Member Avatar for plastered
plastered 0 Junior Poster in Training
Display Double Trouble!

Hey Guys!

I have recently run into trouble with the Display Adaptors on my PC. I currently use a HP Pavilion w5130in PC with the following configuration:

http://h10025.www1.hp.com/ewfrf/wc/document?docname=c00395266&cc=in&dlc=en&lc=en&jumpid=reg_R1002_INEN

I have made the following changes to the system about two years ago:

1. Installed a 1*1 GB SD DDR RAM (Go ahead, fill yourself with a hearty laugh!)
2. Installed a nVidia 8600 GT Video RAM (PCI Slot)


The Trouble:

I ran into trouble when the Display suddenly stopped working. I connected the VGA Cable to the Onboard Graphics Card and voila it started working. I then checked Device Manager only to find my nVidia Card Missing in Action. A search for Hardware Changes wouldn't change anything. So i updated the Motherboard Drivers and the Onboard GC Drivers. On restarting the computer it popped up with the Found New Hardware Wizard and I installed the nVidia GC and it worked. I though what a Genius I was and almost immediately the thought got back at me. I had to shut down the computer due to a power failure, and when I tried to restart the computer - I was back to square one.

I repeated the process and it worked again. But a couple of times later, it corrupted the Video dll in System32 folder. I had to reinstall the OS from the Driver DVD's. I fixed the trouble again by updating the Drivers and then installing my nVidia …

Hardware display pci-card video-card
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Cannot Access Control Panel

Also I forgot to add, I am unable to browse website like - hotmail, yahoomail, facebook etc.

Information Security apple http-protocol microsoft-access microsoft-windows virus-malware window-manager windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Cannot Access Control Panel

Hi,

I am back with a problem as I promised!!

I recently reinstalled my computer and hence I was stuck with the awesomely annoying and non functional Symantec's Norton Antivirus and Internet Security. I forgot to get rid of it and install a program that works. Later last night I realized that my computer was acting funny - the control panel does open up instead an error message does telling me I do not have enough privileges! Hell, I am the Administrator! The same was the result when I tried to access 'regedit', 'msconfig' and 'firewall.cpl' . I also noticed these three processes - khatra.exe, gHost.exe and Xplorer.exe

The first thing I did was install MBAM and on scanning it, the result was of course a list of trojans and tracking cookies. I selected all and deleted them. On restart I was able to access registry.

I then hunted my registry and deleted anything pertaining to those three keywords. Then I ran the Panda Online Scan, looked at the results and then manually deleted the infected files. Most of them were '.cab' files stored in 'Windows' and 'System32' . I cleared all of them out.

I then installed AVG and scanned, the scan shows that there are no infections but I am not able to access control panel still. Also when I have AVG installed I cannot access the internet. Updating of Virus definition or MABM update was not possible as well.

Please advice. …

Information Security apple http-protocol microsoft-access microsoft-windows virus-malware window-manager windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Problem with Task Manager

:)

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Problem with System Clock

Hi,

Ran into a little problem here. Whenever I restart my computer the date cycles back to May 14 2004 and time to 0001 Hrs. I have no idea why this happens probably because my system is possessed. Any ideas?


Any suggestions.

Thanks.

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Problem with Task Manager

Thanks guys... The double click trick worked.. Super!!

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Problem with Task Manager

Hi,

I was deleting some processes as they were eating up the CPU usage when accidentally I clicked on something and lost the Menu bar to the Task Manager. Can anyone help me to get that back.

The screen shot is attached.

Thanks.

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to Install Updates

Appreciate the humor too :)

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to Install Updates

Ah I get it.

I've fixed the computer, did a complete restore. :)

I thank you guys very much for the help, really appreciate it. And don't worry, I'll be back with some problem in near future for sure :p

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to Install Updates

I was unable to uninstall One Care Live as the files and the uninstaller are missing.

I performed the steps, but I am having the same problem. As far as the IP addresses are considered, I am not from New Delhi but the addresses match the addresses on my Router page :0

=============================================

I would like to know what a DNS hijack is. Thank you.

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to Install Updates

I am able to access all of the sites mentioned.

================================================

info.txt logfile of random's system information tool 1.06 2009-06-16 17:43:12

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3GP Video Converter 3-->C:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\58D1A004-6D3C-480A-9E0D-FAA58F3C2A62\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bounce Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Counter-Strike: Condition Zero-->C:\PROGRA~1\valve\UNWISE.EXE C:\PROGRA~1\valve\INSTALL.LOG
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crystal Maze from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{5012BC0C-7E1A-329A-8F02-B6846070C5F8}
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 14-->MsiExec.exe …

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

Yep. I have. It started functioning but now I've run into a new problem apart from not being able to Update and Browse with Antivirus solution turned on. I cannot use Firefox or Chrome. But I can use IE, which I hate.

What do you say?

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to Install Updates

Firewall! Don't even talk about it! I have uninstalled and reinstalled it a million times. Even different firewalls. To achieve the same result.

I did manage to get utorrent running again. I had to change my TCP IP settings. I am actually planning to comply with Jose and restore the system to OEM settings using the DVD's. A painfully long process. Do you agree :)

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to Install Updates

I uninstalled and installed utorrent. Now it is not downloading at all!!

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

Here are the error messages I still get while trying to update.

Also, my utorrent downloads are not stable. A healthy file downloads at a speed of 25 - 30 Kbps without any problems with the internet connection that I have but since the time I ran into this problem it gives me only 15 Kbps max and fluctuates crazily between 5 - 15 Kbps. My upload speed though is a good 22 - 25 Kbps like always.

Any suggestions?

Error_1.JPG 100.79 KB
Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

I ran the patches and encountered an error about IE.

Should I uninstall and reinstall IE?

Oh and I forgot to mention, I was able to download and install Windows update.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to Install Updates

For the record I am able to install Windows update though.

Here are the sample error messages I still get while trying to update.

Also, my utorrent downloads are not stable. A healthy file downloads at a speed of 25 - 30 Kbps without any problems with the internet connection that I have but since the time I ran into this problem it gives me only 15 Kbps max and fluctuates crazily between 5 - 15 Kbps. My upload speed though is a good 22 - 25 Kbps like always.

Any suggestions?

Error_1.JPG 100.79 KB
Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to Install Updates

Doesnt help. Any more suggestions.

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

I have posted an exclusive link for this problem. If you have any ideas drop it at

http://www.daniweb.com/forums/post888848.html#post888848

And lastly thank you very much for helping me out with the problem. You guys do an amazing job. Thanks again. Cheers!

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Unable to Install Updates

I recently had a run in with a virus problem and my antivirus gave me up. I was assisted greatly in fixing it by Crunchie and now my computer is all fixed. Except for fact that I am unable to update any software. Be it Kaspersky Internet Security, or MBAM or any other software.

It gives an error msg saying the is no internet connection active although it is active and I am downloading files using utorrent!!


I have a genuine Win Xp SP2 desktop whose OEM are HP. Any assistance will be highly appreciated.

==============================================

For anyone who wants to refer the previous thread:

http://www.daniweb.com/forums/post884006.html#post884006

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

I uninstalled KIS completely, and installed Spyware Doctor. Again unable to update. Even without any security software running I am unable to update.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

I would have thought so about KIS but all update features on all programs are invalid. I couldnt update MBAM either. Not was I able to update other software like AVG.

I appreciate the help very much.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

On scanning with HJT out of the 3 entries you mentioned two were found:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

Both of which I deleted and restarted the computer. The computer works fine but I am still concerned about the Antivirus software.

After the reboot I installed KIS 2009 and tried to update, I failed. The error msg reads that it was unable to connect as there is no network. Also I have noticed that with KIS active I cannot browse as I get an error "Connection error" I currently have KIS turned off and able to browse.


Please advice.

The HJT log is below.

==============================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:25:08, on 2009-06-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page …

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

The PC is working better now but I am still unable to update. When I try to update any software for example MBAM it says that the internet connection is inactive. I don't understand.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

Did as advised. Here is the log report.

==================================================

ComboFix 09-06-09.06 - HP_Owner 2009-06-10 15:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.875 [GMT 5.5:30]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gxvxccount

.
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-09 21:32 . 2009-06-09 21:32 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-06-09 21:32 . 2009-06-09 21:32 -------- d-----w- c:\program files\Sony
2009-06-09 21:30 . 2009-06-09 21:30 -------- d-----w- c:\program files\Avanquest update
2009-06-09 21:30 . 2009-06-09 21:30 -------- d-----w- c:\windows\LastGood
2009-06-09 21:30 . 2009-06-09 21:32 -------- d-----w- c:\program files\Sony Ericsson
2009-06-09 21:29 . 2009-06-09 21:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\InstallShield
2009-06-09 21:20 . 2009-06-09 21:20 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\MSNInstaller
2009-06-07 20:57 . 2008-06-19 11:54 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-07 20:56 . 2009-06-07 20:56 -------- d-----w- c:\program files\Panda Security
2009-06-07 17:32 . 2009-06-07 17:32 -------- d-----w- c:\documents and settings\HP_Owner\DoctorWeb
2009-06-07 16:59 . 2009-06-07 16:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-07 15:04 . 2009-06-07 15:04 -------- d-----w- c:\program files\Trend Micro
2009-06-07 14:57 . 2009-01-14 10:41 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 14:57 . 2009-01-14 10:41 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 14:57 . 2009-06-07 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 23:03 . 2009-06-07 20:39 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-04 11:33 . 2008-12-03 19:55 120832 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\lalaa3xa.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-03 12:06 . 2009-06-03 12:07 …

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

Here are the results.

============================================

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "27af3eb5" 2009-06-10 02:32:20

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\27af3eb5]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\27af3eb5]
"ImagePath"="\\SystemRoot\\System32\\drivers\\27af3eb5.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\27af3eb5]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\27af3eb5]
"ImagePath"="\\SystemRoot\\System32\\drivers\\27af3eb5.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\27af3eb5]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\27af3eb5]
"ImagePath"="\\SystemRoot\\System32\\drivers\\27af3eb5.sys"

[HKEY_USERS\S-1-5-21-453054114-3321203614-4080054335-1007\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="27af3eb5.sys"

===============================================


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "b9061be1" 2009-06-10 02:33:48

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b9061be1]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b9061be1]
"ImagePath"="\\SystemRoot\\System32\\drivers\\b9061be1.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b9061be1]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\b9061be1]
"ImagePath"="\\SystemRoot\\System32\\drivers\\b9061be1.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b9061be1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b9061be1]
"ImagePath"="\\SystemRoot\\System32\\drivers\\b9061be1.sys"


===============================================


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "jxakrhzq" 2009-06-10 02:35:14

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this …

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

The four files are not available in the Drivers folder. I changed the setting for hidden folders too to see if missed them but they are not in the folder.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

Below is the log in the order of CF and HJT. Get home grab a drink, relax and then reply :)

==========================================

ComboFix 09-06-07.07 - HP_Owner 2009-06-09 2:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.946 [GMT 5.5:30]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\tmp2.tmp
c:\windows\9g2234wesdf3dfgjf23
c:\windows\IE4 Error Log.txt
c:\windows\system32\ABCD.exe
c:\windows\system32\drivers\gxvxcobbpixdulkbrrpuyavdtomltqfxexwva.sys
c:\windows\system32\EdNWDcfe.ini
c:\windows\system32\EdNWDcfe.ini2
c:\windows\system32\gxvxchtklrsokaxjbgxqtjknsphifppjwyydw.dll
c:\windows\system32\gxvxcwqvvvdlwruqjxenkclcveptdrumqrmlt.dll
c:\windows\system32\nfr.assembly
c:\windows\t55ft2824f44.dat
c:\windows\t55ft2829f44.dat
c:\windows\Tasks\lrnlubnn.job
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-07 20:57 . 2008-06-19 11:54 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-07 20:56 . 2009-06-07 20:56 -------- d-----w- c:\program files\Panda Security
2009-06-07 17:32 . 2009-06-07 17:32 -------- d-----w- c:\documents and settings\HP_Owner\DoctorWeb
2009-06-07 16:59 . 2009-06-07 16:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-07 15:04 . 2009-06-07 15:04 -------- d-----w- c:\program files\Trend Micro
2009-06-07 14:57 . 2009-01-14 10:41 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 14:57 . 2009-01-14 10:41 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 14:57 . 2009-06-07 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 23:03 . 2009-06-07 20:39 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-04 11:33 . 2008-12-03 19:55 120832 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\lalaa3xa.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-03 12:06 . 2009-06-03 12:07 -------- d-----w- c:\documents and settings\HP_Owner\.housecall6.6
2009-05-27 15:35 . …

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

I also did a MBAM scan and the log is attached.

