[Unresolved] Please help me get my computer back to normal

Status
Not open for further replies.

notevenkodak

Posts: 15   +0
I recently removed a virus that was on my computer and slot of spyware that came with it. I first used trendmicelro to take off the viruses then I downloaded the free lavasoft ad-aware software to get the rest of the spyware off of my computer. I kinda have norton but it expired a couple weeks ago and it can scan but its been no help. Even after this my CPU is still running extremly slow and takes forever to do certain actions I cannot even run scqndisk because it says setting about needing certain acesess to something and needs to restart but when I restart it of never does, does anyone know a solution and is there any other information I need to provide? Thank you
-brendan
 
Hi notevenkodak and welcome to techspot. =)

I suggest you do the following before doing anything else

Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
Do follow all the instructions exactly.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.
Do not copy and paste your logs if not they will be removed.

Our experts here will tend to your queries thereafter.

Also, please provide the results of the Antirootkit scan


Regards,
momok =)

This thread is for the use of notevenkodak only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
ok how do I expect me to do all of that when it takes 10 minutes to even get IE open if I could do all of that I wouldn't have a I really need some assistance on even getting that far

Im on my iPod touch now which is the only reason I can reply so quickly

update: suddenly everything sped up but i'm still trying to follow the steps above

Ok i may have made a mistake but wtf? my norton is GONE, how can i get it back? i PAID for it and i dont haev the Cd box etc? i'm getting ready to post the hijack logs etc in a few but i need Norton back pronto, please anyone help?

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
 
Hi,

You may wish to copy and paste these instructions on notepad for easier reference later.

  1. Boot into safe mode under your normal user name. See how HERE
  2. Next turn on "Show all files and folders, including hidden and system". See how HERE

  3. Go to start > run and type msconfig. Press the enter key.
    Search for the following entries. Uncheck them to stop them from starting up. Click Ok but do not restart your system yet.

    HTV Agent
    HTV Agent
    < with 2 spaces between "HTV" and "Agent"
    HuOcWlkFEL

  4. Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Viewpoint Manager Service

  5. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    F3 - REG:win.ini: load=C:\WINDOWS\system32\awtsp.exe
    O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.5\BitComet_Toolbar.dll (file missing)
    O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe
    O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV .exe
    O4 - HKLM\..\Policies\Explorer\Run: [HuOcWlkFEL] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer

    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
    O9 - Extra button: Support - {31BB5CDF-C28C-4D58-8E8A-64922B282955} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: Help - {8357B852-EED0-44F4-99FC-DF31033BF265} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O9 - Extra button: ComcastHSI - {8DF456E0-46BD-481D-9955-FED9282753FD} - http://www.comcast.net (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Close HJT.

  6. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    File::
    C:\Program Files\AIM\aim .exe
    C:\WINDOWS\system32\ndaTqsVqrX.dll
    C:\WINDOWS\system32\awtsp.exe
    C:\WINDOWS\system32\yayvtsr.dll
    C:\WINDOWS\system32\ljjkjij.dll.vir
    C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
    C:\Documents and Settings\Anthony Gibbons\Application Data\internaldb41.dat
    C:\Documents and Settings\Anthony Gibbons\Application Data\internaldb6500.dat
    C:\Documents and Settings\Anthony Gibbons\Application Data\internaldb1942.dat
    C:\Documents and Settings\Anthony Gibbons\Application Data\internaldb4827.dat
    C:\Documents and Settings\Anthony Gibbons\Application Data\internaldb8467.dat
    C:\Documents and Settings\Anthony Gibbons\Application Data\internaldb6334.dat
    C:\Documents and Settings\Anthony Gibbons\Application Data\internaldb5436.dat
    Folder::
    C:\WINDOWS\ppqvmpqr
    C:\Program Files\HTV
    C:\Program Files\Viewpoint
    Registry::
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  7. Save this as CFScript on the desktop.
  8. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    CFScript.gif

  9. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of notevenkodak only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
I checked repeatedly for the htv agent entry so I unchecked the htv checkmark I also did not find the third one
dude I am so scared I keep rebooting my pc and its saying object name not found and it restarts I cannot log into my computer I have done everything you told me to do
 
- Have you run the ComboFix according to my instructions?
- Are you able to log in to administrator or safe mode?
 
momok said:
- Have you run the ComboFix according to my instructions?
- Are you able to log in to administrator or safe mode?

Ho momok I restored the setting to a lter date by pressing f8 and clicking that option I ran a search and found it in qoobox\quarintine and documents and settings but when I click on it it comes up in notepad as jibberish trying to follow ur instructions again but somehow it either does the thing where it says no I object name found or the misconfig does not show up.I really appreciate the help
- notevenkodak
 
Hi,

Please post the C:\Combofix.txt file as an attachment, as well as HijackThis and AVG Antispyware if possible.
 
hi momok here they are
and here are an update on symptoms:
Stil xtremely slow
everytime i turn it on lsass.exe -sstem error shows up and i cannot log on, i then press f8 on startup and go to last known configuration, but if i restart my comp it oes the same thing all over again
i cannot go to misconfig it says it can't find it
i cannot defrag my comp because it says i ned to do a scandisk but it wont even let me do a scandisk
thanks momok
 
Hi,

1. Download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt (from my attachment) and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and ComboFix log.


Regards,
momok =)

This thread is for the use of notevenkodak only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
momok my computer is getting slower and slower the only way that I can really post is from my itouch or another computer' it must be a virus and the other programs are not catching it do u have any thing that I can use to temporarily speed it up?
 
I'm afraid there is nothing much I can really do if it is due to the infection. Can you try running the avenger instructions again from safe mode? Use the avengerscript.txt from my attachment below.
 
Thread closed due to lack of response. Should the original starter require it to be reopened, please PM a mod.
 
Status
Not open for further replies.
Back