Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.NET Framework 3.0 and Windows Cardspace


  • Please log in to reply
14 replies to this topic

#1 docmontage

docmontage

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 30 August 2009 - 12:55 PM

My laptop computer has slowed down considerably in the last week. I've had two instances where it froze during log off, or completely shut off with no explanation or warning. It would not respond in any way to when it froze, eventually I had to take the battery out then put it back in for it to restart. Also last week the anti-virus program I was using, Avira, had a fatal error of some kind, basically it became damaged and unusable. Yes, I believe likely it was a virus of some kind which caused this. I believe all of these things are connected in some way. The browser I use IE 7, has also had a few instances of closing without warning. I have received two C++ run-time errors also.

Last week I downloaded some Microsoft updates regarding .NET Framework. A couple of days later I noticed I had Windows Cardspace. I tried to do some research on the application, and know I didn't download it as I wouldn't use that type of thing. I read it is a component of .NET framework 3.0 (please correct me if I am wrong).

On another laptop a few years ago, I had a problem and learned that some "false" application can be inserted on one's computer, and you think its a legitimate one, but its not, its a type of virus or malware or something. I believe this is what has happened to the laptop I have now.

I removed the busted Avira and uploaded AVG to do a complete scan of my system, and it found nothing. I also uploaded Spybot Search and Destory and ran a scan which only turned up one of the typical spyware things, which was removed. Occasionally, I also use CCleaner to tweak my system, and hadn't had any problems before this. I also noticed my "free space" on my computer was suddenly down from 80% to 76% although I have not uploaded any new large applications. Even with these applications I mentioned, my free space had been at 80%.

I simply do not know what the problem is. I believe there is something hidden on my computer causing these problems but I don't know how to find it. Could someone help me? I would appreciate any suggestions and will try to answer any questions to the best of my ability.

Normally I use my computer only for word processing, watching some online broadcasts or streaming a few films myself, and very basic check of personal usage sites eBay, Facebook and email programs. I did read that Facebook had some problems in recent week also, and am not sure if that had contributed to my computer problems. I am the only user.

Thanks,
docmontage

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:28 AM

Posted 30 August 2009 - 01:17 PM

Everything you mention...sounds like simple, routine things which occur on systems every day.

It's not unusual for any program to become damaged/corrupted...they are all fair game because they all have files.

FWIW: Simply uninstalling, then reinstalling will normally take care of any corrupt program files. Windows files when damaged present more of a possible problem, but a simple program installed in XP...that's as easy as 1, 2, 3, IMO.

I have MS.NET installed on both my systems...to be honest, I've never heard of Windows Cardspace being connected with MS.NET or any other product. I see now that it's supposed to be affiliated with MS.NET...I guess I automatically decided I don't want it or need it. Dealer's choice as to installing it.

<<Occasionally, I also use CCleaner to tweak my system...>>

That's possibly contributing to your suspicions. What "tweaks" does this program perform for you?

Free space on a partition may change dynamically...dependent on what is running, what is being moved, etc. If you use the XP System Restore function, that changes things quite quickly. If you fail to empty the Recycle Bin, those items are still reflected as occupied partition/drive space. Your pagefile may change size at any moment. There is also the hiberfil.sys file for those who use hibernation...I'm not sure this changes or not, I've never bothered with hibernation as a service worthy of running.

In short, I don't see a problem here.

But, I've been wrong before...and maybe someone else here sees something that I don't.

Louis

Almost forgot...to get an accurate count of free space on a partition, run the chkdsk /r command for that partition. Along with it's other functions, it will provide an accurate reflection of free space on the respective partition/drive.

Start/Run...type chkdsk /r (space between k and /) and hit Enter. Type Y in response to onscreen query and hit Enter. Reboot the system, the command will execute...and then automatically boot into XP.

#3 docmontage

docmontage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 30 August 2009 - 01:30 PM

Yes, I have run chkdsk, sorry I neglected to mention that. I do that about once a month. I use CCleaner just to clean up cookies, etc.

I've never had a laptop that froze during log off, and became totally unresponsive with out their being some problem. That is not normal computer behavior. It is not a simple or routine thing, but indicative of an underlying problem.

The things you mention regarding free space size, yes I am aware things left in an unemptied recycle bin would still show. Because I've had computer problems with other laptops in the past, I never leave it unemptied, nor applications running except the very basics at any time. I do not even store any personal files on my laptop. I keep the bare minimum of necessary system files.

I know files can become damaged or corrupted because they all have files. The point is after this damage to the anti-virus program occurred I began to have significant changes in computer behavior and problems. I had zero problems before this.

I've just run rootkitrevealer and see their is a data mismatch 30 August 2009, 80KBS between Windows API and rawhivedata. It is the HKLM Software Microsoft Cryptography RNG Seed. The other discrepancies noted I was aware of and are minor, that was the only thing of note.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:28 AM

Posted 30 August 2009 - 01:35 PM

I will suggest (internally) moving your thread to the appropriate malware forum.

Louis

#5 docmontage

docmontage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 30 August 2009 - 01:53 PM

I am new user, I apologize for posting on the wrong area of the forum. I was asking about an operating system and the problems I was having. I didn't and don't know that it is malware, but yea ok.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 AM

Posted 30 August 2009 - 03:44 PM

Hello, sometimes it may be malware that causes such issues and it is best to check and remove any first.

Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 docmontage

docmontage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 31 August 2009 - 05:13 PM

No malicious items were found, no prompt was given to restart my computer. The log simply said the number of files I had, memory files and registry files scanned and that they were clean. Otherwise it was empty of information that would normally be shown had there been some malware or whatever. I know from past experience with my last laptop which did have such, and I had to post a log to a forum like this.

When I restarted my computer normally as soon as everything was loaded I immediately received an error stating:

TUROCCSX.exe has encountered a problem and needed to close. I've never heard of this .exe before (which might not be significant). The file affected was in a TEMP folder, which is the area that had generated a number of errors last week. I do have the full name which was something like C:\DOCUME1\User\Locals\Temp\WERb63b.dir00\TUROCCSX.exe.mdmp.

A couple of questions: when I restarted in safe mode, it asked if I wanted to log in as adminstrator or user, and I chose administrator. Did I also need to start in safe mode as User once and run the SUPER application again?

Another is, can a file or .exe such as I mentioned which caused the error actually be causing some of the problems I've experienced. Perhaps it is not a malware or something but actually a problem .exe?

Edited by docmontage, 31 August 2009 - 05:14 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 AM

Posted 01 September 2009 - 09:53 PM

Hello this appears to be an orphaned file.
Let's try removing it thru an normal scan first.
Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


If the TUROCCSX.exe file still exista after the scan and a normal reboot then do this.
Use MBAM's FileAssassin feature.

Open MBAM again.Click the More Tools tab and then the Run Tool button
Now browse to the file(s) we want to remove using the drop down box next to Look in: at the top.
Locate the file(s), click Open.
You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.
If removal did not require a reboot, you will receive a message indicating the file was deleted successfully, however, I recommend you reboot anyway.

Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to disastrous problems with your operating system.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 docmontage

docmontage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 08 September 2009 - 09:35 PM

Thanks, and sorry for the delay in reply. I will do this process next, I was not using my laptop for some time because of work overload elsewhere.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 AM

Posted 08 September 2009 - 09:44 PM

Not a problem.. The real world always comes first.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 docmontage

docmontage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 08 September 2009 - 10:26 PM

Malwarebytes' Anti-Malware 1.40
Database version: 2763
Windows 5.1.2600 Service Pack 3

09.09.2009 05:23:42
mbam-log-2009-09-09 (05-23-42).txt

Scan type: Quick Scan
Objects scanned: 91890
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.



The turoccsx.exe file doesn't show up, so I need to run the fileassasin now?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 AM

Posted 09 September 2009 - 08:57 AM

No no need now. But just to be certain there is nothing left.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 docmontage

docmontage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 09 September 2009 - 02:13 PM

This is next log. After I ran it, I then realized maybe I was suppose to run it while laptop in safe mode. But this was from normal mode.

Malwarebytes' Anti-Malware 1.40
Database version: 2766
Windows 5.1.2600 Service Pack 3

09.09.2009 20:45:56
mbam-log-2009-09-09 (20-45-56).txt

Scan type: Quick Scan
Objects scanned: 93277
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Ironically enough, I've had multiple kernel32.dll errors today which has closed IE repeatedly. Almost as soon as it opens it will close within some minutes. Will run the apllication again in safe mode.

#14 docmontage

docmontage
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 14 September 2009 - 08:20 AM

Thank you very much for your help!

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:28 AM

Posted 14 September 2009 - 12:30 PM

Hi,you're welcome. Are they A "[i]Cannot find...", "Could not run...", "Error loading... type message.

Also as they just upgraded the MBAM engine ,we may as well get another quick scan to be safe.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users