1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Annoying startup windows installer

Discussion in 'Virus & Other Malware Removal' started by SergioG, Sep 29, 2008.

Thread Status:
Not open for further replies.
  1. SergioG

    SergioG Thread Starter

    Joined:
    Sep 29, 2008
    Messages:
    2
    Hey, lately I have been getting this windows installing program at startup. I check msconfig but I don't know what program it is because it just says "windows installer". It goes away right away but its really anoying ..

    I checked someone else's post and downloaded "SmitfraudFix" , I ran option 1 and here are the results:


    SmitFraudFix v2.354
    Scan done at 8:17:22.41, Mon 09/29/2008
    Run from C:\Users\Sergio\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode
    »»»»»»»»»»»»»»»»»»»»»»»» Process
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\ehome\ehsched.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sergio

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sergio\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sergio\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!
    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, following keys are not inevitably infected!!!

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=" ,avgrsstx.dll"
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    Description: Intel(R) Wireless WiFi Link 4965AGN
    DNS Server Search Order: 172.17.1.7
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{2FC65F0D-3F1F-4854-A2FF-FCE8356C6F80}: DhcpNameServer=172.17.1.7
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{75BD0FA2-CFBC-4C57-8BA8-CF50E08F6786}: DhcpNameServer=200.48.225.130 200.48.225.146
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{2FC65F0D-3F1F-4854-A2FF-FCE8356C6F80}: DhcpNameServer=172.17.1.7
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{75BD0FA2-CFBC-4C57-8BA8-CF50E08F6786}: DhcpNameServer=200.48.225.130 200.48.225.146
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{75BD0FA2-CFBC-4C57-8BA8-CF50E08F6786}: DhcpNameServer=200.48.225.130 200.48.225.146
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.17.1.7
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.17.1.7
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=200.48.225.130 200.48.225.146

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    SergioG, Sep 29, 2008
    #1
  2. SergioG

    SergioG Thread Starter

    Joined:
    Sep 29, 2008
    Messages:
    2
    I also ran option number 2 in Safe Mode, I restarted in normal mode and the windows installer its still there.. here is the report:

    SmitFraudFix v2.354
    Scan done at 8:30:43.77, Mon 09/29/2008
    Run from C:\Users\Sergio\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode
    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll
    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    ::1 localhost
    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{2FC65F0D-3F1F-4854-A2FF-FCE8356C6F80}: DhcpNameServer=172.17.1.7
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{75BD0FA2-CFBC-4C57-8BA8-CF50E08F6786}: DhcpNameServer=200.48.225.130 200.48.225.146
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{2FC65F0D-3F1F-4854-A2FF-FCE8356C6F80}: DhcpNameServer=172.17.1.7
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{75BD0FA2-CFBC-4C57-8BA8-CF50E08F6786}: DhcpNameServer=200.48.225.130 200.48.225.146
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{75BD0FA2-CFBC-4C57-8BA8-CF50E08F6786}: DhcpNameServer=200.48.225.130 200.48.225.146
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.17.1.7
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.17.1.7
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=200.48.225.130 200.48.225.146

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!
    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    SergioG, Sep 29, 2008
    #2
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Annoying startup windows
  1. kanyder

    In Progress RunDLL: Problem StartupCheckLibrary.dll AND winscomrssrv.dll

    kanyder, Oct 10, 2019, in forum: Virus & Other Malware Removal
    Replies:
    11
    Views:
    413
    iMacg3
    Oct 16, 2019 at 10:47 PM
  2. thelonetraveller

    In Progress RunDLL: Problem StartupCheckLibrary.dll AND winscomrssrv.dll

    thelonetraveller, Sep 28, 2019, in forum: Virus & Other Malware Removal
    Replies:
    1
    Views:
    310
    iMacg3
    Sep 29, 2019
  3. jj2131

    Solved winscomrssrv.dll startupchecklibrary.dll winlogui.exe malwar

    jj2131, Aug 19, 2019, in forum: Virus & Other Malware Removal
    Replies:
    8
    Views:
    1,104
    jj2131
    Aug 21, 2019
  4. jj2131

    Solved winscomrssrv.dll, startupchecklibrary.dll a threat?

    jj2131, Aug 9, 2019, in forum: Virus & Other Malware Removal
    Replies:
    39
    Views:
    3,015
    jj2131
    Aug 19, 2019
  5. Eccho

    In Progress winscomrssrv.dll + StartupCheckLibrary.dll not found

    Eccho, Aug 7, 2019, in forum: Virus & Other Malware Removal
    Replies:
    1
    Views:
    1,026
    iMacg3
    Aug 7, 2019
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/754423

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice