Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems With Installing Kaspersky 7.0


  • This topic is locked This topic is locked
3 replies to this topic

#1 aloss

aloss

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 15 April 2008 - 07:46 AM

Hello,
I have problem with installing Kaspersky 7.0.
My laptop doesn't recognise the Kaspersky CD- altough the drive works perfectly well.
When I pluged into USB my CD outer device then the installation wizard installed Kaspersky, but
starting the program I got a error message: this is not a valid Win32 application.
I tried to install the same CD into my PC and it worked well!?? - something strange is happening with mu laptop.
Maybe someone can help me out?

My DSS logs are here:
-------------------------------
Deckard's System Scanner v20071014.68
Run by alo on 2008-04-15 14:24:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2008-04-15 11:24:40 UTC - RP94 - Deckard's System Scanner Restore Point
93: 2008-04-15 11:04:28 UTC - RP93 - Eemaldatud Kaspersky Anti-Virus 7.0.
92: 2008-04-15 10:18:40 UTC - RP92 - Paigaldatud Kaspersky Anti-Virus 7.0.
91: 2008-04-15 10:00:35 UTC - RP91 - System Checkpoint
90: 2008-04-13 09:41:08 UTC - RP90 - System Checkpoint


-- First Restore Point --
1: 2008-01-29 11:44:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-15 14:27:16
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\CompuPicPro\scsiaccess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alo\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKCU\..\Run: [SpyClean] C:\Program Files\Netcom3 Cleaner\SpyClean.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\scsiaccess.exe


--
End of file - 4316 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 TfFsMon - c:\windows\system32\drivers\tffsmon.sys (file missing)
S0 TfSysMon - c:\windows\system32\drivers\tfsysmon.sys (file missing)
S2 tmcomm - c:\windows\system32\drivers\tmcomm.sys <Not Verified; Trend Micro Inc.; ActiveClean>
S3 KLIF - c:\windows\system32\drivers\klif.sys (file missing)
S3 TfNetMon - c:\windows\system32\drivers\tfnetmon.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 ScsiAccess - c:\program files\photodex\compupicpro\scsiaccess.exe

S3 Netcom3 (NetCom3 Service) - c:\program files\netcom3 cleaner\pscmonitor.exe (file missing)
S4 PavPrSrv (Panda Process Protection Service) - "c:\program files\common files\panda software\pavshld\pavprsrv.exe" <Not Verified; Panda Software; PandaShield>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_80661071&REV_04\3&B1BFB68&0&F3
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_80661071&REV_04\3&B1BFB68&0&F3
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-15 14:09:02 458 --a------ C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2008-04-08 19:23:43 492 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
2008-04-08 03:30:00 382 --a------ C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job
2008-04-08 03:00:05 484 --a------ C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-05 14:19:32 0 d-------- C:\Program Files\Common Files\PC Tools
2008-04-05 14:07:03 0 d-------- C:\Documents and Settings\alo\Application Data\PC Tools
2008-04-05 14:05:01 0 d-------- C:\Program Files\SpyWare
2008-04-05 13:53:54 101888 --a------ C:\WINDOWS\system32\vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-05 13:46:30 0 d-------- C:\Program Files\AdwareAlert
2008-04-04 22:39:50 0 d-------- C:\Documents and Settings\alo\Application Data\AdwareAlert
2008-04-04 22:35:50 0 d-------- C:\Program Files\Netcom3 Cleaner
2008-04-04 22:31:00 0 d-------- C:\Documents and Settings\alo\Application Data\RegSweep
2008-04-04 21:49:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-03 21:00:19 0 d-------- C:\Program Files\Gabest
2008-04-01 19:54:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-23 18:12:58 0 d-------- C:\Documents and Settings\alo\Application Data\Pegasys Inc
2008-03-23 17:41:57 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2008-03-23 17:40:47 0 d-------- C:\Program Files\Pegasys Inc
2008-03-23 17:33:43 0 d-------- C:\Documents and Settings\alo\Application Data\VCDEasy
2008-03-23 17:33:12 0 d-------- C:\Program Files\VCDEasy
2008-03-23 10:35:53 0 d-------- C:\Program Files\Subtiitrid
2008-03-22 22:12:08 0 d-------- C:\Program Files\TimeAdjuster
2008-03-22 21:30:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-22 17:38:47 0 d-------- C:\Documents and Settings\alo\Application Data\Uniblue
2008-03-22 17:33:14 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-22 17:33:13 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-03-22 10:18:55 0 d-------- C:\Program Files\URUSoft
2008-03-22 10:16:44 0 d-------- C:\Program Files\subtitles
2008-03-21 08:59:51 102664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys <Not Verified; Trend Micro Inc.; ActiveClean>
2008-03-20 22:56:51 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-19 18:51:33 0 d-------- C:\kav
2008-03-18 18:19:40 0 d-------- C:\Documents and Settings\alo\.housecall6.6
2008-03-17 22:58:49 0 d-------- C:\Documents and Settings\alo\Application Data\AVGTOOLBAR
2008-03-17 22:57:58 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-04-13 12:06:10 0 d-------- C:\Program Files\eMule
2008-04-05 14:19:32 0 d-------- C:\Program Files\Common Files
2008-04-04 22:35:19 0 d-------- C:\Program Files\Yahoo!
2008-04-04 22:35:16 0 d-------- C:\Program Files\Common Files\Scanner
2008-03-31 06:26:54 70660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-03-30 14:30:39 0 d-------- C:\Program Files\Winamp
2008-03-30 14:23:37 0 d-------- C:\Documents and Settings\alo\Application Data\Winamp
2008-03-30 14:07:48 0 d-------- C:\Documents and Settings\alo\Application Data\DivX
2008-03-23 17:39:00 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-22 17:43:43 0 d-------- C:\Program Files\ffdshow
2008-03-21 14:47:10 0 d--h----- C:\Documents and Settings\alo\Application Data\m
2008-03-08 21:13:37 0 d-------- C:\Program Files\MyHeritage
2008-03-07 21:15:53 0 d-------- C:\Program Files\MagicISO
2008-03-07 15:19:34 0 d-------- C:\Program Files\DivX
2008-03-04 21:48:52 0 d-------- C:\Documents and Settings\alo\Application Data\InterVideo
2008-03-04 21:47:12 0 d-------- C:\Program Files\InterVideo
2008-03-04 21:47:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-04 21:45:41 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-04 21:44:03 0 d-------- C:\Program Files\Ahead
2008-03-04 21:41:22 0 d-------- C:\Program Files\ABBYY FineReader 9.0
2008-02-29 20:12:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-29 00:18:04 0 d-------- C:\Documents and Settings\alo\Application Data\ABBYY
2008-02-28 23:35:18 0 d-------- C:\Program Files\Mustek 1200 UB Plus
2008-02-28 21:24:42 0 d-------- C:\Program Files\SimpleOCR
2008-02-28 21:24:41 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-28 20:38:01 0 d-------- C:\Program Files\Investintech.com Inc
2008-02-25 22:28:39 0 d-------- C:\Program Files\SmartDraw 2007
2008-02-24 11:41:36 0 d-------- C:\Program Files\Direct Audio Converter & CD Ripper
2008-02-21 05:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 05:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 05:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-21 05:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 05:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 05:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 05:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 05:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-19 21:56:15 0 d-------- C:\Documents and Settings\alo\Application Data\Sun
2008-02-19 21:56:03 1279 --a------ C:\WINDOWS\mozver.dat
2008-02-19 21:55:50 0 d-------- C:\Program Files\Java
2008-02-19 21:46:09 0 d-------- C:\Program Files\Common Files\Java
2008-02-17 22:41:46 0 d-------- C:\Documents and Settings\alo\Application Data\Adobe
2008-01-29 16:22:45 62 --ahs---- C:\Documents and Settings\alo\Application Data\desktop.ini
2008-01-29 15:06:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-29 14:39:00 0 -rahs---- C:\MSDOS.SYS
2008-01-29 14:39:00 0 -rahs---- C:\IO.SYS
2008-01-29 14:39:00 0 --a------ C:\CONFIG.SYS
2008-01-29 14:39:00 0 --a------ C:\AUTOEXEC.BAT
2008-01-29 14:35:21 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyClean"="C:\Program Files\Netcom3 Cleaner\SpyClean.exe" [11.03.2008 22:06]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [06.11.2006 15:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9




-- End of Deckard's System Scanner: finished at 2008-04-15 14:28:05 ------------










Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.73GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 503.42 MiB / 233.88 MiB
Pagefile Memory (total/avail): 1228.5 MiB / 1013.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.09 MiB

C: is Fixed (NTFS) - 74.55 GiB total, 63.82 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG MP0804H - 74.56 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.55 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: ThreatFire v3.0.14.16 (PC Tools) Disabled
AV: AVG v8.0 (AVG Technologies) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\alo\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALO-LAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\alo
LOGONSERVER=\\ALO-LAPTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\alo\LOCALS~1\Temp
TMP=C:\DOCUME~1\alo\LOCALS~1\Temp
USERDOMAIN=ALO-LAPTOP
USERNAME=alo
USERPROFILE=C:\Documents and Settings\alo
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

alo (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
CompuPic Pro --> C:\Program Files\Photodex\CompuPicPro\compupic.exe . -u
Direct Audio Converter & CD Ripper 1.6 --> "C:\Program Files\Direct Audio Converter & CD Ripper\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
eMule --> "C:\Program Files\eMule\Uninstall.exe"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
ffdshow [rev 1909] [2008-03-20] --> "C:\Program Files\ffdshow\unins000.exe"
InstallShield Tuner 6.0.1 For Adobe Acrobat --> MsiExec.exe /X{E32FC3D8-D106-425E-9F9E-8BE6E2E79AC9}
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Magic ISO Maker v5.4 (build 0255) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office 2003 Proofing Tools --> MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Mustek 1200 UB Plus v2.0 --> C:\PROGRA~1\MUSTEK~1\Driver\UNINST.EXE
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
SmartDraw 2007 --> C:\PROGRA~1\SMARTD~2\UNWISE.EXE C:\PROGRA~1\SMARTD~2\install.log
SmartDraw PDF Filter --> C:\Program Files\SmartDraw 2007\PDF\uninstpw.exe C:\Program Files\SmartDraw 2007\PDF
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Time Adjuster STANDARD 3.1 --> "C:\Program Files\TimeAdjuster\Uninstall.exe"
TMPGEnc DVD Author 3 with DivX Authoring Trial Version --> MsiExec.exe /I{CF96BF8E-10A6-4912-942F-E83ABE7BE771}
VCDEasy --> "C:\Program Files\VCDEasy\unins000.exe"
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Firefox --> "C:\Documents and Settings\alo\Application Data\Mozilla\Firefox\Profiles\p5d2wnfa.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type612 / Error
Event Submitted/Written: 04/15/2008 02:09:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application adwarealert.exe, version 3.6.4.0, faulting module adwarealert.exe, version 3.6.4.0, fault address 0x000065fb.
Processing media-specific event for [adwarealert.exe!ws!]

Event Record #/Type605 / Error
Event Submitted/Written: 04/15/2008 02:02:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application adwarealert.exe, version 3.6.4.0, faulting module adwarealert.exe, version 3.6.4.0, fault address 0x000065fb.
Processing media-specific event for [adwarealert.exe!ws!]

Event Record #/Type596 / Error
Event Submitted/Written: 04/15/2008 01:14:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application adwarealert.exe, version 3.6.4.0, faulting module adwarealert.exe, version 3.6.4.0, fault address 0x000065fb.
Processing media-specific event for [adwarealert.exe!ws!]

Event Record #/Type592 / Error
Event Submitted/Written: 04/15/2008 00:12:39 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application adwarealert.exe, version 3.6.4.0, faulting module adwarealert.exe, version 3.6.4.0, fault address 0x000065fb.
Processing media-specific event for [adwarealert.exe!ws!]

Event Record #/Type588 / Error
Event Submitted/Written: 04/15/2008 09:33:50 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application adwarealert.exe, version 3.6.4.0, faulting module adwarealert.exe, version 3.6.4.0, fault address 0x000065fb.
Processing media-specific event for [adwarealert.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6162 / Error
Event Submitted/Written: 04/15/2008 02:11:23 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type6141 / Error
Event Submitted/Written: 04/15/2008 02:09:16 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon

Event Record #/Type6140 / Error
Event Submitted/Written: 04/15/2008 02:09:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmcomm service failed to start due to the following error:
%%2001

Event Record #/Type6139 / Error
Event Submitted/Written: 04/15/2008 02:09:16 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type6133 / Error
Event Submitted/Written: 04/15/2008 02:05:08 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The KLIF service failed to start due to the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-15 14:28:05 ------------

BC AdBot (Login to Remove)

 


#2 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:08:23 AM

Posted 20 April 2008 - 07:49 AM

Hi,

Welcome to Bleeping Computer.

I'm researching your log now and will get back to you in a while.

Thank you for your patience. :thumbsup:
Posted Image

Done your best? Really?


#3 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:08:23 AM

Posted 20 April 2008 - 09:00 AM

Hi,

Before continuing, please read the following:

eMule is installed on your computer and I see that it's running. While eMule is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it /them while cleaning your computer to prevent getting more infections.

A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

The risks of using a P2P program are stated in this Sourceforge website and Information Week article.




You are infected with Bagle. Bagle can prevent security programs from running, as well as from being installed. You've already experienced it yourself as you have problems installing Kaspersky.

As your computer isn't protected, please keep this computer disconnected from the Internet. Only connect to the computer to download the required tools and post back the required logs.

If you have a spare computer, that would be great. Download the required tools and burn them to a CD or DVD. Then copy the tools to the infected computer and run the tools.




Please follow the instructions carefully:

Download Combofix from any of the links below. You must rename it before clicking on the Save button. Save it to your desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


Posted Image


Posted Image

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:
  • Combofix log (C:\Combofix.txt)
  • A new HijackThis log

Posted Image

Done your best? Really?


#4 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:08:23 AM

Posted 30 April 2008 - 02:24 PM

This topic is now closed due to inactivity. If you need it re-opened, please send a message to a member of the moderating team.

This applies only to the topic starter. Everyone else please start a new topic.
Posted Image

Done your best? Really?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users