Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Solved: Major problem, possibly a virus?


(!)

zootallures's Avatar
zootallures zootallures is offline
Computer Specs
Member with 8 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Beginner
07-Mar-2012, 06:40 PM #1
Solved: Major problem, possibly a virus?
Hey,

Up until about last night my computer seemed to be working relatively fine, when suddenly I opened the Start menu to do something and it froze up. I hit ctrl + alt + del to close explorer.exe and re-run it, but when I tried to close it, it just sat there, so I rebooted my computer. It seemed to be working for a minute after I had rebooted, but I noticed that when I tried to open Google Chrome, I had to double-click twice to get it to open, and once I did open it, and tried to open the Start menu or open a file out of a folder, it'd crash again (in the same way as before). I rebooted and tried using Internet Explorer instead, and it seemed to be working.... so I assumed that Google Chrome was the problem.

I went to add/remove programs to uninstall and re-install Chrome, but once I attempted to uninstall it, Windows Explorer froze up again and I had to restart. I tried uninstalling something else, just to see if it'd work, and it did.... so I guess it's only Chrome that freezes up my computer when I try to uninstall it?

As the day went on and I continued messing around trying to figure out what the problem was, it just seemed to get worse and worse. At one point I was in Internet Explorer trying to sign up for an account on here when what seemed like a million IE windows suddenly opened one after another..? They weren't ads, it was just a hundred copies of the same window I already had open. Obviously after this, Windows crashed again and I had to reboot. Now it's to the point that Google Chrome won't even open at all, regardless of how many times I click it. The strange part is that everything else seems to work relatively fine if I start up my computer and don't open Chrome/Internet Explorer... other than that I tried to update SpywareBlaster and the installation file wouldn't open, nor would the installation file for Firefox.

Another thing I noticed is that I would periodically get a pop-up saying that Windows was running low on virtual memory, even if I had next to nothing open. I hit ctrl + alt + del and checked the "Performance" tab, and the memory was nowhere close to where it'd need to be for Windows to be running low.

Anyone have any idea what could be causing this? Or is there anything I could to to help get a better idea of what the problem is?

Thanks in advance
blues_harp28's Avatar
Trusted Advisor with 15,693 posts.
 
Join Date: Jan 2005
Location: London England
07-Mar-2012, 06:46 PM #2
Hi and welcome.
Let us have some Pc specifications.
Check and post
TSG System Information Utility - found here.
http://library.techguy.org/wiki/TSG_Valuable_links
zootallures's Avatar
zootallures zootallures is offline
Computer Specs
Member with 8 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Beginner
07-Mar-2012, 07:06 PM #3
My bad, haha, should've thought to include all of that in my original post.

Here you are:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 503 Mb
Graphics Card: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller, 64 Mb
Hard Drives: C: Total - 131061 MB, Free - 56993 MB; E: Total - 108278 MB, Free - 48880 MB;
Motherboard: Lite-On Tech., 0888h
Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled
blues_harp28's Avatar
Trusted Advisor with 15,693 posts.
 
Join Date: Jan 2005
Location: London England
07-Mar-2012, 07:11 PM #4
Post a Hjt log - to see what is running on your system.

Hijack this 2.04
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Post the uninstall log from Hjt log
Start HiJackThis.
Click > Open The Misc Tools Section button.
Click > Open Uninstall Manager.
Click > Save List.
Save the uninstall list file on your desktop.
It will then open in Notepad.
Copy-and-Paste the uninstall list in the reply box.
__________________
Superantispyware
Malwarebytes
zootallures's Avatar
zootallures zootallures is offline
Computer Specs
Member with 8 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Beginner
07-Mar-2012, 07:25 PM #5
Allrighty. Bit of an update as well: I managed to get the Firefox installation file to work, which I had to do because IE6 wasn't formatting my posts correctly, haha. Also Google Chrome opens now (after one double-click), but immediately freezes once it does. I can ctrl + alt + del out of it, though, it's not freezing up my entire computer.

HijackThis Log:
Quote:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:22:37 PM, on 3/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shawn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174664676467
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files\Wajam\Updater\WajamUpdater.exe

--
End of file - 5403 bytes
Uninstall log:
Quote:
µTorrent
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Shockwave Player
ANIO Service
ANIWZCS2 Service
Apple Application Support
Apple Software Update
avast! Free Antivirus
CCleaner (remove only)
Chessmaster Grandmaster Edition
dBpoweramp DSP Effects
dBpoweramp Music Converter
Defraggler
DFX for Winamp
Diablo II
Electric Sheep 2.7b29
Foxit Reader
Guitar Pro 5.2
Hero Editor V1.04
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 29
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Power Tab Editor 1.7
PowerISO
PowerQuest Drive Image 5.0
PowerQuest PartitionMagic 7.0
QuickTime
RAM Defrag (remove only)
RangeBooster G WUA-2340
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1

(KB2657424)
Segoe UI
Skype™ 5.5
SoundMAX
SpywareBlaster 4.5
System Requirements Lab
System Requirements Lab CYRI
Tag&Rename 3.5.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Veetle TV
Viewpoint Media Player
VLC media player 1.1.11
Winamp
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol
WinRAR archiver
X264 H.264/AVC Video Codec (remove only)
blues_harp28's Avatar
Trusted Advisor with 15,693 posts.
 
Join Date: Jan 2005
Location: London England
07-Mar-2012, 07:35 PM #6
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Out of date - although you may not use IE - it is a part of your operating system and needs updating asap.

Run MalwareBytes and update and scan your Pc.
Also download.
SuperAntiSpyware

Once they are downloaded to your desktop.
Close all open browser windows.

MalwareBytes
Click on the Install icon - allow it to update during the install process.

Start Malwarebytes Anti-Malware.
Click on Scanner > then quick scan >then Scan.
Any infections or problems will be highlighted in red.
After the scan is finished - Click - Show Results.
Check that all entries are selected.
Click - Remove Selected.
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start Malwarebytes again.
Click on the Logs Tab.
Highlight the scan log entry.
Click - Open.
The scan log will appear in Notepad.
Copy and paste it in your next post.

SuperAntiSpyware
Click on the install icon - allow it to update during the install process.
Select the Quick Scan option.
Click Scan your Computer.
Any infections or problems will be highlighted in red.
After the scan is finished.
Click Continue.
Check that everything is listed.
Click Remove Threats.
Click OK - then click Finish
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start SuperAntiSpyware again.
Click View Scan Logs.
Highlight the scan log entry.
Click - View Selected Log.
The scan log will appear in Notepad.
Copy and paste in your next post.

RAM: 503 Mb installed is the minimum that Xp needs.
Installing more Ram would increase your Pc's performance.
blues_harp28's Avatar
Trusted Advisor with 15,693 posts.
 
Join Date: Jan 2005
Location: London England
07-Mar-2012, 07:42 PM #7
Using µTorrent - will keep you open to future infections.
You need to update Windows as soon as possbble - you are missing many security updates from Microsoft.

How to Use the Windows XP Automatic Update Feature
http://windows.about.com/od/security...ows_update.htm

Internet Explorer 7 for Windows XP.
http://www.microsoft.com/download/en/details.aspx?id=2

Last edited by blues_harp28; 07-Mar-2012 at 07:57 PM.. Reason: more info
blues_harp28's Avatar
Trusted Advisor with 15,693 posts.
 
Join Date: Jan 2005
Location: London England
07-Mar-2012, 08:04 PM #8
I missed your update at the top of your post # 5

IE 6 is no longer safe to use - install IE 7 asap
Follow all suggestions in my posts # 6-7
Let me know when all is done.

Last edited by blues_harp28; 07-Mar-2012 at 08:14 PM.. Reason: spelling!
zootallures's Avatar
zootallures zootallures is offline
Computer Specs
Member with 8 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Beginner
07-Mar-2012, 08:52 PM #9
Sorry, slightly delayed response. Had to go eat dinner, haha.

I'm a bit weird about Windows Update because the last time I did it, I started having a problem where, whenever I booted up Windows and logged in, it would just sit there showing my wallpaper but never actually loading anything. I ended up having to go into safe mode and remove the updates before it'd work again. I'll give it another go once I sort this problem out and see what happens, though.

MBAM log:
Quote:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.07.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Shawn :: SHAWN [administrator]

3/7/2012 6:44:19 PM
mbam-log-2012-03-07 (18-44-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247699
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
SUPERAntiSpyware log:
Quote:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/07/2012 at 07:47 PM

Application Version : 5.0.1146

Core Rules Database Version : 8314
Trace Rules Database Version: 6126

Scan type : Quick Scan
Total Scan Time : 00:07:09

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 468
Memory threats detected : 0
Registry items scanned : 28610
Registry threats detected : 0
File items scanned : 7335
File threats detected : 0
....*shrug*
SilverSurf's Avatar
SilverSurf SilverSurf is offline
Member with 275 posts.
 
Join Date: Jun 2010
Location: UK
Experience: Know a bit
08-Mar-2012, 12:06 AM #10
Quote:
Originally Posted by blues_harp28 View Post
IE 6 is no longer safe to use - install IE 7 asap.
.....Or maybe Internet Explorer 8???


Regards SilverSurf
blues_harp28's Avatar
Trusted Advisor with 15,693 posts.
 
Join Date: Jan 2005
Location: London England
08-Mar-2012, 05:31 AM #11
Quote:
Originally Posted by SilverSurf View Post
.....Or maybe Internet Explorer 8???


Regards SilverSurf
Yes indeed.
blues_harp28's Avatar
Trusted Advisor with 15,693 posts.
 
Join Date: Jan 2005
Location: London England
08-Mar-2012, 05:34 AM #12
zootallures.
Your un-install log is not showing any Windows updates.
They are released once a month and you need to have them installed.
zootallures's Avatar
zootallures zootallures is offline
Computer Specs
Member with 8 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Beginner
08-Mar-2012, 05:07 PM #13
Update: so I think I've solved this one.... I ran a boot-time scan with Avast last night and it found a couple of viruses. Unfortunately it doesn't automatically save a log file, so I can't post what it found.

When I logged in after that, Google Chrome was still crashing, and even IE was constantly crashing (nothing initiated the crash, it seemed to just happen randomly). So I tried to uninstall Chrome again, and this time, rather than freezing, it gave me an error saying to close Chrome before attempting to uninstall (which I already had).... so I restarted the computer and tried uninstalling Chrome right away before doing anything else this time. It worked, and so I went on IE and tried to download Firefox. It took a few tries (because it kept randomly crashing), but eventually I got the download finished before IE crashed, installed Firefox and used that to download the Chrome installation file.

Then the Chrome installation kept getting stuck on "installing Google Chrome" (it would just sit there, "loading" forever), so I went back on Firefox and found a standalone Chrome installation file that didn't need to connect to the internet, restarted, tried that one and finally it worked. I opened the re-installed Chrome and it appeared to be working fine, so I uninstalled Firefox, ran CCleaner + Temp File Cleaner (by OldTimer), restarted the computer, and now everything seems to be working fine.

I'll make sure to get IE8 and run those Windows updates. Thanks for all the help blues_harp.
blues_harp28's Avatar
Trusted Advisor with 15,693 posts.
 
Join Date: Jan 2005
Location: London England
08-Mar-2012, 06:00 PM #14
Ok - good news, thanks for the update.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