Tech Support Forum - View Single Post - cannot install any spyware removing software

Sempurna · 05-05-2007, 07:07 PM

Hi j1477,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here’s what we do first.

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [Trickler] "c:\program files\divx\divx pro codec\gain_trickler_3202.exe"

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.

NEXT:

Please download OTMoveIt by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\program files\divx\divx pro codec\gain_trickler_3202.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\hidr.exe
C:\WINDOWS\system32\svchost
C:\program files\divx
Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
Click the red MoveIt! button.
Close OTMoveIt.
Please post the log from OTMoveIt, located here:

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT:

Please download WinSock XP Fix by Option^Explicit:

Place it on your desktop.
Run WinsockxpFix.exe and click "Reg backup".
Your current registry will be saved in the folder "ERDNT".
Then click FIX.
Your system will reboot.

NEXT:

Please download CCleaner (freeware) and save it to your desktop:

Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Once installed, run CCleaner and click the Windows tab.
Select the following:
- Check everything under the Internet Explorer section.
- Check everything under the Windows Explorer section.
- Check everything under the System section.
- Check ONLY Old Prefetch data under the Advanced section.
Then, click the Applications tab:
- UNCHECK everything there.
Next, click the Options button, then click the Advanced button:
- UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

NEXT:

I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :)

So, let’s set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. It’s ranked #2 in the latest anti-virus test here:
http://www.virus.gr/english/fullxml/default.asp?id=82

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.

Please remember to register for your Activation Code using a legitimate email address.
Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
Then please update the program and run a scan on My Computer. Allow it to neutralize all that it finds.
When done, launch Active Virus Shield's main window.
Click the Scan button on the left, and then click Detected.
In the ensuing window, click the Save As button to save a copy of the log.
Copy and paste that log in your next reply.

Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

Save it to your desktop.
Double-click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

The log from OTMoveIt.
The log from the Active Virus Shield scan.
The log from the ComboFix scan.
A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

05-05-2007, 07:07 PM	#3 (permalink)
Sempurna Analyst, Security Team Join Date: Sep 2006 Posts: 1,302 OS: Windows XP SP2	Re: cannot install any spyware removing software Hi j1477, Welcome to Tech Support Forum! I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help. OK, here’s what we do first. Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present): R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) O4 - HKLM\..\Run: [Trickler] "c:\program files\divx\divx pro codec\gain_trickler_3202.exe" Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked". Then please exit HijackThis. NEXT: Please download OTMoveIt by OldTimer: Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): C:\program files\divx\divx pro codec\gain_trickler_3202.exe C:\WINDOWS\system32\hldrrr.exe C:\WINDOWS\system32\hidr.exe C:\WINDOWS\system32\svchost C:\program files\divx Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste. Click the red MoveIt! button. Close OTMoveIt. Please post the log from OTMoveIt, located here: C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss is the date of the tool run. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. NEXT: Please download WinSock XP Fix by Option^Explicit: Place it on your desktop. Run WinsockxpFix.exe and click "Reg backup". Your current registry will be saved in the folder "ERDNT". Then click FIX. Your system will reboot. NEXT: Please download CCleaner (freeware) and save it to your desktop: Run the CCleaner installer. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar". Once installed, run CCleaner and click the Windows tab. Select the following: Check everything under the Internet Explorer section. Check everything under the Windows Explorer section. Check everything under the System section. Check ONLY Old Prefetch data under the Advanced section. Then, click the Applications tab: UNCHECK everything there. Next, click the Options button, then click the Advanced button: UNCHECK : "Only delete files in Windows Temp folders older than 48 hours". Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit. CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system. NEXT: I notice that your system doesn’t have an anti-virus program running. This can be suicidal in today’s digital age. :) So, let’s set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. It’s ranked #2 in the latest anti-virus test here: http://www.virus.gr/english/fullxml/default.asp?id=82 Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop. Please remember to register for your Activation Code using a legitimate email address. Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process: Then please update the program and run a scan on My Computer. Allow it to neutralize all that it finds. When done, launch Active Virus Shield's main window. Click the Scan button on the left, and then click Detected. In the ensuing window, click the Save As button to save a copy of the log. Copy and paste that log in your next reply. Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable. NEXT: Please download ComboFix by sUBs: NOTE: In the event you already have ComboFix, this is a new version that I need you to download. Save it to your desktop. Double-click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply: The log from OTMoveIt. The log from the Active Virus Shield scan. The log from the ComboFix scan. A new HijackThis log. (You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software). Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted. __________________ Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum