Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"cant Perform Operation, Low Memory" Error


  • This topic is locked This topic is locked
26 replies to this topic

#1 etah

etah

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 July 2007 - 12:58 AM

I am running windows 2000.. i tried to install some "cracked" software 3-4 days back and thats exactly when i started having problems with my computer... whenever i try to open windows media player it shows the message "cant perform operation, low memory".. i am dead sure it has nothing to do with my memory as i have 256 mb of ram and i am sure its coz of some malware/spyware/virus which has crept into my computer... also the other major problem which i am having is i cant copy paste anything on the computer be it files or some text... my computer takes atleast 5 minutes longer to start up now than what it used to take before i tried installing that stupid software...

i ran the latest ad-aware but couldnt find anything coz it wouldnt run the updates.. i cant run any online virus checks either.. i have nod32 on my system and it didnt find anything either... I installed avg anti spyware but it couldt solve the problem either.. i also ran spybot but that also couldnt help me much...

after trying everything which i could have, i have come here in hope u guys will help me out... please help me out and help me get rid of my misery..

below is the latest HiJackThis log so that u guys can take a good look of my problem and solve it..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:16 AM, on 7/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\drivers\dcfssvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\S-1-5-21-1275210071-1390067357-725345543-500\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1275210071-1390067357-725345543-500\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ff] 221.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-1275210071-1390067357-725345543-500 Startup: RsGetPoints.lnk = E:\RsGetPoints23\RsGetPts.exe (User '?')
O4 - Startup: RsGetPoints.lnk = E:\RsGetPoints23\RsGetPts.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sdccommo...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161357164718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166626522687
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistrysca...eRegCleaner.cab
O16 - DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} (VCR.Scan) - http://www.viruschaser.com.hk/eng/webscan/Vcrscan.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE04E28-5809-43B9-A309-0A775A44AC01}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{5CE04E28-5809-43B9-A309-0A775A44AC01}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{5CE04E28-5809-43B9-A309-0A775A44AC01}: NameServer = 202.56.215.6,202.56.230.6
O22 - SharedTaskScheduler: DCOM Server 3339 - {2C1CD3D7-86AC-4068-93BC-A02304BB3339} - (no file)
O22 - SharedTaskScheduler: Network Neighborhood - {9F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe

--
End of file - 9315 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 July 2007 - 05:54 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum etah :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


---------------------------------------------------

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option 1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

*IMPORTANT*
Do NOT run any other options until you are asked to do so!
Posted Image
Posted Image

#3 etah

etah
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 July 2007 - 07:49 AM

Thanks richiuk for trying and helping me out... here r the two logs that u had asked for... by mistake i ran combofix twice so i am pasting both the logs in case they r differant... Thanks again bro

First Log of combo fix:

"Administrator" - 2007-07-21 18:13:14 - ComboFix 07-07-21.5 - Service Pack 4 FAT32

Rootkit driver pe386 is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\W7EEVHZZ\iforex.com
C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\ADMINI~1\www.google.com\favicon.ico
C:\Documents and Settings\ADMINI~1\www.google.com\google_files
C:\Documents and Settings\ADMINI~1\www.google.com\google_files\hp0.gif
C:\Documents and Settings\ADMINI~1\www.google.com\google_files\hp1.gif
C:\Documents and Settings\ADMINI~1\www.google.com\google_files\hp2.gif
C:\Documents and Settings\ADMINI~1\www.google.com\google_files\hp3.gif
C:\Documents and Settings\ADMINI~1\www.google.com\index.html
C:\Documents and Settings\ADMINI~1\www.google.com\thank.html
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Program Files\Common Files\comio32.dll
C:\Program Files\vsadd-in
C:\WINNT\DOWNLO~1.\Log
C:\WINNT\DOWNLO~1.\Log\event.log
C:\WINNT\DOWNLO~1.\Log\scan.log
C:\WINNT\DOWNLO~1.\Log\vlog.log
C:\WINNT\g32.txt
C:\WINNT\media\comio32.dll
C:\WINNT\s32.txt
C:\WINNT\system32\drivers\npf.sys
C:\WINNT\system32\lzx32.sys
C:\WINNT\system32\Packet.dll
C:\WINNT\system32\pthreadVC.dll
C:\WINNT\system32\RunOnce.t__
C:\WINNT\system32\RunOnce.tm_
C:\WINNT\system32\WanPacket.dll
C:\WINNT\system32\wpcap.dll
C:\WINNT\trace
C:\WINNT\ws386.ini


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASPI113210
-------\LEGACY_NPF
-------\LEGACY_NTIO256
-------\nm
-------\NPF
-------\ntio256


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-21 18:09 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-21 01:02 <DIR> d-------- C:\WINNT\system32\Panda Software
2007-07-20 20:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-07-20 08:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
2007-07-20 08:39 <DIR> d-------- C:\Program Files\Uniblue
2007-07-19 20:53 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-07-07 11:53 30,768 --a------ C:\WINNT\system32\drivers\disk.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 19:34:08 3,712 ----a-w C:\WINNT\mozver.dat
2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2007-04-23 06:22:02 939,280 ----a-w C:\WINNT\system32\ntdsa.dll
2006-08-07 15:45:08 784 ----a-w C:\DOCUME~1\ADMINI~1\APPLIC~1\mpauth.dat
2005-10-26 04:08:30 271 ---h--w C:\Program Files\desktop.ini
2005-10-26 04:08:30 21,952 ---h--w C:\Program Files\folder.htt
2007-01-23 16:28:16 3,088 --sha-w C:\WINNT\system32\KGyGaAvL.sys
2006-05-18 04:23:12 56 --sh--r C:\WINNT\system32\DE46F7BECF.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"@"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05-10-26 21:11 ]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07-03-29 00:37 ]
"nxpclient"="C:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe" [07-01-11 12:19 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 14:55 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-06-14 10:05 ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ff"=221.exe
"Recoveru systems"=C:\WINNT\TEMP\svchast.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"= {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll [03-06-19 12:05 477456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]
RegCompact.dll 06-04-10 18:42 138552 C:\WINNT\system32\RegCompact.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

btserial - \??\C:\WINNT\system32\drivers\btserial.sys - Bluetooth Serial Driver
btslbcsp - \??\C:\WINNT\system32\drivers\btslbcsp.sys - Bluetooth Port Client Driver
btwdndis - system32\DRIVERS\btwdndis.sys - Bluetooth LAN Access Server
cmuda - system32\drivers\cmuda.sys - C-Media WDM Audio Interface
co_mon - \??\C:\WINNT\system32\Drivers\CO_Mon.sys - CO_Mon
dccam - system32\DRIVERS\DcCam.sys - Kodak Camera Proxy
dcfpoint - system32\DRIVERS\DcFpoint.sys - DcFpoint
dcfs2k - system32\drivers\dcfs2k.sys - DCFS2K
dclps - system32\DRIVERS\DcLps.sys - Legacy Polling Service
dcptp - system32\DRIVERS\DcPTP.sys - dcptp
dp1112 - \??\C:\WINNT\system32\Drivers\DP.sys - DP1112
exportit - system32\DRIVERS\exportit.sys - Exportit
fax - %systemroot%\system32\faxsvc.exe - Fax Service
mpe - system32\DRIVERS\MPE.sys - BDA MPE Filter
msgegh - \??\C:\WINNT\system32\drivers\msgegh.sys - msgegh
netdetect - NetDetect - \SystemRoot\system32\drivers\netdtect.sys
nod32drv - \SystemRoot\system32\drivers\nod32drv.sys - nod32drv
parallel - Parallel class driver - System32\DRIVERS\parallel.sys
ptssvc - C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe - ptssvc
rca - system32\drivers\RCA.sys - Microsoft Streaming Network Raw Channel Access
rootmodem - System32\Drivers\RootMdm.sys - Microsoft Legacy Modem Driver
tsp - \??\C:\WINNT\system32\drivers\klif.sys - TSP
uhcd - Microsoft USB Universal Host Controller Driver - System32\DRIVERS\uhcd.sys
usbhub20 - System32\DRIVERS\usbhub20.sys - USB 2.0 Root Hub Support
utilman - Utility Manager - %SystemRoot%\System32\UtilMan.exe

*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-01-25 17:51:22 C:\WINNT\tasks\Spybot - Search & Destroy - Scheduled Task.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-21 18:17:04
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden registry entries ...

disk error: C:\WINNT\system32\config\software
disk error: C:\Documents and Settings\Administrator\ntuser.dat
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-21 18:17:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-07-21 18:17

--- E O F ---




Second Log of Combo Fix:
"Administrator" - 07/21/2007 18:19:54 - ComboFix 07-07-21.5 - Service Pack 4 FAT32


((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-21 18:09 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-21 01:02 <DIR> d-------- C:\WINNT\system32\Panda Software
2007-07-20 20:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
2007-07-20 08:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
2007-07-20 08:39 <DIR> d-------- C:\Program Files\Uniblue
2007-07-19 20:53 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-07-07 11:53 30,768 --a------ C:\WINNT\system32\drivers\disk.sys
2007-06-10 22:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 19:34:08 3,712 ----a-w C:\WINNT\mozver.dat
2007-04-25 07:52:16 147,216 ----a-w C:\WINNT\system32\SCHANNEL.DLL
2007-04-23 06:22:02 939,280 ----a-w C:\WINNT\system32\ntdsa.dll
2006-08-07 15:45:08 784 ----a-w C:\DOCUME~1\ADMINI~1\APPLIC~1\mpauth.dat
2005-10-26 04:08:30 271 ---h--w C:\Program Files\desktop.ini
2005-10-26 04:08:30 21,952 ---h--w C:\Program Files\folder.htt
2007-01-23 16:28:16 3,088 --sha-w C:\WINNT\system32\KGyGaAvL.sys
2006-05-18 04:23:12 56 --sh--r C:\WINNT\system32\DE46F7BECF.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"@"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/26/05 09:11p]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [03/29/07 12:37a]
"nxpclient"="C:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe" [01/11/07 12:19p]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/07 02:55p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [06/14/05 10:05a]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ff"=221.exe
"Recoveru systems"=C:\WINNT\TEMP\svchast.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"= {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\NETSHELL.dll [06/19/03 12:05p 477456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]
RegCompact.dll 04/10/06 06:42p 138552 C:\WINNT\system32\RegCompact.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

btserial - \??\C:\WINNT\system32\drivers\btserial.sys - Bluetooth Serial Driver
btslbcsp - \??\C:\WINNT\system32\drivers\btslbcsp.sys - Bluetooth Port Client Driver
btwdndis - system32\DRIVERS\btwdndis.sys - Bluetooth LAN Access Server
cmuda - system32\drivers\cmuda.sys - C-Media WDM Audio Interface
co_mon - \??\C:\WINNT\system32\Drivers\CO_Mon.sys - CO_Mon
dccam - system32\DRIVERS\DcCam.sys - Kodak Camera Proxy
dcfpoint - system32\DRIVERS\DcFpoint.sys - DcFpoint
dcfs2k - system32\drivers\dcfs2k.sys - DCFS2K
dclps - system32\DRIVERS\DcLps.sys - Legacy Polling Service
dcptp - system32\DRIVERS\DcPTP.sys - dcptp
dp1112 - \??\C:\WINNT\system32\Drivers\DP.sys - DP1112
exportit - system32\DRIVERS\exportit.sys - Exportit
fax - %systemroot%\system32\faxsvc.exe - Fax Service
mpe - system32\DRIVERS\MPE.sys - BDA MPE Filter
msgegh - \??\C:\WINNT\system32\drivers\msgegh.sys - msgegh
netdetect - NetDetect - \SystemRoot\system32\drivers\netdtect.sys
nod32drv - \SystemRoot\system32\drivers\nod32drv.sys - nod32drv
parallel - Parallel class driver - System32\DRIVERS\parallel.sys
ptssvc - C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe - ptssvc
rca - system32\drivers\RCA.sys - Microsoft Streaming Network Raw Channel Access
rootmodem - System32\Drivers\RootMdm.sys - Microsoft Legacy Modem Driver
tsp - \??\C:\WINNT\system32\drivers\klif.sys - TSP
uhcd - Microsoft USB Universal Host Controller Driver - System32\DRIVERS\uhcd.sys
usbhub20 - System32\DRIVERS\usbhub20.sys - USB 2.0 Root Hub Support
utilman - Utility Manager - %SystemRoot%\System32\UtilMan.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-01-25 17:51:22 C:\WINNT\tasks\Spybot - Search & Destroy - Scheduled Task.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-21 18:21:09
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

cmd.exe [736]


scanning hidden registry entries ...

disk error: C:\WINNT\system32\config\software
disk error: C:\Documents and Settings\ADMINI~1\ntuser.dat
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 07/21/2007 18:21:34
C:\ComboFix-quarantined-files.txt ... 07/21/07 06:21p
C:\ComboFix2.txt ... 07/21/07 06:17p

--- E O F ---



Log of SmitFraudFix:
SmitFraudFix v2.205

Scan done at 18:24:32.87, Sat 07/21/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

Process


hosts


C:\


C:\WINNT


C:\WINNT\system


C:\WINNT\Web


C:\WINNT\system32


C:\Documents and Settings\Administrator


C:\Documents and Settings\Administrator\Application Data


Start Menu





Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS



Scanning for wininet.dll infection


End




I Hope thats what u require to further udnerstand my problem and than fix it..


waiting for ur next set of instructions :thumbsup:

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 July 2007 - 08:58 AM

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopPosted Imageand agree to merge it into the registry,then reboot.

REGEDIT4
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ff"=-
"Recoveru systems"=-

Restart your pc.
Post a fresh Hijackthis log.
Posted Image
Posted Image

#5 etah

etah
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 July 2007 - 09:58 AM

I did what u asked of me and this is the latest HiJackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:52 PM, on 7/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\drivers\dcfssvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1275210071-1390067357-725345543-500\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-1275210071-1390067357-725345543-500\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - S-1-5-21-1275210071-1390067357-725345543-500 Startup: RsGetPoints.lnk = E:\RsGetPoints23\RsGetPts.exe (User '?')
O4 - Startup: RsGetPoints.lnk = E:\RsGetPoints23\RsGetPts.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sdccommo...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1161357164718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166626522687
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistrysca...eRegCleaner.cab
O16 - DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} (VCR.Scan) - http://www.viruschaser.com.hk/eng/webscan/Vcrscan.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE04E28-5809-43B9-A309-0A775A44AC01}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{5CE04E28-5809-43B9-A309-0A775A44AC01}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{5CE04E28-5809-43B9-A309-0A775A44AC01}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe

--
End of file - 8655 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 July 2007 - 10:24 AM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 etah

etah
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 July 2007 - 11:06 AM

I downloaded the superantispyware which u asked me to do but i cant install it... i am getting an error message saying "The windows installer service could not be accessed. This can occur if you are running windows in a safe mode. or if the windows installer is not correctly installed. Contact your support personnel for assistance".

so please tell me a way around it.....

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 July 2007 - 11:29 AM

Download/unzip/install Dial-a-Fix from here:
http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip
Launch the program,place a check in 'Fix Windows Installer'.
Then click on 'GO' at the bottom.
Restart your pc when Dial-a-Fix has done.
Are you now able to install SuperAntiSpyware now or not please.
Posted Image
Posted Image

#9 etah

etah
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 July 2007 - 11:51 AM

I downloaded that "Dial a fix" u asked me to... and i did exactly as u asked me to but unfortunately it didnt solved anything.. i tried the same step twice already but i still cant install superanti apyware and its not the problem with that particular software.. i have tried few other softwares which i had but i am unable to install them as well :thumbsup:.... can this be fixed?!?!?

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 July 2007 - 12:01 PM

Try the following.
"The Windows Installer Service Could Not Be Accessed" error message when you install a program in Windows XP:
http://support.microsoft.com/kb/315353
Posted Image
Posted Image

#11 etah

etah
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 July 2007 - 01:21 PM

no sir.. tried everything written on that page and tried atleast 20 differant things which were written on microsoft.com but to no avail... couldnt fix this problem.....

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 July 2007 - 04:21 PM

Try downloading\installing Windows Installer 3.1 (v2):
http://www.softwarepatch.com/windows/wininstallnt.html
Restart your pc once installed.
Posted Image
Posted Image

#13 etah

etah
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 21 July 2007 - 10:33 PM

okay i tried the above said software and it still doesnt work.. i downloaded regcure, ran it in hope it will fix something atleast.. it did found and claimed to fix some 2000 problems but none of the ones i was facing.. still windows installer wont run and the old problems still exist as well...

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 22 July 2007 - 06:52 AM

If you have the MS Windows 2000 installation disk.
Click Start>Run,type sfc /scannow then press Ok.
Leave a space in between sfc and /scannow
Reboot when you've done.

If still no joy try a Repair Install by following the info in the link below.
Windows 2000 Professional Repair install:
http://www.windows2000.windowsreinstall.com/Repair/index.htm
Posted Image
Posted Image

#15 etah

etah
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 22 July 2007 - 10:32 AM

richie, thanks for helping me thruout.. i think this latest idea of repairing should solve my problem but before i can continue i need u to tell me one thing
i have a windows 2000 cd but its NOT bootable so do i get that "press any key to boot from cd" menu without having a bootable win2k cd?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users