers while connected to the internet be a security risk?

    Please let me know if you see anything suspicious. Thanks so much.

    In Addition:

    I had a few problems recieving email through Outlook at about the same time as severe startup/shutdown problems. An icon kept appearing on the taskbar that said "Microsoft Outlook is synchronizing folders" and the program would just hang during send/recieve. I've since forwarded all my email accounts to Hotmail and do not use Outlook (disabled all send/recieve) except for contacts and tasks.
     

    Attached Files:

    cmalear, Jan 27, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to MGs!

    No SpywareDoctor is not a suitable replacement for Spybot. The READ & RUN ME is meant to be run as written without exception. I can understand your not wanting to run the online scans (sounds like you have dial-up) but they often find things other tools do not.

    However, that being said, nothing you have posted shows any malware issues but you can have HJT fix the below lines from the Dell log:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    Is your Spyware Doctor a paid subscription version?

    You problems may be due to various things you are running including the P2P stuff like below:
    O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINDOWS\myCIO\Agent\myRmProt2.7.1.228.dll

    but there is not guarantee that it is the problem either. You have alot of stuff running and perhaps you should check into not loading some of it (like using msconfig or similar) and see what happens.

    At this point, your problems do not appear to be malware related. So unless you want to run Spybot and the two online scanners and maybe a couple other tools to dig deeper, you may be better off posting in the software forum. However, one tool I do suggest running is the below. It will check for possible rootkit infections which hide from normal tools.

    Download Blacklight Beta
    • Hit I accept. It will take you to download page.
    • Download blbeta.exe and save it to the Desktop.
    • Once saved... double click blbeta.exe to install the program.
    • Click accept agreement and Click scan
      This app too may fire off a warning from antivirus. Let the driver load.
      Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that starts with fsbl....big number
    Please post contents of log.
     
    chaslang, Jan 27, 2006
    #2
  3. cmalear

    cmalear Private E-2

    I have deleted the suggested entries and both entries that start with 18, as they were not needed or reported as spyware elsewhere. I am going to run Spybot S&D and a couple of the alternative scans in safe mode now. My Spyware Doctor is a paid subscription service. Here is the log from sfbl. It didn't seem to find anything. Your help is appreciated. Thank you so much.

    Also, I was running the online scans in safe mode with networking. I have a cable internet connection that is very fast. Should I run the scans in normal bootup mode. Will this affect the speed of the scans or not since I have about 50GB of info/programs on my hard drive (all necessary). Thanks again.
     

    Attached Files:

    cmalear, Jan 28, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Normally we suggest running the online scanners in safe mode because they can more easily fix problems in safe mode since so much less software is not loaded or running. I doubt that you would see any noticeable difference in speed in either mode. You also may not even find any significan problems via these scans.

    Your problems may not be malware related at all.
     
    chaslang, Jan 28, 2006
    #4
  5. cmalear

    cmalear Private E-2

    Problems are back. Sometimes an Internet Explorer page will hang when attempting to close it. Seems the startup/shutdown problems will recur soon thereafter. Also, about:black window popped up with nothing in it. I've tried the manual fixes for this hijacker but they do not apply to me. The file in the registry I am supposed to look for does not exist. At one time I did have the coolwebsearch problem. Is there something that is not getting cleaned up. Startup/shutdown problem is always accompanied by ccApp.exe not ending properly at shutdown. Any of this help. Also here is my hjt log again after the last super slow startup (10 minutes).
     

    Attached Files:

    cmalear, Feb 4, 2006
    #5
  6. cmalear

    cmalear Private E-2

    Also, I logged into another user account on my computer and found that all spyware/adware scanners found problems under this login. Why as administrator, did scans while logged into my account not find problems under the other user accounts?
     
    cmalear, Feb 4, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As I said before, I do not believe your problems are with malwre. You still have not run the two online scanners which may provide more info (either that it is or is not malware). Run them and let's see.

    Also since you have a paid version of Spyware Doctor, I would recommend uninstall MS Antispyware now to avoid conflicts with each other and to avoid wasting excessive system resources.

    Now your biggest problem and the problem with startup and shutdowns could just be related to Symantec (since the file being complained about is theirs). Why don't you uninstall it and see, if your problems go away.

    You will need to get another antivirus and firewall installed and there are a few free ones that we suggest in How to Protect yourself from malware!
     
    chaslang, Feb 4, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The Admin account can allow you access to other users files but the scanners will not be looking at a variety of things related to the other users accounts. Like registry settings and private files. The proper method to is to scan each user account.
     
    chaslang, Feb 4, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds