1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't Install Norton AntiVirus 2005

Discussion in 'Virus & Other Malware Removal' started by derekminner, Jan 30, 2005.

Thread Status:
Not open for further replies.
  1. derekminner

    derekminner Guest Thread Starter

    Joined:
    Jan 30, 2005
    Messages:
    15
    I am trying to install AntiVirus 2005 and the install quit in the middle. So i just ran spybot. This is what it came up with when I search for problems:
    Error during check!: Xuron55.Installdollars (Datei C:\WINDOWS\win.ini kann nicht geƶffnet werden. The process cannot access the file because it is being used by another process) ()


    Alexa Related: Link (Replace file, nothing done)
    C:\WINDOWS\Web\related.htm

    Altnet: Program directory (Directory, nothing done)
    c:\Program Files\Altnet\

    Altnet: Data (File, nothing done)
    C:\WINDOWS\smdat32a.sys

    Altnet: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\ADM4.ADM4.1

    Altnet: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\ADM4.ADM4

    Altnet: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\ADM25.ADM25.1

    Altnet: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\ADM25.ADM25

    Aureate: System file (File, nothing done)
    C:\WINDOWS\System32\advert.dll

    Aureate: Global settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Aureate

    Aureate: Global settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Software\Aureate

    Aureate: Shared DLL (0 apps) (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\System32\advert.dll

    Aureate: User settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-19638779-3999750914-2331887540-1003\Software\Aureate

    BlazeFind.Bridge: Autorun settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RunDLL

    BlazeFind.Bridge: Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}

    BlazeFind.Bridge: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}

    BlazeFind.Bridge: Interface (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Interface\{4FDBDBAD-FEFE-4C4C-9CC1-1181052AFB12}

    BlazeFind.Bridge: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Bridge.brdg.1

    BlazeFind.Bridge: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Bridge.brdg

    BlazeFind.Bridge: Type library (Registry key, nothing done)
    HKEY_CLASSES_ROOT\TypeLib\{DDAF2479-6F00-4599-998A-3ED75686C6D0}

    ClearSearch.Net: Interface (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95}

    CommonName: Temporary directory (Directory, nothing done)
    C:\WINDOWS\Temp\Adware

    CoolWWWSearch.Aboutblank: Fake user stylesheet (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-19638779-3999750914-2331887540-1003\Software\Microsoft\Internet Explorer\Styles\User Stylesheet

    CoolWWWSearch.Aboutblank: Autorun settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Network Service

    CoolWWWSearch.ICOO Loader: Library (File, nothing done)
    C:\WINDOWS\msopt.dll

    CoolWWWSearch.ICOO Loader: Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D}

    CoolWWWSearch.ICOO Loader: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D}

    CoolWWWSearch.ICOO Loader: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{4A8DADD4-5A25-4d41-8599-CB7458766220}

    CoolWWWSearch.ICOO Loader: Root class (Registry key, nothing done)
    HKEY_CLASSES_ROOT\icoo

    CoolWWWSearch.ICOO Loader: Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\PROTOCOLS\Handler\icoo

    CoolWWWSearch.ICOO Loader: User settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-19638779-3999750914-2331887540-1003\Software\Adverts

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-19638779-3999750914-2331887540-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    DSO Exploit: Data source object exploit (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

    eUniverse.IncrediFind: Executable (File, nothing done)
    C:\WINDOWS\system32\setup_incred_3.exe

    eUniverse.IncrediFind: Program directory (Directory, nothing done)
    C:\Program Files\IncrediFind\

    FunWeb: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\FunWebProducts

    FunWeb: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Fun Web Products

    FunWebProducts: Program directory (Directory, nothing done)
    C:\Program Files\FunWebProducts\

    MyWebSearch: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\MyWebSearch

    MyWebSearch: Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\FocusInteractive

    MyWebSearch: Browser helper object (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-19638779-3999750914-2331887540-1003\Software\MyWebSearch

    Possible hijacker: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-19638779-3999750914-2331887540-1003\Software\Microsoft\Internet Explorer\Styles\User Stylesheet!=

    Statblaster.All files7: Uninstall settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bridge


    --- Spybot - Search && Destroy version: 1.3 ---
    2004-11-29 Includes\Cookies.sbi
    2005-01-27 Includes\Dialer.sbi
    2005-01-27 Includes\Hijackers.sbi
    2005-01-11 Includes\Keyloggers.sbi
    2004-05-12 Includes\LSP.sbi
    2005-01-27 Includes\Malware.sbi
    2004-11-29 Includes\Revision.sbi
    2004-11-29 Includes\Security.sbi
    2005-01-27 Includes\Spybots.sbi
    2004-11-29 Includes\Tracks.uti
    2005-01-27 Includes\Trojans.sbi

    Can anyone help please?

    :confused:
     
  2. derekminner

    derekminner Guest Thread Starter

    Joined:
    Jan 30, 2005
    Messages:
    15
    Logfile of HijackThis v1.97.7
    Scan saved at 4:26:44 PM, on 1/30/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\LTMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\iRiver\iHP100\iHPDetect.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\pchbutton.exe
    C:\Program Files\ATnotes\ATnotes.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Willy Ferrell\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vmhv8hla.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\vmhv8hla.slt\prefs.js)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
    O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
    O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\services.exe -sr -0
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - Startup: AutoTBar.exe
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Share in Hello (HKLM)
    O9 - Extra 'Tools' menuitem: Share in H&ello (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
    O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
    O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash4/cabs/swflash.cab
    O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
    O19 - User stylesheet: C:\WINDOWS\system32\dkiqvy.kox
     
  3. derekminner

    derekminner Guest Thread Starter

    Joined:
    Jan 30, 2005
    Messages:
    15
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/325020

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice