[SOLVED] Cannot Access Add/ Remove Programs

eniksleestack · 12-04-2008, 10:54 PM

I have a few issues that may be virus related. I apparently cannot access Add/Remove programs and when I try to update various programs I get an error that says basically "because msi.dll file was not found". I have run a CCleaner but that has not helped.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:05 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195791650441
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7375

Thnaks in advance

Katana · 12-05-2008, 02:00 PM

Quote:

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Installed Programs

Please could you give me a list of the programs that are installed.

Start HijackThis
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

eniksleestack · 12-05-2008, 05:09 PM

Hello, Katana

Thanks for helping me. Here is the list you requested:

Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop v4.0
Ahead Nero 6 Demo
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
AVG Free 8.0
BitLord 1.1
Bonjour
CCleaner (remove only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
EPSON Printer Software
EPSON Scan
Foxit Reader
GTK+ 2.10.13 runtime environment
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
hp LaserJet 1010 Series
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Maxtor Backup
Maxtor OneTouch III
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSXML 6.0 Parser (KB933579)
OpenOffice.org 2.4
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
QuickTime
Realtek High Definition Audio Driver
RegCure 1.5.0.1
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB923789)
Synaptics Pointing Device Driver
TaxCut California 2007
TaxCut Premium + State + Efile 2007
Texas Instruments PCIxx21/x515/xx12 drivers.
VideoLAN VLC media player 0.8.6c
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip 11.1

Katana · 12-06-2008, 03:35 AM

Do you have the Combofix log ?

eniksleestack · 12-06-2008, 10:36 AM

Here it is:

ComboFix 08-12-05.06 - sleestack 2008-12-06 9:30:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.483 [GMT -8:00]
Running from: c:\documents and settings\sleestack\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sleestack\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-04 21:30 . 2008-12-04 21:30 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 16:58 . 2008-12-03 17:31 <DIR> d-------- C:\JOHN_ADAMS_DISC1
2008-11-25 18:19 . 2008-11-25 18:32 <DIR> d-------- C:\PRENATAL
2008-11-19 20:04 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-19 20:04 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-19 20:04 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-19 20:04 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-19 20:04 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-19 20:04 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-11-19 20:04 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-19 20:04 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-11-12 10:58 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 10:58 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 06:32 --------- d-----w c:\documents and settings\sleestack\Application Data\OpenOffice.org2
2008-12-04 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-26 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-11-17 00:40 --------- d-----w c:\documents and settings\sleestack\Application Data\dvdcss
2008-10-27 06:28 --------- d-----w c:\program files\RegCure
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 05:57 --------- d-----w c:\program files\Yahoo!
2008-10-19 05:46 --------- d-----w c:\program files\CCleaner
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-09 01:31 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-09 01:31 47,360 ----a-w c:\documents and settings\sleestack\Application Data\pcouffin.sys
2008-10-09 01:31 --------- d-----w c:\program files\DVDFab 5
2008-10-09 01:31 --------- d-----w c:\documents and settings\sleestack\Application Data\Vso
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-27 888832]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE" [2003-06-03 99840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

c:\documents and settings\sleestack\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 1697112]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-09 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-09 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-09 76040]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-06 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 13:21]

2008-11-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uInternet Settings,ProxyOverride = <local>;*.local
FireFox -: Profile - c:\documents and settings\sleestack\Application Data\Mozilla\Firefox\Profiles\ktdryg22.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ebay.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 09:31:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-06 9:32:48
ComboFix-quarantined-files.txt 2008-12-06 17:32:46

Pre-Run: 23,089,729,536 bytes free
Post-Run: 28,297,437,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

148 --- E O F --- 2008-11-13 18:57:01

Katana · 12-06-2008, 11:57 AM

Please see if Add/Remove is working

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

eniksleestack · 12-07-2008, 11:23 AM

Here's the combofix and kapersky logs:

