Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

InstallShield Problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

InstallShield Problems

Unread postby RicBoltz » October 1st, 2005, 7:37 am

hi there.
I seem to be having problems with removing programs due to errors with install shield. I have trieds various tips but cant seem to log in under my administrator option. I have run ad-aware - spybot - macafee antispyware - trend micro and hevn't come up with much but when running mwva found 25 virus entries. I have included both HJT and mwv logs.
Thanks for the help!
===============================================
MWVA Log
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clientman Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "startsurfing Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\DDMI.VXD". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\DLPT.VXD". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{47808F78-F178-49DC-B708-15FE538B16FF}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{765E6D73-8D2A-4EA6-A95E-3000C211BBD4}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873339". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB887472". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB898461". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "mplibwiz.inf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "PROSet". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SlimBrowser". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{48691011-BF12-407D-9A7E-8772485CDAA2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4E9C3F2D-C654-453E-B1AD-9F231905A50D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{73819BA2-2E8B-430B-A6C9-0D89657DC865}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7BF7B688-4A95-4003-BA98-EA8A79DA0ABA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8997F2E8-9CA1-44FF-9DAD-D3E5EB4B41F7}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9C2EDC9C-EF3B-443A-BB2C-3488DAC7247E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A27F2A64-3D23-4449-B395-75335CED458E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E8D25E54-D172-4FB0-929B-48D51E2E9C6D}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FB015BB0-5518-4767-9DE4-F9A5C7C62E46}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0A1D1FC1-E7D5-4A00-A3CB-F3E450F7D170}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{155B3F27-CDEE-4FE2-8CC5-8D08882FDE15}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2293FA8E-8FE7-4147-9706-BC1688C339A2}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{26BF9366-95A2-463B-8237-238114494AF7}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2DBDEE9B-56B8-4E14-8A48-D20C64AAA673}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3849C543-5916-42C8-AB90-5545DF70D302}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{51076341-C7DE-4745-9E02-E36E34FCCC56}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{58EBECEB-C6A1-4565-A650-5610F7F0FBCF}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5C15D2EF-34AB-48FC-876C-3A64961E10C1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6F3F3EF2-AA93-487B-A25C-BD67735E53B9}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7B28B7CA-C9C2-442C-BBED-8A121E75CA1D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{95117066-315E-4CAE-BE3D-E7897D3F98BC}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{989E6670-3798-4C35-AA11-EB4E18F404C4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{AB99CA0B-498E-4938-862C-F0CEC262EA69}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BD601F60-EF53-434B-9B63-E7B706243203}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CA66D704-5280-4A20-B1A4-698B396FF039}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D3470F50-AB2B-40B4-B75E-057BB3487550}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D6D80D13-633A-444C-9829-4A3013D7FFBB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E86F5307-002B-49A2-89C4-0784C44052C4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{ED725281-1CBF-11D3-B649-00A0CC27659B}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F0F69A8F-9388-4EEE-9977-BD8AB18C5733}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\.scd" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\.sch" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CDFeatureRRObject.CDFeatureRR" refers to invalid object "{4B9A5F7D-7908-4E59-B2DA-216D42B692B0}". Action Taken: No Action Taken.
Entry "HKCR\CLImageEnhance.ImageEnhance" refers to invalid object "{8E72B2F3-1F08-4C86-A789-451FEE79715B}". Action Taken: No Action Taken.
Entry "HKCR\ComTruSurroundXT.SRSTruSurroundXT" refers to invalid object "{5E2663C1-51B3-49B7-B081-70181C2AF816}". Action Taken: No Action Taken.
Entry "HKCR\ComTruSurroundXT.SRSTruSurroundXTPropertyPage" refers to invalid object "{AFA95F79-06AC-4B9A-B261-D415063DC2B3}". Action Taken: No Action Taken.
Entry "HKCR\ComTruSurroundXT.SRSTruSurroundXTPropertyPage.1" refers to invalid object "{AFA95F79-06AC-4B9A-B261-D415063DC2B3}". Action Taken: No Action Taken.
Entry "HKCR\ComWOWSurround.SRSTruSurroundXTBlock" refers to invalid object "{88007BE6-7171-46F0-858B-852DAD96016D}". Action Taken: No Action Taken.
Entry "HKCR\ComWOWSurround.TSXTBlockPropertyPage" refers to invalid object "{F69B7E4A-4A83-4485-8860-85DAA196D745}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACD}". Action Taken: No Action Taken.
Entry "HKCR\DsRead.MvfDsConfig" refers to invalid object "{CC00DB18-6181-453E-AC73-29556FA75D49}". Action Taken: No Action Taken.
Entry "HKCR\DsRead.MvfDSDVD" refers to invalid object "{4A4628EE-6867-4D3A-A4BB-53AD3D5B6117}". Action Taken: No Action Taken.
Entry "HKCR\DsRead.MvfDsPreview" refers to invalid object "{1E737355-AF3D-4845-97F1-0CDE264DD429}". Action Taken: No Action Taken.
Entry "HKCR\DsRead.MvfDsRead" refers to invalid object "{462D5E80-B0B3-11d4-991B-00D0B75D9023}". Action Taken: No Action Taken.
Entry "HKCR\DsRead.MvfDsWrite" refers to invalid object "{462D5E81-B0B3-11d4-991B-00D0B75D9023}". Action Taken: No Action Taken.
Entry "HKCR\DsRead.MvfImgRead" refers to invalid object "{E78AC518-7DA2-4A3D-A4FC-90A2C383F9DC}". Action Taken: No Action Taken.
Entry "HKCR\Fff.MvfDSFileBurn" refers to invalid object "{5DF04EA8-5B64-491E-9B9A-7253D2C62870}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Shell.Autoplay" refers to invalid object "{995C996E-D918-4a8c-A302-45719A6F4EA7}". Action Taken: No Action Taken.
Entry "HKCR\Shell.Autoplay.1" refers to invalid object "{995C996E-D918-4a8c-A302-45719A6F4EA7}". Action Taken: No Action Taken.
Entry "HKCR\Shell.AutoplayForSlideShow" refers to invalid object "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}". Action Taken: No Action Taken.
Entry "HKCR\Shell.HWEventHandlerShellExecute" refers to invalid object "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}". Action Taken: No Action Taken.
Entry "HKCR\SkinMgr.SkinMgrObj" refers to invalid object "{2294C466-0D91-4689-9762-C1E92CF079BB}". Action Taken: No Action Taken.
Entry "HKCR\Windows.BlockedDrivers" refers to invalid object "{783C030F-E948-487D-B35D-94FCF0F0C172}". Action Taken: No Action Taken.
Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
===============================================
Logfile of HijackThis v1.99.1
Scan saved at 7:04:24 AM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\gearsec.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\DOCUME~1\Ric\LOCALS~1\Temp\mwavscan.com
C:\DOCUME~1\Ric\LOCALS~1\Temp\kavss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pccheckup.dellfix.com/rel/?rands ... 9551101865
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/regwizard/Reg ... xample.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {3C200107-2959-4C6E-91B8-F6D911B398A8} (Driver_Detective_v43_Members.DD_v43) - http://www.drivershq.com/cab/prod/Drive ... embers.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/english/cybe ... ChkDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 7697851453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4648890515
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/ ... vt/mvt.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/35/ins ... downde.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

(Message edited by administrator for privacy)
RicBoltz
Regular Member
 
Posts: 16
Joined: August 20th, 2005, 5:41 am
Advertisement
Register to Remove

Unread postby NonSuch » October 1st, 2005, 8:00 pm

Hello,

Most likely what you're seeing on your MWAV scan are leftover remnants from a prior infection. Sometimes, unfortunately, even though the infection has been eradicated, it may have corrupted some of your system's files.

You may find some useful information for your InstallShield issue in this Microsoft article...

http://support.microsoft.com/default.aspx?kbid=290301

If that doesn't help you, and since this no longer appears to be a malware issue, I suggest you may want to visit a site that specializes in Windows XP problems/information...

http://www.theeldergeek.com/

http://www.theeldergeek.com/forum/

Regards,

NonSuch
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby NonSuch » October 13th, 2005, 7:36 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware