Some strange problems....

[melitica]

Hi, i was wondering if someone could help me.. my pc has been presenting some problems lately and i dont really know why.

1. I have AVG AntiSpyware and for some reason it wont open! An error box comes up
2. I have Kaspersky Antivirus, the latest version, and it tells me that the update database is damaged.
3. Some of the features of kaspersky wont work.
4. The PC is quite slow
5. My internet connection is useless. I can use it in my laptop but not in my computer. Thats why i cant update kaspersky
6. When the internet connection was working, it was impossible to enter hotmail or msn, or sign in in Windows Live Messenger.
7. Sometimes i turn it on and it gets stuck in the welcome screen.
8. I try to open some softwares and they cant be opened.
9. Cant restore the system to a previous point.
10. When i scan for viruses with kaspersky it takes forever and gets stuck in like 13%

All this started happening the same week, wich is very suspicious. Heres my hijackthis log.. Tnxs 





[recovering disk space -- attachment deleted by admin]

[evilfantasy]

We need all of the logs from here http://www.computerhope.com/forum/index.php/topic,46313.0.html

[melitica]

   I knew i forgot something, sorry about that... Here are the logs   

And the problems continue.. 

[recovering disk space -- attachment deleted by admin]

[CBMatt]

It looks like most of the malicious files have been removed, but let's try doing a bit more cleanup.  You may want to print out my instructions...

First of all, download and run CCleaner.  Set it up according to these instructions...
http://www.computerhope.com/forum/index.php/topic,22078.0.html

Then open up HijackThis and run another scan.  Place a checkmark next to the following entries if you see them...

O1 - Hosts: 208.43.127.182 www.banamex.com.mx
O1 - Hosts: 208.43.127.182 banamex.com
O1 - Hosts: 208.43.127.182 https://www.banamex.com
O1 - Hosts: 208.43.127.182 https://banamex.com
O1 - Hosts: 208.43.127.182 https://banamex.com.mx
O1 - Hosts: 208.43.127.182 http://www.banamex.com/
O1 - Hosts: 208.43.127.182 www.boveda.banamex.com.mx
O1 - Hosts: 208.43.127.182 http://www.boveda.banamex.com.mx
O1 - Hosts: 208.43.127.182 boveda.banamex.com.mx
O1 - Hosts: 208.43.127.182 http://www.boveda.banamex.com.mx/
O1 - Hosts: 208.43.127.182 https://www.bancanetempresarial.banamex.com.mx
O1 - Hosts: 208.43.127.182 www.banamex.com
O1 - Hosts: 208.43.127.182 www.banamex.com
O1 - Hosts: 208.43.127.182 banamex.com
O1 - Hosts: 208.43.127.182 www.banamex.com.mx
O1 - Hosts: 208.43.127.182 banamex.com.mx
O1 - Hosts: 208.43.127.182 www.bancanet.com
O1 - Hosts: 208.43.127.182 bancanet.com
O1 - Hosts: 208.43.127.182 www.bancanetempresarial.banamex.com.mx
O1 - Hosts: 208.43.127.182 bancanetempresarial.banamex.com.mx
O1 - Hosts: 208.43.127.182 bancanetempresarial.banamex.com
O1 - Hosts: 208.43.127.182 www.boveda.banamex.com.mx
O1 - Hosts: 208.43.127.182 boveda.banamex.com.mx
O1 - Hosts: 208.43.127.182 boveda.banamex.com
O1 - Hosts: 208.43.127.182 http://www.boveda.banamex.com
O1 - Hosts: 208.43.127.182 http://banamex.com
O1 - Hosts: 208.43.127.182 banamex.com
O1 - Hosts: 208.43.127.182 banamex
O1 - Hosts: 208.43.127.182 bancanet
O1 - Hosts: 208.43.127.182 www.hotmail.com
O1 - Hosts: 208.43.127.182 login.live.com
O1 - Hosts: 208.43.127.182 by135w.bay135.mail.live.com
O1 - Hosts: 208.43.127.182 login.live.com
O1 - Hosts: 208.43.127.182 hotmail.msn.com
O1 - Hosts: 208.43.127.182 hotmail.com

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1 .0.1.0.cab

Close all windows (including this one) except for HijackThis and click on Fix Checked.  That should get rid of the above entries.  Then I want you to enable hidden files and folders, go into C:\WINDOWS\system32, and look for the ckvo.exe file.  If it exists, delete it.  If it won't delete, you may have to do it in Safe Mode.



Once you are done with that, download Combofix by sUBs from one of the below links.

• Link #1
  
• Link #2

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  
  • Click this link to see a list of security programs that should be disabled and how to disable them.
    
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  
• Double click combofix.exe & follow the prompts.
• Choose Yes to accept the Disclaimers.
• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix.
(courtesy of evilfantasy)





In your next post, I want the ComboFix log and a new HijackThis log.  And be sure to let us know how your computer is doing.

[melitica]

All right.. The problems in my computer continue.. 

1. AVG still wont open.
2. Cant fix the update database of kaspersky because well, the internet connection wont work.
3. I realized that the features not working are a result of the damaged database.
4. Its a bit more fast, but still.
5. Its still useless  . I connect through my cellphone line, and the problem has nothing to do with the cellphone or the ISP because i can use it on my laptop.
6.
7. It stopped happening! 
8. Still happens.
9. Havent tried it

Also, i cant see hidden files, this is a problem ive had in a long time, i go to Options/View, i click on show hidden files, then click apply, then accept but the hidden files wont show up. I go back to Options/View and the option is disabled. For that i cant eliminate the file you told me 

Here are the logs... tnxs 



[recovering disk space -- attachment deleted by admin]

[CBMatt]

Okay, a few things...

1.  What is the exact error message that you get when trying to open AVG?

2.  Have you tried reinstalling AVG and Kaspersky?  And does System Restore work yet?

3.  Open up Add/Remove Programs and uninstall anything related to FunWebProducts or MyWebSearch.  Do you still have SpyAnwhere installed?  If so, uninstall that as well.  Info here: http://www.spywaredb.com/remove-spyanywhere

4.  Do you have a flashdrive?  If so, do not plug it into your infected computer, as it may become infected as well because this is how one of your infections spreads itself.  If you have plugged it into the infected computer already, I suggest running Flash Disinfector.

5.  Can you get into Safe Mode?  If so, see if you can enable hidden files that way.  Better yet, enter Safe Mode With Networking and see if it will allow you to connect to the internet.

6.  If you still can't enable hidden files, use Pocket KillBox to delete C:\WINDOWS\system32\ckvo.exe.  Just copy and paste the entire path.

7.  You have a file I don't recognize... C:\e.com ...do you know what this file is?  If not, do NOT open it.  Instead, go to VirusTotal and upload it and post the results here.

8.  I found one of our culprits and it may be the reason why you can't enable hidden files and folders...
C:\WINDOWS\system32\amvo.exe
Use Pocket KillBox to delete this file.

9.  Go to Start > Run and type msconfig and hit OK.  Click on the Startup tab and look for any instances of amvo.exe.  If it exists, UNCHECK it, click OK, and restart your computer.

10.  We're going to try tweaking your registry just a tiny bit.  I would suggest backing up your registry first.  ERUNT is a great program for this.  Download the program and transfer it to your infected computer with a CD-R.  Now, open Notepad and copy everything from inside the below quote box...

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"SearchSystemDirs"=dword:00000001
"SearchHidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"SuperHidden"=dword:00000001
"ShowSuperHidden"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
"DefaultValue"=dword:00000001

Paste that into the Notepad file and then go to File > Save As.  Next to Save as type, select All Files and save this as hidden.reg to your desktop.  Double click on the file and let it merge itself into your registry.  If it works, it will hopefully help with your hidden files problem.



Once you have done everything, follow my instructions for ComboFix and post a new log along with a new HJT log.

[melitica]

Thanks..

Some things i want to point out... I am constantly getting an error message that says insufficient system resources or something like that when attempting to open things, quite frustrating!  ..  Also, its now getting stuck in the welcome screen again.. BOOO! Took me like an hour to turn it on because i had to keep restarting it.. wasnt entering after the username password thing


2. Kaspersky: Uninstalled it and installed it again. For some reason the problems came back even though i reinstalled it. At startup this features bring up error messages: "Internet Antivirus" "Mail Antivirus" Internet Antivirus Analyze HTTP Traffic or something" "File Antivirus" and "Analyze Startup Elements". The update database is corrupted, wich is weared because i havent even updated it.....
AVG: I uninstalled it, when i was trying to install it again it told me that my computer hadnt been restarted wich was false, so i ignored it... Now when i try to open it, it just wont open...no explanation 

3. Couldnt find anything related to those, and ive never had SpyAnywhere installed.

4. Already disinfected my flash drive

5. I was able to see hidden files in safe mode, but somehow my cellphone is not being detected in any way in safe mode. It can be detected in normal mode. For that i cannot test my internet connection

6. Pocket Killbox couldnt find that file and neither could i.

7. I couldnt find it to upload it but deleted it with PocketKillBox

8. Pocket Kill Box couldnt find it

9. No traces of amvo.exe found

10. All right, followed your instructions, Erunt brought up some error messages when backing up my registry. Now i can see hidden files, but i cant hide them .. 

Here are the logs and thank you very much



[recovering disk space -- attachment deleted by admin]

[melitica]

Hi! please let me know if you cant help me..that way i'll just format it.. 

[evilfantasy]

Sorry for the delay melitica

Go to Programas e instalaciones > ComboFix.exe and delete the ComboFix.exe

Since it's been a few days please run a fresh HijackThis scan and post the new log.

Also describe any problems that are still there.

[CBMatt]

Sorry, the forums get a little busy sometimes and I must have accidentally overlooked your latest post.  My deepest apologies.  Please follow evilfantasy's suggestion.


And although I always try to avoid reformatting, make sure you have the means to backup your data and reformat, just in case it has to come down to that.

[melitica]

Its allright! Dont worry...

The problems are basically the same...
-The system rans out of resources all the time, or at least thats what it says when i try to open things..
-Kaspersky is damaged, even though i reinstalled it

Kaspersky: Uninstalled it and installed it again. For some reason the problems came back even though i reinstalled it. At startup this features bring up error messages: "Internet Antivirus" "Mail Antivirus" Internet Antivirus Analyze HTTP Traffic or something" "File Antivirus" and "Analyze Startup Elements". The update database is corrupted, wich is weared because i havent even updated it.....

..

-My internet connection is useless, wich is probably the biggest problem right now.
-Windows gets stuck in the login screen or welcome screen like all the time, its very hard to enter
-AVG wont open... 



Reformatting is probably the quickest solution but not the cheapest... i dont want to do it myself, so if i have to do it im gonna have to pay for it

My guess is the viruses have been cleaned but they already caused a lot of damage... 

Heres the hijackthis log.. tnxs

[recovering disk space -- attachment deleted by admin]

[CBMatt]

Well, it doesn't really look any different compared to your previous log.  I'm not seeing anything that looks malicious.  You may be right that the infections did some damage that we haven't been able to fix.  But infections I found weren't all that bad, so I'm reluctant to say that's the case here.  It's possible that it isn't an infection causing this problem.

I have known StyleXP to cause various strange problems with computers, so I wouldn't be surprised if it's causing problems for you as well.  Before resorting to a reformat, I would try uninstalling StyleXP and Stardock to see if that improves your situation at all.



If you do end up having to reformat, there's no need to pay someone to do it for you.  We have many members here on the forum who could easily guide you through the process.  But we'll worry about this if/when the time comes.