also @ TechSpot: Popcorn Time allows you to stream torrent movies for free

# Computer freeze

By jalba
Nov 18, 2008
Topic Status:
Not open for further replies.
1. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

how long do u estimate "scanning for spyware" is supposed to take using xcleaner?
2. ### mflynnNewcomer, in trainingPosts: 2,793

Hard to say based on hd size number of files speed of processor and hd.

but max 20 minutes,

If not responding abort and do in safe mode.

Mike
3. ### Tmagic650TS AmbassadorPosts: 20,345   +123

Mike,
I use Avast free Antivirus on my system and all that I repair... Lately I have removed a few Trojans by turning off System restore, running Avast, renaming and moving the Trojan infections. Then I ran Avast in the Safe Mode, then once more normally to confirm a clean run. I haven't seen a system as "infected" as Jalbas in a long time... I would have pulled the hard drive and installed a clean one. I would install the OS and protection programs, set the infected drive as a slave, and recovered the important files. I would then all 0's format the old drive and reset it as the C drive and install the OS and recovered data
4. ### mflynnNewcomer, in trainingPosts: 2,793

Yeah I know what you mean but some are not prepared to buy another HD and don't know how to slave etc.

But I think we almost have it now!

Mike
5. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

here' the latest logs.
I didn't get any response on the xclean when i tried to do the repair thingy, even in safe mode. So i just clicked no again, and...well....u see my log.

PS: Thought i shud mention that when i ran the system in safe mode, i was not getting the graphic issue problem at all. Thought i shud let u know
6. ### mflynnNewcomer, in trainingPosts: 2,793

Whoa!......... many deletions. Lets do that again as to reduce the number to manually remove!!

Reboot run ComboFix again post log

Then do the below:

Download SD Fix to Desktop among other things Catchme to look for RootKits.

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Mike
7. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

okkk...here's the latest combofix and sdfix...*whew*
8. ### mflynnNewcomer, in trainingPosts: 2,793

COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Code:
File::
c:\windows\system32\SET64.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET71.tmp
c:\windows\PKillProcess.dll
C:\6fnlpetp.exe
c:\windows\system32\vbsdfe1.dll
c:\windows\system32\vbsdfe0.dll
C:\m9ma.exe
c:\windows\bemark2.dat
C:\o1.com
c:\windows\system32\drivers\vidstub.sys
C:\ln9.exe
c:\windows\system32\kav321.dll
c:\windows\system32\kav320.dll
Then drag this script and drop on top of ComboFix.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

When finished, it will create a log. Attach the log back to us.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Mike
9. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

latest combofix post
10. ### mflynnNewcomer, in trainingPosts: 2,793

Jalba

You are getting reinfected.

Remove all USB Flash Drives and external drives.

Are drives e,f, and g actual partitions or external?

Do you know what this is:
Code:
c:\windows\Not so deep Uninstaller
c:\windows\Not so deep.swf
c:\windows\Not so deep.scr
c:\windows\Not so deep.exe
c:\windows\Not so deep.bmp
c:\windows\Not so deep.ico
c:\windows\Not so deep.c3
c:\windows\Not so deep.c1
c:\windows\Not so deep.c4
c:\windows\Not so deep.ini

Open the last CFScript.txt delete all text and paste the below into it.

Code:
FILE::
c:\windows\system32\SET78.tmp
c:\windows\system32\SET66.tmp
C:\ogcikeq.com
C:\2fiji.com
c:\windows\saw_saver.scr
c:\windows\flashax.exe
c:\windows\impborl.dll
C:\tknapl.exe
C:\rdsfk.com
c:\windows\system32\quarantine_screensaver.scr
c:\program files\temp01
Then drag onto ComboFix as before.

Post the log and a new HJT log back.

Get all the above done and logs sent then

It is one of the most thorough Scans I know of and as such could run for hours. But you definitely need it.

Mike
11. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

in reference to the first code Mike, that is for my "not so deep" screensaver i had running for a good while now.

Mike
13. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

the drives i have is c:, d: for my burner and e: and f: for my flash drives.
14. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

oh **** c: is my master drive.
15. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

hi mike after u mentioned closing down all the programs before running combofix again, i closed down my windowblinds program. When i did that, everything was ok!!!! I was like "oh no dont tell me my beautiful program got frigged up"
So i reapplied it, and sure enough, problems kicked back in. But instead of deleting the program, i applied a different skin. Guess what....computer ok!!!!
So the real pain in my *** was the previous skin.
Therefore i deleted the skin, and everything is yipee!!!
i will still run ur anti malware and anti spyware just in case!!!!
But thanks for ur assistance and ur patience!!!!

PS... i have a system home that's a bit on the sluggish side. Would u mind if i send u a hijacklog to possibly see if u see anything out of the ordinary? Thanks in advance
16. ### mflynnNewcomer, in trainingPosts: 2,793

No that is OK! I knew about C: I only wanted to know that the other drives were USB external dirves.

Your Flash drive is likely infected but we need to do 1 thing at a tme so remove the flash drive and do not put it back until we are clean on the HD C: drive then we will disinfect the Flash drive.

So shut down and remove it! boot back up and I will add steps here in a few moments.

OK its ok to send HJT from other computer but make sure it is named so as not to be confused with this one.

Just because the screen is back to normal you still have many problems so don't stop now.

First UPDATE and run.

1. MBAM send log
2. SAS send log
3. MBAM again if log from #1. above had found and removed items
4.SAS again if log from #2. above had found and removed items

Goal is to get Clean logs.

Then reboot rerun ComboFix the SDFix. Get me these logs.

Without the Flash drive we may be able to get you clean.

Mike
17. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

ok. i will handle that tomorrow when i get to work (which is my last day before i go on vacation ).
Anyhu here's my hijack log from home.
18. ### mflynnNewcomer, in trainingPosts: 2,793

HJT Scan only Select and remove the below.

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O20 - Winlogon Notify: artm_newreg - C:\WINDOWS\
O21 - SSODL: SysTray.Exbt - {5368D5FC-6F6C-4f5b-B564-E67214F67552} - (no file)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

Some of the above will not go until the cleaners are run.

Mike
19. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

ok...here's an updated list.
20. ### mflynnNewcomer, in trainingPosts: 2,793

HJT log is clean but it is not the final word!

I would still do the 8 Steps.

Mike
21. ### jalbaTechSpot EnthusiastTopic StarterPosts: 180

here's the latest logs that you requested from the office computer.
Merry early xmas!!!!
22. ### mflynnNewcomer, in trainingPosts: 2,793

We are getting close now!

OK do the below:

COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Code:
File::
C:\2fiji.com
C:\39lpji.com
C:\83fgj.com
C:\invwft2h.com
C:\jdhc2x2.com
C:\jk.exe
C:\ogcikeq.com
C:\ph.com
C:\r2nl.com
C:\rdsfk.com
C:\tknapl.exe
C:\uis.com
Then drag this script and drop on top of ComboFix.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

When finished, it will create a log. Attach the log back to us.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Mike
Topic Status:
Not open for further replies.