Jump to content

HJT log

dwgilmore
 Share

Recommended Posts

Elise

Elise

Posted
Posted

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Don't worry, we'll take it one step at a time. In case you don't understand something, just let me know! :)

Can you give me a description of the problem you are having with your computer?

Lets also do a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites
dwgilmore

dwgilmore

Posted
  • Author
Posted

-System has slowed dramatically in an 'overnight' timeframe--especially noticed at shut down and opening programs [ms word]

-Firefox 5.0 freezes up and doesn't close at exit requiring restart and eliminating 'parent lock' but locks up again while surfing, doesn't close, requires restart

-Doesn't allow attempts to update or run Trend Micro scan and at least one other AV

-I suspected problem might be a Firefox issue since I just updated but new install of Google Chrome locks up and doesn't shut down properly. I'm brand new to Chrome but I get an error message when I restart after closing from freeze up

I've now run AVG antivirus scan and Malwarebytes scan in Safe Mode. Both indicated no infections but the AVG scan had about 15 locked files. I'll send these logs and whatever comes out of TDSSKiller run [right now I'm running a scan in IObit Malware Fighter]

Thank you

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi again, fortunately no rootkits there.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites
dwgilmore

dwgilmore

Posted
  • Author
Posted

google chrome is also freezing with the message 'the following pages have become unresponsive. you can wait for them to become responsive or kill them.' Neither waiting or killing them works. Killing them causes you to exit Chrome but when you open it again it says 'your profile could not be opened correctly. some features may be unavailable. please check that the profile exists and you have permission to read and write its content'

Guess I'm telling you all this because at first I thought my problems might be due to a recent update of Firefox.

Thank you

Link to post
Share on other sites
dwgilmore

dwgilmore

Posted
  • Author
Posted

Hi again, fortunately no rootkits there.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

ComboFix.txt

Link to post
Share on other sites
dwgilmore

dwgilmore

Posted
  • Author
Posted

Does only Firefox freeze up? If so, click Start > All Programs > Mozilla firefox, and select the option Firefox (safe mode). Does that work?

No Google Chrome freezes also [as before]

google chrome is also freezing with the message:

'the following pages have become unresponsive. you can wait for them to become responsive or kill them.'

Neither waiting or killing them works. Killing them causes you to exit Chrome but when you open it again it says:

'your profile could not be opened correctly. some features may be unavailable. please check that the profile exists and you have permission to read and write its content'

This requires a restart.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi again,

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).

* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Link to post
Share on other sites
dwgilmore

dwgilmore

Posted
  • Author
Posted

sorry to take so long. I don't understand 'place Junction.exe in the Windows directory (C:\Windows)'. I've downloaded and extracted the junction.exe four times. When I try to run it the Run box flashes on the screen, then nothing. Guess my failure is in not understanding the placing it in the windows directory. I tried putting it in the

C:\Windows folder and running it (hoping for some computer magic) but that didn't do anything.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

After extracting, you need to copy junction.exe to c:\windows

After you do this, you do not run the file, you click the Start button and press Run (or, press Windows key + R).

In the runbox you type the bolded command from my previous post. This command will execute junction automatically.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi again,

Please click Start > Run, type chkdsk /r and press enter. Type Y and press enter to schedule a disk check for next reboot.

Restart your computer and let the disk check run unhindered (note, this may take quite some time). When done, let me know if the error still persists.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Do you remember if the disk check reported any errors? According to firefox this error is typically caused by file system errors. A reformat should indeed fix these, but file system errors may be caused by hard disk failure (this is not always the cause, but it wouldn't be bad to run a harddisk diagnostic to be sure).

In any case, I would certainly back up any important data, better safe than sorry. :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.