Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Xp Home - Can't Install Any Av Or Ad-aware - Spyware Issue?

  • This topic is locked This topic is locked
2 replies to this topic

#1 thecourtenayboy


  • Members
  • 8 posts
  • Gender:Male
  • Location:Hertfordshire
  • Local time:04:42 AM

Posted 16 September 2008 - 01:09 PM


Right, I've been given a PC to fix and it's giving a massive headache. It's a slow pc anyway, so repairing has been painfull to say the least. It's running XP Home, and it looks as if there's a spyware issue.

When I first got the PC it couldnt even access the internet with it as IE would crash almost instantly. Some spyware removal software was on there but not one I'd heard of. I tried running Firefox but had no joy connecting to the net. Eventually got Spybot on there and couldnt do an update. Got around that in safe mode and was able to remove some spyware, although spybot said there was some stuff it couldnt remove...i cant remember exactly what, as it took until 1am to finish the scan!

The pc also had Norton 2005 on it, which I removed as it wasnt working anyway. Ive removed a few bits from the startup in the registry just to try and speed things up, but didnt see anything that looked dodgy.

After the scan IE and firefox both work, and Spybot can get its updates, so things appear to be ok. However, when I try to install Ad-Aware or AVG free or Nod32 trial, etc it tells me:

"The system administrator has set policies to prevent this installation".

I'm guessing that the remaining spyware is causing this issue, but not sure how to remove it. I've re-installed the Windows Installer but that hasn't helped. If anyone could help I'd be most gratefull. Below is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:16, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: (no name) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6728] command /c del "C:\Program Files\SpywareDetector\unins000.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2984] cmd /c del "C:\Program Files\SpywareDetector\unins000.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9773] command /c del "C:\Program Files\SpywareDetector\Data\SD1.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4006] cmd /c del "C:\Program Files\SpywareDetector\Data\SD1.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7801] command /c del "C:\Program Files\SpywareDetector\Data\SD11.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1675] cmd /c del "C:\Program Files\SpywareDetector\Data\SD11.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2629] command /c del "C:\Program Files\SpywareDetector\Data\SD12.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4386] cmd /c del "C:\Program Files\SpywareDetector\Data\SD12.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2450] command /c del "C:\Program Files\SpywareDetector\Data\SD13.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7787] cmd /c del "C:\Program Files\SpywareDetector\Data\SD13.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7576] command /c del "C:\Program Files\SpywareDetector\Data\SD14.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4971] cmd /c del "C:\Program Files\SpywareDetector\Data\SD14.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1778] command /c del "C:\Program Files\SpywareDetector\Data\SD15.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7641] cmd /c del "C:\Program Files\SpywareDetector\Data\SD15.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3517] command /c del "C:\Program Files\SpywareDetector\Data\SD16.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7537] cmd /c del "C:\Program Files\SpywareDetector\Data\SD16.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2058] command /c del "C:\Program Files\SpywareDetector\Data\SD18.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3297] cmd /c del "C:\Program Files\SpywareDetector\Data\SD18.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3018] command /c del "C:\Program Files\SpywareDetector\Data\SD19.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2632] cmd /c del "C:\Program Files\SpywareDetector\Data\SD19.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6158] command /c del "C:\Program Files\SpywareDetector\Data\SD2.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD570] cmd /c del "C:\Program Files\SpywareDetector\Data\SD2.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4183] command /c del "C:\Program Files\SpywareDetector\Data\SD20.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8381] cmd /c del "C:\Program Files\SpywareDetector\Data\SD20.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6472] command /c del "C:\Program Files\SpywareDetector\Data\SD21.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4874] cmd /c del "C:\Program Files\SpywareDetector\Data\SD21.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4787] command /c del "C:\Program Files\SpywareDetector\Data\SD22.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD894] cmd /c del "C:\Program Files\SpywareDetector\Data\SD22.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3476] command /c del "C:\Program Files\SpywareDetector\Data\SD23.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2321] cmd /c del "C:\Program Files\SpywareDetector\Data\SD23.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5706] command /c del "C:\Program Files\SpywareDetector\Data\SD24.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3355] cmd /c del "C:\Program Files\SpywareDetector\Data\SD24.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3152] command /c del "C:\Program Files\SpywareDetector\Data\SD25.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8929] cmd /c del "C:\Program Files\SpywareDetector\Data\SD25.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB168] command /c del "C:\Program Files\SpywareDetector\Data\SD26.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2841] cmd /c del "C:\Program Files\SpywareDetector\Data\SD26.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3869] command /c del "C:\Program Files\SpywareDetector\Data\SD27.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9470] cmd /c del "C:\Program Files\SpywareDetector\Data\SD27.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB336] command /c del "C:\Program Files\SpywareDetector\Data\SD28.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9237] cmd /c del "C:\Program Files\SpywareDetector\Data\SD28.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2793] command /c del "C:\Program Files\SpywareDetector\Data\SD29.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6743] cmd /c del "C:\Program Files\SpywareDetector\Data\SD29.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5745] command /c del "C:\Program Files\SpywareDetector\Data\SD3.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2555] cmd /c del "C:\Program Files\SpywareDetector\Data\SD3.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6826] command /c del "C:\Program Files\SpywareDetector\Data\SD31.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5100] cmd /c del "C:\Program Files\SpywareDetector\Data\SD31.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8476] command /c del "C:\Program Files\SpywareDetector\Data\SD4.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9408] cmd /c del "C:\Program Files\SpywareDetector\Data\SD4.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7377] command /c del "C:\Program Files\SpywareDetector\Data\SD5.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1626] cmd /c del "C:\Program Files\SpywareDetector\Data\SD5.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4139] command /c del "C:\Program Files\SpywareDetector\Data\SD6.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5803] cmd /c del "C:\Program Files\SpywareDetector\Data\SD6.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7262] command /c del "C:\Program Files\SpywareDetector\Data\SD7.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7686] cmd /c del "C:\Program Files\SpywareDetector\Data\SD7.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3060] command /c del "C:\Program Files\SpywareDetector\Data\SD8.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3979] cmd /c del "C:\Program Files\SpywareDetector\Data\SD8.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6917] command /c del "C:\Program Files\SpywareDetector\Data\SD9.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3226] cmd /c del "C:\Program Files\SpywareDetector\Data\SD9.DB"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3221] command /c del "C:\Program Files\SpywareDetector\Data\SM1.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2803] cmd /c del "C:\Program Files\SpywareDetector\Data\SM1.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4637] command /c del "C:\Program Files\SpywareDetector\Data\SM2.db"
O4 - HKCU\..\RunOnce: [SpybotDeletingD139] cmd /c del "C:\Program Files\SpywareDetector\Data\SM2.db"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://wellardjack.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137669630359
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dontstayin.com/misc/ActiveX_4_1...geUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/bejeweled...aploader_v6.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)

End of file - 13589 bytes

BC AdBot (Login to Remove)



#2 thecourtenayboy

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Male
  • Location:Hertfordshire
  • Local time:04:42 AM

Posted 17 September 2008 - 10:09 AM


#3 Grinler


    Lawrence Abrams

  • Admin
  • 43,431 posts
  • Gender:Male
  • Location:USA
  • Local time:11:42 PM

Posted 28 September 2008 - 06:03 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users