Computer freeze

By jalba
Nov 18, 2008
Topic Status:
Not open for further replies.
  1. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    how long do u estimate "scanning for spyware" is supposed to take using xcleaner?
  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hard to say based on hd size number of files speed of processor and hd.

    but max 20 minutes,

    If not responding abort and do in safe mode.

    Mike
  3. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,684   +153

    Mike,
    I use Avast free Antivirus on my system and all that I repair... Lately I have removed a few Trojans by turning off System restore, running Avast, renaming and moving the Trojan infections. Then I ran Avast in the Safe Mode, then once more normally to confirm a clean run. I haven't seen a system as "infected" as Jalbas in a long time... I would have pulled the hard drive and installed a clean one. I would install the OS and protection programs, set the infected drive as a slave, and recovered the important files. I would then all 0's format the old drive and reset it as the C drive and install the OS and recovered data
  4. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Yeah I know what you mean but some are not prepared to buy another HD and don't know how to slave etc.

    But I think we almost have it now!

    Mike
  5. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    here' the latest logs.
    I didn't get any response on the xclean when i tried to do the repair thingy, even in safe mode. So i just clicked no again, and...well....u see my log.


    PS: Thought i shud mention that when i ran the system in safe mode, i was not getting the graphic issue problem at all. Thought i shud let u know :)
  6. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Whoa!......... many deletions. Lets do that again as to reduce the number to manually remove!!

    Reboot run ComboFix again post log

    Then do the below:

    Download SD Fix to Desktop among other things Catchme to look for RootKits.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.

    Mike
  7. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    okkk...here's the latest combofix and sdfix...*whew*
  8. mflynn

    mflynn Newcomer, in training Posts: 2,793

    COMBOFIX-Script
    Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Code:
    File::
    c:\windows\system32\SET64.tmp
    c:\windows\system32\SET72.tmp
    c:\windows\system32\SET7A.tmp
    c:\windows\system32\SET76.tmp
    c:\windows\system32\SET65.tmp
    c:\windows\system32\SET84.tmp
    c:\windows\system32\SET67.tmp
    c:\windows\system32\SET80.tmp
    c:\windows\system32\SET71.tmp
    c:\windows\PKillProcess.dll
    C:\6fnlpetp.exe
    c:\windows\system32\vbsdfe1.dll
    c:\windows\system32\vbsdfe0.dll
    C:\m9ma.exe
    c:\program files\captcha5.dll
    c:\windows\bemark2.dat
    C:\o1.com
    c:\windows\system32\drivers\vidstub.sys
    C:\ln9.exe
    c:\windows\system32\kav321.dll
    c:\windows\system32\kav320.dll
    Then drag this script and drop on top of ComboFix.

    ComboFix will now run a scan on your system.

    It may reboot your system when it finishes. This is normal.

    When finished, it will create a log. Attach the log back to us.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Mike
  9. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    latest combofix post
  10. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Jalba

    You are getting reinfected.

    You must stop any P2P program downloading or the programs from even running.

    Remove all USB Flash Drives and external drives.

    Are drives e,f, and g actual partitions or external?

    Do you know what this is:
    Code:
    c:\windows\Not so deep Uninstaller
    c:\windows\Not so deep.swf
    c:\windows\Not so deep.scr
    c:\windows\Not so deep.exe
    c:\windows\Not so deep.bmp
    c:\windows\Not so deep.ico
    c:\windows\Not so deep.c3
    c:\windows\Not so deep.c1
    c:\windows\Not so deep.c4
    c:\windows\Not so deep.ini
    
    Open the last CFScript.txt delete all text and paste the below into it.

    Code:
    FILE::
    c:\windows\system32\SET78.tmp
    c:\windows\system32\SET66.tmp
    C:\ogcikeq.com
    C:\2fiji.com
    c:\windows\saw_saver.scr
    c:\windows\flashax.exe
    c:\windows\impborl.dll
    C:\tknapl.exe
    C:\rdsfk.com
    c:\windows\system32\quarantine_screensaver.scr
    c:\program files\temp01
    Then drag onto ComboFix as before.

    Post the log and a new HJT log back.

    Get all the above done and logs sent then

    Download http://majorgeeks.com/Kaspersky_AVP_Tool_d4515.html
    After download boot to Safe Mode and run it.

    It is one of the most thorough Scans I know of and as such could run for hours. But you definitely need it.

    Mike
  11. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    in reference to the first code Mike, that is for my "not so deep" screensaver i had running for a good while now.
     
  12. mflynn

    mflynn Newcomer, in training Posts: 2,793

    What about the drives?

    Mike
  13. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    the drives i have is c:, d: for my burner and e: and f: for my flash drives.
  14. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    oh **** c: is my master drive.
  15. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    hi mike after u mentioned closing down all the programs before running combofix again, i closed down my windowblinds program. When i did that, everything was ok!!!! I was like "oh no dont tell me my beautiful program got frigged up"
    So i reapplied it, and sure enough, problems kicked back in. But instead of deleting the program, i applied a different skin. Guess what....computer ok!!!!
    So the real pain in my *** was the previous skin.
    Therefore i deleted the skin, and everything is yipee!!!
    i will still run ur anti malware and anti spyware just in case!!!!
    But thanks for ur assistance and ur patience!!!!

    PS... i have a system home that's a bit on the sluggish side. Would u mind if i send u a hijacklog to possibly see if u see anything out of the ordinary? Thanks in advance :)
  16. mflynn

    mflynn Newcomer, in training Posts: 2,793

    No that is OK! I knew about C: I only wanted to know that the other drives were USB external dirves.

    Your Flash drive is likely infected but we need to do 1 thing at a tme so remove the flash drive and do not put it back until we are clean on the HD C: drive then we will disinfect the Flash drive.

    So shut down and remove it! boot back up and I will add steps here in a few moments.

    OK its ok to send HJT from other computer but make sure it is named so as not to be confused with this one.

    Just because the screen is back to normal you still have many problems so don't stop now.

    First UPDATE and run.

    1. MBAM send log
    2. SAS send log
    3. MBAM again if log from #1. above had found and removed items
    4.SAS again if log from #2. above had found and removed items

    Goal is to get Clean logs.

    Then reboot rerun ComboFix the SDFix. Get me these logs.

    Without the Flash drive we may be able to get you clean.

    Mike
  17. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    ok. i will handle that tomorrow when i get to work (which is my last day before i go on vacation :) ).
    Anyhu here's my hijack log from home.:)
  18. mflynn

    mflynn Newcomer, in training Posts: 2,793

    HJT Scan only Select and remove the below.

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
    O20 - Winlogon Notify: artm_newreg - C:\WINDOWS\
    O21 - SSODL: SysTray.Exbt - {5368D5FC-6F6C-4f5b-B564-E67214F67552} - (no file)
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg

    Some of the above will not go until the cleaners are run.

    Mike
  19. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    ok...here's an updated list.
  20. mflynn

    mflynn Newcomer, in training Posts: 2,793

    HJT log is clean but it is not the final word!

    I would still do the 8 Steps.

    Mike
  21. jalba

    jalba TechSpot Enthusiast Topic Starter Posts: 180

    here's the latest logs that you requested from the office computer.
    Merry early xmas!!!!
  22. mflynn

    mflynn Newcomer, in training Posts: 2,793

    We are getting close now!

    OK do the below:

    COMBOFIX-Script
    Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Code:
    File::
    C:\2fiji.com
    C:\39lpji.com
    C:\83fgj.com
    C:\invwft2h.com
    C:\jdhc2x2.com
    C:\jk.exe
    C:\ogcikeq.com
    C:\ph.com
    C:\r2nl.com
    C:\rdsfk.com
    C:\tknapl.exe
    C:\uis.com
    Then drag this script and drop on top of ComboFix.

    ComboFix will now run a scan on your system.

    It may reboot your system when it finishes. This is normal.

    When finished, it will create a log. Attach the log back to us.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Mike
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.