Fatal Error 0xc0000022 Then> Warning! Spyware Detected On Ur Computer.

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Fatal Error 0xc0000022 Then> Warning! Spyware Detected On Ur Computer., don't know what happened. did it get worse???

Options

hookedforever View Member Profile	Jul 4 2008, 03:39 AM Post #16
Member Group: Members Posts: 35 Joined: 2-July 08 From: philippines Member No.: 219,978	Hi! I tried installing AVG again but it now has a different error message: Local machine: installation failed Installation: Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key.... Error 0x80070005 I looked for the old AVG at the ADD/REMOVE PROGRAM but it's not there anymore so I just deleted the Grisoft folder which contained AVG7 at the Program Files (I deleted the Panda folder too). I reinstalled AVG8 but still it won't proceed. I noticed during installation (while AVG was checking my system), there were a lot of AVG7 files. I really do not know if that has to do with the problem. Anyway, my laptop is fine now. Thank you so much! The only thing now which I don't know how to resolve is how to install an antivirus. Do you have any suggestions? Also, can I now upgrade my java? I currently have Java 6 update 3. Do you think my laptop is fine now? Cause I'm actually having problems with my other pc. AVG detects a lot of tracking cookies but it does not consider them as threat so I could not heal them. I posted another thread regarding that in that and here's the link: http://www.bleepingcomputer.com/forums/topic155805.html. I was actually thinking of doing the same method we did for my laptop but like you guys say, every case is different, so i just posted a new one just to be sure. This post has been edited by hookedforever: Jul 4 2008, 05:13 AM

Buckeye_Sam View Member Profile	Jul 4 2008, 09:59 AM Post #17
Malware Expert Group: HJT Team Posts: 9,576 Joined: 23-December 04 Member No.: 7,762	I'll check out your other topic and post a reply if you haven't received one yet. Check out this suggestion for your AVG issue. http://freeforum.avg.com/read.php?13,121635,backpage=,sv= ============ You will want to get the latest version of Java. Here are instructions for that. You are running an older version of Java. This can be a security risk so let's get you the latest version. Upgrading Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 6. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version. =============== Your log shows that you don't have the recovery console installed. Check this link for more info on the recovery console and how to get it installed. How to install and use the Windows XP Recovery Console =============== Now we can clean up after ourselves. Make sure you have an Internet Connection. Double-click OTMoveIt2.exe to run it. Click on the CleanUp! button A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so. Click Yes to begin the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. ================= And finally here are some recommendations for you. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned. You can find instructions on how to enable and reenable system restore here: Windows XP System Restore Guide Renable system restore with instructions from tutorial above Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

hookedforever View Member Profile	Jul 4 2008, 02:32 PM Post #18
Member Group: Members Posts: 35 Joined: 2-July 08 From: philippines Member No.: 219,978	Hi Sam! Unfortunately, I'm still on the first part of the work you told me to do----get an Antivirus! I still couldn't get through the AVG8 installation, I really don't know why. I've tried the link you gave me and I even search for some other solutions and not a thing worked. I installed Avast instead but I had to uninstall it because my laptop went super duper slow. But Sam, I think my laptop isn't clean yet since before I uninstalled Avast, it detected explorer.exe and some .dll files when I turned my laptop to safe mode. I couldn't heal them because it said that they are protected or something (sorry I forgot the word...). I've actually downloaded all of your other recommendations and I'm about to install them. What I'm not sure of now is the cleaning of OTMoveIt2. Should I clean it anyway? hmm I guess I'd have to deal with my other PC some other time...poor me.