I tried to reinstall the Anti virus software - Kaspersky Internet Security 2009 and was successful, said that I am unable to download updates and access any webpages. Although utorrent downloads the files in queue with our any problem.

I uninstalled KIS 2009 and I was able to browse the internet again. Assuming some problem with the Installation file, I tried to install Windows One Live Care and failed as it could not download the update. I then tried to install AVG and was successful but again I was unable to update the software and lost the browsing functionality. I currently have no security system running.

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

2009-06-09 04:03:19
mbam-log-2009-06-09 (04-03-19).txt

Scan type: Full Scan (C:\|D:\|M:\|N:\|)
Objects scanned: 193920
Time elapsed: 37 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

I followed the steps and the results are attached.

--------------------------------------------------------------------

You should be awarded The Nobel Prize!

ComboFix 09-06-07.07 - HP_Owner 2009-06-09  2:57.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1279.946 [GMT 5.5:30]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\tmp2.tmp
c:\windows\9g2234wesdf3dfgjf23
c:\windows\IE4 Error Log.txt
c:\windows\system32\ABCD.exe
c:\windows\system32\drivers\gxvxcobbpixdulkbrrpuyavdtomltqfxexwva.sys
c:\windows\system32\EdNWDcfe.ini
c:\windows\system32\EdNWDcfe.ini2
c:\windows\system32\gxvxchtklrsokaxjbgxqtjknsphifppjwyydw.dll
c:\windows\system32\gxvxcwqvvvdlwruqjxenkclcveptdrumqrmlt.dll
c:\windows\system32\nfr.assembly
c:\windows\t55ft2824f44.dat
c:\windows\t55ft2829f44.dat
c:\windows\Tasks\lrnlubnn.job
D:\Desktop.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


(((((((((((((((((((((((((   Files Created from 2009-05-08 to 2009-06-08  )))))))))))))))))))))))))))))))
.

