IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> various computer problems - cpu,errors,slow,no connectivity, .
CompQuestions
post 13.09.2010 08:56
Post #1


Newbie
*

Group: Members
Posts: 7
Joined: 13.09.2010




Hi, I am having numerous issues with my computer. It started when I when I clicked by mistake on an ad that took me to a website, my computer screen blinked a few times, the desktop changed, the taskbar at the bottom changed and some icons by the windows clock dissapeared.
Then I started noticing other issues: I tried to watch a movie and all of a sudden there was no sound. I tried to listen to a song in iTunes and had an error that there is a problem with my computer's audio/video settings configuration and the playback may not work properly. when I go to settings/admin tools/services and try to start windows audio - I get the error "Could not start the windows audio service on local computer. Error 1067: The process terminated unexpectedly". Plug and play is started and seems to work. I get the same error for a few other services, eg, restore backup.

I tried to do a restore backup, but I consistently get an error that restore backup is not able to protect my computer and I must restart. Restarting the computer does not help, nor does trying to go back to the last good configuration..

the start/task bar changed from the XP mode to the windows classic mode with a larger font, items from taskbar dissapeared.

I have AVG as my anti virus and when I ran it was clean (only a few cookies that it removed). Malwarebytes and Spybot are installed but neither woudl work. Anti malware does not open for some reason - both re installed but neither would open. FInally I changed name of mbam.exe and was able to run it. clean report so far.

chkdsk.exe (in read only mode) came back clean the first time. the only thing it said "Warning! F parameter not specified" at the very top. the second time it had a message that certain parts of file 25 have been deleted.

Another major issue: I used wireless to connect to the internet and now the software I was using is disabled and now the program would not connect to the internet at all. I am using another computer to post this as I am not able to access the internet from the infected computer. the computer would not connect to the internet via lan either. when I to network connections nothing shows up - i.e., zero connections.
I uninstalled the sprint wireless program and downloaded it again, but I cannot install it.

I ran rkill.exe and it did not find anything. I installed and ran Rubotted.exe - did not find anything. Rubotted would ask to restart the computer each time. I uninstalled it. Also, my computer would say that it found new hardware - once it was called "NET". it asked for a disk, which I don't have. In device manager, there is an "Unknown device" under network adapters. I am not sure what it is so I disabled it. I still have "1394 Net Adapter 2", Intel network adapter and Intel wireless adapter listed.

I am running the Kaspersky Virus removal tool. Attached is a report I ran today. Kaspersky Virus removal tool found a few infected objects that it removed. I don't that fixed the problem.

the worse thing is that my computer is significantly slower all of sudden, it takes a long time to boot up, trying to open programs or windows takes minutes. It is a fairly new computer, so it's not an "age" thing.
the computer is not overheating, but I am running several scans on it now and it sounds as if it's running in a higher gear.

any suggestions as to what the problem may be and how to fix it would be greatly appreciated! I have lots of data on my computer and would not want to have to reinstall the OS.

Thank you in advance.
Go to the top of the page
 
+Quote Post
CompQuestions
post 13.09.2010 09:06
Post #2


Newbie
*

Group: Members
Posts: 7
Joined: 13.09.2010




edit: merged, and del duplicate content.

This post has been edited by richbuff: 13.09.2010 09:20
Attached File(s)
Attached File  avptool_sysinfo.zip ( 108.57K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 13.09.2010 09:17
Post #3


Oldtimer
****************

Group: Moderators
Posts: 48544
Joined: 14.06.2007




Merged. Please use the Add Reply button, instead of the New topic button, to add content to your topic.

Please also post your GSI report link, instructions are located in the first Important read me topic.

