Sign in to follow this  
winzlo

combo fix/internet speed monitor huge problem

Recommended Posts

Ok, forum connection seems to be running very slow - pages are loading very slow, but I did get your last logit.txt log and that has everything I was looking for. It isn't showing on the HijackThis log. Follow these steps next

 

1. Make sure your PC is configured to show hidden files

How to Show Hidden Files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Click Start.

 

Open My Computer.

 

Select the Tools menu and click Folder Options.

 

Select the View Tab.

 

Under the Hidden files and folders heading select Show hidden files and folders.

 

Uncheck the Hide protected operating system files (recommended) option.

 

Click Yes to confirm.

 

Click OK.

 

 

2. Restart your computer in SAFE MODE:

 

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

3. Once you are in Safe mode navigate to the following folders and delete them:

 

C:\Documents and Settings\Owner\Application Data\axis wait balm <---delete folder

 

C:\Documents and Settings\All Users\Application Data\FiveBoneBarbLink <--- delete folder

 

You see the folder names are in bold above. The paths are similar one is in Documents and Settings \ Owner

and the other in in Document and Setting \ All users

 

When done, restart your computer in normal mode

 

And lets get a log from this free tool

 

4. Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Share this post


Link to post
Share on other sites

k im on it, i already did the thing so it will show hidden files, now before i go into safe mode, will i be able to access this page from that? otherwise i guess i should write down your instructions before going into safe mode?

Share this post


Link to post
Share on other sites

Yes, copy those instructions to have handy because you won't be able to access this page

 

Your screen will look very different to you in Safe Mode - this is normal.

Share this post


Link to post
Share on other sites

i answered my own dumb question n wrote down what to delete lol

 

went into safe mode, accessed owner/application data and was told access denied this folder is not accessible or sumthin like that

 

under allusers there was no folder for application data... awhile ago i made another user on here for the heck of it n forgot the password lol... aside from administrator and eddie(the one i forgot until recently the password to) there should be no other users im still curious about what you meant by being at work and the three things.... alright jane what should i do now? skip the step in safe mode or.... ill just wait on you :) geeze this sucks not being able to surf the web etc. i prefer watching things in google video than the crap on tv anyday lol

 

thanks again jane.... the only person to help make this x-mas not super sucky haha... but hey its supposed to be about acting in a christ like manner, i dont know what you believe in but if there was a santa you would get a mega computer or sumthin lol.... even if he had to dismantle any fireplace ;)

Share this post


Link to post
Share on other sites

ya i figured i posted a dumb question and played it safe, i replied about what happened when i tried to access the stuff, thanks again

Share this post


Link to post
Share on other sites

From your description, either you didn't log into your normal administrator account or you didn't correctly follow the instruction to show all hidden files because those folder ARE there

 

Let's try this tool please. You can do this in normal mode.

 

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file

Extract avenger.exe to your desktop

 

2. Copy all the text contained in RED below (only) and save to your Clipboard by highlighting it and pressing (Ctrl+C):

 

Folders to delete:

C:\Documents and Settings\Owner\Application Data\axis wait balm

C:\Documents and Settings\All Users\Application Data\FiveBoneBarbLink

 

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

3. Now, start The Avenger program by clicking on its icon on your desktop.

 

Under "Script file to execute" choose "Input Script Manually".

 

Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"

 

Paste the text copied to clipboard into this window by pressing (Ctrl+V).

 

Click Done

 

Now click on the Green Light to begin execution of the script

 

Answer *Yes* twice when prompted.

 

4. The Avenger will automatically do the following:

 

It will Restart your computer.

 

On reboot, it will briefly open a black command window on your desktop, this is normal.

 

After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will

be located at C:\avenger.txt

 

Please copy the contents of the file C:\avenger.txt back here

Share this post


Link to post
Share on other sites
From your description, either you didn't log into your normal administrator account or you didn't correctly follow the instruction to show all hidden files because those folder ARE there

 

Let's try this tool please. You can do this in normal mode.

 

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file

Extract avenger.exe to your desktop

 

2. Copy all the text contained in RED below (only) and save to your Clipboard by highlighting it and pressing (Ctrl+C):

 

Folders to delete:

C:\Documents and Settings\Owner\Application Data\axis wait balm

C:\Documents and Settings\All Users\Application Data\FiveBoneBarbLink

 

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

3. Now, start The Avenger program by clicking on its icon on your desktop.

 

Under "Script file to execute" choose "Input Script Manually".

 

Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"

 

Paste the text copied to clipboard into this window by pressing (Ctrl+V).

 

Click Done

 

Now click on the Green Light to begin execution of the script

 

Answer *Yes* twice when prompted.

 

4. The Avenger will automatically do the following:

 

It will Restart your computer.

 

On reboot, it will briefly open a black command window on your desktop, this is normal.

 

After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will

be located at C:\avenger.txt

 

Please copy the contents of the file C:\avenger.txt back here

 

i successfully put show hidden files(99 percent sure) i will check real quick IM SURE that they are their... but i wasnt able to access the folder "application data" ok im checking now, ya, its been unchecked, and it IS CHECKED to show hidden files and folders... what isnt unchecked is hide extensions for blah blah.... but ill leave it like that since you didnt tell me to do that... but i did successfully do the uncheck of hide blah blah(recommended)

 

now im gonna post this and do what you directed me to do above, thanks again, gotta take a leak n throw sumthin in the microwave really quick i apologize iknow your waiting for me but i havent put anything in my stomach aside from liquid all day... brb i already downloaded the thing too so ill be right back n get right on it, 5 minutes, like 7 tops

Share this post


Link to post
Share on other sites

when i clicked the green light it says right now ok to create log file or abort, hit abort got error code 0 and it closed

 

i followed the directions perfectly ill try again, it mentioned the zip file....that i extracted to my desktop as directed to

 

guess aborting was a good thing? should i give it another shot?

 

to be more informational... there was an error when i hit the green light, let me try again, i know it had to do with the zip file, thinkin i clicked the non extracted one?

Edited by winzlo

Share this post


Link to post
Share on other sites
when i clicked the green light it says right now ok to create log file or abort, hit abort got error code 0 and it closed

 

i followed the directions perfectly ill try again, it mentioned the zip file....that i extracted to my desktop as directed to

 

guess aborting was a good thing? should i give it another shot?

 

to be more informational... there was an error when i hit the green light, let me try again, i know it had to do with the zip file, thinkin i clicked the non extracted one?

 

once again

 

error could not create zip file

Share this post


Link to post
Share on other sites
once again

 

error could not create zip file

 

figured id close the original zip file and use the extracted one and now i clicked save log, for the heck of it and i now have the option step one has been completed reboot now? i never said yes to any commants, guess its for a log after a reboot?

Share this post


Link to post
Share on other sites

You have to extract the files from Avenger.zip to your desktop first.

 

If you are still not able to get to work, it's really only a tool to try to delete these files (which you should be able to do manually IF you have successfully configured windows to show all hidden files AND you are logged in as Adminstrator (your "Owner" account). Here is again and the two folders that need to be deleted

 

Make sure your PC is configured to show hidden files

How to Show Hidden Files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Click Start.

 

Open My Computer.

 

Select the Tools menu and click Folder Options.

 

Select the View Tab.

 

Under the Hidden files and folders heading select Show hidden files and folders.

 

Uncheck the Hide protected operating system files (recommended) option.

 

Click Yes to confirm.

 

Click OK.

.........................................

Delete these folders named listed in bold:

 

C:\Documents and Settings\Owner\Application Data\axis wait balm

 

C:\Documents and Settings\All Users\Application Data\FiveBoneBarbLink

 

Finally, let's reset your system restore at this point to purge the infected backups and create a new restore point before proceeding

 

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr

Wait while Windows scans your system for files to delete.

Make sure these 3 are checkmarked and press *ok* to delete them.

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

Share this post


Link to post
Share on other sites

"Delete these folders named listed in bold:

 

C:\Documents and Settings\Owner\Application Data\axis wait balm

 

C:\Documents and Settings\All Users\Application Data\FiveBoneBarbLink

 

Finally, let's reset your system restore at this point to purge the infected backups and create a new restore point before proceeding"

 

 

done, thanks again, im back 100 percent i havent been staying here in weeks long story im sure u care less about hearing...

 

anyway im tired as hell ill do the system restore thing tomorrow, what does that exactly do by the way? im about to do the disk cleanup thing before i go to sleep, thanks again jane

 

also for some reason my adaware hasnt been picking up on anything really when i know my computer is badly infected, sometimes the program wont work saying server is busy :-/ but i definetly have seen a change by following your kind instructions, hopefully we can get things back to normal within the next few days cause im just gonna avoid the problems that had me staying at my sisters and have patience, thanks again

 

so atleast tell me what the system restore thing is gonna do and what i've accomplished this far with your help and what that has done? thanks later

Share this post


Link to post
Share on other sites
so atleast tell me what the system restore thing is gonna do and what i've accomplished this far with your help and what that has done? thanks later

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

Share this post


Link to post
Share on other sites
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

 

 

thanks, ill get on it as soon as i get the go ahead, im hesitant because i feel i must tell you that somethings wrong(even though im not noticing ANYTHING indicating adware, its normal for my scans to find stuff, however for some strange reason, even when i dont get the scanner busy error with ad-aware, both ad-aware and spybot search and destroy have NOT been finding anything, with the exception of one or two items, such as MRU with a TAC of 0.... should i still do the system restore as you instructed or is there something wrong here? ill do another scan with spybod s&d hopefully i find more than one item and see that my adware programs arent being messed with by some kind of malware?

 

soon as i get the go ahead i'll get right on it, thanks and god bless once again ;)

Share this post


Link to post
Share on other sites

Go ahead and reset the system restore point as requested.

 

If there are any remaining problems you'll need to give some symptoms because as far as I can tell with no new symptoms you haven't reinfected it again.

Share this post


Link to post
Share on other sites
Go ahead and reset the system restore point as requested.

 

If there are any remaining problems you'll need to give some symptoms because as far as I can tell with no new symptoms you haven't reinfected it again.

 

i apologize for not coming to you sooner but i couldnt find the thread, like an idiot i was looking in the wrong forums

 

as far as i can tell, we did get rid of some of the problems, the popup thing that said something about windows cannot find blah blah sumthing system32

 

but my computer is running EXTREMELY slow

 

also my ad-aware and spybot search and destroy have both been like disabled(pretty much the scans find NOTHING, EVER) and even with no programs open i can press ctrl alt del and look and cpu memory usage will be extremely high i'll try to do one thing and it will go to 100%

 

one MAJOR problem is that when i go to task manager and try to shut down a process(more than one are there are any given time) ekrn.exe, it just pops right back up, and when i try to set the priority to very low or whatever access is denied, and that goes for any process in there

 

looking at ad-watch in the "connect tab" in analyzed processes it lists ekrn.exe(with an outgoing tcp of 1480) and svchost.exe i can guarantee both of these are malevolent, in process watch, a tool that comes with ad-aware pro(that i have no clue how to use and cant find any directions :-/ , it shows something under image name s[systep process] then under that there is one that just says system and in that there is smss.exe and in that there is csrss.exe and winlogon.exe(with a high priority level i cannot change), and in winlogon.exe there is services.exe and lsass.exe, inside services.exe is a TON AND A HALF of svchost.exe's and even AAWSERVICE.EXE WITH THE ADAWARE LOGO IS THERE! so is ekrn.exe!

 

when i click the scan button nothing happens, no matter what i click on and have highlighted! theres a terminate button but i used it last night on one of these bad programs an error came up and i had to restart my computer, would it work in safe mode?

 

where do i go to get technical support for all the money my broke but paid for pro? so far the only help i have gotten is from you, THANKFULLY, and i did message them once, right when i got pro, send in a message to the tech team twice, and never recieved a response(if i do is it by email? maybe i didnt see it cause my mailbox is full of junk mail i should probably have gone with a diff email address)

 

as far as that tech support i guess it would be worth another try, but i really only see myself getting ahead through you guys, do you know anyone that can tell me how to use the terminate button on these bad processes???

 

thanks again

Share this post


Link to post
Share on other sites

winzlo,

 

Check the help manual regarding the processes you see in the Process Watch feature of Ad-Aware Pro. What you are describing is legitimate processes (ekrn.exe for instance is your Nod32 antivirus program). The help manual is located in the main screen of Ad-Aware (press the question mark button in the top right of your main screen)

 

post-65-1201520454.gif

 

In the contents of the Help Manual you will find that page under:

 

Using Ad-Aware 2007 > Tools and Plugins > Tools > Process Watch

Share this post


Link to post
Share on other sites
Sign in to follow this