2009-06-07 20:57 . 2008-06-19 11:54	28544	----a-w-	c:\windows\system32\drivers\pavboot.sys
2009-06-07 20:56 . 2009-06-07 20:56	--------	d-----w-	c:\program files\Panda Security
2009-06-07 17:32 . 2009-06-07 17:32	--------	d-----w-	c:\documents and settings\HP_Owner\DoctorWeb
2009-06-07 16:59 . 2009-06-07 16:59	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-07 15:04 . 2009-06-07 15:04	--------	d-----w-	c:\program files\Trend Micro
2009-06-07 14:57 . 2009-01-14 10:41	15504	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-06-07 14:57 . 2009-01-14 10:41	38496	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 14:57 . 2009-06-07 14:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-06-06 23:03 . 2009-06-07 20:39	--------	d-----w-	c:\program files\Windows Live Safety Center
2009-06-04 11:33 . 2008-12-03 19:55	120832	----a-w-	c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\lalaa3xa.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-03 12:06 . 2009-06-03 12:07	--------	d-----w-	c:\documents and settings\HP_Owner\.housecall6.6
2009-05-27 15:35 . 2009-05-27 15:35	--------	d-----w-	c:\program files\DownloadToolz
2009-05-27 13:59 . 2009-05-27 13:59	29352	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix058456.dll
2009-05-27 13:59 . 2009-05-27 13:59	23720	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupport_TestContent.dll
2009-05-27 13:59 . 2009-05-27 13:59	23056	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix101001.dll
2009-05-27 13:59 . 2009-05-27 13:59	221208	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupportCommon.dll
2009-05-27 13:59 . 2009-05-27 13:59	21160	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HASFix056479.dll
2009-05-27 13:59 . 2009-05-27 13:59	110248	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch1\HTML\item_templ\common\fixes\HelpAndSupportInterface.dll
2009-05-27 13:46 . 2007-11-27 17:26	91328	----a-w-	c:\windows\system32\drivers\msfwdrv.sys
2009-05-27 13:46 . 2007-11-27 17:26	116416	----a-w-	c:\windows\system32\drivers\msfwhlpr.sys
2009-05-27 13:45 . 2008-05-15 10:45	53168	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2009-05-27 13:45 . 2009-05-27 13:45	--------	d-----w-	c:\windows\system32\bits
2009-05-27 13:45 . 2007-03-29 12:56	7168	------w-	c:\windows\system32\dllcache\bitsprx4.dll
2009-05-27 13:45 . 2007-03-29 12:56	7168	------w-	c:\windows\system32\bitsprx4.dll
2009-05-27 13:12 . 2009-06-03 09:25	--------	d-----w-	c:\program files\Microsoft Windows OneCare Live
2009-05-27 11:38 . 2009-05-27 11:38	604416	----a-w-	c:\windows\system32\TUProgSt.exe
2009-05-27 11:38 . 2009-04-27 08:51	28928	----a-w-	c:\windows\system32\uxtuneup.dll
2009-05-27 11:38 . 2009-05-27 11:38	361216	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2009-05-27 11:38 . 2009-05-27 11:38	--------	d-----w-	c:\documents and settings\HP_Owner\Application Data\TuneUp Software
2009-05-27 11:37 . 2009-05-27 11:37	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-27 11:37 . 2009-05-27 11:38	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2009-05-27 11:37 . 2009-05-27 11:37	--------	d-sh--w-	c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-27 08:54 . 2009-05-27 09:00	--------	d-----w-	c:\documents and settings\HP_Owner\Local Settings\Application Data\The Weather Channel
2009-05-27 08:46 . 2009-06-05 03:43	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 07:29 . 2009-05-27 07:29	--------	d-----w-	c:\program files\MSSOAP
2009-05-27 05:58 . 2009-05-27 05:58	--------	d-----w-	c:\program files\Easy Desk Utilities
2009-05-27 05:58 . 1997-01-20 09:42	71680	----a-w-	c:\windows\ST5UNST.EXE
2009-05-27 05:10 . 2009-06-03 11:21	--------	d-----w-	c:\program files\True Sword 5
2009-05-26 15:18 . 2009-05-26 15:18	--------	d-sh--w-	c:\documents and settings\LocalService\PrivacIE

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 21:34 . 2008-10-13 11:57	--------	d-----w-	c:\documents and settings\HP_Owner\Application Data\uTorrent
2009-06-08 17:24 . 2008-12-10 15:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2009-06-03 12:02 . 2008-10-24 09:38	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-06-03 08:50 . 2008-10-21 08:30	--------	d-----w-	c:\program files\Bonjour
2009-05-27 14:19 . 2009-05-27 14:19	810152	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\OC\Channels\ch3\HTML\item_templ\common\fixes\TSFix056472.dll
2009-05-27 05:45 . 2008-10-24 07:25	--------	d-----w-	c:\program files\DAEMON Tools Lite
2009-05-26 09:41 . 2009-02-09 20:16	827424	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-05-26 09:41 . 2009-02-09 20:16	4874272	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-05-26 09:41 . 2009-02-09 20:16	39160	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-05-26 09:41 . 2009-02-09 20:16	3908	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-05-25 16:33 . 2008-10-13 02:18	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-05-25 10:28 . 2009-03-02 06:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Ubisoft
2009-05-05 15:54 . 2008-11-02 13:15	--------	d-----w-	c:\documents and settings\HP_Owner\Application Data\LogMeIn Rescue
2009-04-22 11:53 . 2009-01-28 19:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\DriverCure
2009-04-19 18:42 . 2008-10-15 09:38	1324	----a-w-	c:\windows\system32\d3d9caps.dat
2009-04-08 10:20 . 2008-10-14 13:17	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-04-08 10:17 . 2009-04-08 10:17	10134	----a-r-	c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
2009-03-27 02:44 . 2008-10-13 11:36	453152	----a-w-	c:\windows\system32\NVUNINST.EXE
2009-03-24 13:03 . 2009-03-24 13:03	237264	----a-w-	c:\documents and settings\HP_Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-02-24 18:35 . 2009-02-24 18:35	41161496	----a-w-	c:\program files\PhysX_9.09.0203_SystemSoftware.exe
2009-02-23 21:50 . 2009-02-23 21:50	32376	----a-w-	c:\program files\nv4_disp.cat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-10 270128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-03 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12cfg914-k641-26sf-n31p
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12zfg94-f641-2sf-k31p-5n1er6h6l2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\13cfg914-k641-26sf-n33p
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06
HKEY_LOCAL_MACHI
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:11:02, on 2009-06-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35D307E8-6B83-4F28-9479-8EC657B823F4}: NameServer = 218.248.255.139,218.248.255.212
O17 - HKLM\System\CS1\Services\Tcpip\..\{35D307E8-6B83-4F28-9479-8EC657B823F4}: NameServer = 218.248.255.139,218.248.255.212
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)

--
End of file - 6332 bytes
Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

Yes, there was no TDSSserv drive in the DM.

I ran the CF tool but nothing happened no windows popped up nothing. I had my internet connection switched off too. To get back online I had to restart the computer.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

The option TDSSserv is not available in DM.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

@ aashishn86

the reply was in response to your suggestion.

@ gerbil

I was able to run Panda Online Security Scan. I am attaching the log along.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-06-08 03:08:20
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Kaspersky Internet Security                  8.0.0.454                     No        No
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00029434  spyware/virtumonde                 Spyware             No        0         Yes            No           hkey_local_machine\software\microsoft\removerp
01054371  W32/TDSS.BF.worm                   Virus/Worm          Yes       1         No             No           globalroot\systemroot\system32\gxvxcwqvvvdlwruqjxenkclcveptdrumqrmlt.dll
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "
;===================================================================================================================================================================================
  184379  MEDIUM     MS08-001                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
  182043  HIGH       MS07-064                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
  170907  HIGH       MS07-046                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
  170904  HIGH       MS07-043                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
  133387  MEDIUM     MS06-065                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
  133386  MEDIUM     MS06-064                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
  129976  MEDIUM     MS06-052                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
  120825  MEDIUM     MS06-032                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
  108743  MEDIUM     MS06-007                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
   93394  HIGH       MS05-050                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   "
;===================================================================================================================================================================================
Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

I ran the software and it did find few trojans, four to be exact. One was Killbit, ubi81 in the temp folder, and two dll files with long names in the System32 folder.

Said that, it still hasnt improved the situation. I am still unable to run MBAM n HJT.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

Tried the steps, but the application do not execute at all. When I click on the icons to run the application there is no changes at all except for the hourglass appearing for a couple of seconds.

I had the Task Manager up when I was trying to run these applications but on clicking them there is no response in the Task Manager, no sign of a new process at all.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

Hi,

I ran the uninstaller. But it does not detect that KIS is installed. This is peculiar because my Windows Security Alert tells me that the Antivirus and the firewall are switched off.

So reinstalled and then used the remover to uninstall the software only to get the same description from the Windows Security Alert. Also I noticed that there are no restore points available for System Restore!

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Unable to install Antivirus program

My apologies, I have Kaspersky Internet Security 2009

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Unable to install Antivirus program

Hi,

I had to recently uninstall my AV and when I try to reinstall it, it does install but when I click on the icon nothing happens. In addition to that, my internet service is gone into super slow motion too. Taking quite a while to open pages etc. I am also not able to run Malware antimalware, HJT and also unable to use online scanner.

Please advice.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Win XP does not detect USB mass storage devices.

By not recognizing you mean nothing pops up when you connect the device. Sometimes the drives are recognized but the driver signing compatibility issue comes in the picture.

You could try another flash drive or a diff USB product. I know you said the ports are functional. But whats the harm in checking.

Have the device manager open when you connect the device.
Check if there are any conflicts if yes then update. If no then you might have to uninstall and reinstall the USB drivers.

Hardware flash printer storage troubleshoot-hardware
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Annoying USB problem

@ Sittas

Lol!! Nice adjective you got their for your mouse.. :P. I'll try what you mentioned of.