ComboFix 08-12-05.06 - sleestack 2008-12-07 10:15:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.633 [GMT -8:00]
Running from: c:\documents and settings\sleestack\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-04 21:30 . 2008-12-04 21:30 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 16:58 . 2008-12-03 17:31 <DIR> d-------- C:\JOHN_ADAMS_DISC1
2008-11-25 18:19 . 2008-11-25 18:32 <DIR> d-------- C:\PRENATAL
2008-11-19 20:04 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-19 20:04 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-19 20:04 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-19 20:04 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-19 20:04 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-19 20:04 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-11-19 20:04 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-19 20:04 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-11-12 10:58 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 10:58 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 04:59 --------- d-----w c:\documents and settings\sleestack\Application Data\OpenOffice.org2
2008-12-04 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-26 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-11-17 00:40 --------- d-----w c:\documents and settings\sleestack\Application Data\dvdcss
2008-10-27 06:28 --------- d-----w c:\program files\RegCure
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 05:57 --------- d-----w c:\program files\Yahoo!
2008-10-19 05:46 --------- d-----w c:\program files\CCleaner
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-09 01:31 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-09 01:31 47,360 ----a-w c:\documents and settings\sleestack\Application Data\pcouffin.sys
2008-10-09 01:31 --------- d-----w c:\program files\DVDFab 5
2008-10-09 01:31 --------- d-----w c:\documents and settings\sleestack\Application Data\Vso
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-27 888832]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE" [2003-06-03 99840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]

c:\documents and settings\sleestack\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 1697112]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-09 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-09 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-09 76040]
.
Contents of the 'Scheduled Tasks' folder

2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-12-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 13:21]

2008-11-20 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uInternet Settings,ProxyOverride = <local>;*.local
FireFox -: Profile - c:\documents and settings\sleestack\Application Data\Mozilla\Firefox\Profiles\ktdryg22.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ebay.com/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 10:18:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-07 10:19:16
ComboFix-quarantined-files.txt 2008-12-07 18:19:06
ComboFix2.txt 2008-12-06 17:32:50

Pre-Run: 27,450,982,400 bytes free
Post-Run: 27,962,683,392 bytes free

137 --- E O F --- 2008-11-13 18:57:01

kaperksy:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 7, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 03:56:00
Records in database: 1441542
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 79378
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:57:41

No malware has been detected. The scan area is clean.

The selected area was scanned.

Katana · 12-07-2008, 12:56 PM

Please see if Add/Remove is working

eniksleestack · 12-07-2008, 02:44 PM

Nope, still doesn't open. The hourglass icon comes on briefly but then disappears.

Katana · 12-07-2008, 02:57 PM

Please download FileLook by jpshortstuff from one of these mirrors:
Link 1
Link 2

Double-click FileLook.exe to run it.
Ensure that the BBCode Ouput checkbox is checked.
Copy the content of the following codebox into the main textfield:
Code:
```
msi.dll /s
```
Click the FileLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at C:\fl_log.txt

eniksleestack · 12-07-2008, 06:45 PM

FileLook.exe v2.0 by jpshortstuff
Log created at 17:43 on 07/12/2008
==================================
FileSearch - "MSI.DLL"

C:\WINDOWS\$NtServicePackUninstall$\msi.dll (2854400 bytes - created on 07/09/2008 at 01:31, modified on 18/04/2007 at 16:12)
C:\WINDOWS\ServicePackFiles\i386\msi.dll (2843136 bytes - created on 29/08/2008 at 23:53, modified on 14/04/2008 at 00:11)

==============================

=EOF=

Katana · 12-08-2008, 06:49 AM

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it fix.bat Please save it on your desktop.

Quote:

@echo off
copy /y "C:\WINDOWS\ServicePackFiles\i386\msi.dll" "C:\Windows\System32\msi.dll"
If exist "C:\Windows\System32\msi.dll" goto done
Echo Failed !!
Pause
del /q %0
exit
:Done
echo Please Press any Key and then Reboot
Pause
del /q %0
exit

Double click on fix.bat
This should only take a second

If it asks you to reboot please do so, and then try Add/Remove
Please let me know what happens

eniksleestack · 12-08-2008, 01:46 PM

Yes! Thanks, I can now access Add/Remove Programs...

Hmm, however it seems that I can still not update programs. I get a error message that "Windows Installer Service could not be accessed..."

Katana · 12-08-2008, 02:06 PM

Double-click FileLook.exe to run it.
Ensure that the BBCode Ouput checkbox is checked.
Copy the content of the following codebox into the main textfield:
Code:
```
Msiexec.exe /s
```
Click the FileLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at C:\fl_log.txt

eniksleestack · 12-08-2008, 04:33 PM

FileLook.exe v2.0 by jpshortstuff
Log created at 15:29 on 08/12/2008
==================================
FileSearch - "MSIEXEC.EXE"

C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe (78848 bytes - created on 07/09/2008 at 01:31, modified on 04/05/2005 at 22:45)
C:\WINDOWS\ServicePackFiles\i386\msiexec.exe (78848 bytes - created on 29/08/2008 at 23:53, modified on 14/04/2008 at 00:12)

==============================

=EOF=

Katana · 12-08-2008, 04:49 PM

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it fix.bat Please save it on your desktop.

Quote:

@echo off
copy /y "C:\WINDOWS\ServicePackFiles\i386\msiexec.exe" "C:\Windows\System32\msiexec.exe"
If exist "C:\Windows\System32\msiexec.exe" goto done
Echo Failed !!
Pause
del /q %0
exit
:Done
echo Please Press any Key and then Reboot
Pause
del /q %0
exit

Double click on fix.bat
This should only take a second

If it asks you to reboot please do so, and then try Add/Remove
Please let me know what happens

eniksleestack · 12-08-2008, 05:08 PM

Okay, tried that. I still have access to Add/Remove Program but when I try to update iTunes, for instance, I still get the "Windows Installer Service could not be accessed..." error message.

Katana · 12-09-2008, 02:15 AM

It looks like some system files have been deleted and for some reason Windows File Protection hasn't replaced them.

There is no malware left, you just need the system making stable
I'm going to recommend that you visit the OS room, as they have more experience with this than I do.

http://www.techsupportforum.com/micr...ws-xp-support/

When you start your thread, explain what the problem is and let them know that you have been checked for malware.
Give them the following link, so they can see the logs if needed

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/320364-cannot-access-add-remove-programs.html

Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe, FileLook.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.

Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/par...avwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy <<< A must have program
- It includes host protection and registry protection
- A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware <<< A New and effective program
a-squared Free <<< A good "realtime" or "on demand" scanner
superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    - Change the Download signed ActiveX controls to Prompt
    - Change the Download unsigned ActiveX controls to Disable
    - Change the Initialise and script ActiveX controls not marked as safe to Disable
    - Change the Installation of desktop items to Prompt
    - Change the Launching programs and files in an IFRAME to Prompt
    - Change the Navigate sub-frames across different domains to Prompt
    - When all these settings have been made, click on the OK button.
    - If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
- FireFox
  - With many addons available that make customization easy this is a very popular choice
  - NoScript and AdBlockPlus addons are essential
- Opera
  - Another popular alternative
- Netscape
  - Another popular alternative
  - Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

eniksleestack · 12-09-2008, 07:42 PM

Thanks for all your help!

12-04-2008, 10:54 PM	#1 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	[SOLVED] Cannot Access Add/ Remove Programs I have a few issues that may be virus related. I apparently cannot access Add/Remove programs and when I try to update various programs I get an error that says basically "because msi.dll file was not found". I have run a CCleaner but that has not helped. Here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:49:05 PM, on 12/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195791650441 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7375 Thnaks in advance

12-05-2008, 05:09 PM	#3 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs Hello, Katana Thanks for helping me. Here is the list you requested: Ad-Aware Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Photoshop v4.0 Ahead Nero 6 Demo Apple Mobile Device Support Apple Software Update Audible Download Manager AVG Free 8.0 BitLord 1.1 Bonjour CCleaner (remove only) DVD Shrink 3.2 DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0 EPSON Printer Software EPSON Scan Foxit Reader GTK+ 2.10.13 runtime environment HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) hp LaserJet 1010 Series Intel(R) Graphics Media Accelerator Driver iTunes Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) 6 Update 4 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Maxtor Backup Maxtor OneTouch III Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.0.4) MSXML 6.0 Parser (KB933579) OpenOffice.org 2.4 Pdf995 (installed by TaxCut) PdfEdit995 (installed by TaxCut) QuickTime Realtek High Definition Audio Driver RegCure 1.5.0.1 Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows XP (KB923789) Synaptics Pointing Device Driver TaxCut California 2007 TaxCut Premium + State + Efile 2007 Texas Instruments PCIxx21/x515/xx12 drivers. VideoLAN VLC media player 0.8.6c Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinZip 11.1

12-06-2008, 03:35 AM	#4 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 1,357 OS: W2K SP4 + XP SP2 + Vista	Re: Cannot Access Add/ Remove Programs Do you have the Combofix log ? __________________

12-06-2008, 10:36 AM	#5 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs Here it is: ComboFix 08-12-05.06 - sleestack 2008-12-06 9:30:10.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.483 [GMT -8:00] Running from: c:\documents and settings\sleestack\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\sleestack\Application Data\inst.exe . ((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 ))))))))))))))))))))))))))))))) . 2008-12-04 21:30 . 2008-12-04 21:30 <DIR> d-------- c:\program files\Trend Micro 2008-12-03 16:58 . 2008-12-03 17:31 <DIR> d-------- C:\JOHN_ADAMS_DISC1 2008-11-25 18:19 . 2008-11-25 18:32 <DIR> d-------- C:\PRENATAL 2008-11-19 20:04 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll 2008-11-19 20:04 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll 2008-11-19 20:04 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys 2008-11-19 20:04 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys 2008-11-19 20:04 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2008-11-19 20:04 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2008-11-19 20:04 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2008-11-19 20:04 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2008-11-12 10:58 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 10:58 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-05 06:32 --------- d-----w c:\documents and settings\sleestack\Application Data\OpenOffice.org2 2008-12-04 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2008-11-26 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995 2008-11-17 00:40 --------- d-----w c:\documents and settings\sleestack\Application Data\dvdcss 2008-10-27 06:28 --------- d-----w c:\program files\RegCure 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-19 05:57 --------- d-----w c:\program files\Yahoo! 2008-10-19 05:46 --------- d-----w c:\program files\CCleaner 2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-09 01:31 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2008-10-09 01:31 47,360 ----a-w c:\documents and settings\sleestack\Application Data\pcouffin.sys 2008-10-09 01:31 --------- d-----w c:\program files\DVDFab 5 2008-10-09 01:31 --------- d-----w c:\documents and settings\sleestack\Application Data\Vso 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-27 888832] "EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE" [2003-06-03 99840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe] c:\documents and settings\sleestack\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 1697112] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-09 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-09 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-09 76040] Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2008-12-06 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-04-21 13:21] 2008-11-20 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-04-21 13:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ebay.com/ uInternet Settings,ProxyOverride = <local>;.local FireFox -: Profile - c:\documents and settings\sleestack\Application Data\Mozilla\Firefox\Profiles\ktdryg22.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ebay.com/ FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF -: plugin - c:\program files\QuickTime\Plugins\npqtplugin8.dll FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-06 09:31:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\avgrsstx.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'lsass.exe'(1020) c:\windows\system32\avgrsstx.dll . Completion time: 2008-12-06 9:32:48 ComboFix-quarantined-files.txt 2008-12-06 17:32:46 Pre-Run: 23,089,729,536 bytes free Post-Run: 28,297,437,184 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 148 --- E O F --- 2008-11-13 18:57:01

12-06-2008, 11:57 AM	#6 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 1,357 OS: W2K SP4 + XP SP2 + Vista	Re: Cannot Access Add/ Remove Programs Please see if Add/Remove is working Kaspersky Online Scanner . Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal NOTE:- This scan is best done from IE (Internet Explorer) NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html Read the Requirements and limitations before you click Accept. Once the database has downloaded, click My Computer in the left pane Now go and put the kettle on ! When the scan has completed, click Save Report As... Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (.txt) Click Save* - by default the file will be saved to your Desktop, but you can change this if you wish. Note To optimize scanning time and produce a more sensible report for review: Close any open programs. Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. __________________

