Comp keeps Freezing during "Read this first"

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the avplog.txt file that is will hopefully be created on your Desktop as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post)

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.



Now download and Run exeHelper from Raktor

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now see if MBAM will run. Use this: Using Malwarebytes Anti-Malware

Even if MBAM cannot run, continue on to the below.

Now run this: Using MGtools



Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans

• the avplog.txt log on your Desktop
• exeHelper log
• Malwarebytes Anti-Malware log
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

NOTE:

1. If you have problems downloading on the problem PC, download the tools and the manual updates for Malwarebytes onto another PC and then burn to a CD. Then copy them to the problem PC. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

Some scans still ran and there is a log which you should attach.

Exactly what file name do you think it froze at. These scans can take a long time since some look thru the whole hard disk. If you still hear hard disk activity, it may still be running.

 

Some if not all of your freezing problem may just be due to the fact that you are out of Disk Space on drive C and getting very low on drive D too. You need to cleanup!!!!!! Your logs show the below. The red line is really bad. Windows cannot run like this.

Code:

  
Drive C: 
Description Local Fixed Disk 
Compressed No 
File System NTFS 
Size 20.00 GB (21,476,204,544 bytes) 
[B][COLOR=red]Free Space 292.66 MB (306,872,320 bytes) [/COLOR][/B]
 
Drive D: 
Description Local Fixed Disk 
Compressed No 
File System NTFS 
Size 212.77 GB (228,465,344,512 bytes) 
Free Space 8.35 GB (8,970,293,248 bytes) 

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java(TM) 6 Update 13

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [nlahhntm] C:\Documents and Settings\2\Local Settings\Application Data\dsnpie\wwbssysguard.exe
O4 - HKCU\..\Run: [nlahhntm] C:\Documents and Settings\2\Local Settings\Application Data\dsnpie\wwbssysguard.exe

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now see if you can run Malwarebytes and SUPERAntiSpyware scans per the READ & RUN ME instructions.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\2\Local Settings\temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\avenger.txt
• the logs from Malwarebytes and SUPERAntiSpyware if they ran
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

What log from AVG? I did not ask for one. Your MGtools log is totally unupdated other than one file so I cannot evaluate whether you follow my instructions properly. Try this:

Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\2\Local Settings\temp

Now cleanup any other unnessary junk from drive C.

Also empty your Malwarebytes Quarantine

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Then try running C:\MGtools\GetLogs.bat again. Then attach a new log.

Not according to the log you attached. Do you mean you cleaned up getting the logs? If so, that is the wrong order.

Not in this forum. You will have to ask for help in the Software Forum but you need to get your Windows installation moved to the larger harddisk which is currently drive D so a repartition is not what you need. You need a new install.

 

You already attach that log back in message # 3. I did not ask for nor do I need another.

You may need to free up more or reinstall on a new larger hard disk.

I noticed some additional things to fix in one of your logs. I will be posting another fix shortly.

 

Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

• Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
• Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -v

• Follow the instructions to type in "delete" when it asks you what to do when if finds something.
• When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply.

Now we need to use Avenger again.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Drivers to delete:
H8SRTd.sys

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now please save Win32kDiag file to your desktop.

• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

"%userprofile%\desktop\win32kdiag.exe" -f -r


Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Then attach the below logs:

• the TDSSkiller log
• C:\avenger.txt
• the log from Win32kDiag
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!