Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Installer


  • This topic is locked This topic is locked
2 replies to this topic

#1 David Hathaway

David Hathaway

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 29 December 2009 - 02:15 AM

I am not sure how long I have been using computers. I am 23. Born in 85. I finally have something infected on my computer that I have no idea how to fix.

Symptoms: a system pop-up that says Google Installer has encountered a problem and needs to close and it asks me if I would like to send this error to Microsoft. LOL!

Malwarebytes wont work. Spybot wont work. System Restore wont work.

last night i went to bed, i heard the sound coming from my computer "congradulations, youve won!" and no popup was on my desktop.

also, the google installer error pops up once an hour.

I have never used any sort of log software, i really need help

- Thank you



EDIT: Since you posted a HJT log, I moved your topic to the appropriate forum for that. Please be patient, it may take some time before a HJT team member will get at your log ~ Elise

Logfile of HijackThis v1.99.1
Scan saved at 11:29:57 PM, on 12/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1COMMON~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesSpyware DoctorBDTBDTUpdateService.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Program FilesSRS LabsAudio SandboxSRSSSC.exe
c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32wbemunsecapp.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32wbemwmiprvse.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesLavasoftAd-AwareAAWService.exe
C:Program FilesInternet ExplorerIexplore.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Documents and SettingsDavidDesktopNew FolderHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAOL Toolbar 2.0aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:Program FilesAdobeAdobe Acrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:Program FilesSpyware DoctorBDTPCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program FilesNorton AntiVirusNorton AntiVirusEngine16.2.0.7IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 2.0aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:PROGRA~1Yahoo!CompanionInstallscpn0YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 2.0aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:Program FilesSpyware DoctorBDTPCTBrowserDefender.dll
O4 - HKLM..Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [WMUAgent.exe] C:Program FilesWakeMeUpWMUAgent.exe
O4 - HKLM..Run: [QuickFinder Scheduler] "c:Program FilesCorelWordPerfect Office X4ProgramsQFSCHD140.EXE"
O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKLM..Run: [ISTray] "C:Program FilesSpyware DoctorpctsTray.exe"
O4 - HKLM..RunServices: [SchedulingAgent] C:WINDOWSsystem32mstask.exe
O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O4 - HKCU..Run: [P2kAutostart] R:razorgamesCell Phone SoftwareP2kAutostart.exe
O4 - HKCU..Run: [SRS Audio Sandbox] "C:Program FilesSRS LabsAudio SandboxSRSSSC.exe" /hideme
O4 - HKCU..Run: [WMUTray.exe] C:Program FilesWakeMeUpWMUTray.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:Program FilesPaltalk Messengerpaltalk.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:program filesaolaol toolbar 2.0resourcesen-USlocalsearch.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://c:Program FilesAdobeAdobe Acrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Open with WordPerfect - c:Program FilesCorelWordPerfect Office X4ProgramsWPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAOL Toolbar 2.0aoltb.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:Program FilesPaltalk MessengerPaltalk.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O17 - HKLMSystemCCSServicesTcpip..{567160C9-A30B-47F8-8484-DEFCE6383134}: NameServer = 192.168.1.1
O17 - HKLMSystemCCSServicesTcpip..{9B7E2FFD-83A2-4427-9F24-00B44639702E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLMSystemCS6ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLMSystemCS7ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:PROGRA~1COMMON~1Stardockmcpstub.dll
O20 - Winlogon Notify: WB - C:PROGRA~1StardockOBJECT~1WINDOW~1fastload.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:Program FilesSpyware DoctorBDTBDTUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:Program FilesGoogleUpdateGoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: Media Center 14 Service - J. River, Inc. - C:Program FilesJ RiverMedia Center 14JRService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:WINDOWSSystem32NMSSvc.exe
O23 - Service: Norton AntiVirus - Unknown owner - C:Program FilesNorton AntiVirusNorton AntiVirusEngine16.2.0.7ccSvcHst.exe" /s "Norton AntiVirus" /m "C:Program FilesNorton AntiVirusNorton AntiVirusEngine16.2.0.7diMaster.dll" /prefetch:1 (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:Program FilesCommon FilesSRS Labs SharedServicesrslabslicenseservice.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

Edited by garmanma, 29 December 2009 - 11:34 AM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:50 PM

Posted 08 January 2010 - 05:02 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:50 PM

Posted 13 January 2010 - 03:45 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users