12-07-2008, 11:23 AM	#7 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs Here's the combofix and kapersky logs: ComboFix 08-12-05.06 - sleestack 2008-12-07 10:15:41.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.633 [GMT -8:00] Running from: c:\documents and settings\sleestack\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 ))))))))))))))))))))))))))))))) . 2008-12-04 21:30 . 2008-12-04 21:30 <DIR> d-------- c:\program files\Trend Micro 2008-12-03 16:58 . 2008-12-03 17:31 <DIR> d-------- C:\JOHN_ADAMS_DISC1 2008-11-25 18:19 . 2008-11-25 18:32 <DIR> d-------- C:\PRENATAL 2008-11-19 20:04 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll 2008-11-19 20:04 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll 2008-11-19 20:04 . 2008-04-14 00:09 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys 2008-11-19 20:04 . 2008-04-14 00:09 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys 2008-11-19 20:04 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2008-11-19 20:04 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2008-11-19 20:04 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2008-11-19 20:04 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2008-11-12 10:58 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 10:58 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 04:59 --------- d-----w c:\documents and settings\sleestack\Application Data\OpenOffice.org2 2008-12-04 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2008-11-26 20:08 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995 2008-11-17 00:40 --------- d-----w c:\documents and settings\sleestack\Application Data\dvdcss 2008-10-27 06:28 --------- d-----w c:\program files\RegCure 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-19 05:57 --------- d-----w c:\program files\Yahoo! 2008-10-19 05:46 --------- d-----w c:\program files\CCleaner 2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-09 01:31 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2008-10-09 01:31 47,360 ----a-w c:\documents and settings\sleestack\Application Data\pcouffin.sys 2008-10-09 01:31 --------- d-----w c:\program files\DVDFab 5 2008-10-09 01:31 --------- d-----w c:\documents and settings\sleestack\Application Data\Vso 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-27 888832] "EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE" [2003-06-03 99840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe] c:\documents and settings\sleestack\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2007-11-16 1697112] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-09 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-09 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-09 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-09 76040] . Contents of the 'Scheduled Tasks' folder 2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2008-12-07 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-04-21 13:21] 2008-11-20 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-04-21 13:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ebay.com/ uInternet Settings,ProxyOverride = <local>;.local FireFox -: Profile - c:\documents and settings\sleestack\Application Data\Mozilla\Firefox\Profiles\ktdryg22.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ebay.com/ FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF -: plugin - c:\program files\QuickTime\Plugins\npqtplugin8.dll FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 10:18:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(932) c:\windows\system32\avgrsstx.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'lsass.exe'(1016) c:\windows\system32\avgrsstx.dll . Completion time: 2008-12-07 10:19:16 ComboFix-quarantined-files.txt 2008-12-07 18:19:06 ComboFix2.txt 2008-12-06 17:32:50 Pre-Run: 27,450,982,400 bytes free Post-Run: 27,962,683,392 bytes free 137 --- E O F --- 2008-11-13 18:57:01 kaperksy: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, December 7, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, December 07, 2008 03:56:00 Records in database: 1441542 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 79378 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 01:57:41 No malware has been detected. The scan area is clean. The selected area was scanned.

12-07-2008, 12:56 PM	#8 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 1,357 OS: W2K SP4 + XP SP2 + Vista	Re: Cannot Access Add/ Remove Programs Please see if Add/Remove is working __________________

12-07-2008, 02:44 PM	#9 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs Nope, still doesn't open. The hourglass icon comes on briefly but then disappears.

12-07-2008, 02:57 PM	#10 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 1,357 OS: W2K SP4 + XP SP2 + Vista	Re: Cannot Access Add/ Remove Programs Please download FileLook by jpshortstuff from one of these mirrors: Link 1 Link 2 Double-click FileLook.exe to run it. Ensure that the BBCode Ouput checkbox is checked. Copy the content of the following codebox into the main textfield: Code: msi.dll /s Click the FileLook button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found at C:\fl_log.txt __________________

12-07-2008, 06:45 PM	#11 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs FileLook.exe v2.0 by jpshortstuff Log created at 17:43 on 07/12/2008 ================================== FileSearch - "MSI.DLL" C:\WINDOWS\$NtServicePackUninstall$\msi.dll (2854400 bytes - created on 07/09/2008 at 01:31, modified on 18/04/2007 at 16:12) C:\WINDOWS\ServicePackFiles\i386\msi.dll (2843136 bytes - created on 29/08/2008 at 23:53, modified on 14/04/2008 at 00:11) ============================== =EOF=

12-08-2008, 01:46 PM	#13 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs Yes! Thanks, I can now access Add/Remove Programs... Hmm, however it seems that I can still not update programs. I get a error message that "Windows Installer Service could not be accessed..."

