HELP!my computer has fallen and cant get up!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by kickmydonkey, Nov 24, 2004.

  1. kickmydonkey

    kickmydonkey Private E-2

    Ok, 1st off, yes, I have run all the items listed in your how to remove most spyware, which didn't help anything. My computer has been running really slow with everything I do on it. It takes a couple minutes for the start menu to even pop up , both in regular and safe mode. and even longer if I actually dare try to open a file or start a program. It took approximately 2hrs to run spybot, and well, I can't get adaware to run all the way through, infact jams up after scanning 43233 files, and had already found 59 problems at that point. I left it running since friday, without trying anything, and just leaving adaware running and it didn't get any further, and it is now the following wednesday. Spybot found a couple of things the 1st time around, and it had no trouble deleting them, since then doesn't find a thing, but apparently adaware finds atleast 59,but won't let me delete or anything like that. Please could someone help me out .
    Thx
    Daniel
     
    kickmydonkey, Nov 24, 2004
    #1
  2. kickmydonkey

    kickmydonkey Private E-2

    P.S: HELP!my computer has fallen and cant get up!!!

    Ok, also, forgoty to say, will not let me update windows xp, gives an error message. Oh yes, also tried every one of the online scans that the pro's provided links to. This site has proved itself awesome to me in the past, so I have faith. Thx ladies and gentleman for all you do.
    Daniel
     
    kickmydonkey, Nov 24, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: P.S: HELP!my computer has fallen and cant get up!!!

    You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log file as an attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

    Make sure you have HJT version 1.98.2 and follow the guidelines on where to install it and how to post a log as an attachment.
     
    chaslang, Nov 24, 2004
    #3
  4. kickmydonkey

    kickmydonkey Private E-2

    Ok, here we go
     

    Attached Files:

    kickmydonkey, Nov 24, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have HJT installed incorrectly. Please put it in a directory as requested.

    Also you should go to Add/Remove Programs and look for and uninstall:
    - WildTangent
    - WeatherBug (or similar named)
    - Web Offer
    - ShopAtHomeBundle (or SAHBundle or similar)
     
    chaslang, Nov 24, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    After looking for those uninstalls mentioned in my previous message, do the following.

    Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).

    You should also download LSPFix (http://www.majorgeeks.com/download4180.html) but do not run it yet. We may need it later.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {3AFF3F2B-B541-76BF-8001-665579FB2866} - C:\WINDOWS\System32\qtcd.dll
    O2 - BHO: (no name) - {3DF96B2D-E246-2FE8-8250-665579F92B39} - C:\WINDOWS\System32\zlar.dll (file missing)
    O4 - HKLM\..\Run: [usxhczyt] C:\WINDOWS\rcwt.exe
    O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Owner\LOCALS~1\Temp\bundle.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKCU\..\Run: [Chpa] C:\Documents and Settings\Owner\Application Data\ulas.exe
    O4 - HKCU\..\Run: [Ndkwtk] C:\WINDOWS\System32\d?dplay.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.imbum.com/Imbum.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10469377076b7c4bc106/netzip/RdxIE601.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\qtcd.dll
    C:\WINDOWS\rcwt.exe
    C:\Documents and Settings\Owner\Application Data\ulas.exe
    C:\Program Files\WildTangent <--- the whole directory
    C:\Documents and Settings\Owner\Local Settings\Temp\bundle.exe

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Nov 24, 2004
    #6
  7. kickmydonkey

    kickmydonkey Private E-2

    Ok, sorry it has taken me so long to post back. Had a family emergency and had to go out of town for a couple of days.
    Ok thx Chaslang for your response, however even after doing the stuff you wanted me to do, still no luck. I can't get hijack this or infact barely any program to respond in regular startup, so I am still in safe mode. I think I now have hijack this in somewhere yall want it anyway. but I am having to scan in safe mode, if that makes a difference?!
    My adaware is still jamming up after finding numerous infections, and if this helps any, stops when it gets to "Typelib\{8E27C92E-1264-101C-8A2F-040224009C02}"
    Well anyway, here is my new hijackthis log, scanned while in safe mode
     

    Attached Files:

    kickmydonkey, Nov 27, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still have HJT in a subfolder of C:\Documents and Settings. You have it here:
    C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

    We prefer that it not be located there. Try putting in a path like: C:\Program Files\HijackThis\HijackThis.exe

    We need a HijackThis log from normal boot mode. Try doing the following:
    - boot in normal mode
    - rename hijackthis.exe to myhjt.com
    - double click on myhjt.com
    - if it runs that way, get me a log.

    If the above fails to work, do the following:
    - Download ProcessExplorer from: http://www.sysinternals.com/files/procexpnt.zip
    - Unzip it and now run ProcessExplorer
    - We need to configure some options first:
    Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked. Now click on explorer.exe. Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
    - Now click on File and then Save As. And save the process list.
    - Post it back here as an attachment. Also, from now on if I say to kill a process, use ProcessExplorer instead of Task Manager. Sometimes ProcessExplorer can kill things that Task Manager cannot.
     
    chaslang, Nov 28, 2004
    #8
  9. kickmydonkey

    kickmydonkey Private E-2

    Ok, here is the new log, done from the correct place(I hope) and done in normal startup.
    thanks again for the help,I really appreciate it.
     

    Attached Files:

    kickmydonkey, Nov 28, 2004
    #9
  10. kickmydonkey

    kickmydonkey Private E-2

    Ok, well just incase anyone posts a message to me, I am sorry if it takes me awhile to reply, but I have gotta be heading for bed. 4am comes around early in these parts. Thanks again for your help Chaslang, I really appreciate it.
     
    kickmydonkey, Nov 28, 2004
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't see anything bad in your HJT log now. Are you still still having problems?
    Have much RAM do you have, what is your processor speed, how big is you hard disk and how much free space is on your hard disk?

    You have a lot of processes running. Try shutting some of them down and see if a scan with Spybot speed up. Try ending these processes (only temporarily. I don't want you to uninstall them. Just end them using Task Manager.) (Note: you should not connected to the internet when doing this since I'm asking you to end some processes, like AOL..)

    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
     
    Last edited: Nov 29, 2004
    chaslang, Nov 29, 2004
    #11
  12. kickmydonkey

    kickmydonkey Private E-2

    Ok, running a 3.00ghz pentium 4 with 512MB's of ram, have a 189 gb hard drive with 182gb's still free.
    I deleted both nortons anti virus, and nortons firewall , and I managed to get the windows update to work finally even after that still no go on this thing. It is just running super slow, and only started a couple weeks back. The wierd thing is,is that it won't let me run adaware all the way through, and ad aware picks up a whole bunch of stuff before it freezes up.
    Oh yes, I closed all the processes you asked me too, and still running really slow!?
    Well, I really am at a loss of what else can be done?!
     
    kickmydonkey, Nov 29, 2004
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First a note: do not run multiple antivirus applications. I see you had Norton (now you say you uninstalled it) and also AV Personal. You must run only one. Also, do you have multiple, check to make sure you only have one firewall running. I see you upgraded to SP2 along the way. It had a built in firewall that should be disabled if you use any other software firewall application. How did you do the upgrade to SP2 if your PC is so slow? Or did you have a CD with the upgrade?

    Please go back on run the online scans that were listed in the READ ME FIRST thread. You have not run them. Did you run Stinger? You should also consider running the items in the Alternative Scans - If still having problems section of that link. I know you are saying things run really slow, but there may be a virus on your PC that does not show in a simple HJT log. We need to locate it.
     
    chaslang, Nov 29, 2004
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds