Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Another installation is already in progress?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Another installation is already in progress?

Unread postby mdavis07502 » December 10th, 2010, 4:50 pm

Yesterday, while websurfing I click on a site that created a virus on my computer, so I immediately ran Malwarebytes. It found 6 items which was cleaned & deleted. (Listing below)

Today I went to add a new program was told that another installation is already in process. I downloaded HiJackThis and here is the results.

Thanks inadvance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:23 PM, on 12/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\windows\System32\smss.exe
I:\windows\system32\winlogon.exe
I:\windows\system32\services.exe
I:\windows\system32\lsass.exe
I:\windows\system32\svchost.exe
I:\windows\System32\svchost.exe
I:\windows\system32\spoolsv.exe
I:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfsdkS.exe
I:\windows\system32\svchost.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Common Files\LightScribe\LSSrvc.exe
I:\Program Files\Common Files\Motive\McciCMService.exe
I:\Program Files\Microsoft LifeCam\MSCamS32.exe
I:\windows\System32\svchost.exe
I:\windows\system32\nvsvc32.exe
I:\windows\System32\svchost.exe
I:\Program Files\CyberLink\Shared Files\RichVideo.exe
I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
I:\windows\system32\svchost.exe
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
I:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
I:\windows\Explorer.EXE
I:\windows\system32\wscntfy.exe
I:\windows\RTHDCPL.EXE
I:\windows\system32\RUNDLL32.EXE
I:\Program Files\Common Files\Java\Java Update\jusched.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
I:\windows\System32\svchost.exe
I:\Program Files\DivX\DivX Update\DivXUpdate.exe
I:\windows\system32\ctfmon.exe
I:\Program Files\Skype\Phone\Skype.exe
I:\Program Files\Software Informer\softinfo.exe
I:\Program Files\AWS\WeatherBug\Weather.exe
I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
I:\Program Files\WinZip\WZQKPICK.EXE
I:\Program Files\Skype\Plugin Manager\skypePM.exe
I:\windows\system32\wuauclt.exe
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\Program Files\Microsoft Office\Office12\WINWORD.EXE
I:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
I:\Program Files\Microsoft Office\Office12\EXCEL.EXE
I:\WINDOWS\system32\notepad.exe
I:\Program Files\Vuze\Azureus.exe
I:\windows\system32\msiexec.exe
J:\Downloads\eBooks\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - I:\Program Files\alot\bin\BHO\alotBHO.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - I:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - I:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file)
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - I:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - I:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - I:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - I:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - I:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: @I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - I:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] I:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "I:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "I:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Bing Bar] "I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "I:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "I:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "I:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Software Informer] I:\Program Files\Software Informer\softinfo.exe -autorun
O4 - HKCU\..\Run: [Weather] I:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = I:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Save Page As PDF ... - file://I:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - I:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - I:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {96538116-AB8C-4879-9F21-BD2BFE22A414} - I:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - I:\windows\system32\shdocvw.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - I:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - I:\windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - I:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - I:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - I:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x ... DASAct.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - I:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfsdkS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - I:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10612 bytes


Uninstall List
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
7-Zip 4.65
ABC Amber FireFox Converter
ABC Amber LIT Converter
ABC Amber Outlook Express Converter
ABC Amber Palm Converter
ABC Amber PDF Converter
ABC Amber Text Converter
ABC Amber Text Merger
ABC Amber Torrent Converter
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
ALOT Toolbar
AML Free Registry Cleaner 4.21
Ashampoo WinOptimizer 6.60
Ask Toolbar
Barnes & Noble Desktop Reader
Bing Bar
Bing Bar Platform
calibre
Collectorz.com Book Collector
Collectorz.com MP3 Collector
Combined Community Codec Pack 2009-09-09
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
Directory Lister v0.9.1
Disk Index
Disk Index
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Access v1.2.7
eReader
eXcel Change Case
Febooti fileTweak Case
Free PDF to Word Doc Converter v1.1
FreeDBGrabber
FrostWire 4.21.1
Glary Registry Repair 3.3.0.852
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Document Explorer 2008 (KB953196)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPSSupply
IZArc 4.1.2
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 21
Jigsaws Galore
Junk Mail filter update
Karen's Directory Printer
kikin plugin 2.8
LimeWire 5.5.13
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Corporation
Microsoft Default Manager
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Windows 7 (7.0)
Mobipocket Creator 4.2
Mobipocket Reader 6.2
Movie Player 1.0.5
Mozilla Firefox (3.6.13)
MP3 Observer HOME 3.0
MSN
MSN Font Color Editor 4.2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Essentials
OGA Notifier 2.0.0048.0
OmniFormat
PDF Download for Internet Explorer
PDF OCR 4.0
PDFTiger
PDFTiger Kernel
PDFTigerDriver
PowerDVD
PriceGong 2.1.0
Rainbow Folders
Raptr
Read in Microsoft Reader Add-in for Microsoft Word
Real Alternative 2.0.2
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RegCure
Regi Dean's Recipes 3.2.3.1
RPS CRT
RPS CRT
Scrubbu Media Search Tool
SearchWithin
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Silverwolf's Cooking Converter
Skype Toolbars
Skype™ 4.2
Software Informer 1.0 BETA
Some PDF to Word Converter 1.5
StyleFolder 1.0.3
UltraPdf
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USD 2007 V5 by nemesis63 (remove only)
Usenet.nl
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.3
WeatherBug
WebArchivesViewer
Windows Double Explorer
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
WinZip 14.5
xplorer² lite 32 bit
XviD MPEG-4 Codec


Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4893

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/9/2010 9:36:20 AM
mbam-log-2010-12-09 (09-36-20).txt

Scan type: Quick scan
Objects scanned: 155594
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17n077sf-1m42-t352-2gdu-3mic50pua72h} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1v54l874-20hx-jp35-pylk-y4145v7j0775} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\WINDOWS\system32\Webrooteer\Svchost.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
I:\Documents and Settings\MARCHELLE . D\Application Data\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
I:\Documents and Settings\MARCHELLE . D\Local Settings\temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
I:\Documents and Settings\MARCHELLE . D\Local Settings\temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
I:\Documents and Settings\MARCHELLE . D\Local Settings\temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
I:\Documents and Settings\MARCHELLE . D\Local Settings\temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
mdavis07502
Active Member
 
Posts: 1
Joined: December 10th, 2010, 4:34 pm
Top
Advertisement
Register to Remove

Re: Another installation is already in progress?

Unread postby deltalima » December 13th, 2010, 4:27 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: Another installation is already in progress?

Unread postby deltalima » December 13th, 2010, 4:46 pm

Hi mdavis07502,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


    µTorrent
    Azureus
    FrostWire 4.21.1
    LimeWire 5.5.13


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: Another installation is already in progress?

Unread postby Cypher » December 16th, 2010, 4:08 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 123 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index