Tech Support Forum banner
Status
Not open for further replies.

Windows Installer is not found

4K views 35 replies 2 participants last post by  Ried 
#1 ·
I cannot install any programs. I am sure I don't have it installed. I am on Vista SP2

I think I may have some malware on my system.

One indication is that I get words colored and on mouseover a popup comes up for me to click on to go to another site.
 
#3 ·
Hello BrentC,

Where are your logs? By now you should be familiar with the first steps when posting in this section.

Given your history with our section of the forum - meaning you have begun many threads here and have a habit of abandoning them, we are hesitant to assist you with this issue.

I will help you with this, but before I expend a lot of energy and time on it, I would first like a guarantee from you, that you will follow through to the end.

I apologize if that seems harsh, but understand that we all volunteer in our spare time and our spare time is precious. Taking the time to respond and review logs for you, only to have you abandon threads is not only disrespectful to us, but that is time that one of our staff could have spent helping someone else.

One indication is that I get words colored and on mouseover a popup comes up for me to click on to go to another site.
On some sites, this is normal behavior - it's how the fund the operations of their website - advertising.
 
#6 ·
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16633
Run by Brent at 8:44:55 on 2015-03-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.574 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\hp\kbd\kbd.exe
C:\Program Files\HostsMan\hm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - <orphaned>
BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
BHO: PBlockHelper Class: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - c:\program files\netscape accelerator\PBHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: NOW!Imaging: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - c:\program files\netscape accelerator\components\NOWImaging.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Omiga Plus] "c:\program files\omiga plus\omigaplus.exe" /autorun
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [Launcher] c:\windows\sminst\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{11A0E024-00C9-47C3-B2D3-7A1F87D18164} : DHCPNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
TCP: Interfaces\{E33BEE49-EC61-4901-B1B7-E8EE2FE35D53} : DHCPNameServer = 192.168.1.254 75.153.176.9
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\41.0.2272.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-6 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-6 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-3-6 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-3-6 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-7-16 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-6 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-3-6 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-5-26 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-12-12 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-12 22856]
S2 MBAMScheduler;MBAMScheduler;"c:\users\user1\desktop\malwarebytes' anti-malware\mbamscheduler.exe" --> c:\users\user1\desktop\malwarebytes' anti-malware\mbamscheduler.exe [?]
S3 Linksys_adapter;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200vista.sys [2014-1-15 1073216]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 528896]
.
=============== Created Last 30 ================
.
2015-03-24 09:33:09 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f4490d0a-9da9-46d6-81f8-597e456db73f}\offreg.dll
2015-03-24 06:24:36 9119072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f4490d0a-9da9-46d6-81f8-597e456db73f}\mpengine.dll
2015-03-23 18:01:47 -------- d-----w- c:\program files\TotalSystemCare
2015-03-22 10:38:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-22 10:38:12 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-22 10:37:41 2064384 ----a-w- c:\windows\system32\win32k.sys
2015-03-22 10:36:46 81560 ----a-w- c:\windows\system32\mscories.dll
2015-03-22 10:36:46 156824 ----a-w- c:\windows\system32\mscorier.dll
2015-03-22 10:36:46 1131664 ----a-w- c:\windows\system32\dfshim.dll
2015-03-22 10:35:43 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-22 10:35:40 619520 ----a-w- c:\windows\system32\adtschema.dll
2015-03-22 10:35:35 449536 ----a-w- c:\windows\system32\termsrv.dll
2015-03-22 10:35:04 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-03-22 10:34:06 2048 ----a-w- c:\windows\system32\tzres.dll
2015-03-22 10:12:09 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-22 10:12:08 1249280 ----a-w- c:\windows\system32\msxml3.dll
2015-03-22 10:11:40 499200 ----a-w- c:\windows\system32\kerberos.dll
2015-03-22 10:11:13 67072 ----a-w- c:\windows\system32\packager.dll
2015-03-22 10:10:17 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-03-22 10:09:47 297984 ----a-w- c:\windows\system32\gdi32.dll
2015-03-22 10:08:43 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-03-22 10:08:43 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-03-22 10:08:03 64000 ----a-w- c:\windows\system32\smss.exe
2015-03-22 10:08:03 49152 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-22 10:08:02 3604408 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-22 10:08:01 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-22 10:07:33 807936 ----a-w- c:\windows\system32\msctf.dll
2015-03-22 10:07:03 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-03-22 10:05:53 279040 ----a-w- c:\windows\system32\schannel.dll
2015-03-22 10:05:52 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-22 10:05:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-22 10:05:07 2264064 ----a-w- c:\windows\system32\msi.dll
2015-03-22 10:03:41 396800 ----a-w- c:\windows\system32\AudioEng.dll
2015-03-22 10:03:41 316928 ----a-w- c:\windows\system32\audiosrv.dll
2015-03-22 10:03:40 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-03-22 10:03:40 170496 ----a-w- c:\windows\system32\EncDump.dll
2015-03-22 10:03:15 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-03-22 10:03:15 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-03-22 10:03:15 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-03-22 10:02:14 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2015-03-22 10:00:56 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-03-22 10:00:40 153600 ----a-w- c:\windows\system32\profsvc.dll
.
==================== Find3M ====================
.
2015-03-21 20:43:30 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-21 20:43:30 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-21 18:29:56 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-02-24 11:23:36 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-21 17:34:42 367104 ----a-w- c:\windows\system32\html.iec
2015-02-21 17:28:34 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-21 17:21:58 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-02-21 17:21:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-21 17:19:32 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-21 17:19:29 421376 ----a-w- c:\windows\system32\vbscript.dll
2015-02-21 17:18:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-21 17:18:03 11776 ----a-w- c:\windows\system32\mshta.exe
2012-08-13 08:58:22 473600 ----a-w- c:\program files\setup.exe
2012-08-13 08:58:22 3162112 ----a-w- c:\program files\openofficeorg341.msi
.
============= FINISH: 8:46:30.79 ===============
 

Attachments

#7 ·
Hi Brent,

Thanks, I appreciate it. :smile:

I'd like to get a more detailed look. Please download Farbar Recovery Scan Tool from here Farbar Recovery Scan Tool Download and save it to your desktop.

Note: You need to run the version compatible with your system - for you this would be the 32-bit version.

**After you click Download Now 32-bit, another page will open -- DO NOT CLICK ANY ADDITIONAL 'download now' buttons, just wait and look toward the bottom of your browser for the option to Run or Save. Click Save.

•Double-click to run it. When the tool opens click Yes to the disclaimer.

•Click the Scan button.

•When the scan has finished, it will make a log (FRST.txt) in the same directory the tool is run. Please attach the FRST.txt in your reply.

•The first time the tool is run, it also creates another log named Addition.txt. Please attach that to your next reply as well.
 
#9 ·
Hi Brent,

When you say it pops up with the Run option, are you referring to the Windows prompt asking what to do? Are you double clicking it from the Download folder?

Easiest way is to tell you to double click it from the Download folder, ok the prompt to run, then click the Scan button
 
#11 ·
Hi Brent,

Your biggest problem are system errors but I do see some junk that should be removed so let's deal with that

I see you have Malwarebytes installed, but it is a horribly outdated version - when's the last time you scanned with it?

Uninstall it via Control Program>Programs and features, then download and install the latest version from here:

Malwarebytes | Thank you for downloading Malwarebytes Anti-Malware

Let it update, then run a Threat Scan. When it has finished, send me the log so I can see what it did find and what's left.

To send me the log, launch Malwarebytes
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click ‘Export’.
Click ‘Text file (*.txt)’
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named ‘File Saved’ should appear stating “Your file has been successfully exported”.
Click Ok
Attach that saved log to your next reply.
 
#14 ·
Hi Brent,

Hostman is up to you - how often do you need to manage your Hosts file?

I appreciate the log you attached, but that is the Protection Log - can you send me the Scan log? The Scan log will show me what was detected.
 
#17 ·
Brent, open Malwarebytes and click on the History Tab (same place you went and found the Protection log)

Click Application Logs and you'll 2 types of logs:

-Protection Logs
-Scan Logs

Find the Scan log
Click ‘Export’.
Click ‘Text file (*.txt)’
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named ‘File Saved’ should appear stating “Your file has been successfully exported”.
Click Ok
Attach that saved log to your next reply.
 
#19 ·
Thanks Brent.

Please download AdwCleaner from this link Downloading AdwCleaner and save it to your desktop.

NOTE: DO NOT CLICK any of the Download buttons. Look to the bottom of your browser and select 'Save'


• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• When it has finished, click the Logs button and a log will automatically open. Please attach that log in your reply.

You can also find the log file at C:\AdwCleaner\AdwCleaner[Rn].txt ('n' is the scan order number).

Regards,

Lisa
 
#21 ·
Thanks Brent.

Click Start>Control Panel>Programs and Features and uninstall TotalSystemCare

After you've done that, run another scan with AdwCleaner and this time allow it to clean all it has detected. It will require a reboot so be sure to close out anything you may be working on before you click the Clean button.

Let me know if there is any improvement in being able to install programs.
 
#22 ·
The reboot was faster than usual. But some strange things happened after it. When I clicked on Chrome for the first it got hung up and in the tab it said Installer not found. I then stopped Chrome and restarted it and finally it worked ok.

Will you give me another suggestion for something to install, that is free? I am reluctant to buy anything online.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top