Build a PC Computer freeze

Status
Not open for further replies.

jalba

Posts: 210   +1
Been getting this problem for the past couple weeks now.

When i power on my computer in the morning, it boots normally till it reaches the desktop, then it freezes. And none of the usual keystrokes are able to break it. I would manually power off then reboot it and hit F8 to start with the previous settings that worked......same thing happened.
Repeated the process, but this time starting in debugging mode, and it's all back to normal.

Anybody could advise me on this situation please? Greatly appreciate it :)
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #5
ok guys don't know what i did (probably didn't pay attention) but it looks like the issue fixed on its own, so thanks for the assistance :)
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #6
Are you running XP? If so, try repairing XP or restore XP to an earlier date
wahhh!! problem started back again with the whole desktop freezing thing!!!! tried starting in debugging mode - that didnt work. tried repairing xp (ran reapir then chkdsk - it didnt ind any errors in the volums, and /p dont work) - that process didnt work either. did spybot - nothing!!! grrr!!!!!

Anybody got any suggestions!?:mad::mad::mad:
 

mflynn

Posts: 2,653   +0
Yep!

Do the TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Skip no steps (do not install another virus scanner if you already have one).

Most importantly update MalwareBytes and SuperAntiSpyware!

Before you scan with SuperAntiSpyWare do the below:

SuperAntispyware extra config

After installed double-click the icon on your desktop to run it.

Update the program definitions.

Click the Preferences button.

Then Scanning Control.

In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

MalwareBytes extra config

After update but before running
Click settings and confirm all are Checked.

I repeat Update these 2 programs.

Run them and attach their logs as they are run.

Mike
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #9
ok got the system to start up properly now, but now a new problem has developed.
The graphics on the system are being distorted eg. when i right click the menu, the menu shows black except when i scroll down the menu. The same occurs also for the drop down menu.
The scrollbar also shows black, with the exception of the lil thingy that moves.
I checked the setting on the "display" tab, but everything there is in order.
It's a bit of a hindrance....any solutions?

i posted the logfile in my next post.
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #10
Logfile of HijackThis v1.99.1
Scan saved at 2:10:01 PM, on 12/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\AutoCAD 2007\acad.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\program files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYTT
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://jasonboos13.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
 

mflynn

Posts: 2,653   +0
OK even with your old outdated HJT!

Run HJT Scan only select and remove the below
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -

Then see if this time you can do Post #7 as advised and from there get the new HJT also!

Attach logs do not post to thread.

Mike
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #12
after performing tasks as per #7 post

Well here are the results from those programs suggested.

Update: System is no longer freezing at startup, but the right click menus and drop down menus are discolouring. Also whenever a page is opened in front of firefox, and that said page is shrunk down, the page's pattern remains on the firefox page like a stamp. :(:mad:

Suggestions?
 

mflynn

Posts: 2,653   +0
Jeeze! No wonder it is running better. No wonder it still has issues remaining!

Run HJT Scan only select and remove the below!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

There were so many found deleted entries and so many of them were really bad you need to UPDATE and run both MBAM and SAS again until they come up clean. Update every time before scanning and post all logs as you go.

These things are in layers and after one run others are now exposed that could not be seen untill the first run exposed them.

New HJT log after the above.

Mike
 

mflynn

Posts: 2,653   +0
Well he can, but even a bad SR point is better than none at all.

If SR is off then turn back on and do a SR point name it "During cleanup at TechSpot".

Then we will create a new one when clean.

As for registry backup I also use ERUNT

ERUNT
Add a redundant Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

ERUNT http://www.larshederer.homepage.t-online.de/erunt/
Yes! Even if you use system restore and other backups Registry and Images.

Mike

EDIT: Was there an indication that SR is off, I must have missed it.
jalba put up with the screen and nuisance things until the Malware is fully cleaned. Cleaning the issues will likely fix it all. Please refrain from running or installing or uninstalling anything till clean.
 

Tmagic650

Posts: 17,233   +234
System restore points are sometimes great for "hiding" Viruses, spyware and other malware. Turn SR off, this deletes all older restore points. Run scans and cleaners. Reboot, turn SR back on... System Restore is rarely used by most. A lot of times, the restore fails anyway
 

mflynn

Posts: 2,653   +0
LOL! You are indeed a wise man!

SR has 3 possible modes.

1. Usually when you need it, no point is available
2. Usually when you need it, it is available but won't restore.
3. Usually when you need it, it is available restores and don't fix the issue.
Anything after that is GREAT!:stickout:

Mike

I find ERUNT much more dependable but it sometimes in a non boot case takes a WinPE CD boot disk to restore.
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #18
Was not able to get rid of the following line:
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

But i need to ask....after all of this malware and spyware checkups, would my graphic problem improve? (see attached):suspiciou
 

mflynn

Posts: 2,653   +0
Struggle thu the graphics problems and get me the logs!

Don't do anything else install run or uninstall.

After seeing the first logs you are lucky to be running at all, and are lucky you could run good enough to even get thu the first swath thu the Malware cleaners.

Mike
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #20
latest updates in repairs

Here's the latest malware and spyware logs, as well as hijackthis log.

I also noticed that whatever this problem is, i think it has somehow affected my autocad.
For example: Whenever i run the layer manager in Autocad, i get a error which tells me that the application does not work with JIT debugger, or something like that.
 

mflynn

Posts: 2,653   +0
Hi jalba

YES the graphics issue will effect the CAD program. But forget that until you are clean it will likely fix itself when you are clean. If not we will then move to that!

Copy all inside the box and paste to an open Command prompt. It will close the Command prompt when finished.
Code:
@echo off
sc stop TDSSserv.sys
sc delete TDSSserv.sys
exit
exit
----------------------------------------------------------------------------------------------------------------------------------
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------

D/L Xclean_Micro http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.

Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.

Open Notepad and paste any pop ups of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.
----------------------------------------------------------------------------------------------------------------------------------

Get and run Malware Removal Tool by Joe Pestro http://majorgeeks.com/Malware_Removal_Tool_d4632.html

This program only takes a few seconds if it does not find anything.
---------------------------------------------------------------------------------------------------------------------------------
Do this: https://www.techspot.com/vb/post684649-3.html

When Fixit.cmd finishes it will reboot to normal, then the below is the meat what we need to run to really get fixed:

Mike
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #22
did as per instructions. here's the latest reports.

btw, when running xlcean, i got a popup (see attached jpeg). I clicked "no". was i right in doing that?
 

mflynn

Posts: 2,653   +0
Hi jalba

As far as the jpeg, run xclean again and repair it!

Run HJT Scan only and select and remove the below.
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Ok we are looking good.

Now before we tackle the Video issue do the below:

ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall

Mike
 

jalba

Posts: 210   +1
  • Thread Starter Thread Starter
  • #24
running xclean. Clicked "yes" to whether i want to repair and i got a popup as per jpeg. Is that bad thing Mike?

As i type this, xlcean is running, and saying "looking for spyware"
 

mflynn

Posts: 2,653   +0
Can't say I have ever saw that error.

When it completes reboot and run again to confirm fixed!

Mike
 
Status
Not open for further replies.