@ Webdev08

I have tried to reinstall the drivers from PC. Also from the Device manager. No avail.. :(

Hardware apple troubleshoot-hardware
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Annoying USB problem

Here's my Mobo: ASUSTeK Computer INC. Grouper 1.xx

BIOS: BIOS: American Megatrends Inc. 3.21 04/29/2005

Didnt find any update. Can you confirm this as well?? Appreciated.

Hardware apple troubleshoot-hardware
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Annoying USB problem

@ pardeep3dec:

it works perfectly on my laptop and other computers.

@ sittas87
true. but what i don't understand is every things else works... in all ports except for the iPod and the external hard drive. And the iPod works on other computers.

@ cguan_77
I am thinking it's its a problem with my USB.. Is there anyway we can update the drivers or something like that?

Thanks for all the replies.

Hardware apple troubleshoot-hardware
Member Avatar for plastered
plastered 0 Junior Poster in Training
Annoying USB problem

Hello Readers,

I've got an 80GB Apple Classic Video iPod that is not being recognized on my computer. When I purchased it, it would work but then after a few weeks it wouldn't. I called the Apple Tech Support to no avail. They say its a problem with my USB ports. What can I do to get this fixed.

I also have a First generation Shuffle that works perfectly of course it is 1GB.

This is not the first time I am facing this problem, I also had an 120 GB external driver that would function on my computer.

My computer is a Win XP Home SP2 with USB 2.0 Bus controllers. Any tweaks??

Hardware apple troubleshoot-hardware
Member Avatar for plastered
plastered 0 Junior Poster in Training
System Clock Disappears

Hi,

Recently I have noticed this errant problem on my computer. The system clock disappears when I start a particular program and then comes back only on a reboot and is displayed until i execute the program and the clock disappears.

Currently using XP Home SP2 and the program I am talking about is czero.exe which executes Counter Strike: Condition Zero, a well known game.

Please advice.

Microsoft Windows windows-nt-2000-xp
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Deleted spools.exe and now paying the price!

@ Crunchie:
Sometimes I wonder the same :P How the hell does it reboot and then I think maybe it is because I got a 512 Mb Video card. :P Lol!!

@ jbennet

Yep everything is installed. I was able to use the option until yesterday before it disappeared.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Deleted spools.exe and now paying the price!

I will do that. The sfc / scannow was fine. Now before we can mark this thread solved if wanted to know the "Standby / Hibernate" option on my computer is missing and why my computer is running slow. Very slow.

I took opened the tower for a mess up of the dust and had also removed the only memory module (256 MB - humour me) cleaned it and then fixed it. The computer response time had increased drastically although there aren't many processes running and there is enough page file memory. Any fix. Other than getting more RAM :)

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Deleted spools.exe and now paying the price!

I'll take the Recycle Bin error back. I just found the option back :)

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Deleted spools.exe and now paying the price!

i finished running the tool and the following is the result.

===============================================

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\p_protect.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

==============================================

Log of HJT is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:30:55, on 2009-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [uTorrent] …

Logfile of The Avenger Version 2.0, (c) by Swandog46

http://swandog46.geekstogo.com



Platform:  Windows XP



*******************



Script file opened successfully.

Script file read successfully.



Backups directory opened successfully at C:\Avenger



*******************



Beginning to process script file:



Rootkit scan active.

No rootkits found!



File "C:\WINDOWS\system32\p_protect.exe" deleted successfully.



Completed script processing.



*******************



Finished!  Terminate.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:30:55, on 2009-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35D307E8-6B83-4F28-9479-8EC657B823F4}: NameServer = 192.168.1.1,218.248.240.23
O17 - HKLM\System\CS1\Services\Tcpip\..\{35D307E8-6B83-4F28-9479-8EC657B823F4}: NameServer = 192.168.1.1,218.248.240.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4969 bytes
Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Deleted spools.exe and now paying the price!

Also I noticed that my internet is running real slow. Could it be because of this mess? I'll follow the steps and revert back.

Information Security windows-virus
Member Avatar for plastered
plastered 0 Junior Poster in Training
Re: Deleted spools.exe and now paying the price!

Can't kill the damn thing, keeps coming back in a flash. I tried in safe mode to. It just doesn't want to die. I also searched for "prefetch" but the only result that showed was the application from System32 which again I tried deleting to no avail.

Information Security windows-virus