Computer freeze
- Thread starter jalba
- Start date
- Status
Tmagic650
Posts: 17,233 +234
Mike,
I use Avast free Antivirus on my system and all that I repair... Lately I have removed a few Trojans by turning off System restore, running Avast, renaming and moving the Trojan infections. Then I ran Avast in the Safe Mode, then once more normally to confirm a clean run. I haven't seen a system as "infected" as Jalbas in a long time... I would have pulled the hard drive and installed a clean one. I would install the OS and protection programs, set the infected drive as a slave, and recovered the important files. I would then all 0's format the old drive and reset it as the C drive and install the OS and recovered data
I use Avast free Antivirus on my system and all that I repair... Lately I have removed a few Trojans by turning off System restore, running Avast, renaming and moving the Trojan infections. Then I ran Avast in the Safe Mode, then once more normally to confirm a clean run. I haven't seen a system as "infected" as Jalbas in a long time... I would have pulled the hard drive and installed a clean one. I would install the OS and protection programs, set the infected drive as a slave, and recovered the important files. I would then all 0's format the old drive and reset it as the C drive and install the OS and recovered data
here' the latest logs.
I didn't get any response on the xclean when i tried to do the repair thingy, even in safe mode. So i just clicked no again, and...well....u see my log.
PS: Thought i shud mention that when i ran the system in safe mode, i was not getting the graphic issue problem at all. Thought i shud let u know
I didn't get any response on the xclean when i tried to do the repair thingy, even in safe mode. So i just clicked no again, and...well....u see my log.
PS: Thought i shud mention that when i ran the system in safe mode, i was not getting the graphic issue problem at all. Thought i shud let u know
Whoa!......... many deletions. Lets do that again as to reduce the number to manually remove!!
Reboot run ComboFix again post log
Then do the below:
Download SD Fix to Desktop among other things Catchme to look for RootKits.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
On Desktop run SDdFix It will run (install) then close.
Then reboot into Safe Mode
As the computer starts up, tap the F8 key several times.
On the Boot menu Choose Safe Mode.
Click thu all the prompts to get to desktop.
At Desktop
My Computer C: drive. Double-click to open.
Look for a folder called SD Fix. Double-click to enter SD Fix.
Double-click to RunThis.bat. Type Y to begin.
SD Fix does its job.
When prompted hit the enter key to restart the computer
Your computer will reboot.
On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.
Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
Mike
Reboot run ComboFix again post log
Then do the below:
Download SD Fix to Desktop among other things Catchme to look for RootKits.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
On Desktop run SDdFix It will run (install) then close.
Then reboot into Safe Mode
As the computer starts up, tap the F8 key several times.
On the Boot menu Choose Safe Mode.
Click thu all the prompts to get to desktop.
At Desktop
My Computer C: drive. Double-click to open.
Look for a folder called SD Fix. Double-click to enter SD Fix.
Double-click to RunThis.bat. Type Y to begin.
SD Fix does its job.
When prompted hit the enter key to restart the computer
Your computer will reboot.
On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.
Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
Mike
COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Then drag this script and drop on top of ComboFix.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
When finished, it will create a log. Attach the log back to us.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Mike
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Code:
File::
c:\windows\system32\SET64.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET71.tmp
c:\windows\PKillProcess.dll
C:\6fnlpetp.exe
c:\windows\system32\vbsdfe1.dll
c:\windows\system32\vbsdfe0.dll
C:\m9ma.exe
c:\program files\captcha5.dll
c:\windows\bemark2.dat
C:\o1.com
c:\windows\system32\drivers\vidstub.sys
C:\ln9.exe
c:\windows\system32\kav321.dll
c:\windows\system32\kav320.dllThen drag this script and drop on top of ComboFix.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
When finished, it will create a log. Attach the log back to us.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Mike
Jalba
You are getting reinfected.
You must stop any P2P program downloading or the programs from even running.
Remove all USB Flash Drives and external drives.
Are drives e,f, and g actual partitions or external?
Do you know what this is:
Open the last CFScript.txt delete all text and paste the below into it.
Then drag onto ComboFix as before.
Post the log and a new HJT log back.
Get all the above done and logs sent then
Download http://majorgeeks.com/Kaspersky_AVP_Tool_d4515.html
After download boot to Safe Mode and run it.
It is one of the most thorough Scans I know of and as such could run for hours. But you definitely need it.
Mike
You are getting reinfected.
You must stop any P2P program downloading or the programs from even running.
Remove all USB Flash Drives and external drives.
Are drives e,f, and g actual partitions or external?
Do you know what this is:
Code:
c:\windows\Not so deep Uninstaller
c:\windows\Not so deep.swf
c:\windows\Not so deep.scr
c:\windows\Not so deep.exe
c:\windows\Not so deep.bmp
c:\windows\Not so deep.ico
c:\windows\Not so deep.c3
c:\windows\Not so deep.c1
c:\windows\Not so deep.c4
c:\windows\Not so deep.iniOpen the last CFScript.txt delete all text and paste the below into it.
Code:
FILE::
c:\windows\system32\SET78.tmp
c:\windows\system32\SET66.tmp
C:\ogcikeq.com
C:\2fiji.com
c:\windows\saw_saver.scr
c:\windows\flashax.exe
c:\windows\impborl.dll
C:\tknapl.exe
C:\rdsfk.com
c:\windows\system32\quarantine_screensaver.scr
c:\program files\temp01Then drag onto ComboFix as before.
Post the log and a new HJT log back.
Get all the above done and logs sent then
Download http://majorgeeks.com/Kaspersky_AVP_Tool_d4515.html
After download boot to Safe Mode and run it.
It is one of the most thorough Scans I know of and as such could run for hours. But you definitely need it.
Mike
hi mike after u mentioned closing down all the programs before running combofix again, i closed down my windowblinds program. When i did that, everything was ok!!!! I was like "oh no dont tell me my beautiful program got frigged up"
So i reapplied it, and sure enough, problems kicked back in. But instead of deleting the program, i applied a different skin. Guess what....computer ok!!!!
So the real pain in my *** was the previous skin.
Therefore i deleted the skin, and everything is yipee!!!
i will still run ur anti malware and anti spyware just in case!!!!
But thanks for ur assistance and ur patience!!!!
PS... i have a system home that's a bit on the sluggish side. Would u mind if i send u a hijacklog to possibly see if u see anything out of the ordinary? Thanks in advance
So i reapplied it, and sure enough, problems kicked back in. But instead of deleting the program, i applied a different skin. Guess what....computer ok!!!!
So the real pain in my *** was the previous skin.
Therefore i deleted the skin, and everything is yipee!!!
i will still run ur anti malware and anti spyware just in case!!!!
But thanks for ur assistance and ur patience!!!!
PS... i have a system home that's a bit on the sluggish side. Would u mind if i send u a hijacklog to possibly see if u see anything out of the ordinary? Thanks in advance
No that is OK! I knew about C: I only wanted to know that the other drives were USB external dirves.
Your Flash drive is likely infected but we need to do 1 thing at a tme so remove the flash drive and do not put it back until we are clean on the HD C: drive then we will disinfect the Flash drive.
So shut down and remove it! boot back up and I will add steps here in a few moments.
OK its ok to send HJT from other computer but make sure it is named so as not to be confused with this one.
Just because the screen is back to normal you still have many problems so don't stop now.
First UPDATE and run.
1. MBAM send log
2. SAS send log
3. MBAM again if log from #1. above had found and removed items
4.SAS again if log from #2. above had found and removed items
Goal is to get Clean logs.
Then reboot rerun ComboFix the SDFix. Get me these logs.
Without the Flash drive we may be able to get you clean.
Mike
Your Flash drive is likely infected but we need to do 1 thing at a tme so remove the flash drive and do not put it back until we are clean on the HD C: drive then we will disinfect the Flash drive.
So shut down and remove it! boot back up and I will add steps here in a few moments.
OK its ok to send HJT from other computer but make sure it is named so as not to be confused with this one.
Just because the screen is back to normal you still have many problems so don't stop now.
First UPDATE and run.
1. MBAM send log
2. SAS send log
3. MBAM again if log from #1. above had found and removed items
4.SAS again if log from #2. above had found and removed items
Goal is to get Clean logs.
Then reboot rerun ComboFix the SDFix. Get me these logs.
Without the Flash drive we may be able to get you clean.
Mike
HJT Scan only Select and remove the below.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O20 - Winlogon Notify: artm_newreg - C:\WINDOWS\
O21 - SSODL: SysTray.Exbt - {5368D5FC-6F6C-4f5b-B564-E67214F67552} - (no file)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
Some of the above will not go until the cleaners are run.
Mike
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O20 - Winlogon Notify: artm_newreg - C:\WINDOWS\
O21 - SSODL: SysTray.Exbt - {5368D5FC-6F6C-4f5b-B564-E67214F67552} - (no file)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
Some of the above will not go until the cleaners are run.
Mike
We are getting close now!
OK do the below:
COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Then drag this script and drop on top of ComboFix.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
When finished, it will create a log. Attach the log back to us.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Mike
OK do the below:
COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Code:
File::
C:\2fiji.com
C:\39lpji.com
C:\83fgj.com
C:\invwft2h.com
C:\jdhc2x2.com
C:\jk.exe
C:\ogcikeq.com
C:\ph.com
C:\r2nl.com
C:\rdsfk.com
C:\tknapl.exe
C:\uis.comThen drag this script and drop on top of ComboFix.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
When finished, it will create a log. Attach the log back to us.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Mike
- Status
Similar threads
