unable to download anything, email program keeps "sticking"

  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

The problem began a couple weeks ago when I tried to download a file off of an unfamiliar website. The download in question never took place. It appeared to try, but seemed to put my computer into an endless loop of trying to download. I had to close IE from Task Manager after it locked up. The first problem I noticed after that was I was no longer able to open an attachment inside of Windows Live Mail, I had to move the file elsewhere to open it. And when deleting emails, as I have to do a lot, Live Mail keeps "sticking". It would delete a couple of them, then freeze up for about 20 seconds becoming unresponsive, then it would go ahead and delete.
And now when I try to download anything, including Microsoft upgrades, I get nothing. I can click on a download and everything appears normal. The little box opens asking Run, Save or Cancel. I click on Save, chose a target path, the download begins. I sit and watch as it downloads byte by byte. When the download finishes the little download window just disappears without giving me the options of Open, Open Folder or Close, even though that little box in the window for closing it when finished is NOT checked. Then when I go to the target folder for the download, there is nothing there. I have done a search of the entire hard drive and the file I just finished downloading is nowhere to be found.
I got some help on a site called Computer Help, and after I went through all of the steps of scannng and fixing, I was told there was no visible sign of malware.
So now I'm back to square one. Can anyone help, or will I have to do a complete system reinstall ?
FYI, my Windows restore feature was turned off, so I cannot use that options.
Please help. Thank you.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Download, update & run anti malware from malwarebytes.org
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

As I mentioned in my original post, I got some help on a website called Computer Help and one of the many things they had me do was to run MABM and many other scanner type programs. And their final conclusion was that I did not have any malware on my comuter.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Then run Hijack This or do a restore point.
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

HiJackThis is another one of the programs they had me run. And, once again I refer back to my original post. The restore feature was turned off on my computer so there is no restore point.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Who evaluated the Hijack This log? Is there a chance I could view it?
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

What, you want his name ? He was called evilfantasy on Computer Hope, that's all I can tell you. I believe I already deleted all of those log files. I could do another scan if you want.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

If you want to run it again, I'll look at it. I'm not as sure as you are that the machine is clean.
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

Ok, I tried to post the log here and I got an error message saying I am not allowed to post external links. I don't know why it said that, but there it is. Now what do I do ?
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Just copy & paste the log into the body of the post. It's done all the time.
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

That is what I tried, three times. It keeps giving me that error message.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

I don't know what else to tell you. I have no other solutions.
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

Maybe you could tell me why it is giving me that error message ?
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

If I knew, I would tell you. You would have to ask the moderators.
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

Maybe you could tell me how to do that then. I am new to this forum stuff. Is there a certain place that I connect with them ?
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

Click on main menu. When it opens, click on contact, just above it.
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

Ok, I figured out how to post, so here is a fresh HiJackThis log file, pasted below.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:19 AM, on 10/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\11 News Now\TrueWeather.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Microsoft Office\Office\excel.exe
C:\Program Files (x86)\client.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = =69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = =54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = =54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = =69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files (x86)\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: 11 News Now.lnk = C:\Program Files (x86)\Common Files\11 News Now\TrueWeather.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
O9 - Extra button: - {169c05c6-1c11-4e6b-a396-836fa4b43db7} - C:\Users\Dane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\lnk (HKCU)
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O17 - HKLM\System\CCS\Services\Tcpip\..\{4F952509-70FB-44E0-9581-4F4D539815AD}: NameServer = 208.67.222.220,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F952509-70FB-44E0-9581-4F4D539815AD}: NameServer = 208.67.222.220,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{4F952509-70FB-44E0-9581-4F4D539815AD}: NameServer = 208.67.222.220,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{4F952509-70FB-44E0-9581-4F4D539815AD}: NameServer = 208.67.222.220,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files (x86)\AGI\common\win32\PythonService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7609 bytes
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

First: There are some key system files reported as missing. Three of them are lsass.exe, locator.exe & msdtc.exe.

That alone tells me you need to do a repair install unless you want to try to replace them by hand. If you take the hand route, replace them & uninstall all toolbars.

Second: I have never seen start pages listed as 5 digit numbers. Maybe it's something new that I don't know about but I thought I'd mention it. Example:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = =69157

Third: The file agcutils.dll has been known to cause problems with IE. Search it in Google for more info.

Fourth: If you didn't set opendns as your name server, then your DNS has been hijacked.

Those are some of the things I see. I don't know why the person who reviewed your log didn't at least see the missing system files. That has to be fixed first.
  • finfan1954
  • Newbie
  • Newbie
  • finfan1954
  • Posts: 10

Post 3+ Months Ago

I am not sure what you mean by repair install. I did try the Startup Repair on the disc and it didn't find any problems. When you say repair install, are you talking about a full reformat in reinstall from scratch ?
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4924
  • Loc: NY

Post 3+ Months Ago

No. There is a choice somewhere along the line just to do a repair (R). Of course, if you prefer to start from scratch, it's ok.

Post Information

  • Total Posts in this topic: 20 posts
  • Users browsing this forum: No registered users and 43 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.