Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Programs wont open: Explorer, Threatfire.. Cant download new anti-spywr in Safe Mode.

This is a discussion on Programs wont open: Explorer, Threatfire.. Cant download new anti-spywr in Safe Mode. within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hello Thanks in advance for your help (hope you can assist)… SYSTEM INFO: XP sp3, DELL Dimension 3100 - about


 
 
Thread Tools Search this Thread
Old 01-09-2009, 07:06 PM   #1
Guest
 
Join Date: Jan 2009
Posts: 3
OS:



Hello Thanks in advance for your help (hope you can assist)…

SYSTEM INFO: XP sp3, DELL Dimension 3100 - about 2.5 yrs old, with Explorer
(notes: I don’t understand highly technical terms, so please use baby speak with me)

PROBLEM: SPYWARE or MALWARE etc taken over computer - assumed.
(notes: AVG and THREATFIRE plus Windows Firewall installed when problem occurred)

GENERAL BACKGROUND: The computer has been going slow for about 6 months. I installed full version of MCAFFE about 4 months ago and it seemed to get worse. . But about a month ago computer was getting prohibitively slow forcing me to wait ages for pages to open and constantly restart : constantly giving “Program Not Responding” messages and Explorer closing. Assuming I it was either MacAfee just slowing me down (read it takes up too many resources), I uninstalled MacAfee and same time installed various free security software in it’s place…. can’t remember all - I copied a list of recommended off Answers.com sort of blog from someone who seemed to know what they were talking about.

.
LAST MONTH INSTALLED: AVG antivirus only, Threat Fire, a-Squared…., aSquared Dialler + Windows Firewall
all free versions (this is minimum list, there was at least 1 more popular anti-spyware I tried to install, but you had to buy something from their advertisers and they give you the code, but it never came through - can’t remember all):

1ST MAJOR PROBLEM: The next day I could not log into my bank account or AOL using correct usernames and passwords. Assuming I had a virus/spyware. I started uninstalling safety programs. I left AVG and Threatfire. - THINGS SEEMED TO IMPROVE… and I got into my password protected accounts straight away. BUT COMPUTER STILL LAGGING.

2nd MAJOR PROBLEM: A few days ago my brother was looking at “girly sites” on my computer (I trust him he didn’t download anything). Suddenly my computer was extremely slow. 1- Computer taking about 15 minutes to boot (usually takes 5/6 approx. 2 - When trying to open a program from the shortcut icon on the desktop I would double click and nothing would happen at first, it would take several attempts to open and there was always the little hour glass showing the computer was not ready 3- Most pages (pages opened from Google searches especially) taking many minutes to open and “Not Responding” non stop. 4 - also couldn’t close browser windows when the computer asks “do you want to end now” and I clicked on it, a second “not responding” for the same page would just come up for same page in Task Manager. I reverted to pulling the plug many times ( I know it’s not healthy for computer, but didn’t see any other way)…

When I shut down/restarted computer to try again I often saw OCRA window not responding sort of screen flash up just before closing down. I also noticed at start-up the task bar was stalling at mini Google desktop start -up icon (which I don’t know how I got and don’t use). The next icon in start-up line is for Threatfire (rest not showing on their own - I had to manually press the little arrow to reveal all in line for start up) and it said something like “initiating…” in the tiny window next to icon. The other icons not showing ahead of the Threatfire (including AVG) said nothing.

ACTIONS:
I ran “msconfig” and un-ticked various applications for Start-Up: OCRA, Google Desktop, Anything AOL (I deleted all AOL 9.0VR and all other AOL stuff a while back along with other programs I thought were slowing computer down - but shortcut still on desk top).

3rd MAJOR PROBLEM:

This morning I could not open any applications at all. Task bar/Start-Up items list frozen. When clicked, just as before the hourglass/waiting icon would appear and after a bit would disappear. But nothing would open…. Been like this past14 hours.

ACTIONS:
a)tried to remove programs under Add/Remove control panel - remove would initiate, then computer would not respond.
b) shutdown, started up, restarted, pulled plug many times
b)unplugged modem
c)After about 3 hours I found basic info to start in Safe Mode/Safemode + Network and try to run programs from there: Anti-spyware, Explorer. I could get into safe mode and even been able to get onto Internet, but not been able to resolve problems.

NOTE: I unplugged modem wondering if there was a hacker and as soon as I unplugged, Start-Up icons completed their launch.

problems/actions
a) COMPUTER USERS
A user with computer administrator access called “Administrator” set on computer as well as Myself which is set as computer administrator powers. Can’t change settings or remove user “Administrator”… I messed around, added Another User also set to computer administrator hoping to be able to delete “Administrator” (assuming hacker is running computer via “administrator”), but still not able to touch administrator. “Guest” also came up in the list of thumbnail icons. ( I know this is a normal feature) but I am sure icon was showing earlier. I ticked “allow or on (whatever the option is)” to see if I could get info and Guest icon it disappeared from view… not in list as users and can’t option anywhere to disallow “Guest” user.

b)EXISTING ANTI-SPYWARE
same problem: still can’t open Threatfire neither signed on as Myself or “Administrator”

c)ANTIVIRUS SCAN
I tried running AVG. It opened but… I started a scan signed on as “Administrator” It ran for about 2 hours and I finally stopped it. At first it showed a few “locked”/”unchecked” items (I believe this is normal to have a few?)… but at about 2 hours - scan still going strong - many items said “locked”/“unchecked” (several dozen in a consecutive row perhaps). I stopped scan.

I later started a second AVG scan signed on as Myself but gave up in frustration.

d) DOWNLOADS
I can’t fully download most anti-spyware. I can download other programs. It gets right down to the end of install and a message flashes that “Administrator” will not allow the download.

failed… Ad-aware, Stopzilla and few others

installed successfully (I assume)…Spybot Search and Destroy

e)SPYBOT SCAN #1
I ran a Spybot S&D scan. About 360,000+ scanned. It came up with about 23 items. 4 were “Trojans”, I don’t remember what rest were and can’t find how to find log.

ACTION…I removed malware clicking appropriate/only button. Application said some could not remove some problem files - 2, I think (Explorer was running, if that’s of interest.)

g) SYSTEM RESTORE
Attempted in Safe Mode. Latest it would go back to was Dec13th. Message came up that “Administrator” would not allow and said system remained unchanged.

f)SPYBOT SCAN #2
Ran another scan same/similar 360,000 scanned and 2 items showed up. I was able to remove those (Explorer was off and modem was unplugged)


THINK THAT’S EVERYTHING, PLEASE HELP IF YOU CAN… CAN’T AFFORD TO BUY NEW COMPUTER… SUPER BEHIND IN WORK…

thank you ; )
THill is offline  
Sponsored Links
Advertisement
 
Old 01-09-2009, 07:15 PM   #2
Guest
 
Join Date: Jan 2009
Posts: 3
OS:



Sorry......“Guest” also came up in the list of thumbnail icons. ( I know this is a normal feature) but I am sure icon was showing earlier.....

I meant: I am sure icon was NOT showing earlier in list of users.
THill is offline  
Old 01-10-2009, 08:22 AM   #3
Guest
 
Join Date: Jan 2009
Posts: 3
OS:



AMENDMENTS LOGS ATTATCHED FOR THREAD...
sorry about this, I DID READ your "Read before posting". I misunderstood (thought these logs were to be supplied ONLY IF ASKED). Another nice member pointed it out to me ; ). Again sorry, I am currently going through tough time with bereavement and not being able to work with computer down doesn't help... none of this comes very easily to us tech-challenged people).

PLEASE HELP. Thank you (in advance) for your time.



DDS (Ver_09-01-07.01) - NTFSx86 NETWORK
Run by Tatyana Hill at 13:15:41.23 on 10/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.285 [GMT 0:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tatyana Hill\Local Settings\Temporary Internet Files\Content.IE5\NQ74YOPP\dds[1].com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series"

/O6 "USB002" /M "Stylus Photo R200"
mRun: [DetectorApp] c:\program files\roxio\mydvd studio deluxe\mydvd studio deluxe\DetectorApp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [StartupDelayer] "c:\program files\r2 studios\startup delayer\Startup Launcher GUI.exe"
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - ?p=ZJxdm172YYGB
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11

\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: apple.com\www
Trusted Zone: channel4.com\www
Trusted Zone: clipart9.com\www
Trusted Zone: comptoir-de-famille.com\www
Trusted Zone: ewido.net\www
Trusted Zone: facebook.com\www
Trusted Zone: google.co.uk\video
Trusted Zone: msn.com\msnbc
Trusted Zone: msn.com\video
Trusted Zone: msn.com\video.uk
Trusted Zone: msn.com\www.msnbc
Trusted Zone: myspace.com\www
Trusted Zone: softpedia.com\www
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-17 12936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-13 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-13 39200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-17 90632]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-17 98440]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-17 26824]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-12-13 33056]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-17 231704]
S4 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]

=============== Created Last 30 ================

2009-01-09 19:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\r2 Studios
2009-01-09 19:27 <DIR> --d----- c:\program files\r2 Studios
2009-01-09 18:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-09 18:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-19 13:50 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-18 07:13 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-17 16:32 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-17 16:32 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-17 16:32 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-17 16:32 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-17 14:37 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-17 14:00 <DIR> --d----- c:\program files\AVG
2008-12-17 14:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-13 13:46 <DIR> --d----- c:\program files\a-squared HiJackFree
2008-12-13 13:44 <DIR> --d----- c:\program files\a-squared Anti-Dialer
2008-12-13 13:28 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2008-12-13 13:28 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2008-12-13 13:28 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2008-12-13 13:28 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2008-12-13 13:28 <DIR> --d----- c:\program files\ThreatFire
2008-12-13 13:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2008-12-13 11:22 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-01-01 17:14 6,060 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-13 06:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2007-04-23 13:21 269,824 a------- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-04-23 13:11 224,896 a------- c:\windows\inf\wg111v3\wg111v3.sys
2006-12-15 10:30 315,392 a------- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 10:30 212,992 a------- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 10:30 98,304 a------- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 10:30 66,048 a------- c:\windows\inf\wg111v3\EAPPkt.sys
2006-12-15 10:30 28,672 a------- c:\windows\inf\wg111v3\SetDrv.exe
2006-12-15 10:30 20,480 a------- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 10:30 19,968 a------- c:\windows\inf\wg111v3\RTWREFU.EXE
2008-03-01 14:45 88 ---shr-- c:\windows\system32\1733206F50.sys
2008-09-06 14:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907

\index.dat

============= FINISH: 13:16:31.82 ===============
Attached Files
File Type: zip Attach.zip (4.2 KB, 12 views)
THill is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:12 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts