Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Can't install SuperAntiSpyware Free Edition...  (Read 22449 times)

0 Members and 1 Guest are viewing this topic.

kh0904

    Topic Starter


    Rookie

    Re: Can't install SuperAntiSpyware Free Edition...
    « Reply #15 on: March 02, 2009, 03:23:28 PM »
    I was able to download it from that link, but it still won't run on my computer when I double click the icon on my desktop.
    Logged

    evilfantasy

    • Malware Removal Specialist
    • Moderator


      • Genius
    • Calm like a bomb
      • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: Can't install SuperAntiSpyware Free Edition...
    « Reply #16 on: March 02, 2009, 03:24:28 PM »
    Right click it and rename it to mbam then see if it will run.
    Logged

    kh0904

      Topic Starter


      Rookie

      Re: Can't install SuperAntiSpyware Free Edition...
      « Reply #17 on: March 02, 2009, 03:36:50 PM »
      still no luck.  I was also finally able to install the SAS, but when I click on it to actually run it, I get the same error...Internet Explorer has encountered an error and needs to close.
      Logged

      evilfantasy

      • Malware Removal Specialist
      • Moderator


        • Genius
      • Calm like a bomb
        • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: Can't install SuperAntiSpyware Free Edition...
      « Reply #18 on: March 02, 2009, 03:39:56 PM »
      Download Combofix by sUBs from one of the below links.

      Link #1
      Link #2

      Combofix MUST be saved to the desktop.

      Right click ComboFix and rename it to Combo-Fix
       
      Close all other browser windows.
       
      Go to Start > Run and copy/paste in the following:

      "%userprofile%\desktop\combo-fix.exe" /killall

      Press Enter and Combofix will begin to run.
       
      When finished, it will produce a log file located at C:\ComboFix.txt
       
      Post the contents of that log in your next reply.

      Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall.
      Logged

      kh0904

        Topic Starter


        Rookie

        Re: Can't install SuperAntiSpyware Free Edition...
        « Reply #19 on: March 02, 2009, 06:42:26 PM »
        Finally! A log!! Here it is!



        ComboFix 09-03-02.01 - Khickman 2009-03-02 19:37:46.1 - NTFSx86
        Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.157 [GMT -5:00]
        Running from: c:\documents and settings\khickman\desktop\combo-fix.exe
        Command switches used :: /killall
        AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
        FW: Norton Internet Worm Protection *disabled*
         * Created a new restore point

        WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\windows\system32\drivers\fad.sys
        c:\windows\system32\drivers\UACwsogqyik.sys
        c:\windows\system32\UACaysmqfed.dll
        c:\windows\system32\UACdjeobesf.dll
        c:\windows\system32\UACgixqnbmq.log
        c:\windows\system32\UACgnjkckin.db
        c:\windows\system32\UACkvxyggqm.dat
        c:\windows\system32\UAClejupybf.dll
        c:\windows\system32\UACqcomwiuq.dll
        c:\windows\system32\UACuaxlseqi.dll
        c:\windows\system32\UACvadxguds.log
        c:\windows\system32\UACxtmagnmx.log

        .
        (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\Service_UACd.sys


        (((((((((((((((((((((((((   Files Created from 2009-02-03 to 2009-03-03  )))))))))))))))))))))))))))))))
        .

        2009-03-02 17:10 . 2009-03-02 17:10   <DIR>   d--------   c:\program files\SUPERAntiSpyware
        2009-03-02 17:10 . 2009-03-02 17:10   <DIR>   d--------   c:\documents and settings\khickman\Application Data\SUPERAntiSpyware.com
        2009-03-02 17:09 . 2009-03-02 17:09   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
        2009-03-02 16:50 . 2009-03-02 16:50   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
        2009-03-02 16:50 . 2009-03-02 16:50   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
        2009-03-02 16:50 . 2009-02-11 10:19   38,496   --a------   c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
        2009-03-02 16:50 . 2009-02-11 10:19   15,504   --a------   c:\windows\SYSTEM32\DRIVERS\mbam.sys
        2009-03-01 23:54 . 2009-03-01 23:54   <DIR>   d--------   c:\windows\SYSTEM32\scripting
        2009-03-01 23:54 . 2009-03-01 23:54   <DIR>   d--------   c:\windows\SYSTEM32\en
        2009-03-01 23:54 . 2009-03-01 23:54   <DIR>   d--------   c:\windows\SYSTEM32\bits
        2009-03-01 23:54 . 2009-03-01 23:54   <DIR>   d--------   c:\windows\l2schemas
        2009-03-01 23:51 . 2009-03-01 23:55   <DIR>   d--------   c:\windows\ServicePackFiles
        2009-03-01 22:53 . 2009-03-01 22:53   73,728   --a------   c:\windows\SYSTEM32\javacpl.cpl
        2009-02-28 19:43 . 2009-03-01 22:53   410,984   --a------   c:\windows\SYSTEM32\deploytk.dll
        2009-02-28 14:27 . 2009-02-28 14:27   1,683,646   --a------   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20090228-1427.dat
        2009-02-27 21:28 . 2009-02-27 21:28   <DIR>   d--------   c:\program files\CCleaner
        2009-02-25 13:21 . 2009-02-25 14:39   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
        2009-02-25 13:21 . 2009-02-25 14:42   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
        2009-02-23 16:29 . 2009-02-23 20:26   <DIR>   d--------   c:\windows\SxsCaPendDel
        2009-02-22 16:02 . 2009-03-02 12:28   5,162   --a------   c:\windows\SYSTEM32\uacinit.dll

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2009-03-03 01:01   ---------   d-----w   c:\program files\Symantec AntiVirus
        2009-03-02 18:01   ---------   d-----w   c:\documents and settings\khickman\Application Data\Apple Computer
        2009-03-02 05:17   ---------   d-----w   c:\program files\Google
        2009-03-02 03:58   ---------   d-----w   c:\program files\Java
        2009-03-01 01:43   ---------   d-----w   c:\program files\PamperedPartnerPlus
        2009-02-28 03:39   ---------   d--h--w   c:\program files\InstallShield Installation Information
        2009-02-23 21:31   ---------   d-----w   c:\program files\eMusic Download Manager
        2009-02-23 21:30   ---------   d-----w   c:\program files\Viewpoint
        2009-02-23 21:30   ---------   d-----w   c:\documents and settings\All Users\Application Data\Viewpoint
        2009-02-23 21:28   ---------   d-----w   c:\program files\Stamps.com Internet Postage
        2009-02-23 21:26   ---------   d-----w   c:\program files\Serif
        2009-02-10 12:17   ---------   d-----w   c:\documents and settings\khickman\Application Data\Move Networks
        2009-02-03 21:55   ---------   d-----w   c:\documents and settings\khickman\Application Data\LimeWire
        2009-01-05 21:20   ---------   d-----w   c:\documents and settings\khickman\Application Data\Stamps.com Internet Postage
        2008-12-19 19:45   1,528,674   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20081219-1445.dat
        2008-12-19 00:39   1,566   ---ha-w   c:\documents and settings\khickman\hpothb07.dat
        2008-12-08 20:28   1,587,770   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20081208-1528.dat
        2008-11-29 01:47   1,668,912   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20081128-2046.dat
        2008-11-20 20:18   1,572,889   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20081120-1517.dat
        2008-11-13 20:12   1,505,370   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman.dat
        2008-04-24 23:56   1,163,416   ----a-w   c:\documents and settings\khickman\PPPlus.dat
        .

        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
        "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
        "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
        "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
        "ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2007-03-06 2496512]
        "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
        "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
        "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-21 155648]
        "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
        "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
        "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-05-16 528384]
        "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
        "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
        "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
        "BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]
        "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
        "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
        "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
        "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
        "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
        "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
        "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
        "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
        hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
        Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-25 67128]
        NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2005-03-02 237568]
        officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-09 147456]
        QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]
        Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
        2004-01-12 07:55 110592 c:\windows\SYSTEM32\LgNotify.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
        "DisableMonitoring"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
        "c:\\Program Files\\LimeWire\\LimeWire.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
        "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
        "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
        "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
        "c:\\Program Files\\iTunes\\iTunes.exe"=

        S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
        S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952]

        --- Other Services/Drivers In Memory ---

        *Deregistered* - EraserUtilDrv10910
        .
        Contents of the 'Scheduled Tasks' folder

        2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
        - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

        2008-01-27 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1193173967.job
        - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

        2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{BA51C6AC-DD2A-4D9F-9A1A-1C44BC87DE73}.job
        - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://www.google.com/
        uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
        mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
        uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
        uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
        IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
        IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
        IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
        Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Kraft/Coupons.cab
        DPF: {E922EBC9-50D4-4B53-B454-73376453E98D} - hxxps://www.xpertonline.net/LOSACTIVEX/LOSActiveX.CAB
        .

        **************************************************************************

        catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2009-03-02 20:01:18
        Windows 5.1.2600 Service Pack 3 NTFS

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        scanning hidden files ... 

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'winlogon.exe'(852)
        c:\program files\SUPERAntiSpyware\SASWINLO.dll
        c:\windows\system32\Ati2evxx.dll
        c:\windows\system32\LgNotify.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\windows\SYSTEM32\ati2evxx.exe
        c:\windows\SYSTEM32\S24EvMon.exe
        c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
        c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
        c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        c:\windows\SYSTEM32\scardsvr.exe
        c:\windows\SYSTEM32\ZCfgSvc.exe
        c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
        c:\program files\Bonjour\mDNSResponder.exe
        c:\windows\SYSTEM32\1XConfig.exe
        c:\program files\Symantec AntiVirus\DefWatch.exe
        c:\program files\Java\jre6\bin\jqs.exe
        c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        c:\windows\SYSTEM32\ati2evxx.exe
        c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
        c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
        c:\windows\SYSTEM32\RegSrvc.exe
        c:\program files\Dell Support Center\bin\sprtsvc.exe
        c:\program files\Symantec AntiVirus\Rtvscan.exe
        c:\program files\Apoint\ApntEx.exe
        c:\program files\Symantec AntiVirus\DoScan.exe
        c:\program files\iPod\bin\iPodService.exe
        c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
        c:\windows\SYSTEM32\HPZipm12.exe
        c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
        .
        **************************************************************************
        .
        Completion time: 2009-03-02 20:12:25 - machine was rebooted
        ComboFix-quarantined-files.txt  2009-03-03 01:12:18

        Pre-Run: 16,375,369,728 bytes free
        Post-Run: 16,427,048,960 bytes free

        Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
        217   --- E O F ---   2009-03-02 05:07:39

        Logged

        evilfantasy

        • Malware Removal Specialist
        • Moderator


          • Genius
        • Calm like a bomb
          • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: Can't install SuperAntiSpyware Free Edition...
        « Reply #20 on: March 02, 2009, 06:49:13 PM »
        Just took some patience is all.

        Delete these files/folders, as follows:

        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
        It must be Notepad, not Wordpad.
        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

        Code: [Select]
        KillAll::

        Driver::
        Viewpoint Manager Service

        Folder::
        c:\program files\Viewpoint

        File::
        c:\windows\SYSTEM32\uacinit.dll

        Registry::
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MSMSGS"=-

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "UserFaultCheck"=-
        3. Go to the Notepad window and click Edit > Paste
        4. Then click File > Save
        5. Name the file CFScript.txt - Save the file to your Desktop
        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



        ComboFix will begin to execute, just follow the prompts.
        After reboot (in case it asks to reboot), it will produce a log for you.
        Post that log (Combofix.txt) in your next reply.

        Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

        ----------

        Now install and run MalwareBytes (hopefully) and post the log.

        .
        Logged

        kh0904

          Topic Starter


          Rookie

          Re: Can't install SuperAntiSpyware Free Edition...
          « Reply #21 on: March 02, 2009, 07:43:57 PM »
          Here is the most recent CF log. I will try Malwarebytes now.

          ComboFix 09-03-02.01 - Khickman 2009-03-02 20:58:04.2 - NTFSx86
          Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.145 [GMT -5:00]
          Running from: c:\documents and settings\khickman\Desktop\Combo-Fix.exe
          Command switches used :: c:\documents and settings\khickman\Desktop\CFscript.txt
          AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
          FW: Norton Internet Worm Protection *disabled*
           * Created a new restore point

          FILE ::
          c:\windows\SYSTEM32\uacinit.dll
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\program files\Viewpoint
          c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
          c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
          c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
          c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305001C.dll
          c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
          c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\AtmoHWConfig.txt
          c:\program files\Viewpoint\Viewpoint Media Player\Components\atmosphere.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\AvatarsDefault.prf
          c:\program files\Viewpoint\Viewpoint Media Player\Components\BlueStreak.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\BookmarksDefault.prf
          c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultAvatarIcon.jpg
          c:\program files\Viewpoint\Viewpoint Media Player\Components\DefaultWorldIcon.jpg
          c:\program files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\InternetChatHelp.url
          c:\program files\Viewpoint\Viewpoint Media Player\Components\LensFlares.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts2Reader.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\ObjectMovie.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\ServiceComponent.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\VectorView.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\VETsdk.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
          c:\program files\Viewpoint\Viewpoint Media Player\Components\ZoomView.dll
          c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AtmoHWConfig.txt
          c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\AvatarsDefault.prf
          c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\BookmarksDefault.prf
          c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultAvatarIcon.jpg
          c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\DefaultWorldIcon.jpg
          c:\program files\Viewpoint\Viewpoint Media Player\DownloadedComponents\atmosphere_Win\InternetChatHelp.url
          c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
          c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
          c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
          c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
          c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
          c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AtmoHWConfig.txt
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AvatarsDefault.prf
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\BookmarksDefault.prf
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultAvatarIcon.jpg
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\DefaultWorldIcon.jpg
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\InternetChatHelp.url
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\MTS3Reader.dll
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
          c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\WaveletReader.dll
          c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
          c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
          c:\windows\SYSTEM32\uacinit.dll

          .
          (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          -------\Legacy_VIEWPOINT_MANAGER_SERVICE
          -------\Service_Viewpoint Manager Service


          (((((((((((((((((((((((((   Files Created from 2009-02-03 to 2009-03-03  )))))))))))))))))))))))))))))))
          .

          2009-03-02 20:37 . 2009-03-02 20:37   <DIR>   d--------   c:\documents and settings\khickman\Application Data\Malwarebytes
          2009-03-02 20:24 . 2009-03-02 20:24   91,872   --ah-----   c:\windows\SYSTEM32\mlfcache.dat
          2009-03-02 17:10 . 2009-03-02 17:10   <DIR>   d--------   c:\program files\SUPERAntiSpyware
          2009-03-02 17:10 . 2009-03-02 17:10   <DIR>   d--------   c:\documents and settings\khickman\Application Data\SUPERAntiSpyware.com
          2009-03-02 17:09 . 2009-03-02 17:09   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
          2009-03-01 23:54 . 2009-03-01 23:54   <DIR>   d--------   c:\windows\SYSTEM32\scripting
          2009-03-01 23:54 . 2009-03-01 23:54   <DIR>   d--------   c:\windows\SYSTEM32\en
          2009-03-01 23:54 . 2009-03-01 23:54   <DIR>   d--------   c:\windows\SYSTEM32\bits
          2009-03-01 23:54 . 2009-03-01 23:54   <DIR>   d--------   c:\windows\l2schemas
          2009-03-01 23:51 . 2009-03-01 23:55   <DIR>   d--------   c:\windows\ServicePackFiles
          2009-03-01 22:53 . 2009-03-01 22:53   73,728   --a------   c:\windows\SYSTEM32\javacpl.cpl
          2009-02-28 19:43 . 2009-03-01 22:53   410,984   --a------   c:\windows\SYSTEM32\deploytk.dll
          2009-02-28 14:27 . 2009-02-28 14:27   1,683,646   --a------   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20090228-1427.dat
          2009-02-27 21:28 . 2009-02-27 21:28   <DIR>   d--------   c:\program files\CCleaner
          2009-02-25 13:21 . 2009-02-25 14:39   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
          2009-02-25 13:21 . 2009-02-25 14:42   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
          2009-02-23 16:29 . 2009-02-23 20:26   <DIR>   d--------   c:\windows\SxsCaPendDel

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2009-03-03 02:04   ---------   d-----w   c:\program files\Symantec AntiVirus
          2009-03-02 18:01   ---------   d-----w   c:\documents and settings\khickman\Application Data\Apple Computer
          2009-03-02 05:17   ---------   d-----w   c:\program files\Google
          2009-03-02 03:58   ---------   d-----w   c:\program files\Java
          2009-03-01 01:43   ---------   d-----w   c:\program files\PamperedPartnerPlus
          2009-02-28 03:39   ---------   d--h--w   c:\program files\InstallShield Installation Information
          2009-02-23 21:31   ---------   d-----w   c:\program files\eMusic Download Manager
          2009-02-23 21:30   ---------   d-----w   c:\documents and settings\All Users\Application Data\Viewpoint
          2009-02-23 21:28   ---------   d-----w   c:\program files\Stamps.com Internet Postage
          2009-02-23 21:26   ---------   d-----w   c:\program files\Serif
          2009-02-10 12:17   ---------   d-----w   c:\documents and settings\khickman\Application Data\Move Networks
          2009-02-03 21:55   ---------   d-----w   c:\documents and settings\khickman\Application Data\LimeWire
          2009-01-05 21:20   ---------   d-----w   c:\documents and settings\khickman\Application Data\Stamps.com Internet Postage
          2008-12-19 19:45   1,528,674   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20081219-1445.dat
          2008-12-19 00:39   1,566   ---ha-w   c:\documents and settings\khickman\hpothb07.dat
          2008-12-08 20:28   1,587,770   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20081208-1528.dat
          2008-11-29 01:47   1,668,912   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20081128-2046.dat
          2008-11-20 20:18   1,572,889   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman-20081120-1517.dat
          2008-11-13 20:12   1,505,370   ----a-w   c:\documents and settings\khickman\PPPlus-Kristy-Hickman.dat
          2008-04-24 23:56   1,163,416   ----a-w   c:\documents and settings\khickman\PPPlus.dat
          .

          (((((((((((((((((((((((((((((   SnapShot@2009-03-02_20.10.44.62   )))))))))))))))))))))))))))))))))))))))))
          .
          + 2005-10-21 01:02:28   163,328   ----a-w   c:\windows\ERDNT\subs\ERDNT.EXE
          + 2009-03-03 02:04:33   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_6d8.dat
          .
          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
          "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
          "ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2007-03-06 2496512]
          "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
          "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-08-21 155648]
          "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
          "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
          "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-05-16 528384]
          "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
          "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
          "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
          "BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]
          "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
          "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
          "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
          "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
          "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
          "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
          "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 148888]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
          2004-01-12 07:55 110592 c:\windows\SYSTEM32\LgNotify.dll

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
          "DisableMonitoring"=dword:00000001

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
          "EnableFirewall"= 0 (0x0)

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
          "c:\\Program Files\\LimeWire\\LimeWire.exe"=
          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
          "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
          "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
          "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
          "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
          "c:\\Program Files\\iTunes\\iTunes.exe"=

          R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-02 101936]
          S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952]
          .
          Contents of the 'Scheduled Tasks' folder

          2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
          - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

          2008-01-27 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1193173967.job
          - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

          2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{BA51C6AC-DD2A-4D9F-9A1A-1C44BC87DE73}.job
          - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
          .
          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://www.google.com/
          uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
          mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
          uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
          uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
          IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
          IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
          IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
          Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          DPF: {E922EBC9-50D4-4B53-B454-73376453E98D} - hxxps://www.xpertonline.net/LOSACTIVEX/LOSActiveX.CAB
          .

          **************************************************************************

          catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2009-03-02 21:06:10
          Windows 5.1.2600 Service Pack 3 NTFS

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          - - - - - - - > 'winlogon.exe'(856)
          c:\program files\SUPERAntiSpyware\SASWINLO.dll
          c:\windows\system32\Ati2evxx.dll
          c:\windows\system32\LgNotify.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          c:\windows\SYSTEM32\ati2evxx.exe
          c:\windows\SYSTEM32\S24EvMon.exe
          c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
          c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
          c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
          c:\windows\SYSTEM32\scardsvr.exe
          c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          c:\program files\Bonjour\mDNSResponder.exe
          c:\program files\Symantec AntiVirus\DefWatch.exe
          c:\program files\Java\jre6\bin\jqs.exe
          c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
          c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
          c:\windows\SYSTEM32\RegSrvc.exe
          c:\program files\Dell Support Center\bin\sprtsvc.exe
          c:\program files\Symantec AntiVirus\Rtvscan.exe
          c:\windows\SYSTEM32\ZCfgSvc.exe
          c:\windows\SYSTEM32\1XConfig.exe
          c:\windows\SYSTEM32\ati2evxx.exe
          c:\program files\Apoint\ApntEx.exe
          c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
          c:\program files\Nikon\NkView6\NkvMon.exe
          c:\program files\Symantec AntiVirus\DoScan.exe
          c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
          c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
          c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
          c:\program files\iPod\bin\iPodService.exe
          c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          c:\windows\SYSTEM32\HPZipm12.exe
          c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
          .
          **************************************************************************
          .
          Completion time: 2009-03-02 21:15:36 - machine was rebooted
          ComboFix-quarantined-files.txt  2009-03-03 02:15:29
          ComboFix2.txt  2009-03-03 01:12:29

          Pre-Run: 16,376,782,848 bytes free
          Post-Run: 16,245,571,584 bytes free

          WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
          [boot loader]
          timeout=2
          default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
          [operating systems]
          c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
          multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

          Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
          263   --- E O F ---   2009-03-02 05:07:39

          Logged

          kh0904

            Topic Starter


            Rookie

            Re: Can't install SuperAntiSpyware Free Edition...
            « Reply #22 on: March 02, 2009, 08:34:50 PM »
            Malwarebytes Log! Thanks again for all your help!!




            Malwarebytes' Anti-Malware 1.34
            Database version: 1814
            Windows 5.1.2600 Service Pack 3

            2009-03-02 22:16:19
            mbam-log-2009-03-02 (22-16-19).txt

            Scan type: Quick Scan
            Objects scanned: 81733
            Time elapsed: 5 minute(s), 8 second(s)

            Memory Processes Infected: 0
            Memory Modules Infected: 0
            Registry Keys Infected: 9
            Registry Values Infected: 4
            Registry Data Items Infected: 0
            Folders Infected: 0
            Files Infected: 3

            Memory Processes Infected:
            (No malicious items detected)

            Memory Modules Infected:
            (No malicious items detected)

            Registry Keys Infected:
            HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

            Registry Values Infected:
            HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

            Registry Data Items Infected:
            (No malicious items detected)

            Folders Infected:
            (No malicious items detected)

            Files Infected:
            C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
            C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
            C:\WINDOWS\cpbrkpie.ocx (Adware.Coupons) -> Quarantined and deleted successfully.

            Logged

            evilfantasy

            • Malware Removal Specialist
            • Moderator


              • Genius
            • Calm like a bomb
              • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: Can't install SuperAntiSpyware Free Edition...
            « Reply #23 on: March 02, 2009, 08:40:34 PM »
            Download TrendMicro HijackThis.exe (HJT) to the Desktop.

            • Double-click on HJTInstall.
            • Click on the Install button.
            • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
            • Upon install, HijackThis should open for you.
            • Click on the Do a system scan and save a log file button
            • HijackThis will scan and then a log will open in notepad.
            • Copy and then paste the entire contents of the log in your post.
            • Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
            .
            ------

            Also let me know how the computer is running now.
            Logged

            kh0904

              Topic Starter


              Rookie

              Re: Can't install SuperAntiSpyware Free Edition...
              « Reply #24 on: March 02, 2009, 09:06:30 PM »
              HJT log is posted below. My computer seems to be working much better. It definitely seems to be working much faster. I tried to search something on google just to test it out, and I wasn't redirected anywhere.



              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 22:47, on 2009-03-02
              Platform: Windows XP SP3 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16791)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\S24EvMon.exe
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Symantec AntiVirus\DefWatch.exe
              C:\Program Files\Java\jre6\bin\jqs.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
              C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
              C:\WINDOWS\system32\RegSrvc.exe
              C:\Program Files\Dell Support Center\bin\sprtsvc.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Symantec AntiVirus\Rtvscan.exe
              C:\WINDOWS\system32\ZCfgSvc.exe
              C:\WINDOWS\system32\1XConfig.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\Program Files\Apoint\Apoint.exe
              C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
              C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
              C:\Program Files\Apoint\Apntex.exe
              C:\Program Files\Dell\QuickSet\quickset.exe
              C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
              C:\WINDOWS\system32\dla\tfswctrl.exe
              C:\Program Files\HP Wireless Keyboard\KMaestro.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\PROGRA~1\SYMANT~1\VPTray.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Dell Support Center\bin\sprtcmd.exe
              C:\Program Files\iTunes\iTunesHelper.exe
              C:\Program Files\Java\jre6\bin\jusched.exe
              C:\Program Files\DellSupport\DSAgnt.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
              C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              C:\Program Files\Nikon\NkView6\NkvMon.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
              C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
              C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
              C:\Program Files\iPod\bin\iPodService.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
              C:\WINDOWS\system32\HPZipm12.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
              C:\WINDOWS\explorer.exe
              C:\Program Files\Safari\Safari.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
              R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
              O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
              O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
              O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
              O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
              O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
              O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
              O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
              O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
              O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
              O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
              O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
              O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
              O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Wireless Keyboard\KMaestro.exe"
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
              O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
              O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
              O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
              O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
              O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
              O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: hpoddt01.exe.lnk = ?
              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
              O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
              O4 - Global Startup: officejet 6100.lnk = ?
              O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
              O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
              O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
              O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
              O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
              O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
              O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
              O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
              O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
              O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
              O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
              O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
              O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
              O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://192.168.1.254/tsweb/msrdp.cab
              O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
              O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
              O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
              O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://questsoft.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
              O16 - DPF: {E922EBC9-50D4-4B53-B454-73376453E98D} (LOSActiveX.MainForm) - https://www.xpertonline.net/LOSACTIVEX/LOSActiveX.CAB
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ucmchatt
              O17 - HKLM\Software\..\Telephony: DomainName = ucmchatt
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ucmchatt
              O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = ucmchatt
              O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
              O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
              O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
              O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
              O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
              O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
              O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
              O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
              O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
              O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
              O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
              O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\system32\S24EvMon.exe
              O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
              O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
              O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
              O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

              --
              End of file - 14415 bytes

              Logged

              evilfantasy

              • Malware Removal Specialist
              • Moderator


                • Genius
              • Calm like a bomb
                • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: Can't install SuperAntiSpyware Free Edition...
              « Reply #25 on: March 02, 2009, 09:14:23 PM »
                OK we can clean up then. Let me know if you have any questions.


              Disable Spybot's TeaTimer

              While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with HijackThis fixes. Please disable TeaTimer for now until you are clean.

              1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
              2. Run Spybot S&D
              3. Go to the Mode menu, and make sure Advanced Mode is selected.
              4. On the left hand side, choose Tools > Resident
              uncheck Resident TeaTimer and OK any prompt and Restart your computer.

              Note:               If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

              If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.

              ----------

              Open HijackThis and select Do a system scan only.

              Place a check mark next to the following entries: (if there)

              - O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
              - O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

              Important: Close all windows except for HijackThis and then click Fix checked.

              Exit HijackThis.

              ----------

              • Click START then RUN
              • Now type Combofix /u in the runbox
              • Make sure there's a space between Combofix and /u
              • Then hit Enter.
              • The above procedure will:
              • Delete the following:
              • ComboFix and its associated files and folders.
              • Reset the clock settings.
              • Hide file extensions, if required.
              • Hide System/Hidden files, if required.
              • Set a new, clean Restore Point.
              ----------

              Download ATF Cleaner by Atribune to your Desktop.

              Alternate download link

              Note: Vista users must use Run As Administrator
              • Under Main: Select Files to Delete choose: Select All.
              • Click the Empty Selected button.
              • If you use Firefox browser click Firefox at the top and choose: Select All
              • Click the Empty Selected button.
                If you would like to keep your saved passwords click No at the prompt.
              • If you use Opera browser click Opera at the top and choose: Select All
              • Click the Empty Selected button.
                If you would like to keep your saved passwords click No at the prompt.
              • Click Exit on the Main menu to close the program.
              Note that your system will run slower for a reboot or two after having used this tool so don't panic.

              ----------

              Download OTCleanIt.exe and save it to your Desktop.
              • Double-click OTCleanIt.exe.
              • Click the CleanUp! button.
              • Select Yes when the "Begin cleanup Process?" prompt appears.
              • If you are prompted to Reboot during the cleanup, select Yes.
              • The tool will delete itself once it finishes, if not delete it yourself.
              Important: Restart the computer before continuing.

              ----------

              Use the Secunia Software Inspector to check for out of date software.
              • Click Start Now
              • Check the box next to Enable thorough system inspection.
              • Click Start
              • Allow the scan to finish and scroll down to see if any updates are needed.
              • Update anything listed.
              .
              ----------

              Go to Microsoft Windows Update and get all critical updates.

              ----------

              Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

              I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

              SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
              * Using SpywareBlaster to protect your computer from Spyware and Malware
              * If you don't know what ActiveX controls are, see here

              Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

              Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
              Logged

              kh0904

                Topic Starter


                Rookie

                Re: Can't install SuperAntiSpyware Free Edition...
                « Reply #26 on: March 02, 2009, 10:10:14 PM »
                I have gotten through everything up to the software inspector. I just wanted to ask about spybot tea timer real quick...I already uninstalled the Spybot program a few days ago. There was not an icon in my system tray for it. However, when I got done with the OTCleanIt and rebooted, it did show up in my tray. Is this program still on my computer? It doesn't show in my add/remove programs list.

                Also, my clock didn't reset after the combofix was uninstalled.
                Logged

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                  • Genius
                • Calm like a bomb
                  • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                Re: Can't install SuperAntiSpyware Free Edition...
                « Reply #27 on: March 02, 2009, 10:21:42 PM »
                Tea Timer is still active. I see it in the HJT log. C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

                You may need to install Spybot again and then use Revo Uninstaller to uninstall it completely.

                To change military time to standard time

                Go to Start > Control Panel > Regional and Language Options
                Click the Customize button
                Select the Time tab
                In the Time Format area use the down arrow to select: h:mm:ss tt
                Click Apply
                Click OK
                Click Apply
                Click OK

                Restart the computer.

                Logged

                kh0904

                  Topic Starter


                  Rookie

                  Re: Can't install SuperAntiSpyware Free Edition...
                  « Reply #28 on: March 02, 2009, 10:41:28 PM »
                  Ok, I will reinstall Spybot and use the link to uninstall. Do I need to keep all these programs I've downloaded on my computer now? (MBAM, HJT, etc.)

                  A friend mentioned to me that I should use Avast instead of Symantec. Any opinion on that?

                  Thank you soooo much for your help! I REALLY appreciate it!!!
                  Logged

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                  • Calm like a bomb
                    • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  Re: Can't install SuperAntiSpyware Free Edition...
                  « Reply #29 on: March 03, 2009, 09:17:16 AM »
                  Keep MBAM and SAS, update them and run a scan now and then to be sure nothing has gotten onto the computer.

                  Avast is better than Symantec. If you are going to uninstall i tuse this method.

                  To completely remove Norton/Symantec go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name.

                  Download the Norton Removal Tool (SymNRT) to your Desktop.

                  Once downloaded please close ALL open browsers, also save any work because this may require a restart.
                  • Go to your desktop and double click on the removal tool and then click Setup.
                  • Once open Click Next
                  • Accept the license agreement and click Next
                  • Type in the letters/numbers that you see into the text box then click Next.
                  • Then click Next and the tool will start running.
                  • Once finished restart the PC and run the tool again to ensure everything has been removed.
                  • Delete Nortonremoval tool from your Desktop.
                  Logged
                  Pages: 1 [2]  All   Go Up
                  « previous next »