computer freezing

[gib65]

Hello,

Just recently, I started experiencing an annoying problem with my computer. I have a Toshiba Satellite L755D laptop with Windows 7. Up until a couple days ago, everything on it ran smoothly and quick. Now everything is experiencing intermittent freezes. I'd open Firefox and try to surf the net. Firefox would freeze for 10, 15, sometimes 20 seconds, say it's not responding, and then unfreeze. I'd get a bit farther in my surfing, like maybe click on a link, and then it would freeze again for a short while. The same will happen to Word, Adobe Reader, even Explorer.

I'm not sure if this is a virus or not. Seems like something hogging the CPU and not allowing other programs to run, which seems like a virus to me, but it could just be some kind of software damage. I didn't do anything to my computer recently--I didn't download anything, I didn't change any settings--so I strongly suspect some kind of malware.

Can anyone help me fix this? Thanks.

Gibran

 

[johnb35]

At work on my phone at the moment but read the sticky in the security section and run the programs and post the logs.

 

[Okedokey]

Yes, while John gets back to you, please read and follow this http://www.computerforum.com/224967-please-read-before-requesting-malware-removal-help.html It will give you the required steps so that John can clean up and fix your laptop.

 

[gib65]

All right. Thanks both. I'll give that a read.

 

[gib65]

Hello again,

I'm following along with that sticky, and I'm at the point where it asks me to run Junkware Removal Tool and I think it's frozen. It's been sitting there at the command prompt blinking for 4 hours now. I don't want to kill it in case it's in a critical state right now.

This could just be the same old problem--programs freezing on me--so I *could* just let it sit there indefinitely and it will eventual finish, but how do I know it won't just stay frozen forever?

You might want to know that I'm running these malware removal programs in SafeMode (otherwise I know the freezing problem will slow down these programs--SafeMode doesn't seem to have this problem).

But I'm not sure what to do? Can anyway suggest something? I greatly appreciate the help.

 

[johnb35]

Junkware program shouldn't take any more than say 15 minutes on the slowest system. You might want to run the hard drive makers disk diagnostic program to check the drive for errors.

 

[S.T.A.R.S.]

Have you tryed doing a check disk?
It is a small utility already included in Windows operating system:

Be sure that both check boxes on the second picture are checked!
If you have multiple drives or partitions,be sure to perform check disk on the same way on all of them.

 

[gib65]

Unfortunately the check disc program won't let me scan the hard drive. It says it can't scan while some other program is using the hard drive. I don't know what program that would be. In the task manager, all I see are csrss.exe, ctfmon.exe, winlogon.exe, explorer.exe, and taskmgr.exe

 

[johnb35]

Boot to safe mode with command prompt and then do the diskcheck

chkdsk /f /r C:

that is the command you want to use.

 

[Okedokey]

Unfortunately the check disc program won't let me scan the hard drive. It says it can't scan while some other program is using the hard drive. I don't know what program that would be. In the task manager, all I see are csrss.exe, ctfmon.exe, winlogon.exe, explorer.exe, and taskmgr.exe

Thats normal. You simply need to click on the check box that appears where it asks to check upon next restart.

 

[S.T.A.R.S.]

Thats normal. You simply need to click on the check box that appears where it asks to check upon next restart.

Exactly.

 

[gib65]

Ok, I only got a chance to run AdwCleaner because, as you know, Junkware Removal kept stalling on me, so here's the AdwCleaner log:


# AdwCleaner v2.306 - Logfile created 08/04/2013 at 12:09:57
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : gib - GIBS-LAPTOP
# Boot Mode : Normal
# Running from : C:\install packages\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\gib\AppData\Roaming\Mozilla\Firefox\Profiles\ekm94xc0.default-1361245500945\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files (x86)\appbario7
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\Users\gib\AppData\Local\blekkotb
Folder Deleted : C:\Users\gib\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\gib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\gib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\gib\AppData\Local\Smartbar
Folder Deleted : C:\Users\gib\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\gib\AppData\Local\Wondershare
Folder Deleted : C:\Users\gib\AppData\LocalLow\appbario7
Folder Deleted : C:\Users\gib\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\gib\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\gib\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\gib\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\gib\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\gib\AppData\Roaming\Wondershare

