TechSpot

Some problems still exist after following the suggested steps

By Tadrow
Nov 5, 2007
  1. Hello -

    A couple days ago my system started running REALLY badly, popups, slowdown, really bad. I ran Spybot and it got rid of a lot of it, then I found this site and have followed all the suggested steps, and the system is running a lot better. However, I've still got some popups happening, and I assume there is some software inserting ads into my viewed pages as well from time to time.

    Hopefully I'm attaching the logs correctly. Any help would be awesome. To my untrained eye, awvtr.dll and rqrrqrs.dll look really suspicious. However, hijackthis couldn't clean them, and I couldn't delete them even in safe mode. Another note, when I ran combofix, my system bluescreened somewhere during the process. However, when I started back up, it went ahead and created the log file.

    Thanks for any help!

    Edited to say that the Panda Antirootkit software came up with nothing.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :wave: :wave:

    This thread is for the use of Tadrow only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Tadrow

    Tadrow TS Rookie Topic Starter

    Wow, that was a fast reply! Thanks!

    Anyway, before you had replied, I had run combofix again since it had bluescrened on me before. So in logs below:

    combolog2.txt is after I ran combofix again without parameters
    combolog3.txt is after I ran combofix with the file you sent me
    hijackthis.txt is after I ran both of the above.

    It looks like the previous files in question are gone anyway... and no popups so far. If she's all clean, you've done me a HUGE favor. I'm an software engineer and so in addition to the embarrasment of having this happen in the first place, I would have probably never quit in my fight to get these things out of here despite the huge amount of time it would have taken me to figure it out on my own.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    We just need to get rid of a couple of things now.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

    Regards Howard :)

    This thread is for the use of Tadrow only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Tadrow

    Tadrow TS Rookie Topic Starter

    Here's the latest log. Thanks again for all the help!
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s now clean.

    Delete the following folder.

    C:\Qoobox.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Tadrow only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...