Not responding

I am having problems with my pc, and I don't know anything about trouble shooting them. but I need help to do it, and fix it.

Everything I do it always freezes up, and say "Not responding" then it will do what ever I was doing, or locks up, and I have to close it.

Thanks, Pat

HI there!

ComboFix

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.
  

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:
  

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

I ran the program you suggested. Here is the report from them.

Pat


ComboFix 12-10-04.02 - dell 10/06/2012 18:50:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.298 [GMT -4:00]
Running from: c:\documents and settings\dell\Desktop\scvhost.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\dell\WINDOWS
C:\install.exe
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-09-18 20:11 . 2012-09-18 20:26 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-01 09:16 . 2012-08-17 18:02 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-09-07 21:04 . 2011-12-07 14:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2006-03-03 22:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 05:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 05:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 19:43 . 2010-11-12 18:19 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 08:30 . 2012-04-05 10:01 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 08:30 . 2011-05-16 09:16 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 07:21 . 2010-12-08 09:12 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 301920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/30/2012 7:38 AM 399432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2011 9:48 AM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/7/2011 10:01 AM 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 6:01 AM 250568]
S3 cpuz134;cpuz134;\??\c:\docume~1\dell\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\dell\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2011 9:48 AM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/7/2011 10:01 AM 22856]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/17/2012 2:02 PM 13024]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:30]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 13:48]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 13:48]
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={A0C66910-0E99-4DA3-84E7-11EF0BBA32EC}&mid=d36d746403c147d6aa64d14eaf6db2af-0a1974bae26d9b631eda3e38cf60b90fd9341e37&lang=en&ds=tt014&pr=sa&d=&v=&sap=hp
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.0.1 165.166.8.54
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 19:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-10-06 19:07:44
ComboFix-quarantined-files.txt 2012-10-06 23:07
.
Pre-Run: 44,664,266,752 bytes free
Post-Run: 45,247,152,128 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0F9E9A487D3685A384758F9643225AF5

Good work!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


===================================


Scan for malware

Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.
  

Here is the repot for TDSSKILLER.
It will only let me post one at a time. So I will make a second reply also. I took me awhile just to get this window to post open.

Pat

Here is the report from the Malware.

Pat


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
dell :: DELL-0313B2E353 [administrator]

10/8/2012 8:17:24 AM
mbam-log-2012-10-08 (08-17-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186561
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.
  

=======================================


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death
  

This is the report from Eset.

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{C47B484A-CA15-44DF-ACCB-B20BC238E17D}\RP677\A0087231.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{C47B484A-CA15-44DF-ACCB-B20BC238E17D}\RP677\A0087233.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{C47B484A-CA15-44DF-ACCB-B20BC238E17D}\RP686\A0089687.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined



I have gotten bars on my screen since we started this. It's red lines running top to bottom, made of little hash marks, and green ones that were running left to right, but niow its hard to tell which way the green ones run. It makes it hard to read things. They pretty much went away after the TDSSKILLER & Malware scans, but came back thinner after the ESET scan.

Thanks, Pat

I have rebooted and everything to be fine now, and the lines are gone!

I THANK You very much!

I have another pc to fix, but that is another thread!

Thanks again, Pat

I guess the bars are coming back as the pc is use, or just being on. But the red and green bars are now going top to bottom. and makes things I read or write, hard to see.

Pat

I'd like to check your VIDEO CARD...

Press Start > Run, type in DXDIAG and hit OK.

I need a log from that.

I hope this works, or I'll have to paste it here.

Pat

Please download and run the following stress test for your graphics card, let me know of results: http://www.ozone3d.net/benchmarks/fur/

Is this the results?

Detected graphics hardware:
- OpenGL renderer (main graphics card): ATI RADEON 9500 PRO
- OpenGL version detected: 1.1
- Full device ID: PCI\VEN_1002&DEV_4E45&SUBSYS_30021002&REV_00


Pat

Is there a chance that you can try a different monitor? What about finding a new cord for the monitor?

The VGA cable is the communications cable between the computer and monitor.

Or are we dealing with a laptop?

I had changed the monitor & cable to the one I'm using now, after the video card check, and just before you had me do the stress test. It had changed nothing. I find if I leave the pc on, and come back a few hours later, the bars are gone, but they come back when I use the pc for a bit.

Pat

Most of my clues lead to defective monitor. Doesn't mean it's going to die soon, it's just either old, has bad capacitors, or needs repaired.

DragonMaster Jay, I'm sorry I have not been on line. My wife went suddenly in to the hospital of 11 days, and I been taking care of her.

I changed the monitor and cord, and it still was the same. the bars are completely gone now.
My pc seems to be getting the "Not responding" again, everything is slow to load. I get it alot in my "Yahoo mail" and the last couple of days, my mail has been sending out e-mails that I didn't send. I been getting a bunch back that say, from- "MAILER-DAEMON@yahoo" subject- Failure Notice.

Pat

Today the red bars on the monitor returned.

Pat

Please start a new topic with the issues, so they can be newly addressed.