Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

This thing is driving me crazy....

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

This thing is driving me crazy....

Unread postby flacogordo » May 7th, 2008, 7:06 pm

Hi Experts, I think my PC has a Malware, IE doesn't open, my taskbar doesn't show open programs, when i try to install something, says some files are corrupted. I have a HJT Log.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:16 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\PC Tools Internet Security\pctsAuxs.exe
D:\Program Files\PC Tools Internet Security\pctsSvc.exe
D:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-790525478-1275210071-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-790525478-1275210071-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kiwiusa.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3501524781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3665672546
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\PC Tools Internet Security\pctsSvc.exe

--
End of file - 6260 bytes
flacogordo
Active Member
 
Posts: 8
Joined: May 7th, 2008, 6:58 pm
Advertisement
Register to Remove

Re: This thing is driving me crazy....

Unread postby Katana » May 11th, 2008, 9:40 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

----------------------------------------------------------------------------------------


If you still require help please post a fresh HJT log


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: This thing is driving me crazy....

Unread postby flacogordo » May 12th, 2008, 10:21 pm

Hi Katana, thanks for your help, here's the list of programs installed :

µTorrent
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.5
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BlackBerry Desktop Software 4.2.2
BlackBerry Desktop Software 4.2.2
Bonjour
eMule
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP PSC & Officejet 4.2 Corporate Edition
HP Solution Center 7.0
HP Update
iPod To Computer Transfer 2.6
iTunes
J2SE Runtime Environment 5.0 Update 6
K-Lite Mega Codec Pack 1.34
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Maxtor OneTouch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.14)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
Passware Kit Enterprise 7.3
PC Tools Internet Security 2008
Plato DVD Ripper 4.33
Plato DVD to MP3 Ripper 4.38
PowerDVD
QuickTime
RealPlayer
SanDisk TransferMate
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Spelling Dictionaries For Adobe Reader Package
Tansee iPod Transfer v3.2
The Matrix Online®
TomTom HOME
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Storage Adapter FX (MXO)
VIA Rhine-Family Fast Ethernet Adapter
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
flacogordo
Active Member
 
Posts: 8
Joined: May 7th, 2008, 6:58 pm

Re: This thing is driving me crazy....

Unread postby flacogordo » May 12th, 2008, 10:28 pm

This a\is a fresh HJT Log:

thanks in advance.!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:44 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\PC Tools Internet Security\pctsAuxs.exe
D:\Program Files\PC Tools Internet Security\pctsSvc.exe
D:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-790525478-1275210071-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-790525478-1275210071-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kiwiusa.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3501524781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3665672546
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\PC Tools Internet Security\pctsSvc.exe

--
End of file - 4223 bytes
flacogordo
Active Member
 
Posts: 8
Joined: May 7th, 2008, 6:58 pm

Re: This thing is driving me crazy....

Unread postby Katana » May 13th, 2008, 7:04 am

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

eMule
µTorrent


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.



Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java and Adobe components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6 from http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Update Adobe Acrobat Reader
  • Please go to this link Adobe Acrobat Reader Download Link
  • Cllick Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Now close all windows, including your browser.
Double click on the Java installation that you downloaded and follow the prompts.

Remove Programs
Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Adobe Reader 7.0.5
  • J2SE Runtime Environment 5.0 Update 6
Now close the Control Panel.

Reboot your machine.

Malwarebytes' Anti-Malware
I see you already have MalwareBytes installed, so please do the following
  • Open MBAM
  • Click the Update Tab
  • Click Update
  • If an update is found, it will download and install the latest version.
  • If needed restart the program
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Deckard's System Scanner (DSS)

Please download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Malwarebytes
  • Both DSS Logs
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: This thing is driving me crazy....

Unread postby flacogordo » May 13th, 2008, 7:19 am

Hi Katana,

Thanks for the reply, I will do all this this afternoon.

on one note, the MalwareBytes doesn't work, it gives me a dll error vb6xxx.dll is not properly install or something, i tried to install it twice but no luck.

Thanks.

FG
flacogordo
Active Member
 
Posts: 8
Joined: May 7th, 2008, 6:58 pm

Re: This thing is driving me crazy....

Unread postby flacogordo » May 13th, 2008, 7:57 pm

Hi Katana,

I uninstall all P2P programs but i couldn't unisnstall Adobe neither The old Java because it says "Windows Installer not found or not installed", same message if I try to install the new versions. I did run the dss and here are the two logs.

thanks.

the main one:
Deckard's System Scanner v20071014.68
Run by Jorge on 2008-05-13 19:48:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jorge.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:56 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Program Files\PC Tools Internet Security\pctsAuxs.exe
D:\Program Files\PC Tools Internet Security\pctsSvc.exe
D:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
M:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jorge.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-790525478-1275210071-725345543-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-790525478-1275210071-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kiwiusa.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3501524781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3665672546
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\PC Tools Internet Security\pctsSvc.exe

--
End of file - 4231 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080507-182127-354 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080507-182147-201 O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
backup-20080507-182201-753 O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
backup-20080507-182214-752 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080507-182411-185 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20080507-182411-384 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20080507-182411-918 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20080507-182412-209 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
backup-20080507-182412-560 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080507-182427-377 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
backup-20080507-182427-585 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080507-182427-853 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080507-182502-263 O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
backup-20080507-182502-289 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
backup-20080507-182502-311 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
backup-20080507-182502-367 O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
backup-20080507-182502-504 O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
backup-20080507-182502-595 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
backup-20080507-182502-954 O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME\TomTomHOME.exe" -s
backup-20080507-182519-401 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20080507-182519-510 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
backup-20080507-182557-551 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080507-182557-658 O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe (file missing)
backup-20080507-182557-665 O23 - Service: NBService - Nero AG - D:\Nero 7\Nero 7\Nero BackItUp\NBService.exe
backup-20080507-182557-689 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
backup-20080512-070002-125 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080512-070002-210 O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080512-070002-275 O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080512-070002-292 O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20080512-070002-321 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080512-070002-353 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080512-070002-360 O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
backup-20080512-070002-416 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080512-070002-488 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080512-070002-530 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
backup-20080512-070002-546 O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080512-070002-567 O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080512-070002-606 O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080512-070002-620 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080512-070002-716 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080512-070002-819 O4 - HKUS\S-1-5-21-790525478-1275210071-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
backup-20080512-070002-851 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 catchme - c:\combofix\catchme.sys (file missing)
4 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
3 MXOFX (USB Storage Adapter FX (MXO)) - c:\windows\system32\drivers\mxofx.sys <Not Verified; Cypress Semiconductor; Cypress USB Mass Storage Adapter>
3 MXOPSWD (Maxtor OneTouch Security Driver) - c:\windows\system32\drivers\mxopswd.sys <Not Verified; Maxtor Corp.; Maxtor Corp. 1394/USB Onetouch Storage>
3 OVT511Plus (Dual Mode USB Camera Plus) - c:\windows\system32\drivers\omcamvid.sys <Not Verified; OmniVision Technologies, Inc.; OmniVision PC Camera>
3 RimVSerPort (RIM Virtual Serial Port v2) - c:\windows\system32\drivers\rimserial.sys <Not Verified; Research in Motion Ltd; RIM Modem>
3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
3 SFilter (PCTools Driver) - c:\windows\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
3 TSP - c:\windows\system32\zonelabs\avsys\klif.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
4 Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
2 IISADMIN (IIS Admin) - c:\windows\system32\inetsrv\inetinfo.exe <Not Verified; Microsoft Corporation; Internet Information Services>
4 iPAHelper.exe - c:\program files\ipod
4 NBService - d:\nero 7\nero 7\nero <Not Verified; Nero AG; Nero BackItUp>
2 SMTPSVC (Simple Mail Transfer Protocol (SMTP)) - c:\windows\system32\inetsrv\inetinfo.exe <Not Verified; Microsoft Corporation; Internet Information Services>
4 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 14:25:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-07 19:09:10 0 d-------- C:\Program Files\Malwarebytes Anti-Malware
2008-05-07 18:45:30 0 d-------- C:\Documents and Settings\Jorge\DoctorWeb
2008-05-07 18:35:47 68096 --a------ C:\WINDOWS\zip.exe
2008-05-07 18:35:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-07 18:35:47 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-07 18:35:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-07 18:35:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-07 18:35:47 98816 --a------ C:\WINDOWS\sed.exe
2008-05-07 18:35:47 80412 --a------ C:\WINDOWS\grep.exe
2008-05-07 18:35:47 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-07 18:19:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-07 18:18:26 0 d-------- C:\Documents and Settings\Jorge\.housecall6.6
2008-05-05 09:51:11 0 d-------- C:\Program Files\Trend Micro
2008-05-04 19:52:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-05-04 19:52:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-05-04 19:51:13 93440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2008-05-04 19:51:07 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-04 19:51:01 0 d-------- C:\Documents and Settings\Jorge\Application Data\PC Tools
2008-05-04 19:51:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-04 19:28:08 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-04 19:28:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-05-04 19:27:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-05-03 21:53:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-03 12:03:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:59:42 39424 --a------ C:\WINDOWS\zipinst.exe <Not Verified; NirSoft; ZipInstaller>


-- Find3M Report ---------------------------------------------------------------

2008-05-12 07:06:34 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000004-00511102}.dat
2008-05-12 07:06:34 384 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-00000009-00001102-00000004-00511102}.dat
2008-05-04 19:51:07 0 d-------- C:\Program Files\Common Files
2008-05-03 13:59:33 512 --a------ C:\ScanSectorLog.dat
2008-04-29 21:57:35 256 --a------ C:\WINDOWS\system32\pool.bin
2008-04-29 21:55:18 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-27 02:54:20 0 d-------- C:\Documents and Settings\Jorge\Application Data\uTorrent
2008-04-01 21:28:59 0 d-------- C:\Documents and Settings\Jorge\Application Data\Image Zone Express
2008-03-21 21:44:39 0 d-------- C:\Documents and Settings\Jorge\Application Data\Real
2008-03-19 05:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-13 23:32:15 0 d-------- C:\Program Files\iPod
2008-03-13 23:31:00 0 d-------- C:\Program Files\Bonjour
2008-03-13 23:28:30 0 d-------- C:\Program Files\Apple Software Update
2008-03-13 23:28:00 0 d-------- C:\Program Files\Common Files\Apple
2008-02-20 02:51:05 282624 --a------ C:\WINDOWS\system32\gdi32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-20 01:32:43 45568 --a------ C:\WINDOWS\system32\dnsrslvr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"ISTray"="D:\Program Files\PC Tools Internet Security\pctsTray.exe" [02/01/2008 11:59 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [11/16/2006 07:04 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 09:18 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jorge^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Jorge\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UserAccess7"=2 (0x2)
"IDriverT"=3 (0x3)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 http://www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 http://www.acestats.com

5249 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-13 19:51:31 ------------




the second one:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1023.48 MiB / 619.27 MiB
Pagefile Memory (total/avail): 2459.25 MiB / 2016.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1947.86 MiB

C: is Fixed (NTFS) - 19.53 GiB total, 2.92 GiB free.
D: is Fixed (NTFS) - 74.5 GiB total, 7.32 GiB free.
E: is Fixed (NTFS) - 54.99 GiB total, 2.06 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
M: is Removable (FAT)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jorge\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XOMO1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jorge
LOGONSERVER=\\XOMO1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jorge\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jorge\LOCALS~1\Temp
USERDOMAIN=XOMO1
USERNAME=Jorge
USERPROFILE=C:\Documents and Settings\Jorge
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jorge (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> D:\Nero 7\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{34566374-6C4D-419F-A9E0-8B21CA905FD8}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP PSC & Officejet 4.2 Corporate Edition --> "C:\Program Files\HP\Digital Imaging\{AC1314E7-D28C-40A1-B322-80D2868D35CE}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
iPod To Computer Transfer 2.6 --> "C:\Program Files\iPod To Computer Transfer\unins000.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Mega Codec Pack 1.34 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware --> "c:\Program Files\Malwarebytes Anti-Malware\unins000.exe"
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{231F68F4-70E4-41A6-BEDA-7E7934169B54} /l1033
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Passware Kit Enterprise 7.3 --> C:\Program Files\Passware\un-kit_ent.exe
PC Tools Internet Security 2008 --> D:\Program Files\PC Tools Internet Security\unins000.exe /LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SanDisk TransferMate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe" -l0x9
Spelling Dictionaries For Adobe Reader Package --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7E8A450000A7}
Tansee iPod Transfer v3.2 --> "C:\Program Files\Tansee iPod Transfer\unins000.exe"
The Matrix Online® --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "e:\Program Files\Monolith Productions\The Matrix Online\Setup.exe" -l0x9 -removeonly
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type3639 / Warning
Event Submitted/Written: 05/13/2008 07:48:14 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA

Event Record #/Type3638 / Warning
Event Submitted/Written: 05/13/2008 07:47:23 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA

Event Record #/Type3630 / Warning
Event Submitted/Written: 05/05/2008 07:27:29 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA

Event Record #/Type3628 / Warning
Event Submitted/Written: 05/04/2008 07:50:42 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA

Event Record #/Type3627 / Error
Event Submitted/Written: 05/04/2008 07:50:37 PM
Event ID/Source: 0 / pctsSvc.exe
Event Description:
The service process could not connect to the service controller



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type117960 / Error
Event Submitted/Written: 05/13/2008 07:23:29 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.2 for the Network Card with network address 00115BB2D35F has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type117957 / Warning
Event Submitted/Written: 05/13/2008 00:02:27 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type117947 / Warning
Event Submitted/Written: 05/11/2008 02:26:48 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type117945 / Warning
Event Submitted/Written: 05/08/2008 08:23:17 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type117933 / Error
Event Submitted/Written: 05/07/2008 06:29:51 PM / 05/07/2008 06:30:21 PM
Event ID/Source: 12 / sfsync02
Event Description:




-- End of Deckard's System Scanner: finished at 2008-05-13 19:51:31 ------------


Thanks

FG
flacogordo
Active Member
 
Posts: 8
Joined: May 7th, 2008, 6:58 pm

Re: This thing is driving me crazy....

Unread postby Katana » May 14th, 2008, 7:00 am

It sounds like a problem with windows installer itself, let's try the easy way first ...

1. Click Start, click Run, type msiexec /unreg in the Open box, and then click OK.
2. Click Start, click Run, type msiexec /regserver in the Open box, and then click OK.

Now try to uninstall the Java as before

Let me know how you get on.
Last edited by Katana on May 14th, 2008, 6:55 pm, edited 1 time in total.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: This thing is driving me crazy....

Unread postby flacogordo » May 14th, 2008, 6:46 pm

Hi Katana,

I tried both of them but still says:

"The Windows Installer Service could not be accessed. This occurs if you are running Windows in Safe mode, or if the Windows installer is not correctly installed."

and I'm not running Safe mode.

another thing that i noticed, some or all of my services are not available, either the Network service, but i can connect to the internet but i cannot open "My Network Connections" weird. :S

Thanks

FG
flacogordo
Active Member
 
Posts: 8
Joined: May 7th, 2008, 6:58 pm

Re: This thing is driving me crazy....

Unread postby Katana » May 15th, 2008, 6:34 am

Ok, let's try reinstalling it

Download this file and save it to your desktop
http://download.microsoft.com/download/ ... v2-x86.exe

When it has finished downloading, double click on WindowsInstaller-KB893803-v2-x86.exe and follow the prompts to install it.

Please try to remove the Java again, and let me know how you get on.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: This thing is driving me crazy....

Unread postby flacogordo » May 15th, 2008, 2:53 pm

Hi Katana,

no luck, as soon as I try to install it an error message comes up and says:

Setup could not verify the integrity of the Update.inf. Make sure the cryptographic service is running on this computer.

Thanks

FG
flacogordo
Active Member
 
Posts: 8
Joined: May 7th, 2008, 6:58 pm

Re: This thing is driving me crazy....

Unread postby flacogordo » May 15th, 2008, 2:58 pm

And I tried to start the service, and it says failed to start. I even tried in safe mode..

Thanks

FG
flacogordo
Active Member
 
Posts: 8
Joined: May 7th, 2008, 6:58 pm

Re: This thing is driving me crazy....

Unread postby Katana » May 16th, 2008, 6:03 am

I must warn you, this is not looking good :(

Let's see what services actually are running

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
SC QUERY state= all |findstr "DISPLAY_NAME STATE" >> C:\servicelook.txt
start notepad C:\servicelook.txt
del /q %0
exit


Double click on look.bat

Notepad will open, please copy/paste the results here.


Also, please try the following scan


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


Please post the Kaspersky log in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: This thing is driving me crazy....

Unread postby NonSuch » May 21st, 2008, 7:50 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware