Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page cannot install any spyware removing software
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 2 1 2
 
LinkBack Thread Tools
Old 05-15-2007, 02:02 PM   #21 (permalink)
Registered User
 
Join Date: May 2007
Posts: 27
OS: win XP


Re: cannot install any spyware removing software
I have uninstalled AVG and am trying to install active virus shield, but it keeps saying "installation ended prematurely because of an error".
j1477 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-15-2007, 10:01 PM   #22 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: cannot install any spyware removing software
Hi j1477,

Could you delete your current copy of Flash Disinfector, download a new copy, and run it?

There should be some evidence of the tool running successfully, and I don’t see it in your logs.

There is no longer any active malware on your system. Just some leftovers to take care of.

OK, let’s do this next.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste REGEDIT4 as well):

Code:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20941b4c-de19-11db-8e3e-4c0010523213}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bd69b7e-d51a-11db-8e11-9a96f8d92f88}]
Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop.

It should look like this:

Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.

In case you still are unsure on how to create a REG file, please take a look HERE with screenshots.


NEXT:

Please delete these FOLDERS:

C:\Program Files\iMesh
C:\Program Files\WinMX Music


NEXT:

For AVS problem, try installing it in Safe Mode and see what happens.

Please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Let me know how things go.


NEXT:

Please post a new HijackThis log and a new ComboFix log in your next reply. Also, please let me know of any persistent problems.

Cheers!
~ Sempurna
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 05-15-2007 at 10:14 PM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2007, 02:41 AM   #23 (permalink)
Registered User
 
Join Date: May 2007
Posts: 27
OS: win XP


Re: cannot install any spyware removing software
Hey Sempurna

I couldn't install avs in safe mode, it says "The windows installer service could not be accessed. This can occur if you're running windows in safe mode, or if the windows installer is not correctly installed" :( . So right now, I have no antivirus in my pc. By the way, I like avg since all other virus guards slow down my pc, since I only have 128M RAM. Should I reinstall AVG?

Combofix log:

"Laura" - 2007-05-16 14:08:26 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Laura\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 ))))))))))))))))))))))))))))))))))


2007-05-16 13:48 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-05-16 13:47 <DIR> drahs---- C:\autorun.inf
2007-05-16 02:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-16 02:20 2,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-16 00:40 <DIR> d--hs---- C:\FOUND.002
2007-05-16 00:37 <DIR> d-------- C:\WINDOWS\system\msvcp71.dll
2007-05-12 22:28 <DIR> d-------- C:\DOCUME~1\Laura\DoctorWeb
2007-05-11 14:49 <DIR> d--hs---- C:\FOUND.001
2007-05-09 20:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-05 23:28 <DIR> d--hs---- C:\FOUND.000
2007-05-05 22:56 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-05 22:18 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-05-05 22:16 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-05 22:16 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-05 19:07 <DIR> d-------- C:\DOCUME~1\Asraf\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 16:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-05 16:58 <DIR> d-------- C:\DOCUME~1\Laura\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 16:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 15:57 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-04-30 09:46 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2007-04-30 09:46 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
2007-04-30 09:46 <DIR> d-------- C:\temp\DivX_311alpha
2007-04-28 20:11 <DIR> d-------- C:\WINDOWS\exefld
2007-04-19 21:57 <DIR> d-------- C:\download
2007-04-19 21:57 <DIR> d-------- C:\DOCUME~1\Laura\APPLIC~1\Offline Explorer
2007-04-19 21:55 <DIR> d-------- C:\Program Files\Offline Explorer Pro
2007-04-16 02:21 <DIR> d-------- C:\mysqldriver


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-05 15:23:04 22,748 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-13 12:49:36 -------- d-----w C:\Program Files\Canon
2007-04-13 05:53:08 -------- d-----w C:\Program Files\MSECache
2007-04-08 11:15:26 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-08 10:41:30 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-04-06 17:43:32 -------- d-----w C:\Program Files\NimoCodec Pack
2007-04-06 07:16:46 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-06 06:39:08 -------- d-----w C:\Program Files\Cheetah Burner
2007-04-05 16:18:02 -------- d-----w C:\Program Files\Hero3000
2007-04-05 13:01:32 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Help
2007-04-05 06:15:04 -------- d-----w C:\Program Files\BanglaSoftwareGroup
2007-04-03 13:09:14 -------- d-----w C:\Program Files\Emule Speed Booster
2007-04-03 06:08:54 -------- d-----w C:\Program Files\Webshots
2007-04-03 06:08:54 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Webshots
2007-04-03 03:16:52 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\vlc
2007-04-03 03:09:58 -------- d-----w C:\Program Files\VideoLAN
2007-04-02 19:59:28 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-04-02 19:59:28 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\TuneUp Software
2007-04-02 19:58:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-30 17:12:46 0 ----a-w C:\CONFIG.SYS
2007-03-30 17:12:46 0 ----a-w C:\AUTOEXEC.BAT
2007-03-29 19:30:40 -------- d-----w C:\Program Files\Proxifier
2007-03-29 15:41:22 -------- d-----w C:\Program Files\eMule
2007-03-29 11:12:20 -------- d-----w C:\Program Files\eMule.de
2007-03-29 11:08:44 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Google
2007-03-28 14:00:54 -------- d-----w C:\Program Files\WordWeb
2007-03-27 16:48:56 -------- d-----w C:\Program Files\Google
2007-03-26 16:28:08 -------- d--h--r C:\DOCUME~1\Laura\APPLIC~1\yahoo!
2007-03-25 20:53:56 -------- d-----w C:\Program Files\Yahoo!
2007-03-25 19:45:04 -------- d-----w C:\Program Files\DAP
2007-03-24 20:46:26 -------- d-----w C:\Program Files\directx
2007-03-24 20:45:22 -------- d-----w C:\Program Files\Multimedia V3.08
2007-03-24 18:43:24 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-24 18:43:00 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-23 09:34:12 65,536 --sh--w C:\VIDEOROM.BIN
2007-03-23 09:23:46 1,663 --sh--r C:\MSDOS.SYS
2007-03-19 04:20:08 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\AdobeUM
2007-03-19 04:02:38 -------- d-----w C:\Program Files\Winamp
2007-03-19 04:00:36 -------- d-----w C:\Program Files\Creative
2007-03-19 03:56:58 -------- d-----w C:\Program Files\TC PowerPack
2007-03-18 0520 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-18 05:03:10 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-18 05:01:54 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-18 05:01:40 -------- d-----w C:\Program Files\Movie Maker
2007-03-18 04:59:46 -------- d-----w C:\Program Files\Online Services
2007-03-18 04:59:34 -------- d-----w C:\Program Files\Messenger
2007-03-18 04:59:30 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-18 04:58:42 -------- d-----w C:\Program Files\Windows NT
2007-03-18 04:49:16 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-18 04:49:12 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-03-06 08:50:54 1,101,824 ----a-w C:\WINDOWS\system32\NMSDVDXU.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE}"="C:\Program Files\DAP\DAPIEBar.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiS Tray"="C:\\WINDOWS\\system32\\sistray.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"D066UUtility"="C:\\WINDOWS\\TWAIN_32\\D66U\\D066UUTY.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"avp6_post_uninstall"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"D066UUtility"="C:\\WINDOWS\\TWAIN_32\\D66U\\D066UUTY.EXE"
"ECS CLOCK"="C:\\WINDOWS\\system32\\ecsclock.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-16 14:10:36
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-16 14:10:44
C:\ComboFix-quarantined-files.txt ... 2007-05-16 14:10
C:\ComboFix3.txt ... 2007-05-15 21:55
C:\ComboFix2.txt ... 2007-05-16 01:17

++++++++++++++++++++++++++++++++++++++++++++++++++++++

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:35:29 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TC PowerPack\totalcmd.exe
E:\CD\software\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
j1477 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2007, 02:44 AM   #24 (permalink)
Registered User
 
Join Date: May 2007
Posts: 27
OS: win XP


Re: cannot install any spyware removing software
By the way, I did download flash disinfector again, and ran it. This time it said "done successfully" :)
j1477 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2007, 03:53 AM   #25 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: cannot install any spyware removing software
Hi j1477,

Yep, your logs show that Flash Disinfector ran to completion successfully. Well done!

Just some loose ends to tie up, and then we can let you go home.

Your version of Sun Java is out-of-date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older Java version components and update:
  • CLICK HERE to download the offline installer.
    • Select "Java Runtime Environment (JRE) 6u1" and click the "Download" button to the right.
    • Check the box that says "Accept License Agreement".
    • Click on the link to download "Windows Offline Installation, Multi-language".
    • Save the file to your desktop.
  • Next, uninstall your currently installed version from Add/Remove Programs.
  • If you have older versions listed uninstall them also. If you simply update to the new version it leaves the older versions still installed, complete with previous vulnerabilities.
  • Examples of older versions in Add/Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
  • Reboot your system.
  • Install the new version by double-clicking on the file you downloaded.


NEXT:

Everything looks great --- your HijackThis log appears to be clean.

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!)
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there.

  • Firewall (a must!)
    It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.
    Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

  • Anti-Virus (a must!)
    It is also a must have. I would recommend this excellent and FREE program, Active Virus Shield Powered by Kaspersky (NOTE: please do NOT install the Security Toolbar that comes with it).
    Other good and FREE alternatives are AntiVir, Avast!, and AVG.
    Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

  • SpywareBlaster
    This is a great FREE prevention tool to keep nasties from installing on your system.
    Tutorial: How to use!

  • IE-SPYAD
    This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    Tutorial: How to use!

  • Spybot - Search & Destroy
    This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
    Tutorial: How to use!

  • Ad-Aware SE
    This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware SE and Spybot Search & Destroy compliment each other very well.
    Tutorial: How to use!

  • AVG Anti-Spyware
    This is an excellent FREE scanner to look for trojans and other nasties that might be residing in your system.
    User Manual: How to use!

  • SUPERAntiSpyware
    This is another excellent FREE scanner to look for nasties that might be lurking in your system. SUPERAntiSpyware and AVG Anti-Spyware compliment each other very well.
    Quick Guide: How to use!

Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Hopefully this should take care of your problems! Good luck!


Please respond one more time and let me know you received this post, so that it can be marked as resolved, unless you have other problems.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-17-2007, 04:58 AM   #26 (permalink)
Registered User
 
Join Date: May 2007
Posts: 27
OS: win XP


Re: cannot install any spyware removing software
Hi Sempurna,

Thank you for all your suggestions. Hopefully my system looks better now. Here are the logs:

"Laura" - 2007-05-17 16:52:59 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Laura\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-17 ))))))))))))))))))))))))))))))))))


2007-05-17 01:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-17 00:46 <DIR> d-------- C:\Program Files\Windows Resource Kits
2007-05-16 13:48 26,112 --a------ C:\WINDOWS\system32\nircmd.exe
2007-05-16 13:47 <DIR> drahs---- C:\autorun.inf
2007-05-16 02:20 7,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-16 02:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-16 00:40 <DIR> d--hs---- C:\FOUND.002
2007-05-12 22:28 <DIR> d-------- C:\DOCUME~1\Laura\DoctorWeb
2007-05-11 14:49 <DIR> d--hs---- C:\FOUND.001
2007-05-09 20:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-05 23:28 <DIR> d--hs---- C:\FOUND.000
2007-05-05 22:56 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-05 22:18 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-05-05 22:16 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-05 22:16 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-05 19:07 <DIR> d-------- C:\DOCUME~1\Asraf\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 16:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-05 16:58 <DIR> d-------- C:\DOCUME~1\Laura\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 16:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-05 15:57 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-04-30 09:46 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2007-04-30 09:46 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
2007-04-30 09:46 <DIR> d-------- C:\temp\DivX_311alpha
2007-04-28 20:11 <DIR> d-------- C:\WINDOWS\exefld
2007-04-19 21:57 <DIR> d-------- C:\download
2007-04-19 21:57 <DIR> d-------- C:\DOCUME~1\Laura\APPLIC~1\Offline Explorer
2007-04-19 21:55 <DIR> d-------- C:\Program Files\Offline Explorer Pro


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-05 15:23:04 22,748 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-13 12:49:36 -------- d-----w C:\Program Files\Canon
2007-04-13 05:53:08 -------- d-----w C:\Program Files\MSECache
2007-04-08 11:15:26 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-08 10:41:30 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-04-06 17:43:32 -------- d-----w C:\Program Files\NimoCodec Pack
2007-04-06 07:16:46 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-06 06:39:08 -------- d-----w C:\Program Files\Cheetah Burner
2007-04-05 16:18:02 -------- d-----w C:\Program Files\Hero3000
2007-04-05 13:01:32 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Help
2007-04-05 06:15:04 -------- d-----w C:\Program Files\BanglaSoftwareGroup
2007-04-03 13:09:14 -------- d-----w C:\Program Files\Emule Speed Booster
2007-04-03 06:08:54 -------- d-----w C:\Program Files\Webshots
2007-04-03 06:08:54 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Webshots
2007-04-03 03:16:52 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\vlc
2007-04-03 03:09:58 -------- d-----w C:\Program Files\VideoLAN
2007-04-02 19:59:28 -------- d-----w C:\Program Files\TuneUp Utilities 2006
2007-04-02 19:59:28 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\TuneUp Software
2007-04-02 19:58:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-30 17:12:46 0 ----a-w C:\CONFIG.SYS
2007-03-30 17:12:46 0 ----a-w C:\AUTOEXEC.BAT
2007-03-29 19:30:40 -------- d-----w C:\Program Files\Proxifier
2007-03-29 15:41:22 -------- d-----w C:\Program Files\eMule
2007-03-29 11:12:20 -------- d-----w C:\Program Files\eMule.de
2007-03-29 11:08:44 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\Google
2007-03-28 14:00:54 -------- d-----w C:\Program Files\WordWeb
2007-03-27 16:48:56 -------- d-----w C:\Program Files\Google
2007-03-26 16:28:08 -------- d--h--r C:\DOCUME~1\Laura\APPLIC~1\yahoo!
2007-03-25 20:53:56 -------- d-----w C:\Program Files\Yahoo!
2007-03-25 19:45:04 -------- d-----w C:\Program Files\DAP
2007-03-24 20:46:26 -------- d-----w C:\Program Files\directx
2007-03-24 20:45:22 -------- d-----w C:\Program Files\Multimedia V3.08
2007-03-24 18:43:24 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-24 18:43:00 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-23 09:34:12 65,536 --sh--w C:\VIDEOROM.BIN
2007-03-23 09:23:46 1,663 --sh--r C:\MSDOS.SYS
2007-03-19 04:20:08 -------- d-----w C:\DOCUME~1\Laura\APPLIC~1\AdobeUM
2007-03-19 04:02:38 -------- d-----w C:\Program Files\Winamp
2007-03-19 04:00:36 -------- d-----w C:\Program Files\Creative
2007-03-19 03:56:58 -------- d-----w C:\Program Files\TC PowerPack
2007-03-18 0520 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-18 05:03:10 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-18 05:01:54 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-18 05:01:40 -------- d-----w C:\Program Files\Movie Maker
2007-03-18 04:59:46 -------- d-----w C:\Program Files\Online Services
2007-03-18 04:59:34 -------- d-----w C:\Program Files\Messenger
2007-03-18 04:59:30 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-18 04:58:42 -------- d-----w C:\Program Files\Windows NT
2007-03-18 04:49:16 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-18 04:49:12 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 08:50:54 1,101,824 ----a-w C:\WINDOWS\system32\NMSDVDXU.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE}"="C:\Program Files\DAP\DAPIEBar.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiS Tray"="C:\\WINDOWS\\system32\\sistray.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"D066UUtility"="C:\\WINDOWS\\TWAIN_32\\D66U\\D066UUTY.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"D066UUtility"="C:\\WINDOWS\\TWAIN_32\\D66U\\D066UUTY.EXE"
"ECS CLOCK"="C:\\WINDOWS\\system32\\ecsclock.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-17 16:58:47
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-17 16:59:30
C:\ComboFix3.txt ... 2007-05-16 14:10
C:\ComboFix-quarantined-files.txt ... 2007-05-17 16:59
C:\ComboFix2.txt ... 2007-05-16 19:44

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 5:00:37 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TC PowerPack\totalcmd.exe
E:\CD\software\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'prxernsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1179332195203
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
j1477 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-17-2007, 08:26 AM   #27 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: cannot install any spyware removing software
Hi j1477,

The logs appear to be clean as a whistle.

Take care, and have a good one!
~ Sempurna
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:53 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85