Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant Download Any Antivirus Programs


  • Please log in to reply
2 replies to this topic

#1 shoulda

shoulda

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 15 March 2008 - 01:16 AM

My problem started with my screensaver freezing requiring hard starts. After that system started slowing down then would not open any programs. These are some of the messages:

iexplore.exe application error The application failed to load
spybotsd.exe has encountered a problem and needs to close
dwinwin.exe application failed to load

As I have had problems with virus on other computers, I already had Ad-Aware, Spybot and Spyware Blaster installed. I ran these on a weekly basis and had McAfee Anti Virus. Since not able to open any programs, used Iolo System Mechanic Professional and was able to get computer running. Did a system restore and system ran well for a few weeks.

I use IE as little as possible relying instead on Firefox for the internet. I had removed McAfee to use AOL Safety only to have computer slow to a crawl. Checked my security settings - all changed, firewall turned off. Changed to default, ran above again - System Mechanic found spyware infection called shopathome and Ad-Aware found critical items, Regfile, Scrfile.

l Removed spyware and quarantined critical items. Trying to download HJT, Ad-Aware updates, One Care etc but anything associated with antivirus gets msgs such as this for Ad-Aware:

c:\documentsandsettings\...\desktop\<service>.exe is not a valid Win32 application.

This for OneCare:

Error Code 0x08402802

OneCare search doesnt bring back much about the error nor does Goggle. The computer works, albeit slowly, and am still able to crawl along in internet. CD's and DVD's are reading so Im taking that as a good sign. Dont know if Im on right track but cld these problems come from a conflict with McAafee? Messages pops up saying cant remove McAfee because this file is missing:

program~1\mcafee.com\agent\uninst\screen.ui

Another message that is popping up repeatedly is:

itunes.msi

Any ideas as to what the above might be? I cant find anything about it in my Itune files. Im worried that I have another virus lingering and might loose the info on computer. To be on safe side will try to backup everything tonight. Im also going out tmw to get an external hard drive. Ive reached the end of my knowledge base and am calling in BC to the rescue. Any ideas what's going on? Heres latest Ad-Aware Log. Thanks in advance for your help!

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, March 14, 2008 11:31:47 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R217 04.02.2008


References detected during the scan:

Tracking Cookie(TAC index:3):2 total references
Windows(TAC index:3):2 total references


Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


3-14-2008 11:31:47 PM - Scan started. (Full System Scan)

Listing running processes


#:1 [smss.exe]

#:2 [csrss.exe]

#:3 [winlogon.exe]

#:4 [services.exe]

#:5 [lsass.exe]

#:6 [svchost.exe]

#:7 [svchost.exe]

#:8 [svchost.exe]

#:9 [svchost.exe]

#:10 [svchost.exe]

#:11 [spoolsv.exe]

#:12 [aolacsd.exe]

#:13 [aolavupd.exe]

#:14 [btwdins.exe]

#:15 [ctsvccda.exe]

#:16 [ioloservicemanager.exe]

#:17 [itmrtsvc.exe]

#:18 [mcdetect.exe]

#:19 [mctskshd.exe]

#:20 [mdm.exe]

#:21 [hpzipm12.exe]

#:22 [svchost.exe]

#:23 [wdfmgr.exe]

#:24 [mspmspsv.exe]

#:25 [explorer.exe]

#:26 [alg.exe]

#:27 [wscntfy.exe]

#:28 [intelmem.exe]

#:29 [ctsysvol.exe]

#:30 [rundll32.exe]

#:31 [dvdlauncher.exe]

#:32 [realplay.exe]

#:33 [tfswctrl.exe]

#:34 [issch.exe]

#:35 [dmxlauncher.exe]

#:36 [mpftray.exe]

#:37 [hkcmd.exe]

#:38 [igfxpers.exe]

#:39 [mediadetect.exe]

#:40 [ituneshelper.exe]

#:41 [aolsp scheduler.exe]

#:42 [aolload.exe]

#:43 [ipodservice.exe]

#:44 [mcvsescn.exe]

#:45 [aoldial.exe]

#:46 [mpfservice.exe]

#:47 [smsystemanalyzer.exe]

#:48 [ctfmon.exe]

#:49 [dsagnt.exe]

#:50 [mpfagent.exe]

#:51 [aolsoftware.exe]

#:52 [sscevthdlr.exe]

#:53 [bttray.exe]

#:54 [j2gdllcmd.exe]

#:55 [j2gtray.exe]

#:56 [hpqtra08.exe]

#:57 [minimavis.exe]

#:58 [hpqgalry.exe]

#:59 [wmiprvse.exe]

#:60 [bartshel.exe]

#:61 [ppshared.exe]

#:62 [smtraynotify.exe]

#:63 [bartshel.exe]

#:64 [firefox.exe]

#:65 [anotify.exe]

#:66 [sysmech7.exe]

#:67 [aolsoftware.exe]

#:68 [iexplore.exe]

#:69 [ytbsdk.exe]

#:70 [ad-aware.exe]

Memory scan result:

New critical objects: 0
Objects found so far: 0


Started registry scan


Windows Object Recognized!
Type : RegData
Data : notepad.exe %1
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : notepad.exe %1

Windows Object Recognized!
Type : RegData
Data : notepad.exe %1
Rootkey : HKEY_CLASSES_ROOT
Object : scrfile\shell\open\command
Value :
Data : notepad.exe %1

Registry Scan result:

New critical objects: 2
Objects found so far: 2


Started deep registry scan


Deep registry scan result:

New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@com[1].txt
Value : Cookie:me@com.com/

Tracking cookie scan result:

New critical objects: 1
Objects found so far: 3



Deep scanning and examining files (C:)


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : me@com[1].txt
Value : C:\Documents and Settings\LocalService\Cookies\me@com[1].txt

Disk Scan Result for C:\

New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".


Hosts file scan result:

1 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...


Conditional scan result:

New critical objects: 0
Objects found so far: 4

12:06:19 AM Scan Complete

Summary Of This Scan

Total scanning time:00:34:32.437
Objects scanned:220674
Objects identified:4
Objects ignored:0
New critical objects:4

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:50 AM

Posted 15 March 2008 - 07:48 AM

Data : notepad.exe %1


That is Ad-Aware alerting you to the fact that your settings for opening reg and scr files is not the usual windows default settings. Yours is set to open with notepad instead (probably something either you or one of your security programs has done). It looks like a safety measure you have implemented? That key is sometimes changed by malware but in your case it looks more like it was done by you on purpose.


http://www.lavasoftsupport.com/index.php?s...ost&p=40750

Now you have the $64,000 question, did malware change this setting or did one of my programs do it to protect me from maliscous scripts?

Rant mode on:
Powerful medications can cure illness, too many of the wrongly prescribed ones in the wrong combinations can kill you.
Rant mode off:

You have enough running processes to kill an elephant.
Chewy

No. Try not. Do... or do not. There is no try.

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 15 March 2008 - 08:11 AM

a few issues to start with

unfortunately you will find that Adaware SE is no longer a valid program, and you have run a scan from a month's ago definitions

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, March 14, 2008 11:31:47 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R217 04.02.2008


from what I can see adaware 2007 will NOT be compatible with your ME system

adaware 2007 compatibility

have you managed to update to the NEW spybot program and definitions?

spybot1.5.2

if not , and you have problems with the updating ( as many of us have had too), then I suggest you also remove it


from THIS
http://safety.aol.com/isc/index.adp? and with Macaffe apparently already on board you would seem to have duplicated the protection
do you do any file sharing P2P stuff on the computer as this on the stopathome info might suggest such ?

http://forums.spybot.info/showthread.php?t=211

I suggest you need to remove adaware se as it is no longer a valid working program ;
if you have not managed to update TO the new spybot program I suggest you also remove it


I suggest you try running the FREE for home users

http://www.superantispyware.com/superantis...efreevspro.html

you will need to download this, fully update it, reboot into safe mode and run a full deep scan with it

also you may find the a squared program FREE for home users

http://www.emsisoft.com/en/software/free/

useful its free exe is

http://download6.emsisoft.com/a2FreeSetup.exe

you will again need to download it, fully update the definitions, reboot and do a full deep scan in safe mode

see what those scans produce




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users