Virus Problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by gkorjax, Sep 3, 2008.

  1. gkorjax

    gkorjax Private E-2

    Hi,

    I'm trying once again to fix my girlfriend's father's computer. Its running Vista. It has numerous problems, basically rooted in an inability to run mozilla firefox, download anything (including updates for avg etc). Though marked as an administrator, access to do many things ( change file names, create logs) is denied.

    In safe mode with networking I was able to use firefox and follow the malware removal guide tutorial...almost. I downloaded ccleaner and the 5 malware removal programs with no problem. I followed the manual malware removal guide. I ran ccleaner. However I was unable to run SuperAntiSPyware because (in safe mode) the install stopped with a popup window saying something along these lines, " Windows installer service is not accessible...".

    I ran the other four programs and am attaching the logs. I am still having problems.

    Thanks for any insight
     

    Attached Files:

    gkorjax, Sep 3, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to attach the log from Malwarebytes.

    Also have you attempt to install SUPERAntiSpyware in normal boot mode?

    Have you attempted using System Restore to go back to a point before where the problems began?
     
    Last edited: Sep 4, 2008
    chaslang, Sep 4, 2008
    #2
  3. gkorjax

    gkorjax Private E-2

    Sorry about not attaching the file from malwarebytes. I luckily copied it to a flash drive so I am able to attach it.

    Regarding trying to run the install of SUPERAntiSpyware in normal boot mode.
    I cannot. When I attempt to do so I get a pop up box that gives a simple message "File is corrupted". The install stops there.

    Regarding system restore, there are no restore points before the problems existed, (Though the Geek squad paid him a visit and "helped" him for several hundreds of dollars six months or so ago). If I recall correctly attempting to actually do a restore gives an "access denied" box as well. When I tried to do a restore in safe mode it appeared to be working but at the end I got a System Restore failed message...with the bonus of all the programs and even some spyware I had manually deleted finding their way back on...That was two weeks ago. I gave it another go yesterday, using safe mode WITH networking and was able to download the programs directly onto the computer and run many of them. Thus the log files. Two weeks ago I didn't know what "with networking" enabled me to do...so I was trying to transfer programs over directly from a flash drive. Trying to copy the programs over failed, with a "access denied" message.

    Thanks for your previous reply.
    Hoping you have some idea of what I can do to help him out.
     

    Attached Files:

    gkorjax, Sep 4, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The only real malware item I see is Boonty Games which some one chose to install ( see http://www.castlecops.com/o23list-1744.html ). However fixing it is not going to resolve the problems you mentioned.

    Based on the logs you attached it looks like someone may have been performing either Repairs or System Restores and possibly the Owner user profile is all messed up. I see a whole bunch of strange folder where normally only user account folders are listed. Like the below:
    Code:
    "C:\Users\"
ALLUSE~1      Aug 16 2007              "All Users"
DEFAULT       Nov  2 2006              "Default"
DEFAUL~1      Aug 16 2007              "Default User"
defaul~1.log  Feb 12 2008           0  "Default.LOG1"
defaul~2.log  Feb 12 2008           0  "Default.LOG2"
desktop.ini   Jul  9 2008         174  "desktop.ini"
NEWFOL~1      Aug 30 2008              "New Folder"
OWNER         Aug 16 2007              "owner"
PUBLIC        Nov  2 2006              "Public"
TEMP          Aug  2 2008              "TEMP"
TEMPOW~1.000  Aug  2 2008              "TEMP.owner-PC.000"
TEMPOW~1.001  Aug  2 2008              "TEMP.owner-PC.001"
TEMPOW~1.002  Aug  3 2008              "TEMP.owner-PC.002"
TEMP~1.OWN    Aug  2 2008              "TEMP.owner-PC"
URGE          Sep  5 2007              "URGE"
    And then I also question what all of the below are from:
    Code:
    2008-09-03 15:40 . 2008-09-03 15:40 <DIR> d-------- C:\MSIe668f.tmp
2008-09-03 12:16 . 2008-07-10 12:17 262,144 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-08-30 20:09 . 2008-08-31 15:21 <DIR> d-------- C:\Users\owner\New Folder
2008-08-30 20:01 . 2008-08-30 20:01 <DIR> d-------- C:\Users\New Folder
2008-08-26 21:35 . 2008-08-26 21:35 0 --a------ C:\DFR894E.tmp
2008-08-21 21:40 . 2008-08-21 21:40 0 --a------ C:\DFRDA2.tmp
2008-08-13 23:27 . 2008-08-13 23:27 0 --a------ C:\DFRAF44.tmp
2008-08-13 15:38 . 2008-08-13 15:38 <DIR> d-------- C:\MSIe5f56.tmp
2008-08-13 15:37 . 2008-08-13 15:37 <DIR> d-------- C:\MSIe5f4f.tmp
2008-08-13 13:24 . 2008-08-13 13:24 <DIR> d-------- C:\MSI77469.tmp
2008-08-13 13:24 . 2008-08-13 13:24 <DIR> d-------- C:\MSI77462.tmp
2008-08-13 13:24 . 2008-08-13 13:24 <DIR> d-------- C:\MSI7745b.tmp
2008-08-13 13:23 . 2008-08-13 13:23 <DIR> d-------- C:\MSI77455.tmp
2008-08-13 12:38 . 2008-08-13 12:38 <DIR> d-------- C:\PERepairData
2008-08-10 22:00 . 2008-08-10 22:00 0 --a------ C:\DFR188.tmp
2008-08-10 18:51 . 2008-08-10 18:51 0 --a------ C:\DFR5261.tmp
2008-08-10 03:10 . 2008-08-10 03:10 0 --a------ C:\DFR74BE.tmp
2008-08-07 06:56 . 2008-08-07 06:56 0 --a------ C:\DFREF0F.tmp
2008-08-03 00:06 . 2006-11-02 05:23 <DIR> d-------- C:\Users\TEMP.owner-PC.002\Videos
2008-08-03 00:06 . 2006-11-02 05:23 <DIR> d-------- C:\Users\TEMP.owner-PC.002\Saved Games
2008-08-03 00:06 . 2006-11-02 05:23 <DIR> d-------- C:\Users\TEMP.owner-PC.002\Pictures
2008-08-03 00:06 . 2006-11-02 05:23 <DIR> d-------- C:\Users\TEMP.owner-PC.002\Music
2008-08-03 00:06 . 2006-11-02 05:23 <DIR> d-------- C:\Users\TEMP.owner-PC.002\Links
2008-08-03 00:06 . 2006-11-02 05:23 <DIR> d-------- C:\Users\TEMP.owner-PC.002\Downloads
2008-08-03 00:06 . 2007-08-16 10:18 <DIR> d-------- C:\Users\TEMP.owner-PC.002\Documents
2008-08-03 00:06 . 2006-11-02 06:18 <DIR> d--h----- C:\Users\TEMP.owner-PC.002\AppData
2008-08-03 00:06 . 2008-08-03 00:06 <DIR> d-------- C:\Users\TEMP.owner-PC.002
    You would be better of posting in the Software Forum about this but a reinstall is probably in your near future.
     
    chaslang, Sep 5, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds