I found the defs.zip download on the Lavasoft site, so shall re-do everything tomorrow.
It was on this page: http://www.lavasoft.de/download_and_buy/detection_database/
On the right it says: download Current Definition File
I found the defs.zip download on the Lavasoft site, so shall re-do everything tomorrow.
It was on this page: http://www.lavasoft.de/download_and_buy/detection_database/
On the right it says: download Current Definition File
I think I just posted a reply to myself, so this might be a repetition..
I found the defs.zip file on the Lavasoft site.
http://www.lavasoft.de/download_and_buy/detection_database/
On the right it says download Current Definition File.
I'll re-do everything tomorrow.
wha...!!?? the download of defs.zip is the ONLY dl on that linked page i gave you.... Button is right underneath Adaware Personal definitions.... file...heading.
i gave you that link cos some trojans block u from connecting to lavasoft.
gerbil, there is some confusion here. I realise why you gave me the link, but download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip is not it !
Anyway, I now have the definitions from the Lavasoft website. I copied them to floppy from my own computer ( not the infected one ). They are the same as the ones which did download before, so I think there's nothing more I can do. Everything comes out clean now except for SpyBot crashing.
I am tempted to go on to the next step and connect to the Web because everything is apparently clean. I can't see the link you gave me for that because we are now on page 3 here, but there's nothing else I can do but go there. Afterwards I shall check that everything is still clean as yesterday. Wish me luck !
before you charge gladly out, run the BlBeta by f-secure again., then the panda online scan immed once you do connect :- http://www.pandasoftware.com/products/activescan?
Then run this scan:- http://www.kaspersky.com/virusscanner
Then go here http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx and get RKR and run it [following the instructions absolutely!!, which is why the link is at the bottom of the page - read it!], if it comes up clean you can breathe again.
Finally dl a new Spybot and run it again. Some trojans deliberately detect Spybot and break it. Please do not use the laptop for sensitive webwork like online banking until you have copied off text files, pictures if you are game, and then reinstalled windows witha full format. It may well still be compromised until you do.
To clear up confusion about what i meant with those links before, i am going to repost a scrap and add one word:-
"Now, Smitfraud... it's easiest to go with a specialised tool, so download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
This NEXT link has a download for the latest update file for Adaware....
http://www.download.com/Ad-Aware-SE-...l?tag=lst-0-10
Unzip it and paste the update into the Adaware folder so that it overwrites the old one."
Yeah. Travel well.
This has been a busy day. After all the scans came clean and to the end - I read somewhere that this particular laptop likes to sit between two piles of books - I went on the web and did the pandasoftware scan. It found masses of things, but there didn't seem to be an option to fix them without buying the programme. I then went to kaspersky and did an online scan. It found 23 items, I downloaded its programme and ran the scan again. Still only 23 items, which was reassuring. Among them were three viruses - Net-WormWin32 Welchia.b, Packed Win32 Klone.K, and one more that I've logged, but the laptop is now closed and my eyes are likewise nearly so ! There was only an option to delete the infections or skip them, so I deleted. The non-virus files were adware. They were deleted as well.
Kaspersky brought to my notice that I have no updates on Internet Explorer - not even SP1.
No more thoughts at the moment. I have plenty left to do !
ignore the cookies that panda turned up... you can clean those out before/after with CCLeaner, anyway. Further, if they have had a chance to dl from the net trojans may well have new files in the windows temp folder. Google the other bad stuf and find removal methods.
Those worms. Welchia exploits bad M$ code, it even deliberately downloads some from M$; you have no protection until you get SP2 in. And kaspersky online is the same scan as the trial, but the trial could run faster cos it's all inside your pc.
If spybot gets frozen you still have problems in there, and it must be protected by rootkits or something because there are no traces of it in your HT scans. Meantime go here and download Winpfind and post the log.
http://www.bleepingcomputer.com/files/winpfind.php
In my Add/Remove Programs box there are masses of installs for SP1, yet my Internet Explorer box says Version 6.0.2600.0000.xpclient.010817-1148 Update Versions:0 Should I just - when found to be clean - uninstall the items in Add/Remove and start again ?
You can skip SP1 and just install SP2... all the tweaks and upgrades n fixes of 1 are incorporated into SP2. so just go to the link for single computer upgrade to SP2.. but really you do not need to search for it, just turn on automatic updates in your security centre [at least to the check and inform level], and/or go to this link : http://windowsupdate.microsoft.com/
Sp2 will be offered [amongst swags of other stuff] automatically cos u do not have it.
- you don't say exactly what updates you have, but you can leave them or uninstall them... sp2 will outdate them anyway.
Everything looks better to-day. One Win32 virus found this morning by Kaspersky. I re-scanned and nothing came up.
Nothing bad happened from going on the Web.
Windows SP2 still won't complete its installation. It is still downloaded to the computer.
==========================================
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 14/11/2006 18:31:25
WinPFind v1.5.0 Folder = C:\Documents and Settings\Christianne\Desktop\WinPFind\WinPFind\
Microsoft Windows XP (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2600.0000)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
PEC2 10/09/2001 19:26:56 13107200 C:\oembios.bin ()
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PEC2 10/09/2001 19:26:56 13107200 C:\WINDOWS\oembios.bin ()
Checking %System% folder...
PEC2 18/08/2001 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 17/05/2006 11:23:38 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 04/10/2006 13:03:46 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 04/10/2006 13:03:46 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 18/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
PEC2 10/09/2001 19:26:56 13107200 C:\WINDOWS\SYSTEM32\oembios.bin ()
Umonitor 18/08/2001 12:00:00 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 27/04/2006 16:49:30 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 29/08/2006 18:43:54 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 09/01/2006 09:36:06 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
winsync 18/08/2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
Umonitor 18/08/2001 12:00:00 630784 C:\WINDOWS\SYSTEM32\_003816_.tmp.dll (Microsoft Corporation)
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
14/11/2006 18:11:30 S 2048 C:\WINDOWS\bootstat.dat ()
18/10/2006 17:25:12 H 54156 C:\WINDOWS\QTFont.qfn ()
03/11/2006 16:30:52 H 10820 C:\WINDOWS\Help\nocontnt.GID ()
06/11/2006 11:45:52 H 0 C:\WINDOWS\inf\oem17.inf ()
14/11/2006 18:14:16 H 48882 C:\WINDOWS\system32\vsconfig.xml ()
10/11/2006 13:10:46 H 4212 C:\WINDOWS\system32\zllictbl.dat ()
14/11/2006 18:39:42 H 8192 C:\WINDOWS\system32\config\default.LOG ()
14/11/2006 18:11:44 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
14/11/2006 18:12:18 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
14/11/2006 18:38:56 H 1024 C:\WINDOWS\system32\config\software.LOG ()
14/11/2006 18:19:16 H 1024 C:\WINDOWS\system32\config\system.LOG ()
06/11/2006 13:37:24 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
08/11/2006 12:36:18 S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 ()
08/11/2006 12:36:18 S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 ()
14/11/2006 18:14:22 HS 2304544 C:\WINDOWS\system32\drivers\fidbox.dat ()
14/11/2006 18:09:22 HS 31772 C:\WINDOWS\system32\drivers\fidbox.idx ()
14/11/2006 18:29:40 HS 50976 C:\WINDOWS\system32\drivers\fidbox2.dat ()
14/11/2006 18:09:22 HS 5636 C:\WINDOWS\system32\drivers\fidbox2.idx ()
13/11/2006 21:07:24 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\01d48dc1-5a2e-44d6-8f7b-4defe818b67a ()
13/11/2006 21:07:24 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
14/11/2006 18:12:52 H 6 C:\WINDOWS\Tasks\SA.DAT ()
Checking for CPL files...
