Firefox Freezing, Suspect Virus [Closed]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Firefox Freezing, Suspect Virus [Closed]

Options

Essexboy View Member Profile	Jun 26 2009, 11:38 AM Post #2
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hi there and sorry for the delay I will need a fresh look at your system and what are your current symptoms To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link. Download OTS to your Desktop Close ALL OTHER PROGRAMS. Double-click on OTS.exe to start the program. Check the box that says Scan All Users Under Additional Scans check the following: File - Lop Check File - Purity Scan Evnt - EvtViewer (last 10) Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Please attach the log in your next post. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post

wwwjunkie View Member Profile	Jun 27 2009, 08:43 PM Post #3
Member Posts: 13 OS: Windows XP	Hi! Here is my OTS log: OTS27jun09.Txt ( 127.55K ) Number of downloads: 21

Essexboy View Member Profile	Jun 28 2009, 05:08 AM Post #4
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Nothing jumps out at me there but as your AV has stopped working I will need to look deeper Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a OTL log so we can continue cleaning the system.

wwwjunkie View Member Profile	Jun 28 2009, 04:12 PM Post #5
Member Posts: 13 OS: Windows XP	Ok, here are the logs. combolog_28jun09.txt ( 10.91K ) Number of downloads: 105 otl_28jun09.Txt ( 79.84K ) Number of downloads: 6 ComboFix 09-06-26.02 - Nikole 06/28/2009 17:58.2 - NTFSx86 Microsoft� Windows Vista� Home Premium 6.0.6001.1.1252.1.1033.18.3061.2097 [GMT -4:00] Running from: c:\users\Nikole\Desktop\Combo-Fix.exe AV: Kaspersky Internet Security On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Kaspersky Internet Security disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))) . 2009-06-28 21:57 . 2009-06-28 21:57 -------- d-----w- C:\32788R22FWJFW.0.tmp 2009-06-28 21:35 . 2009-06-28 21:35 -------- d-sh--w- C:\found.009 2009-06-28 02:35 . 2009-06-28 02:35 -------- d-sh--w- C:\found.008 2009-06-26 04:02 . 2009-06-26 04:02 -------- d-sh--w- C:\found.007 2009-06-26 03:20 . 2009-06-26 03:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-06-26 03:20 . 2009-06-28 21:43 -------- d-----w- c:\users\Nikole\AppData\Roaming\SUPERAntiSpyware.com 2009-06-26 03:20 . 2009-06-28 21:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-26 02:42 . 2009-06-26 02:42 -------- d-----w- c:\windows\Sun 2009-06-18 07:52 . 2009-06-18 07:52 -------- d-sh--w- C:\found.005 2009-06-18 04:22 . 2009-06-18 04:22 -------- d-sh--w- C:\found.006 2009-06-17 03:37 . 2009-06-17 03:37 -------- d-sh--w- C:\found.004 2009-06-17 03:03 . 2009-06-17 03:03 -------- d-sh--w- C:\found.003 2009-06-16 05:19 . 2009-06-16 05:19 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-16 05:18 . 2009-06-16 05:18 -------- d-----w- c:\programdata\McAfee 2009-06-16 03:50 . 2009-06-16 03:50 -------- d-----w- c:\users\Nikole\AppData\Roaming\Malwarebytes 2009-06-16 03:50 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-16 03:50 . 2009-06-16 03:50 -------- d-----w- c:\programdata\Malwarebytes 2009-06-16 03:50 . 2009-06-16 04:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-16 03:50 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 03:48 . 2009-06-16 03:48 -------- d-----w- c:\program files\ERUNT 2009-06-16 03:23 . 2009-06-16 03:23 -------- d-sh--w- C:\found.002 2009-06-15 03:48 . 2009-06-15 03:48 -------- d-sh--w- C:\found.001 2009-06-15 03:00 . 2009-06-15 03:00 -------- d-sh--w- C:\found.000 2009-06-12 00:34 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 21:58 . 2009-04-15 02:34 393248 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-28 21:57 . 2009-04-15 02:34 2424 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-28 21:56 . 2009-04-15 02:34 -------- d-----w- c:\programdata\Kaspersky Lab 2009-06-28 02:33 . 2009-04-15 02:34 2537504 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-28 02:33 . 2009-04-15 02:34 21952 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-26 04:32 . 2008-09-21 08:43 -------- d-----w- c:\program files\Java 2009-06-26 03:42 . 2009-03-22 00:14 6648 ----a-w- c:\users\Nikole\AppData\Local\d3d9caps.dat 2009-06-26 01:38 . 2009-01-21 01:28 1326 ----a-w- c:\users\Nikole\AppData\Roaming\wklnhst.dat 2009-06-18 04:41 . 2009-04-15 02:34 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-06-18 04:41 . 2009-04-15 02:34 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-06-15 03:38 . 2008-09-21 09:03 -------- d-----w- c:\program files\Microsoft Works 2009-06-15 03:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-04-24 16:05 . 2009-06-12 00:35 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 13:44 . 2009-06-12 00:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-12 00:35 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-12 00:35 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 11:55 . 2009-06-12 00:35 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 02:46 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-04-15 02:46 . 2009-04-15 02:46 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll 2009-04-15 02:46 . 2009-04-15 02:46 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys 2009-04-15 02:46 . 2009-04-15 02:46 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys 2009-04-15 02:46 . 2009-04-15 02:46 206088 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe 2008-09-21 08:47 . 2008-09-21 08:47 76 --sh--r- c:\windows\CT4CET.bin 2008-09-21 11:19 . 2008-09-21 11:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-21 29744] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-15 206088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888] c:\users\Nikole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-9-21 50688] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-09-21 09:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{B076ECE7-4193-4BD4-A970-3C451CE33569}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{85AB9791-2830-4715-B25B-C9F12FC1D2CD}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{5787CBE9-0AC0-48D9-92EB-763D69AD9512}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{B3A5E6EA-382C-49E0-A398-B48D74561F97}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [1/29/2008 6:29 PM 33808] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [7/9/2008 6:28 PM 20496] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [9/20/2008 11:30 PM 73728] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [5/2/2008 3:09 PM 161048] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [9/21/2008 7:26 AM 111616] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640] R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [9/21/2008 7:26 AM 235648] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [9/21/2008 7:26 AM 7424] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm FF - ProfilePath - c:\users\Nikole\AppData\Roaming\Mozilla\Firefox\Profiles\3imazx2c.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-28 18:02 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-06-28 18:04 ComboFix-quarantined-files.txt 2009-06-28 22:04 Pre-Run: 213,732,519,936 bytes free Post-Run: 213,676,707,840 bytes free Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9 150

Essexboy View Member Profile	Jun 28 2009, 04:16 PM Post #6
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Your AV is disabled - did you do that ? If not can you re-install it and let me know the result

wwwjunkie View Member Profile	Jun 28 2009, 10:01 PM Post #7
Member Posts: 13 OS: Windows XP	Yes, I disabled it to run Combo Fix since it suggested Kaspersky could interfere with the scan. I turned it back on after running CF and OTL. Should I try to run another AV scan even though it wasn't detecting anything last week?

Essexboy View Member Profile	Jun 29 2009, 01:11 PM Post #8
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	No if you could let me know if you are still having problems with Firefox after this little run Download TFC to your desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean THEN Download and run Auslogics Disc Defragmenter

wwwjunkie View Member Profile	Jun 29 2009, 09:28 PM Post #9
Member Posts: 13 OS: Windows XP	I ran TFC. But I cannot run the Defragmenter. It gets to 14% and then my computer locks up. I've tried at least five times. Thoughts?

Essexboy View Member Profile	Jun 30 2009, 11:31 AM Post #10
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Lets check that there is nothing wrong with your disc Manual steps to run Chkdsk from My Computer or Windows Explorer 1. Double-click My Computer, and then right-click the hard disk that you want to check. 2. Click Properties, and then click Tools. 3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed, 4. Use one of the following procedures: � To run Chkdsk in read-only mode, click Start. � To repair errors without scanning the volume for bad sectors, select the Automatically fix file system errors check box, and then click Start. � To repair errors, locate bad sectors, and recover readable information, select the Scan for and attempt recovery of bad sectors check box, and then click Start. Note If one or more of the files on the hard disk are open, you will receive the following message: The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer? Click Yes to schedule the disk check, and then restart your computer to start the disk check.

wwwjunkie View Member Profile	Jul 1 2009, 08:45 PM Post #11
Member Posts: 13 OS: Windows XP	Ok it took a couple of tries and a few hard powering downs, but I was finally able to run the disk check on both drives. Then I defragged them. It ran for a few minutes longer but then it froze again. Now it is back to freezing every 5-10 minutes. Do you think it's a virus or something wrong with the laptop itself? This post has been edited by wwwjunkie: Jul 1 2009, 08:46 PM

Essexboy View Member Profile	Jul 4 2009, 02:44 AM Post #12
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	I am sorry for the delay I have some severe internet problems I should be back on line by wednesday - sorry

Essexboy View Member Profile	Jul 7 2009, 03:05 PM Post #13
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Hi I am back again now, I would suspect that it is a hardware problem. Are you still experiencing the freezing ?

Essexboy View Member Profile	Jul 12 2009, 10:51 AM Post #14
GeekU Moderator Posts: 18,766 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal HELP! - Computer freezes, suspect virus [CLOSED]	14 / 1,978	22nd June 2005 - 07:06 PM sp0ke started - last by greyknight17
Virus, Spyware and Trojan Removal i suspect a virus [CLOSED]	2 / 217	28th July 2006 - 07:12 PM shambe started - last by greyknight17
Virus, Spyware and Trojan Removal Redirect virus [Closed]	6 / 130	2nd November 2009 - 02:47 PM Test-Subject started - last by hammerman
Virus, Spyware and Trojan Removal Firefox Google Search Hijacked [Closed]	10 / 69	4th November 2009 - 05:14 PM fastiriwn started - last by Rorschach112