Run this script, instructions: http://support.kaspersky.com/avptool2010/main?qid=208280894 PC will reboot:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\Wlajea.exe','');
QuarantineFile('C:\DOCUME~1\TOSHIB~1\LOCALS~1\Temp\Wsc.exe','');
DeleteFile('C:\DOCUME~1\TOSHIB~1\LOCALS~1\Temp\Wsc.exe');
DeleteFile('C:\WINDOWS\Wlajea.exe');
DeleteFile('C:\windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job');
DeleteFile('C:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job');
RegKeyParamDel('HKEY_USERS','S-1-5-21-1786131217-355349521-3786122682-1005\Software\Microsoft\Windows\CurrentVersion\Run','XBV6RD5SZF');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, attach a Combofix log, please review these instructions carefully before downloading Combofix, and follow these instructions carefully after downloading Combofix.

Before downloading and Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the
option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the Combofix file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't
forget to resume the Kaspersky that you paused.

Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------
The instructions posted here are for the original poster Only. If you have same or other issue, please see the first Important read me topic, and then open a New Topic for yourself.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
CompQuestions
post 15.09.2010 07:41
Post #4


Newbie
*

Group: Members
Posts: 7
Joined: 13.09.2010




Hi! thank you for your response and advice.
I followed the instructions, ran Kasperky virus removal tool, which found several viruses and desinfected them, or deleted the files. However, it found some password protection files which I cannot remove.

I ran the script you sent, afterwards the computer seemed more normal, the functions were back. I did not try to connect to the internet since I need to install the sprint software.
I am running combofix.exe now, but it says that I do not have the "Microsoft Windows recovery console" and that I need an internet connection, which at the moment I do not have. I will try to install the software and try to connect, then run combofix again. why would I not have the recovery console?

I saved a new avp report, which I am attaching here. I tried to run a system report as indicated but the report would "run" for hours and not generate a report. Could you please see if there are still problem files?
I will try to run combofix meanwhile.

Thank you for your help!
Attached File(s)
Attached File  avptool_sysinfo.zip ( 107.62K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
CompQuestions
post 15.09.2010 07:59
Post #5


Newbie
*

Group: Members
Posts: 7
Joined: 13.09.2010




I was able to run combofix.

Please find attached the log report. Please let me know of next steps.

Thank you again!
Attached File(s)
Attached File  combofix_log_9_14_2010.txt ( 35.1K ) Number of downloads: 2
 
Go to the top of the page
 
+Quote Post
richbuff
post 15.09.2010 10:18
Post #6


Oldtimer
****************

Group: Moderators
Posts: 48544
Joined: 14.06.2007




You're welcome. Please also post your GSI report link, instructions are located in the first Important read me topic.

Run this script, instructions same as the last one:
CODE
begin
CreateQurantineArchive('c:\quarantine.zip');
end.

A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://www.mediafire.com/
Then, Private Message me the Download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: Start > run >
type combofix /uninstall > ok. Or Start > run > type 123Combo123 /uninstall > ok.

Also, if you use Windows System restore, turn it off > reboot. This to remove malware from system volume information files. Then turn system restore back on, if you wish. How to turn it off/on: http://support.kaspersky.com/faq/?qid=208279208

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
CompQuestions
post 16.09.2010 06:52
Post #7


Newbie
*

Group: Members
Posts: 7
Joined: 13.09.2010




finally was able to download the internet site and run the GSI tool.

here is my GSI report link:
http://www.getsysteminfo.com/read.php?file...afa6af448ab27da
I sent the quarantine.zip link in a private message.

Thanks!
Go to the top of the page
 
+Quote Post
CompQuestions
post 16.09.2010 08:36
Post #8


Newbie
*

Group: Members
Posts: 7
Joined: 13.09.2010




hi, attached is the mbam log, it found 2 "trojan.fakeAlert". what exactly are those?

thanks again!
Attached File(s)
Attached File  mbam_log_2010_09_16__00_34_54_.txt ( 1.01K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 16.09.2010 08:51
Post #9


Oldtimer
****************

Group: Moderators
Posts: 48544
Joined: 14.06.2007




Those are two harmless registry leftovers. Fix what Malwarebytes detects (Remove selected) and you are all good.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
CompQuestions
post 16.09.2010 08:57
Post #10


Newbie
*

Group: Members
Posts: 7
Joined: 13.09.2010




smile.gif Thank you!
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 28.07.2014 16:21