[death screen]

Hi

I've peoblem i can't install big program's and i try aloot of solution from her

http://www.techsupportforum.com/f10/i-cant-install-programs-plz-help-me-247667.html

the message i get when i try install is
------------
instalation operation failed
Fatal Error During Installation
------------

thay recommended me to use HijackThis and Deckard's System Scanner

i'll Paste HijackThis file here and i'll attach main and extra

==================

Logfile of HijackThis v1.99.1
Scan saved at 05:00:49 ã, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pc\ÓØÍ ÇáãßÊÈ\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: ÌÏæá ãÍÊæíÇÊ OneNote.onetoc2
O4 - Global Startup: BlueSoleil.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: ÃÖÇÝÉ Åáì ãÖÇÏ ÇáÃÚáÇä - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Ê&ÕÏíÑ Åáì Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ÊÍãíá Çáßá ÈÜ ÅäÊÑäÊ ÏÇæäáæÏ ãÇäíÌÑ - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: ÊÍãíá ÈÜ ÅäÊÑäÊ ÏÇæäáæÏ ãÇäíÌÑ - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: ÊÍãíá ãÍÊæì ÝíÏíæ (ÅÝ.Åá.Ýí) ÈÜ ÅäÊÑäÊ ÏÇæäáæÏ ãÇäíÌÑ - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: ÅÑÓÇá Åáì OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ÅÑ&ÓÇá Åáì OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://74.222.134.234/talk.cab
O16 - DPF: {B7FDB0C3-4724-46D2-B8DB-6FA1DC63F7CA} (ReadUid.UserControlMacEntry) - http://74.222.134.234/ReadUid.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

===========================

 

[greyknight17]

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Reganam

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbRega.dll
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Program Files\Reganam\
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\winitn.dll

1. Download combofix at http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

I want you to upload this file (C:\WINDOWS\AKDeInstall.exe) to http://virusscan.jotti.org and report back what it found. Do the same thing for:

C:\WINDOWS\uninstall ãäÊÏíÇÊ äÍä ÇáÇÓáÇã.exe
C:\WINDOWS\ãäÊÏíÇÊ äÍä ÇáÇÓáÇã.scr

 

[death screen]

thnks greyknight17

the log file combofix

-------------------

ComboFix 08-05-21.3 - pc 05/25/2008 10:52:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1025.18.112 [GMT 3:00]
Running from: C:\Documents and Settings\pc\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 07:56 185,888 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-25 07:55 3,053,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-25 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 07:12 --------- d-----w C:\Documents and Settings\pc\Application Data\DMCache
2008-05-24 19:51 --------- d-----w C:\Program Files\Google
2008-05-24 19:10 41,672 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-24 19:10 21,248 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-24 19:10 --------- d-----w C:\Program Files\Conduit
2008-05-21 13:13 --------- d-----w C:\Program Files\Panda Security
2008-05-21 07:45 --------- d-----w C:\Documents and Settings\pc\Application Data\Image Zone Express
2008-05-18 10:09 --------- d-----w C:\Program Files\Internet Download Manager
2008-05-14 16:28 --------- d-----w C:\Documents and Settings\pc\Application Data\IDM
2008-05-13 18:05 --------- d-----w C:\Documents and Settings\pc\Application Data\Nero
2008-05-13 18:04 --------- d-----w C:\Program Files\Nero
2008-05-13 18:04 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-13 17:11 --------- d-----w C:\Program Files\DivX
2008-05-10 16:59 --------- d-----w C:\Program Files\RM to MP3 Converter
2008-05-10 16:58 --------- d-----w C:\Program Files\Babylon
2008-05-10 16:49 --------- d-----w C:\Program Files\MP3 Cutter
2008-05-10 16:33 --------- d-----w C:\Documents and Settings\pc\Application Data\Syntrillium
2008-05-10 15:09 --------- d-----w C:\Program Files\Real_SC
2008-05-10 14:32 0 ----a-w C:\savelist.dat
2008-05-10 14:30 52 ----a-w C:\savelist1.dat
2008-05-10 13:43 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-10 13:43 --------- d-----w C:\Program Files\Nokia
2008-05-10 08:39 --------- d-----w C:\Program Files\LtUcx
2008-05-04 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-29 15:19 7,943,190 ----a-w C:\WINDOWS\??EI?CE ??? C?C??C?.scr
2008-04-29 15:19 230,306 ----a-w C:\WINDOWS\uninstall ??EI?CE ??? C?C??C?.exe
2008-04-18 18:44 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-04-18 18:43 --------- d-----w C:\Program Files\mpegable
2008-04-17 13:22 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 13:22 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-17 07:09 --------- d-----w C:\Program Files\3GP Player
2008-04-15 08:22 --------- d-----w C:\Program Files\DIFX
2008-04-15 08:22 --------- d-----w C:\Documents and Settings\pc\Application Data\PC Suite
2008-04-14 17:45 --------- d-----w C:\Program Files\NSS
2008-04-10 07:44 --------- d-----w C:\Program Files\Ultra Mobile 3GP Video Converter
2008-04-10 07:42 --------- d-----w C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
2008-04-09 13:56 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10
2008-04-08 15:49 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-08 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-04-01 16:59 --------- d-----w C:\Program Files\Magellass
2008-04-01 10:33 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-28 13:57 353,840 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-27 14:27 --------- d-----w C:\Program Files\Common Files\LogoManager
2008-03-27 14:26 --------- d-----w C:\Program Files\MobiMB Mobile Media Browser
2008-03-27 08:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-27 07:32 --------- d-----w C:\Documents and Settings\pc\Application Data\DivX
2008-03-27 07:28 --------- d-----w C:\Documents and Settings\pc\Application Data\Talkback
2008-03-26 19:50 --------- d-----w C:\Program Files\CyberLink
2008-03-26 19:45 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-26 19:44 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-26 19:44 --------- d-----w C:\Program Files\Common Files\Real
2008-03-26 19:43 --------- d-----w C:\Program Files\Real
2008-03-26 19:29 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-26 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-26 19:19 --------- d-----w C:\Program Files\MSBuild
2008-03-26 19:19 --------- d-----w C:\Program Files\Microsoft Works
2008-03-26 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-26 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-03-26 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-26 19:00 --------- d-----w C:\Program Files\IVT Corporation
2008-03-26 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-26 18:58 --------- d-----w C:\Documents and Settings\pc\Application Data\Printer Info Cache
2008-03-26 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-26 18:56 --------- d-----w C:\Documents and Settings\pc\Application Data\HP
2008-03-26 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-26 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-26 18:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-26 18:53 --------- d-----w C:\Program Files\Common Files\HP
2008-03-26 18:53 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-26 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-26 18:49 --------- d-----w C:\Program Files\HP
2008-03-26 18:29 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 09:56 PM 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/07/2008 08:46 PM 68856]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [05/05/2008 05:00 PM 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 09:52 PM 49152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/26/2008 10:44 PM 185896]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 09:56 PM 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 09:56 PM 15360]

C:\Documents and Settings\pc\çں*ê، ں*§ڑ\ںé*©ںê¤\*§ک ں颬نïé\
¤§يé ꥢيïں¢ OneNote.onetoc2 [2008-03-30 22:46:48 3656]

C:\Documents and Settings\All Users\çں*ê، ں*§ڑ\ںé*©ںê¤\*§ک ں颬نïé\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-26 22:00:20 1044480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [08/04/2004 12:38 AM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/04/2007 02:58 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 10:56:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 05/25/2008 10:57:06
ComboFix-quarantined-files.txt 2008-05-25 07:57:00
ComboFix2.txt 2008-05-25 07:21:25

Pre-Run: 10,568,794,112 bytes free
Post-Run: 10,608,365,568 bytes free

144 --- E O F --- 2008-04-03 06:52:53
-------------------------

and i upload last three files and i get Found nothing at all,,


Regards

 

[greyknight17]

Are they in your language? They are weird looking characters here....

How many times did you run Combofix? Have you ran that tool before in the past?

It looks clear now. Are you having any other issues?

 

[death screen]

Hi , Sorry for tha language ...

i run it once , no this is frist time to me ,,

no i don't have other issues , just this i can't install big programs like Nokia PcSuite

but i try to install small programs and it's install without problem..

 

[greyknight17]

Does the error have any more details like the error code/number also? See this link. It might be related. Try the steps there.

You might also want to do the following to see if it may help us locate the error:

Go to Start->Run and type in eventvwr.msc and hit OK.

What we're looking for are the Errors from the System and Application viewers. You'll see something like this: Application Error...

Locate the ones with a big red X that say error. Double click to open it. Hit the Tablet (Says Copy to Clipboard if you hover mouse over it) and then CTRL+V to paste the info into the post. Give us like 5 of the last errors found.

Post this in the Windows forum. They will help you analyze the error.

 

[death screen]

The error dosn't have code just message.

this events of application

----------------
Event Type: ‏‏Error
Event Source: MsiInstaller
Event Category: None
Event ID: 1013
Date: 22/05/1429
Time: 11:31:12 AM
User: PC-48AA90F5909B\pc
Computer: PC-48AA90F5909B
Description:
Internal MSI error. Installer terminated prematurely.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------------------------------------------------------

Event Type: ‏‏Error
Event Source: MsiInstaller
Event Category: None
Event ID: 1013
Date: 16/05/1429
Time: 11:43:17 AM
User: PC-48AA90F5909B\pc
Computer: PC-48AA90F5909B
Description:
Internal MSI error. Installer terminated prematurely.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


-------------------------------------------------------------
Event Type: ‏‏Error
Event Source: Microsoft Office 12
Event Category: None
Event ID: 1000
Date: 16/05/1429
Time: 10:42:05 AM
User: unknown
Computer: PC-48AA90F5909B
Description:
Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028, faulting module hpz3r4v2.dll, version 61.63.247.0, stamp 45949947, debug? 0, fault address 0x00045a98.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 00 70 00 70 00 6c 00 A.p.p.l.
0008: 69 00 63 00 61 00 74 00 i.c.a.t.
0010: 69 00 6f 00 6e 00 20 00 i.o.n. .
0018: 46 00 61 00 69 00 6c 00 F.a.i.l.
0020: 75 00 72 00 65 00 20 00 u.r.e. .
0028: 20 00 77 00 69 00 6e 00 .w.i.n.
0030: 77 00 6f 00 72 00 64 00 w.o.r.d.
0038: 2e 00 65 00 78 00 65 00 ..e.x.e.
0040: 20 00 31 00 32 00 2e 00 .1.2...
0048: 30 00 2e 00 34 00 35 00 0...4.5.
0050: 31 00 38 00 2e 00 31 00 1.8...1.
0058: 30 00 31 00 34 00 20 00 0.1.4. .
0060: 34 00 35 00 34 00 32 00 4.5.4.2.
0068: 38 00 30 00 32 00 38 00 8.0.2.8.
0070: 20 00 69 00 6e 00 20 00 .i.n. .
0078: 68 00 70 00 7a 00 33 00 h.p.z.3.
0080: 72 00 34 00 76 00 32 00 r.4.v.2.
0088: 2e 00 64 00 6c 00 6c 00 ..d.l.l.
0090: 20 00 36 00 31 00 2e 00 .6.1...
0098: 36 00 33 00 2e 00 32 00 6.3...2.
00a0: 34 00 37 00 2e 00 30 00 4.7...0.
00a8: 20 00 34 00 35 00 39 00 .4.5.9.
00b0: 34 00 39 00 39 00 34 00 4.9.9.4.
00b8: 37 00 20 00 66 00 44 00 7. .f.D.
00c0: 65 00 62 00 75 00 67 00 e.b.u.g.
00c8: 20 00 30 00 20 00 61 00 .0. .a.
00d0: 74 00 20 00 6f 00 66 00 t. .o.f.
00d8: 66 00 73 00 65 00 74 00 f.s.e.t.
00e0: 20 00 30 00 30 00 30 00 .0.0.0.
00e8: 34 00 35 00 61 00 39 00 4.5.a.9.
00f0: 38 00 0d 00 0a 00 8.....

------------------------------------------------------------
Event Type: ‏‏Error
Event Source: MsiInstaller
Event Category: None
Event ID: 1013
Date: 08/05/1429
Time: 09:03:46 PM
User: PC-48AA90F5909B\pc
Computer: PC-48AA90F5909B
Description:
Internal MSI error. Installer terminated prematurely.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------------------------------------------------------

Event Type: ‏‏Error
Event Source: MsiInstaller
Event Category: None
Event ID: 1013
Date: 05/05/1429
Time: 04:44:09 PM
User: PC-48AA90F5909B\pc
Computer: PC-48AA90F5909B
Description:
Internal MSI error. Installer terminated prematurely.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-----------------

the events of system

just about network

Event Source:
Dhcp

Description
The IP address lease 192.168.1.2 for the Network Card with network address 000423076780 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

 

[death screen]

UP..waiting

 

[greyknight17]

....

Post this in the Windows forum. They will help you analyze the error.