I've got winbo32.exe, a.bat, and bsod's. HELP ME PLEASE

[Jandizz]

Hi everyone,
Uhm yeah my comp is pretty messed up. I blew $2k on it last summer and it was not worth it. I got BSOD's from day 1, mostly KERNEL_STACK_INPAGE/DATA_ERRORS and occasionaly A PROCESS OR CRUCIAL THREAD HAS BEEN ELIMINATED. I fixed the Kernel BSOD's with 5 formats of my hd and switch ram around. So if anyone could tell me what causes the Process or Crucial Thread BSOD that would be cool. Also I've had winbo32.exe running in my process manger forever and cant seem to find a root file, need help there too. And last but not least, a.bat in my program files. AVG comes up every time i start my comp and tells me about it. I delete it every time and it pops up again next time i start my comp. I've researched it and from my understanding there are files that remake it? Yeah, i have no idea. I've been reading around these forums and it seems like HiJackThis is a pretty usefull program with getting rid of these things but i have no idea how to use it and dont want to mess up my computer. Help me please and thanks.

 

[raybay]

Search for the locations on this forum where there are lots of stickies on spyware and other infestations. No need repeating it here, then download and the latest version of HiJack This, and some other scans.
You have some work ahead of you to clean it up.
Be sure to scan in Safe Mode, and run immediate repeats.
If it were mine, I would do a complete reformat and reinstall, as it appears you have had a complex set of infestations for a while.

 

[kitty500cat]

Howdy Jandizz and welcome to TechSpot.

Some of your problems are definitely caused by malware.

Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

If you decide to clean your system after reading the above thread, do the following.

Go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

Regards

This thread is for the use of Jandizz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

 

[Jandizz]

Well, I would reformat but it would be the 5th or 6th time in 6 months and im tired of doing that. I'll just go ahead and get rid of the viruses. I'll do it tomorrow because I have to leave for work now. But thank you and I'll have the logs posted tomorrow.

 

[kitty500cat]

That's OK, I'll still be here.

Regards

 

[raybay]

You might want to rethink where you are connecting... that many infestions over so little time ... might be worth changing your email address, or your connection.
I would consider a top flight firewall such as Kerio (paid) or Zone Labs free version. We use one or the other in nearly all of our large customer base... and they help a lot to keep problems to a minimum... along with AVG antispyware, avg antivirus, and avg root kit... which we like better than Symantec or McAfee.
Get something you feel you can trust that is different from what you have been using.

 

[Jandizz]

Hey Kitty Cat, I just did the AVG Rootkit scan and it came up clean. Nothing else has really come up in steps 1-11 either. I'll start with step 12 tomorrow. Good night.

 

[momok]

Do remember to post the 3 requested logs when you are done. (ComboFix, AVG anti-spyware and HijackThis)

Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jandizz]

Logs

There are all of my logs

 

[momok]

Hi,

Have HijackThis fix these entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -

Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jandizz]

Here you go:

 

[momok]

Hi,

Your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jandizz]

I've also got another problem i forgot to mention. My internet browser (Firefox) shows up a "cannot find server" 1 out of about every 10 times i try to go to any given website, whether i type in the URL or just click on a link. Could this perhaps be a virus?

 

[bobby123]

that is probably likely to be a connection problem. Try uninstalling and reinstalling firefox and tell me what happens.

 

[Jandizz]

Wow! it works fine now, i tried like 25 links and websites and they're all fine. Thanks alot. I wonder why i didn't think of that...

 

[raybay]

Usually that is caused by inadequate connection speed to your modem or cable modem, sometimes caused by too many events going on at a time... such as a download, a sports even, and email all at the same time... or other combinations...
We have those intermittently because we have too many connected buildings on our street between the last relay or amplifier and our network.
It can be too many things going on within your computer or network, or between your cable modem and that relay point... there is supposed to be a device that cleans and amplifies the signal every 7500 feet, but that seldom happens. We often see connection speeds that are supposed to be 1.5 Mbps, momentarily drop down to as low as 111 kbps... when there are three computers on theat 111 kbps connection, the speed per machine drops to 21 kbps... not enough some times.
You can put a bandwidth speed tester on, or jot down the times this happens then discuss it with your provider.
Firefox 2.0.0.4 is particularly intolerant of low speeds and will put out the alarm while it is still connected.

 

[Jandizz]

OK, well something happened to my internet now and it took me 3 tries to get onto techspot.com and another 2 to get to this topic. Anybody have any idea on this?

 

[momok]

Hi,

You need to save your username and password to enter techspot. Or are you referring to something else?

Regards,
Your friendly momok =)

 

[Jandizz]

Yeah i was reffering to something else, but today my internet works fine, must just be wideopenwest and their crappy service or something...

 

[momok]

Alright, hope your system works fine for you in the future too.
Should you have any further problems feel free to post in this thread.

Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jandizz]

Hey, me agian, just did a virus scan with AVG and it turns out I had one more .bat virus in my system restore files, i turned on and off system restore to hopefully delete it but I'll do another scan tomorrow to see what happens.
And my internet goes back and fourth between not loading pages unless i refresh three times, and loading them fine, so i have no idea what is happening.

 

[momok]

Hi,

I am not sure as to what could be the problem with your internet connection. Our member Jobeard is very experienced in such matters. I would suggest you PM him to take a look at your issue for assistance.

If you find malware related problems arising once more, post a fresh HijackThis, AVG Antispyware and ComboFix log.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Jandizz]

more and more problems now. i bought and installed kerio firewall. windows firewall didnt like it very much. it totally messed up my internet and it wouldnt work or anything so i uninstalled the kerio. but i when i rebooted it was still there. so i deleted the program file, took the registry entries out, delete the VPN, and it still says kerio firewall is on my computer, but only 1.06 mb of it. and everytime i turn on my computer the internet doesnt work unless i uninstall whats left of kerio, switch my ethernet cable either port 1-2 or 2-1. and then reboot. and then kerio is stillll there. anyone know how to completely get rid of it?

 

[kitty500cat]

The Kerio firewall is much, much better than the Windows firewall.

Here's what I recommend.

Disconnect your computer from the Internet.

Click start->run, and type in firewall.cpl

Press Enter.

Click the Off (not recommended) option. Click the OK button.

Now insert the Kerio CD (or, if you downloaded it, just run the downloaded file). If the installer gives you the option to repair it, do that and follow all the instructions. If not, just try to reinstall it.

Please post here if it works or not.

Regards

 

[Jandizz]

Well, no matter what i do kerio is still somehow messing up my internet, i just really want to completely eliminate every last trace of it from my computer.