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6628343D-1E52-404D-A133-B839098ACA5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6926C7F7-6006-42D1-B046-EBA1B3010315}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6628343D-1E52-404D-A133-B839098ACA5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6926C7F7-6006-42D1-B046-EBA1B3010315}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\Software\appbario7
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227981
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6628343D-1E52-404D-A133-B839098ACA5E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6628343D-1E52-404D-A133-B839098ACA5E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6926C7F7-6006-42D1-B046-EBA1B3010315}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08173518-9394-45E0-8440-A75007EA656E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD1E53DA-07D3-4271-8C2B-AC1015EE2221}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6926C7F7-6006-42D1-B046-EBA1B3010315}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\appbario7 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6926C7F7-6006-42D1-B046-EBA1B3010315}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6926C7F7-6006-42D1-B046-EBA1B3010315}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6926C7F7-6006-42D1-B046-EBA1B3010315}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\gib\AppData\Roaming\Mozilla\Firefox\Profiles\ekm94xc0.default-1361245500945\prefs.js

Deleted : user_pref("CT3227981.FF19Solved", "true");
Deleted : user_pref("CT3227981.UserID", "UN12359630693087165");
Deleted : user_pref("CT3227981.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3227981.fullUserID", "UN12359630693087165.IN.2013062485434");
Deleted : user_pref("CT3227981.installDate", "24/06/2013 8:54:34");
Deleted : user_pref("CT3227981.installSessionId", "{DEADF6A8-5E67-4FD4-83FB-BC0FDA0A97F6}");
Deleted : user_pref("CT3227981.installSp", "TRUE");
Deleted : user_pref("CT3227981.installerVersion", "1.4.3.3");
Deleted : user_pref("CT3227981.keyword", "true");
Deleted : user_pref("CT3227981.originalHomepage", "about:home");
Deleted : user_pref("CT3227981.originalSearchAddressUrl", "");
Deleted : user_pref("CT3227981.originalSearchEngine", "");
Deleted : user_pref("CT3227981.originalSearchEngineName", "");
Deleted : user_pref("CT3227981.searchRevert", "false");
Deleted : user_pref("CT3227981.searchUserMode", "2");
Deleted : user_pref("CT3227981.smartbar.homepage", "true");
Deleted : user_pref("CT3227981.versionFromInstaller", "10.16.4.19");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "appbario7 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227981&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Deleted : user_pref("extensions.helperbar.Visibility", false);
Deleted : user_pref("extensions.helperbar.countryiso", "tj");
Deleted : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Deleted : user_pref("extensions.helperbar.installationid", "e1f6d585-2e95-4e9a-9e23-524bbcc40290");
Deleted : user_pref("extensions.helperbar.installdate", "27/06/2013");
Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3227981");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3227981&CUI=UN123596306[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3227981");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3227981");
Deleted : user_pref("smartbar.machineId", "YEACPSJTA9I+LHIIL30S+SXAYWAGFVEVXM62KN7K/W4NMX0D6BQMBF4G9RUPXZB/PGI[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227981&CUI=UN123596306930[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Users\gib\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.29] : keyword = "search.snap.do",

-\\ Opera v12.15.1748.0

File : C:\Users\gib\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [12412 octets] - [04/08/2013 12:09:57]

########## EOF - C:\AdwCleaner[S1].txt - [12473 octets] ##########

On a lighter note, my computer seems to be running fine now. It might still be too early to tell, so I don't want to say I'm done with this thread just yet, but it seems like either AdwCleaner fixed something or the scandisk did. I know AdwCleaner found a few things. I'm not sure what scandisk found because I just let it run while I was away and when I came back, I just saw the login screen. Does scandisk store a log anywhere?

 

[johnb35]

This may help. Checkdisk logs are stored in the event viewer.

http://ask-leo.com/how_do_i_see_the_results_of_a_chkdsk_that_ran_on_boot.html

 

[gib65]

Well, the log files say that scandisk found nothing wrong, so it must have been something AdwCleaner found. In any case, my computer is still going strong, so I'm comfortable saying this problem is solved. Thanks for the help.

 

[Punk]

Well, the log files say that scandisk found nothing wrong, so it must have been something AdwCleaner found. In any case, my computer is still going strong, so I'm comfortable saying this problem is solved. Thanks for the help.

I'd suggest waiting for an answer from John, you may have fixed the problem right now but if you left a file from the virus it might start again.

Let him got through your logs and give you an answer

 

[johnb35]

It would help your system out if you were to continue to run those programs suggested so you can make sure you are infection free.