Buckeye_Sam View Member Profile	Jul 5 2008, 07:27 AM Post #19
Malware Expert Group: HJT Team Posts: 9,576 Joined: 23-December 04 Member No.: 7,762	I'm not a big fan of Avast, although others seem to really like it. Let's remove AVG manually and see if we can get it installed for you. Assuming you still have OTMoveit, copy this text into it and click MoveIt. C:\Documents and Settings\Administrator\Application Data\AVG7 C:\Documents and Settings\All Users\Application Data\avg8 C:\Program Files\AVG C:\WINDOWS\system32\drivers\Avg C:\Program Files\Common Files\Panda Software C:\Program Files\Panda Software C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR C:\Program Files\Trend Micro C:\WINDOWS\system32\Drivers\avgldx86.sys C:\WINDOWS\system32\Drivers\avgtdix.sys C:\WINDOWS\system32\DRIVERS\PavProc.sys C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys AvgLdx86 <delete service> avg8wd <delete service> AvgTdiX <delete service> ShldDrv <delete service> PavProc <delete service> Please post the log from OTMoveit back here in your next reply so I can see if anything didn't go. Download the trial version of Registry Tuneup from here. http://www.acelogix.com/regtune.html Run this program and remove everything that it finds. Reboot your computer. Please post a new log from DSS. Don't try to install AVG or any other antivirus yet until I review your logs. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

hookedforever View Member Profile	Jul 5 2008, 09:25 AM Post #20
Member Group: Members Posts: 35 Joined: 2-July 08 From: philippines Member No.: 219,978	Hi! Here's the OTMoveIt2 log: C:\Documents and Settings\Administrator\Application Data\AVG7 moved successfully. C:\Documents and Settings\All Users\Application Data\avg8\Log moved successfully. C:\Documents and Settings\All Users\Application Data\avg8\emc\Log moved successfully. C:\Documents and Settings\All Users\Application Data\avg8\emc moved successfully. C:\Documents and Settings\All Users\Application Data\avg8\Cfg moved successfully. C:\Documents and Settings\All Users\Application Data\avg8 moved successfully. C:\Program Files\AVG\AVG8\log moved successfully. C:\Program Files\AVG\AVG8\cfg moved successfully. Folder move failed. C:\Program Files\AVG\AVG8 scheduled to be moved on reboot. Folder move failed. C:\Program Files\AVG scheduled to be moved on reboot. C:\WINDOWS\system32\drivers\Avg moved successfully. C:\Program Files\Common Files\Panda Software moved successfully. File/Folder C:\Program Files\Panda Software not found. C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR moved successfully. C:\Program Files\Trend Micro\HijackThis\backups moved successfully. C:\Program Files\Trend Micro\HijackThis moved successfully. C:\Program Files\Trend Micro moved successfully. C:\WINDOWS\system32\Drivers\avgldx86.sys moved successfully. C:\WINDOWS\system32\Drivers\avgtdix.sys moved successfully. File/Folder C:\WINDOWS\system32\DRIVERS\PavProc.sys not found. File/Folder C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys not found. AvgLdx86 service deleted successfully. avg8wd service deleted successfully. AvgTdiX service deleted successfully. ShldDrv service deleted successfully. PavProc service deleted successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07052008_220208 Files moved on Reboot... C:\Program Files\AVG\AVG8 moved successfully. C:\Program Files\AVG moved successfully.

hookedforever View Member Profile	Jul 5 2008, 09:56 AM Post #21
Member Group: Members Posts: 35 Joined: 2-July 08 From: philippines Member No.: 219,978	Hi again! My DSS didn't find my HiJackThis. Could it be that the Registry TuneUp removed something essential to run it. Is it possible that my other programs won't run as well? Registry TuneUp has created a restore point though so I can restore anytime. Would it be safe to do that or should I just install my programs again? Here is the new DSS: Deckard's System Scanner v20071014.68 Run by Administrator on 2008-07-05 22:49:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 90% (more than 75%). Total Physical Memory: 126 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-05 22:51:38 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Documents and Settings\Administrator\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhpf.co.uk/mypage.asp?OrgID=125218 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{08DEFBAF-8C03-4A64-9615-A52E6774408E}: NameServer = 66.93.87.2 O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{33B00AD3-10D1-47B7-ACCF-DDBE9246973A}: NameServer = 66.93.87.2 O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B888C2C-27CF-45F6-BBF0-A29EE52D6356}: NameServer = 66.93.87.2 O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6873 bytes -- Files created between 2008-06-05 and 2008-07-05 ----------------------------- 2008-07-05 22:42:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-07-05 22:35:46 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-05 22:35:11 0 d-------- C:\Program Files\AceLogix 2008-07-05 04:00:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-05 03:54:03 0 d-------- C:\Program Files\Java 2008-07-05 03:53:49 0 d-------- C:\Program Files\Common Files\Java 2008-07-05 02:22:45 0 d-------- C:\Program Files\Alwil Software 2008-07-05 00:49:28 0 d-------- C:\Program Files\Windows Resource Kits 2008-07-04 23:56:17 4304896 --a------ C:\Documents and Settings\Administrator\ntuser.dat 2008-07-04 08:51:03 0 d-------- C:\RECYCLER(2) 2008-07-04 08:15:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-07-04 08:14:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-04 08:14:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-03 10:25:56 68096 --a------ C:\WINDOWS\zip.exe 2008-07-03 10:25:56 49152 --a------ C:\WINDOWS\VFind.exe 2008-07-03 10:25:56 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-07-03 10:25:56 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-07-03 10:25:56 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-07-03 10:25:56 98816 --a------ C:\WINDOWS\sed.exe 2008-07-03 10:25:56 80412 --a------ C:\WINDOWS\grep.exe 2008-07-03 10:25:56 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-07-03 02:34:59 0 d-------- C:\WINDOWS\ERUNT 2008-07-03 02:13:55 0 drahs---- C:\autorun.inf 2008-07-02 12:17:19 0 d--hs---- C:\WINDOWS\CSC 2008-07-02 11:00:45 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2008-07-02 11:00:17 0 --a------ C:\1617942406 2008-07-02 10:55:41 0 dr------- C:\Documents and Settings\LocalService\My Documents 2008-06-25 10:49:01 0 d-------- C:\WINDOWS\Sun 2008-06-21 17:27:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\BearShare 2008-06-21 17:26:01 0 d-------- C:\Program Files\BearShare Applications 2008-06-19 15:56:59 4007835 --a------ C:\Documents and Settings\Administrator\Desktop(3) 2008-06-19 15:56:52 2742692 --a------ C:\Documents and Settings\Administrator\Desktop(2) 2008-06-16 19:22:40 338 --a------ C:\Program Files\Setupinf.dat 2008-06-16 19:22:37 246972 --a------ C:\Program Files\FPFntDat.bin 2008-06-16 19:22:36 279781 --a------ C:\Program Files\BarRes.dat 2008-06-16 18:48:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2008-06-13 14:20:40 0 d-------- C:\Program Files\QuickFix 2008-06-08 12:02:53 0 d-------- C:\WINDOWS\system32\appmgmt -- Find3M Report --------------------------------------------------------------- 2008-07-05 22:02:39 0 d-------- C:\Program Files\Common Files 2008-07-02 20:07:10 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-02 11:00:04 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-06-26 02:37:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-06-24 23:21:32 5853 --a------ C:\WINDOWS\mozver.dat 2008-06-24 21:59:27 0 d-------- C:\Program Files\Google 2008-06-08 12:01:50 0 d-------- C:\Program Files\Common Files\Autodesk Shared 2008-06-04 15:25:53 0 d-------- C:\Program Files\Free PDF Downloader 2008-06-03 15:34:14 0 d-------- C:\Program Files\Xvid 2008-06-01 19:27:41 0 d-------- C:\Program Files\uTorrent 2008-06-01 04:39:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google 2008-06-01 04:35:39 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-01 04:35:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-05-28 16:55:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-05-28 14:18:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo! 2008-05-28 13:59:25 0 d-------- C:\Program Files\Yahoo! 2008-05-28 13:43:20 0 d-------- C:\Program Files\Chikka 2008-05-27 22:40:13 4096 --a------ C:\WINDOWS\d3dx.dat 2008-05-27 22:39:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\GameHouse 2008-05-27 22:38:49 0 d-------- C:\Program Files\GameHouse 2008-05-25 22:34:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-05-14 11:11:10 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine> 2008-05-12 21:19:48 0 d-------- C:\Program Files\Video-AVI to GIF-JPEG 2008-05-05 01:49:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia 2008-04-27 10:35:28 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-04-27 10:33:36 765952 --a------ C:\WINDOWS\system32\xvidcore.dll -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 12:23] "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 16:05] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 16:55] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "tscuninstall"=%systemroot%\system32\tscupgrd.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-09 16:18:17] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 05:43:54] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"=1 (0x1) "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableCAD"=1 (0x1) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"=1 (0x1) "ForceClassicControlPanel"=1 (0x1) "NoRemoteRecursiveEvents"=1 (0x1) "MemCheckBoxInRunDlg"=1 (0x1) "DisableCAD"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSharedDocuments"=1 (0x1) "ClearRecentDocsOnExit"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoInstrumentation"=1 (0x1) "NoSMHelp"=1 (0x1) "DisableCAD"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSharedDocuments"=1 (0x1) "ClearRecentDocsOnExit"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoRecentDocsHistory"=1 (0x1) "NoInstrumentation"=1 (0x1) "NoSMHelp"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d419bec0-ee96-11dc-bd59-08004628ffc6}] AutoRun\command- SilentSoftech.exe explore\command- SilentSoftech.exe open\command- SilentSoftech.exe var1\command- SilentSoftech.exe -- End of Deckard's System Scanner: finished at 2008-07-05 22:56:01 ------------

Buckeye_Sam View Member Profile	Jul 5 2008, 10:43 AM Post #22
Malware Expert Group: HJT Team Posts: 9,576 Joined: 23-December 04 Member No.: 7,762	No, don't do any restore. It's my fault that Hijackthis got removed. But it's no big deal. You can always download it again if you need it, but I don't think we need it now. Copy this into OTMoveit just like before. PavPrSrv <delete service> C:\Program Files\Common Files\Panda Software Assuming those deletions are successful, run Registry Tuneup once more and delete anything it finds. Reboot once more. Just in case your downloaded installation file is corrupted, delete it and download the latest file from here. http://free.avg.com/ww.download?prd=afe Go ahead and install AVG. Let me know how it goes. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

hookedforever View Member Profile	Jul 5 2008, 11:42 AM Post #23
Member Group: Members Posts: 35 Joined: 2-July 08 From: philippines Member No.: 219,978	Thanks for the help Sam but there's still no luck. I still get the same message. Local machine: installation failed Installation: Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key.... Error 0x80070005 I found out on the internet that there are a lot of people having the same problem I have and most of them are just waiting for AVG to finally fix this. So I guess I'll just have to wait too.

Buckeye_Sam View Member Profile	Jul 5 2008, 11:54 AM Post #24
Malware Expert Group: HJT Team Posts: 9,576 Joined: 23-December 04 Member No.: 7,762	I've never been patient enough to wait. I may have found a fix for you. Download this file and unzip to your desktop. http://www.grisoft.it/download/tools/set_permissions.zip Double click reset_access.bat to run the fix. Reboot when you're done and try the installation again. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

hookedforever View Member Profile	Jul 5 2008, 12:40 PM Post #25
Member Group: Members Posts: 35 Joined: 2-July 08 From: philippines Member No.: 219,978	I admire your impatience. heehee Unfortunately though, AVG still doesn't want to cooperate. I still get the same error message. I have Spybot running and everytime I try to install AVG it pops out with a message and I click "Allow Changes". That's the right button to choose, right? I also tried installing AVG while Spybot is turned off but still no luck.

Buckeye_Sam View Member Profile	Jul 5 2008, 05:20 PM Post #26
Malware Expert Group: HJT Team Posts: 9,576 Joined: 23-December 04 Member No.: 7,762	Hmmm....that got me to thinking. I've been running into a lot of trouble with Spybot lately conflicting with other programs. You might try uninstalling Spybot completely just to see if it's the culprit of our troubles. Just for your reference, here is where you can download and install it again. http://www.safer-networking.org/en/mirrors/index.html -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware. [ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ] [ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]

hookedforever View Member Profile	Jul 6 2008, 07:54 AM Post #27
Member Group: Members Posts: 35 Joined: 2-July 08 From: philippines Member No.: 219,978	Sam! I removed Spybot and tried installing AVG again but as usual I get the same error message.

Buckeye_Sam View Member Profile	Jul 6 2008, 08:04 AM Post #28
Malware Expert Group: HJT Team Posts: 9,576 Joined: 23-December 04 Member No.: 7,762	Ok, I concede. But I'm not happy about it! I guess it's an issue that AVG techs will have to sort out. In the meantime, you need to have an antivirus running for pro