18/08/2001 12:00:00 66048 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
18/08/2001 12:00:00 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
18/08/2001 12:00:00 130048 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
18/08/2001 12:00:00 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
02/09/2004 15:39:54 53248 C:\WINDOWS\SYSTEM32\ImageDrive.cpl ()
18/08/2001 12:00:00 294912 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
18/08/2001 12:00:00 119808 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
17/08/2001 22:37:02 48128 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
29/08/2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
18/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
18/08/2001 12:00:00 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
18/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
18/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
18/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
18/08/2001 12:00:00 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
23/09/2004 17:57:40 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
29/11/2001 14:10:44 475136 C:\WINDOWS\SYSTEM32\slcpappl.cpl ()
18/08/2001 12:00:00 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
18/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
18/08/2001 12:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
18/08/2001 12:00:00 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
18/08/2001 12:00:00 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
18/08/2001 12:00:00 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
18/08/2001 12:00:00 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
18/08/2001 12:00:00 294912 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
18/08/2001 12:00:00 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
29/08/2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
18/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
18/08/2001 12:00:00 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
18/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
18/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
18/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
18/08/2001 12:00:00 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
18/08/2001 12:00:00 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
18/08/2001 12:00:00 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
18/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
18/08/2001 12:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163024522903
{7F8C8173-AD80-4807-AA75-5672F22B4582} - ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371100.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
19/08/2002 14:04:42 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
19/08/2002 14:51:10 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
19/10/2004 12:40:54 376 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
Checking files in %USERPROFILE%\Startup folder...
19/08/2002 14:04:42 HS 84 C:\Documents and Settings\Christianne\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
19/08/2002 14:51:10 HS 62 C:\Documents and Settings\Christianne\Application Data\desktop.ini ()
23/01/2005 13:06:04 37243 C:\Documents and Settings\Christianne\Application Data\Microsoft Excel.ADR ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\\Local Page - C:\windows\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]\\Start Page - http://www.google.com/\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\\Local Page - C:\WINDOWS\System32\blank.htm
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\system32\msdxm.ocx ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - = ()
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]\\NEXTID - 8195\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - 8193 =\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - 8194 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - ButtonText: Web Anti-Virus =
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()\\{B089FE88-FB52-11D3-BDF1-0050DA34150D} - NOD32 Context Menu Shell Extension = C:\Program Files\Eset\nodshex.dll ()\\{85E0B171-04FA-11D1-B7DA-00A0C90348D6} - Web Anti-Virus = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll (Kaspersky Lab)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab)
\NOD32 Context Menu Shell Extension - {B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll ()
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab)
\NOD32 Context Menu Shell Extension - {B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll ()
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
Zone Labs Client - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
KernelFaultCheck - ()
kav - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (Kaspersky Lab)
- Reg Data missing or invalid ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Microsoft Works Update Detection - C:\Program Files\Microsoft Works\WkDetect.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Christianne\Start Menu\Programs\Startup\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]\\UserInit = C:\WINDOWS\system32\userinit.exe,\\Shell = Explorer.exe\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\klogon - C:\WINDOWS\System32\klogon.dll = (Kaspersky Lab)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{71431A58-FADC-49D9-8463-E5C900990C0C} - (1394 Net Adapter)
{DC1A7B83-A243-4946-8A6A-D8C7AA654F48} - (SiS 900 PCI Fast Ethernet Adapter)
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - CC:\WINDOWS\System32\imon.dll ()
\000000000002\\PackedCatalogItem - CC:\WINDOWS\System32\imon.dll ()
\000000000003\\PackedCatalogItem - CC:\WINDOWS\System32\imon.dll ()
\000000000004\\PackedCatalogItem - CC:\WINDOWS\System32\imon.dll ()
\000000000005\\PackedCatalogItem - CC:\WINDOWS\System32\imon.dll ()
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - CC:\WINDOWS\System32\imon.dll ()
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
\vnd.ms.radio - C:\WINDOWS\system32\msdxm.ocx ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SP2 installation. try removing the SP1 files via control panel, then go Start, Run, type: -
regsvr32 licdll.dll
Click OK, then OK again.
Reboot and retry the service pack install.
When I try removing Windows XP Hotfix (SP1) files - and there is even an SP2 file listed - they say certain programmes might not work - and that includes all my anti-virus ones...What do you think ? Should I try it anyway ?
