Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Checkup - Frequent CPU Lockups [Solved]

Started by SomeCrazyStuff , Sep 04 2009 08:36 AM

This topic is locked

#1
SomeCrazyStuff

Posted 04 September 2009 - 08:36 AM

Member

Member
401 posts

Hi,

I am having difficulties with my desktop. I have to restart it several times through out the day due to lockups. Normally i have firefox and thunderbird running and various other programs (always different when it locks up). I have noticed 100% cpu use and ram spikes to about 48% (runs at 25% at first boot and normally around 32% when i get everything running) I haven't noticed anything strange recently other than the recent lockups. a couple of new programs have been installed but they are not running when the computer freezes.

All-in-all... I ran MBAM and it found a couple of infected files. Been a couple of days since so I don't remember what they were named. if at all possible I would love some help diagnosing those infected files and making sure nothing else is a miss...

OTL and RootRepeal both froze multiple times. I had to turn off via the power button to regain control over my pc. For both program i made sure to have nothing else running by restarting the computer and letting it idle for a few minutes before trying to use those programs. This was done every time i had to restart. I believe I tried RootRepeal 3 times and OTL twice. What I mean by they froze is that the screen locked up completely.. not able to move the curser or anything. CPU light on the tower itself stopped flashing as well. I also have a gauge on the desktop that measure cpu and memory load and list currently running processes (very similar to task manager but it is on the desktop) and it showed OTL/RootRepeal as not responding...

Thanks in adv for any and all time given to this topic!

MBAM Log:

Malwarebytes' Anti-Malware 1.40
Database version: 2722
Windows 5.1.2600 Service Pack 3

8/31/2009 12:54:18 PM
mbam-log-2009-08-31 (12-54-18).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 304716
Time elapsed: 1 hour(s), 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4DF0CDB9-9F55-469D-B38F-1A25F1B19747}\RP228\A0091104.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4DF0CDB9-9F55-469D-B38F-1A25F1B19747}\RP228\A0091157.exe (Trojan.BHO) -> Quarantined and deleted successfully.

PS: now that i am looking at the MBAM log i see that the problems were in system restore.. There may not be anything to worry about. But I am still curious to get an opinion as to why OTL and RootRepeal locked up like they did...

Thanks again!

#2
jwang01

Posted 20 September 2009 - 12:16 PM

Trusted Helper

Malware Removal
2,567 posts

Hello SomeCrazyStuff and and welcome to Geeks To Go.

I am jwang01 and I will be assisting you with your issue.

Sorry for the delay. This forum can get quite busy.

Please note that I am still in training here and all my post's need to be checked by an Expert before I can post them. This may cause a slight delay in my respones.

When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.

Can you tell me what problems you are still experiancing?

I would like to see if we can get a log. So please do the following:

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

Edited by jwang01, 20 September 2009 - 12:21 PM.

#3
SomeCrazyStuff

Posted 21 September 2009 - 09:30 AM

Member

Topic Starter
Member
401 posts

Hey!

Thanks for the reply! No worries about the timeframe. This system is not detrimental. I have a couple other computer that i work on from time to time and they have played substitute while this one is down..

Actually I think I have found the problem. I have thunderbird installed and in an attempt to get my free yahoo mail to be delivered to thunderbird i was directed to install a copy of ypops!. I managed to get the task manager open during one of the times that system resources were used up and it pointed out that ypops! was using 99% of the CPU (I didnt look at how much RAM it was using). I killed it and problem solved.

If you wouldn't mind I will still post the logs you requested for a system checkup, but i think all is good as far as the original issue goes.

Do you have another link to OldTimer? The link i followed gave the following error(i get this for other files from GeeksToGo as well):
C:\DOCUME~1\TROUSS~1\LOCALS~1\Temp\8HbBa3iM.exe.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

#4
jwang01

Posted 21 September 2009 - 03:37 PM

Trusted Helper

Malware Removal
2,567 posts

Hello,

I'm happy to here you solved your CPU problem. The file that the OTS error links to look like it could be malware related. I would like to try a different tool and see what it comes up with.

Download avz4.zip from here

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Analysis" check box.
Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#5
SomeCrazyStuff

Posted 22 September 2009 - 08:42 AM

Member

Topic Starter
Member
401 posts

ok here is a quick question for you.. I assume by this:

Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.

you mean the option:

3. Advanced System Analysis with malware removal mode enabled

correct?

Don't want to run it until i'm sure that that is what you want me to run..

#6
jwang01

Posted 22 September 2009 - 06:17 PM

Trusted Helper

Malware Removal
2,567 posts

Hello,

Yes, go ahead and run option 3.

#7
SomeCrazyStuff

Posted 24 September 2009 - 12:50 AM

Member

Topic Starter
Member
401 posts

O.o i'm sorry i forgot about this... have been doing stuff in the mornings and this morning i got up late so was rushing around... -.- i'll get your scans run first thing tomorrow..

#8
SomeCrazyStuff

Posted 24 September 2009 - 07:04 AM

Member

Topic Starter
Member
401 posts

iight here you go.. All went smoothly with no errors or hangups.

#9
jwang01

Posted 26 September 2009 - 12:13 PM

Trusted Helper

Malware Removal
2,567 posts

Hello,

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Next

Please start up MBAM and click on the update tab. Then update the program and run a Quick Scan. Please post the log it creates in your next reply.

Next

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please post the contents of the MBAM and Kaspersky logs in your next reply.

#10
SomeCrazyStuff

Posted 28 September 2009 - 07:40 AM

Member

Topic Starter
Member
401 posts

I will post results as soon as i can. However I am having memory issues at the moment and am currently on online chat with ASUS tech support. I will get back to this ASAP.. sorry for the wait...

edit: ok heres whats going on.. I apparently have a bad set of memory. Patriot (the memory's manufacturer) is going to RMA the memory and we will go from there. I suspect at least 2 weeks from the time i get to ship it out before i get the memory back, which means my computer will be down until then. I believe that most of my problems may have been due to this, though there very well could be a malware side to it too.. so let me ask you your opinion. Do you think it best to just wait until i get the computer running again? or do you want to close this thread and have me start a new one once i get the computer running? again it will most likely be about two weeks before i can have it running, and that is assuming they just decide to ship new parts and not try to troubleshoot and fix the return ones.

Edited by SomeCrazyStuff, 28 September 2009 - 04:28 PM.

#11
jwang01

Posted 29 September 2009 - 12:44 PM

Trusted Helper

Malware Removal
2,567 posts

Hello,

I am glad you are figuring out your other computer problems.

I think for now we will close out this thread. On your return, just shoot me a PM and we can re-open the thread and continue working on your computer.

#12
SomeCrazyStuff

Posted 30 September 2009 - 06:22 AM

Member

Topic Starter
Member
401 posts

Sounds like an excellent plan. Hopefully it wont be long, though i have yet to send it off.. keep forgetting to grab it before leaving for work in the morning

#13
Rorschach112

Posted 11 October 2009 - 05:20 AM

Ralphie

Retired Staff
47,710 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#14
jwang01

Posted 29 October 2009 - 02:36 PM

Trusted Helper

Malware Removal
2,567 posts

Hello,

Welcome back.

Please Run TCF, MBAM and Kaspersky per my last post and post those logs.

#15
SomeCrazyStuff

Posted 30 October 2009 - 06:26 AM

Member

Topic Starter
Member
401 posts

Hey!

Thanks for having this tread re-opened. I hate to be a nuisance but I also hate to have a messed up computer. And the Bluescreen are starting to get on my last nerves. I hope that maybe we can get those to stop. If not then I will hit up the hardware guys for their expertise

edit: ha... i forgot to put in here the whole reason I was going to post at this time.. I still cant seem to download TFC.exe and I have an MBAM log for you.

Heres error i get before I can even choose where to save the download:
C:\DOCUME~1\TROUSS~1\LOCALS~1\Temp\wXYEkpTV.exe.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

also, here is the fresh MBAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 3059
Windows 5.1.2600 Service Pack 3

10/30/2009 7:28:13 AM
mbam-log-2009-10-30 (07-28-13).txt

Scan type: Quick Scan
Objects scanned: 124360
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have started using MBAM as realtime AS program along with my copy of Eset Smart Security Suite for AV program and Firewall. I think all bases are covered in that aspect...

Edited by SomeCrazyStuff, 30 October 2009 - 06:32 AM.