0

Hi Guys..

I recently discovered that I am having issues with Windows Installer. I searched the web and tried a couple different things and finally found a thread on this site. I went through the steps and will post the results below.

Also, when I open up Services, Windows Installer is nowhere to be found. I tried Microsoft FixIt and that would not install.

When I followed the sticky steps, Microsoft Windows Malicious Software Removal Tool would not run either.

I also can no longer use Microsoft Office. It opens, then tries to verify the license and says it cannot and closed it down.

Here is the Malware Bytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
MAYBEN :: MAYBEN-PC [administrator]

7/8/2012 10:48:07 PM
mbam-log-2012-07-09 (17-49-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 423263
Time elapsed: 2 hour(s), 30 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-------------------------------------------------------------
I tried saving the GMER One.log but do not see it, but it didn't say anything.

Here is GMER Two.log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-08 22:37:43
Windows 6.0.6002 Service Pack 2
Running: ymznc8m0.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307cf24
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158307cf24 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

I appreciate your help and thank you in advance!
Nick

1
Contributor
1
Reply
2
Views
5 Years
Discussion Span
Last Post by MAYBEN
0

Here is the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30
Run by MAYBEN at 21:56:47 on 2012-07-09
AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
TB: {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
uRun: [Google Update] "C:\Users\MAYBEN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Verizon Media Manager] C:\Program Files (x86)\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
uRun: [Akamai NetSession Interface] "C:\Users\MAYBEN\AppData\Local\Akamai\netsession_win.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME\TomTomHOMERunner.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"
mRun: [Vault Explorer Cache Watcher] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [TaskTray] 
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\MAYBEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MEMEOA~1.LNK - C:\Users\MAYBEN\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Windows\system32\iavlsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3404B0E6-F44F-49A0-838E-CCF362F60F5B} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64:     McAfee Phishing Filter - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
TB-X64: {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - No File
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun-x64: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"
mRun-x64: [Vault Explorer Cache Watcher] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe"
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [TaskTray] 
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-10 01:13:44 9013136 ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B99838B2-5FF9-46C7-96B5-0D980CF9357A}\mpengine.dll
2012-07-09 02:46:47 --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-08 20:12:30 --------    d-----w-    C:\Windows\SysWow64\RTCOM
2012-07-08 20:10:03 2578576 ----a-w-    C:\Windows\System32\WavesGUILib.dll
2012-07-08 20:10:01 155888  ----a-w-    C:\Windows\System32\SRSWOW64.dll
2012-07-08 20:10:00 518896  ----a-w-    C:\Windows\System32\SRSTSX64.dll
2012-07-08 20:10:00 211184  ----a-w-    C:\Windows\System32\SRSTSH64.dll
2012-07-08 20:08:52 2075712 ----a-w-    C:\Windows\System32\FMAPO64.dll
2012-07-08 14:58:12 9013136 ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 11:24:28 927800  ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D9506A2C-977E-440F-AD25-1573B3FB39E5}\gapaengine.dll
2012-06-15 04:55:10 --------    d-----w-    C:\aef49de0b66f7bee5a134f27365796
2012-06-13 02:31:29 209920  ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 02:31:28 2767360 ----a-w-    C:\Windows\System32\win32k.sys
2012-06-13 02:31:09 1267200 ----a-w-    C:\Windows\System32\crypt32.dll
2012-06-13 02:31:08 984064  ----a-w-    C:\Windows\SysWow64\crypt32.dll
2012-06-13 02:31:08 98304   ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2012-06-13 02:31:08 174592  ----a-w-    C:\Windows\System32\cryptsvc.dll
2012-06-13 02:31:08 133120  ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 02:31:08 132096  ----a-w-    C:\Windows\System32\cryptnet.dll
2012-06-13 01:46:34 927800  ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
==================== Find3M  ====================
.
2012-07-08 20:10:20 525792  ----a-w-    C:\Windows\DIFxAPI.dll
2012-06-23 07:53:33 70344   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 07:53:33 426184  ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:15:31 2622464 ----a-w-    C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840   ----a-w-    C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576   ----a-w-    C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752  ----a-w-    C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904  ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864   ----a-w-    C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792   ----a-w-    C:\Windows\SysWow64\wuapp.exe
2012-05-18 02:06:48 2311680 ----a-w-    C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w-    C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w-    C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056  ----a-w-    C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w-    C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848  ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2012-04-19 00:56:30 94208   ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632   ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2012-04-17 14:11:54 49152   ----a-w-    C:\Windows\System32\iolobtdfg.exe
2012-04-17 14:11:38 17920   ----a-w-    C:\Windows\System32\smrgdf.exe
2012-04-17 13:37:06 2154032 ----a-w-    C:\Windows\System32\Incinerator64.dll
2012-04-17 13:37:02 2095816 ----a-w-    C:\Windows\SysWow64\Incinerator32.dll
2012-04-17 12:25:20 160256  ----a-w-    C:\Windows\System32\iavlsp64.dll
2012-04-17 12:25:20 118784  ----a-w-    C:\Windows\SysWow64\iavlsp.dll
2012-04-17 12:25:12 69000   ----a-w-    C:\Windows\System32\offreg.dll
2012-04-17 12:25:12 56200   ----a-w-    C:\Windows\SysWow64\offreg.dll
2012-04-17 12:25:02 31432   ----a-w-    C:\Windows\System32\drivers\ElRawDsk.sys
.
============= FINISH: 21:58:25.83 ===============
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.