The programmes listed that might not work if SP1 files are removed are:
Ad-Aware
AVG
Hijack this
Kaspersky
XP Hotfix - KB823559
XP Hotfix - KB828741
XP Hotfix -KB834707
XP Hotfix -KB835732
XP Hotfix -KB842773
Nikon FotoShare
Panda Active Scan
...all the Windows XP hotfixes for SP1 and one for SP2
Spybot
XoftSpy
Yahoo Toolbar
Media Player 10
Media Format Runtime
Flash Player 8
Genuine advantage validatin tool
Zone alarm
Adobe Photoshop albunm
Adobe Reader
MicrosoftXML Parser and SDK
try it.. they should work after a restart.
i see nothing abnormal in that log, wolffie. I just do not know why SP2 will not install.
Meanwhile, go here http://www.f-secure.com/blacklight/ and download the blacklight trial, follow through the pages, accept the agreement, accept the certificate, and then download the GUI version [the top one]. Then run the scan by dclicking the blbeta.exe, accept, and scan.
Follow up with Adaware... and if that is clean i just don't see what else is there. If HT can produce a proper log now you could post one [run it in normal mode].
I ran HT, but the log is minimal. I'll post it anyway.
The blbeta scan came out clean
I tried to reinstall SP2 and Access Denied stopped it as before.
The bugs have been absent for two days now.
I looked for clues on the Web for SP2 Access Denied installation problems and found this link:
http://aumha.net/viewtopic.php?t=22447&start=0
Having nothing more to do I tried the first suggestion, but
Fifth, do a Start, Run, cmd
Type:
C:
CD \
fix_reg.cmd
didn't work. The command didn't find the file, although I made one. The author of the fix hasn't communicated. However, the machine seems to be none the worse for the failed attempt.
========================
Logfile of HijackThis v1.99.1
Scan saved at 01:04:57, on 16/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Christianne\My Documents\hijackthis\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Documents and Settings\Christianne\My Documents\hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163024522903
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371100.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
just briefly, log's clean...and that .cmd thing... Go Start > run, type cmd.
Then cd c:\
dir c:\ /p [there is a space betw \ and /
You should see your two files there in the listing, both the .cmd and the .txt...
What msg does the SP2 installer give when it fails?
Just came back -
I'm glad the log's clean. The machine feels good.
The message when trying to install SP2 says Access Denied...and then the install uninstalls.
I'm just going to try your current suggestions and will let you know the result.
the fix_reg.cmd.txt file shows in the command box directory, but not the reg_fix.txt one. I did a search to check they were both present with the right lines in first.
I decided at this point to defragment, as the computer is a bit slow. The drive is 25% fragmented... Files have been moving at snail's pace for an hour and defragmenting is still at 1%, At this rate it should take longer than overnight to finish. Tomorrow will find me in another county for most of the day, so that will curb the enthusiasm for fixing on Friday.
wolffie, from that site it was supposed to be:- C:\fix_reg.cmd
You gotta get those file names EXACTLY right!!! Copy/paste works.
Thanks, gerbil. I did copy that line: - C:\fix_reg.cmd.
I went through the steps again and got from cmd:
'fix_reg.cmd' is not recognized as an internal or external command, operable program or batch file.
My daughter has only been on the Internet with her laptop since February and the SP1 installation should have happened before then as it's been around since 2004. I'm thinking there might be a glitch that's not connected with virus and malware etc. and the set of Recovery disks provided with the machine might help. I have still to wait for the arrival of a replacement CD drive.
Apart from not being able to go on the Web the machine is zipping along happily. The situation is manageable for the moment. I'll let you know what happens next, but there might be a long pause.
My prediction was correct and there has indeed been a long pause. The end of the story is that the kind person who was going to replace the CD drive took the whole machine apart, spent many hours on it and it's now working properly. The CD drive had been bent in a few places from when the machine was dropped, but it was straightened and resurrected. Windows needed to be re-installed because it crashed after yet another attempt to install SP2. Your help meant that the laptop was able to be used until surgery was available and all the data was saved.
Thanks again for your help.
wolffie, thank you very much for that reponse. I am sorry that we did not manage to get SP2 into the machine as we were trying, but no matter if the clean install worked. I am pleased that you could recover the data, and I thank you for the praise and feedback.
Cheers....
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.