Computer freeze

Hi jalba

YES the graphics issue will effect the CAD program. But forget that until you are clean it will likely fix itself when you are clean. If not we will then move to that!

Copy all inside the box and paste to an open Command prompt. It will close the Command prompt when finished.

Code:

@echo off
sc stop TDSSserv.sys
sc delete TDSSserv.sys
exit
exit

----------------------------------------------------------------------------------------------------------------------------------
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Open Notepad and paste any pop ups of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.
----------------------------------------------------------------------------------------------------------------------------------

Get and run Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html

This program only takes a few seconds if it does not find anything.
---------------------------------------------------------------------------------------------------------------------------------
Do this: http://www.techspot.com/vb/post684649-3.html

When Fixit.cmd finishes it will reboot to normal, then the below is the meat what we need to run to really get fixed:

Mike

did as per instructions. here's the latest reports.

btw, when running xlcean, i got a popup (see attached jpeg). I clicked "no". was i right in doing that?

Hi jalba

As far as the jpeg, run xclean again and repair it!

Run HJT Scan only and select and remove the below.
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Ok we are looking good.

Now before we tackle the Video issue do the below:

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike

running xclean. Clicked "yes" to whether i want to repair and i got a popup as per jpeg. Is that bad thing Mike?

As i type this, xlcean is running, and saying "looking for spyware"

Can't say I have ever saw that error.

When it completes reboot and run again to confirm fixed!

Mike

how long do u estimate "scanning for spyware" is supposed to take using xcleaner?

Hard to say based on hd size number of files speed of processor and hd.

but max 20 minutes,

If not responding abort and do in safe mode.

Mike

Mike,
I use Avast free Antivirus on my system and all that I repair... Lately I have removed a few Trojans by turning off System restore, running Avast, renaming and moving the Trojan infections. Then I ran Avast in the Safe Mode, then once more normally to confirm a clean run. I haven't seen a system as "infected" as Jalbas in a long time... I would have pulled the hard drive and installed a clean one. I would install the OS and protection programs, set the infected drive as a slave, and recovered the important files. I would then all 0's format the old drive and reset it as the C drive and install the OS and recovered data

Yeah I know what you mean but some are not prepared to buy another HD and don't know how to slave etc.

But I think we almost have it now!

Mike

here' the latest logs.
I didn't get any response on the xclean when i tried to do the repair thingy, even in safe mode. So i just clicked no again, and...well....u see my log.


PS: Thought i shud mention that when i ran the system in safe mode, i was not getting the graphic issue problem at all. Thought i shud let u know

Whoa!......... many deletions. Lets do that again as to reduce the number to manually remove!!

Reboot run ComboFix again post log

Then do the below:

Download SD Fix to Desktop among other things Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Mike

okkk...here's the latest combofix and sdfix...*whew*

COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File::
c:\windows\system32\SET64.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET71.tmp
c:\windows\PKillProcess.dll
C:\6fnlpetp.exe
c:\windows\system32\vbsdfe1.dll
c:\windows\system32\vbsdfe0.dll
C:\m9ma.exe
c:\program files\captcha5.dll
c:\windows\bemark2.dat
C:\o1.com
c:\windows\system32\drivers\vidstub.sys
C:\ln9.exe
c:\windows\system32\kav321.dll
c:\windows\system32\kav320.dll

Then drag this script and drop on top of ComboFix.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

When finished, it will create a log. Attach the log back to us.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Mike

latest combofix post

Jalba

You are getting reinfected.

You must stop any P2P program downloading or the programs from even running.

Remove all USB Flash Drives and external drives.

Are drives e,f, and g actual partitions or external?

Do you know what this is:

Code:

c:\windows\Not so deep Uninstaller
c:\windows\Not so deep.swf
c:\windows\Not so deep.scr
c:\windows\Not so deep.exe
c:\windows\Not so deep.bmp
c:\windows\Not so deep.ico
c:\windows\Not so deep.c3
c:\windows\Not so deep.c1
c:\windows\Not so deep.c4
c:\windows\Not so deep.ini

Open the last CFScript.txt delete all text and paste the below into it.

Code:

FILE::
c:\windows\system32\SET78.tmp
c:\windows\system32\SET66.tmp
C:\ogcikeq.com
C:\2fiji.com
c:\windows\saw_saver.scr
c:\windows\flashax.exe
c:\windows\impborl.dll
C:\tknapl.exe
C:\rdsfk.com
c:\windows\system32\quarantine_screensaver.scr
c:\program files\temp01

Then drag onto ComboFix as before.

Post the log and a new HJT log back.

Get all the above done and logs sent then

Download http://majorgeeks.com/Kaspersky_AVP_Tool_d4515.html
After download boot to Safe Mode and run it.

It is one of the most thorough Scans I know of and as such could run for hours. But you definitely need it.

Mike

in reference to the first code Mike, that is for my "not so deep" screensaver i had running for a good while now.

What about the drives?

Mike

the drives i have is c:, d: for my burner and e: and f: for my flash drives.

oh **** c: is my master drive.

hi mike after u mentioned closing down all the programs before running combofix again, i closed down my windowblinds program. When i did that, everything was ok!!!! I was like "oh no dont tell me my beautiful program got frigged up"
So i reapplied it, and sure enough, problems kicked back in. But instead of deleting the program, i applied a different skin. Guess what....computer ok!!!!
So the real pain in my *** was the previous skin.
Therefore i deleted the skin, and everything is yipee!!!
i will still run ur anti malware and anti spyware just in case!!!!
But thanks for ur assistance and ur patience!!!!

PS... i have a system home that's a bit on the sluggish side. Would u mind if i send u a hijacklog to possibly see if u see anything out of the ordinary? Thanks in advance