12-08-2008, 02:06 PM	#14 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 1,357 OS: W2K SP4 + XP SP2 + Vista	Re: Cannot Access Add/ Remove Programs Double-click FileLook.exe to run it. Ensure that the BBCode Ouput checkbox is checked. Copy the content of the following codebox into the main textfield: Code: Msiexec.exe /s Click the FileLook button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found at C:\fl_log.txt __________________

12-08-2008, 04:33 PM	#15 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs FileLook.exe v2.0 by jpshortstuff Log created at 15:29 on 08/12/2008 ================================== FileSearch - "MSIEXEC.EXE" C:\WINDOWS\$NtServicePackUninstall$\msiexec.exe (78848 bytes - created on 07/09/2008 at 01:31, modified on 04/05/2005 at 22:45) C:\WINDOWS\ServicePackFiles\i386\msiexec.exe (78848 bytes - created on 29/08/2008 at 23:53, modified on 14/04/2008 at 00:12) ============================== =EOF=

12-08-2008, 05:08 PM	#17 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs Okay, tried that. I still have access to Add/Remove Program but when I try to update iTunes, for instance, I still get the "Windows Installer Service could not be accessed..." error message.

12-09-2008, 02:15 AM	#18 (permalink)
Katana Analyst, Security Team Join Date: Nov 2007 Location: Manchester, UK Posts: 1,357 OS: W2K SP4 + XP SP2 + Vista	Re: Cannot Access Add/ Remove Programs It looks like some system files have been deleted and for some reason Windows File Protection hasn't replaced them. There is no malware left, you just need the system making stable I'm going to recommend that you visit the OS room, as they have more experience with this than I do. http://www.techsupportforum.com/micr...ws-xp-support/ When you start your thread, explain what the problem is and let them know that you have been checked for malware. Give them the following link, so they can see the logs if needed Code: http://www.techsupportforum.com/security-center/hijackthis-log-help/320364-cannot-access-add-remove-programs.html Congratulations your logs look clean :) Let's see if I can help you keep it that way First lets tidy up Please delete RSIT.exe, FileLook.exe and C:\RSIT (entire folder) You can also delete any logs we have produced, and empty your Recycle bin. Uninstall Combofix This will clear your System Volume Information restore points and remove all the infected files that were quarantined Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there. ----------------------------------------------------------- ----------------------------------------------------------- The following is some info to help you stay safe and clean. You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future. ( Vista users must ensure that any programs are Vista compatible BEFORE installing ) Online Scanners I would recommend a scan at one or more of the following sites at least once a month. http://www.pandasecurity.com/activescan http://www.kaspersky.com/kos/eng/par...avwebscan.html !!! Make sure that all your programs are updated !!! Secunia Software Inspector does all the work for you, .... see HERE for details AntiSpyware AntiSpyware is not the same thing as Antivirus. Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one. You should only have one running all the time, the other/s should be used "on demand" on a regular basis. Most of the programs in this list have a free (for Home Users ) and paid versions, it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often. Spybot - Search & Destroy <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites MalwareBytes Anti-malware <<< A New and effective program a-squared Free <<< A good "realtime" or "on demand" scanner superantispyware <<< A good "realtime" or "on demand" scanner Prevention These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one Winpatrol An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition SpywareBlaster 4.0 SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer. SpywareGuard 2.2 SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol ZonedOut Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer. MVPS HOSTS This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002. Not required if you are using other host file protections Internet Browsers Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. If you are still using IE6 then either update, or get one of the following. FireFox With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential Opera Another popular alternative Netscape Another popular alternative Also has Addons available Cleaning Temporary Internet Files and Tracking Cookies Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program ATF Cleaner Free and very simple to use CCleaner Free and very flexible, you can chose which cookies to keep Also PLEASE read this article.....So How Did I Get Infected In The First Place The last and most important thing I can tell you is UPDATE. If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk. Malware changes on a day to day basis. You should update every week at the very least. If you follow this advice then (with a bit of luck) you will never have to hear from me again :D If you could post back one more time to let me know everything is OK, then I can have this thread archived. Happy surfing K' __________________

12-09-2008, 07:42 PM	#19 (permalink)
eniksleestack Registered User Join Date: Dec 2008 Posts: 14 OS: XP	Re: Cannot Access Add/ Remove Programs Thanks for all your help!