Computer Crashes, Mouse freezes, Virus protection won't stay on

Discussion in 'Malware Help (A Specialist Will Reply)' started by rob0, Mar 4, 2008.

  1. rob0

    rob0 Private E-2

    I can't say when this started as I am not the primary user.

    The computer more than a week ago had a frequent habit of crashing. Sometimes, the monitor would turn off or the computer would go into a screensaver and when it came out, it gave a screen that consited only of the wallpaper. I don't believe that has happened for a while.

    The computer dramatically improved about a couple of weeks ago when it ran while physically unplugged. Even though the symptoms are no longer there, I still want someone to eyeball the logs and see if there is anything their that might bring those problems back.

    The mouse still periodically freezes for about a few seconds. Sometimes there is an descending and ascending chime when it happens similar to what we hear when the printer is turned off and on. Other occasions, the mouse freezes with no accompanying chime. Sometimes I have to unplugg the mouse to get it moving and sometimes it moves within give or take about 10 seconds.

    Virus protection turns off all by itself. I don't think this happened before using combofix. Also, after combofix finished, the clock remained in military time and I can't figure out how to change it back.
     
    rob0, Mar 4, 2008
    #1
  2. rob0

    rob0 Private E-2

    I don't see my attachments. I put them up. give me a minute to try again.
     
    rob0, Mar 4, 2008
    #2
  3. rob0

    rob0 Private E-2

    here they are
     

    Attached Files:

    rob0, Mar 4, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is your copy of Spyware Doctor a paid version or free trial?

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below software:
    Java(TM) 6 Update 2 <-- old version. We will install the new version down below.
    Mozilla Firefox (2.0.0.9) <-- old version. We will install the new version down below.
    SpywareBlaster v3.5.1 <-- old version. We will install the new version down below.


    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {E0019445-4C1F-414D-A70E-AD80F231C584} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    After clicking Fix, exit HJT.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Then install the current version of FireFox from: Mozilla Firefox

    Now install this:SpywareBlaster 4.0


    Per step 1 of the READ ME you must not use MSconfig to control startups. Please put your system into normal startup mode and remain in that mode. You should also read the below to better understand why:

    Dealing with Startup Processes


    Now run Ccleaner!


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 6, 2008
    #4
  5. rob0

    rob0 Private E-2

    I didn't realize I had msconfig running. It must be a default.

    I've uninstalled and installed Java before. I did it again as directed but do I need to do this every time Java updates?

    Spyware Doctor is a paid version. Really, I don't know that it is better, but I paid for it. It currently isn't running. I hope it would run again if superantispyware is uninstalled. Actually, I'd just leave it be, but I believe I had antispyware running before and spyware Doctor picked up some things that superantispyware didn't catch. But it's been several months so I'm fuzzy on the details. Clearly this time it was the other way around.

    The mouse previously was freezing fairly regularly. It hasn't done it at all but I did hear the chimes that were often associated with it once. I wasn't using the mouse at the time. I honestly can't say that it wasn't associated with shutting the printer down which I did do, but as I reflect, I think it would have been after a long delay.

    The computer is running fairly swiftly.

    The clock is still on military time.

    Also, after running combofix for the first time, when microsoft word was started, the measurments for spacing and margins was in centimeters. We would like it back in inches.
     

    Attached Files:

    rob0, Mar 6, 2008
    #5
  6. rob0

    rob0 Private E-2

    The freezing problem is not gone, but it is much less frequent. I also definitely got a chime unrelated to turning the printer on and off and connected to the freeze. It's happened only once since my last post

    Also, I forgot to mention this but after turning msconfig off, whenever I restart or open a profile after restarting, a dialog window informs me that windows installer is running but I have the option to cancel. The window changes to corel photo album 6 and eventually requests an installation CD. Even if I cancel this process, it just comes back repeatedly until I use the taskmanager to end it.

    If I didn't mention this, the problem with the virus protection refusing to stay on when away on it's own and actually might have only been a result of my confusion.

    I forgot to ask, should I run any of the process through the other profiles on this computer?
     
    rob0, Mar 6, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sorry but no it is not the default. You or someone else had 31 items disabled in MSconfig and some were not even installed anymore. This is one of many reasons for not using MSconfig to control startups except while doing temporary debugging.

    Yes.

    Okay then uninstall SUPERantispyware now becaus we are finished with it.

    I'm not exactly clear on what you are trying to say here but this is not likely to be malware. Sounds more frequently come from setting you make on your PC or from having popup blockers (like Yahoo) or Instant Messengers running that notify you of various things.

    You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.

    I doubt this is due to ComboFix. I have run it many time and have never seen this however ComboFix never ran 100% properly for you which is why your clock was on military time. Perhaps there is a relationship. After fixing the clock, are you still set for metric measurements. If so, then look under the same settings as but on the Customize button make sure you select the Numbers tab and see what the Measurement system is set too. If it is set to U.S. you should be using inches. If it is Metric.....well you know what to do. ;)


    Your logs are clean, and this is unlikely to be malware although we can run a test for rootkits to be sure.

    Run this Using Sophos Anti-Rootkit and attach the log.


    This is not due to malware it is more than like due to an incomplete install or uninstall. You would be better off working this in the Software Forum, but you should make sure that Corel is properly installed and not missing anything by giving it the CD. Also you could try using this: Windows Installer CleanUp Utility


    Normally it would be best to clean all user accounts but you really didn't have any real major malware issues. We only did some minor cleaning. Most of your problems appear to be unrelated to malware.
     
    chaslang, Mar 9, 2008
    #7
  8. rob0

    rob0 Private E-2

    It's taken me a while to get back because for the next couple of months, I will only have access to this computer on weekends.

    Sophos didn't find anything. Also the freezing problem has not occurred by anyone's observation. That does not mean it doesn't happen, but I've been on for a while and nothing has happened.

    Sophos didn't find anything.

    These were the only texts in the log
    Code:
    Sophos Anti-Rootkit Version 1.3.1 (data 1.08)  (c) 2006 Sophos Plc
Started logging on 2008-03-15 at 09:03
Stopped logging on 2008-03-15 at 09:11
    I geuss I'm not real concerned since it happened rarely when I was done with the first second round of scans and purges and hasn't happened, but if you can think of anything else, I think it would be prudent.
     
    rob0, Mar 15, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Step 13 of the below gets to this.


    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN
      • Now type combofix /u in the runbox and click OK.
      • Note: The space between the X and the /U, it must be there.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    7. If we had you run Avenger, you can delete all files related to Avenger now.
    8. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
    9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    10. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    12. If you are running Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    13. After doing the above, you should work thru the below link:
     
    chaslang, Mar 16, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds