Sign in to follow this  
Ileane

Application Error

Recommended Posts

Help!! I'm new at this and had no trouble installing Ad-Aware Personal, but now I tried to install Ad-Aware 2007. I got the message it had installed...The Icon showed up on my desktop, but when I clicked on it I got an 'Application Error' reading Exception EAccessViolation in module Ad-Aware2007.exe q5 001C852C. Access violation at address 005C852C in module 'Ad-Aware2007.exe Read of address 00000414.. I am using Windows 2000. Can anyone help me....Ileane

Share this post


Link to post
Share on other sites
Hi Ileane :D

Was SE installed before you switched to 2007 ?

And in case of , how did you uninstall it ?

Cheerio

Raziel ;)

 

 

I installed SE about 6 months ago.....Uninstalled it by going to Settings, Control Panel, Add/Remove Programs....went to Ad-aware SE and removed it...then went to Lavasoft to download 2007 I downloaded from Major Geek.. I saved it to my computer...and installed it as directed... I got the message that it was installed, but when I tried to open it from my desktop...I got the Application Error.

Share this post


Link to post
Share on other sites

Is this computer infected? That error message is usually due to a type of malware that blocks Ad-Aware from running. Just to be sure could you please follow this instruction so I can do a quick check of your system? This is a free tool that will generate a diagnostic log for me to review for you.

 

* Download Trend Micro Hijack Thisâ„¢

http://download.bleepingcomputer.com/hijac.../HJTInstall.exe

Doubleclick the HJTInstall.exe to start it.

By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

HijackThis will open after install. Press the Scan button below.

This will start the scan and open a log.

Copy and paste the contents of the log in your next reply.

Share this post


Link to post
Share on other sites
Is this computer infected? That error message is usually due to a type of malware that blocks Ad-Aware from running. Just to be sure could you please follow this instruction so I can do a quick check of your system? This is a free tool that will generate a diagnostic log for me to review for you.

 

* Download Trend Micro Hijack Thisâ„¢

http://download.bleepingcomputer.com/hijac.../HJTInstall.exe

Doubleclick the HJTInstall.exe to start it.

By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

HijackThis will open after install. Press the Scan button below.

This will start the scan and open a log.

Copy and paste the contents of the log in your next reply.

 

Ok....I ran my SpyBot and then ran the HijackThis....this is the result. Nothing was checked on the scan.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:56:24 PM, on 3/12/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...amp;O=A&UT=

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll

O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?84cd19e2649aab1c6331bd5f7be2e

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?84cd19e2649aab1c6331bd5f7be2e

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174262353894

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182609235700

O17 - HKLM\System\CCS\Services\Tcpip\..\{713E8E4A-0998-404D-A0E4-7D1F6DDB7FF8}: NameServer = 64.136.44.74 64.136.52.74

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7357 bytes

I appreciate any help you can give me.. Thanks

Share this post


Link to post
Share on other sites

Thanks, don't use HijackThis to "fix" anything yet. I just wanted to see the log and it does have some signs that maybe there is some malware interferring but it can't see all of it, so we need to run a couple of other (free) tools that will check for the malware I'm looking for. These are both fairly quick and easy - just be sure to post the logs they make back here for review.

 

First please copy these instructions to have handy

 

Please download FixwareOut from one of the following sites:

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

http://downloads.subratam.org/Fixwareout.exe

 

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.

Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

 

Once the desktop loads please post the text that will open (report.txt).

 

Note: ONLY if you have connection problems after performing above steps - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

............................

When you have got that report posted, then go ahead and run this tool please. It will also make a log when it finishes. Be sure to copy the instructions as it needs to be run offline (close your internet connection, any open browsers or other programs, then run it as directed below)

 

Download ComboFix and save it to your desktop.

 

**Note: It is important that it is saved directly to your desktop**

 

1. Close any open browsers.

 

2. Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Share this post


Link to post
Share on other sites
Thanks, don't use HijackThis to "fix" anything yet. I just wanted to see the log and it does have some signs that maybe there is some malware interferring but it can't see all of it, so we need to run a couple of other (free) tools that will check for the malware I'm looking for. These are both fairly quick and easy - just be sure to post the logs they make back here for review.

 

First please copy these instructions to have handy

 

Please download FixwareOut from one of the following sites:

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

http://downloads.subratam.org/Fixwareout.exe

 

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.

Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

 

Once the desktop loads please post the text that will open (report.txt).

 

Note: ONLY if you have connection problems after performing above steps - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

 

............................

When you have got that report posted, then go ahead and run this tool please. It will also make a log when it finishes. Be sure to copy the instructions as it needs to be run offline (close your internet connection, any open browsers or other programs, then run it as directed below)

 

Download ComboFix and save it to your desktop.

 

**Note: It is important that it is saved directly to your desktop**

 

1. Close any open browsers.

 

2. Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

 

I ran the Fixware Out....here are the results:

 

Username "Lee Hughes" - 03/13/2008 10:14:59 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

Successfully flushed the DNS Resolver Cache.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe /logon"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"LoadQM"="loadqm.exe"

"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"NetZero_uoltray"="C:\\Program Files\\NetZero\\exec.exe regrun"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

I will now run the ComboFix.

Share this post


Link to post
Share on other sites
I ran the Fixware Out....here are the results:

 

Username "Lee Hughes" - 03/13/2008 10:14:59 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe /logon"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"LoadQM"="loadqm.exe"

"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"NetZero_uoltray"="C:\\Program Files\\NetZero\\exec.exe regrun"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

I will now run the ComboFix.

 

ComboFix 08-03-10.1 - Lee Hughes 03/13/2008 10:52:46.1 - NTFSx86

Running from: C:\Documents and Settings\Lee Hughes.LEE-0JUA3KLRO0R\Local Settings\Temporary Internet Files\Content.IE5\UBQXSZMZ\ComboFix[1].exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Lee Hughes\Favorites\.url

C:\WINNT\Web\default.htt

 

.

((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))

.

 

2008-03-13 10:52 . 03/13/08 10:52a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_34c.dat

2008-03-13 10:31 . 03/13/08 10:31a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4fc.dat

2008-03-13 09:55 . 03/13/08 10:30a <DIR> d-------- C:\fixwareout

2008-03-12 13:46 . 03/12/08 01:46p <DIR> d-------- C:\Program Files\Trend Micro

2008-03-03 10:28 . 03/13/08 09:42a <DIR> d-a------ C:\Documents and Settings\All Users.WINNT\Application Data\TEMP

2008-03-03 10:27 . 03/07/08 09:07a <DIR> d-------- C:\Program Files\SpywareBlaster

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-10 16:41 261,120 ----a-w C:\WINNT\Internet Logs\xDBAF.tmp

2008-03-10 16:41 1,984,512 ----a-w C:\WINNT\Internet Logs\xDBB0.tmp

2008-03-09 15:58 1,982,464 ----a-w C:\WINNT\Internet Logs\xDBAE.tmp

2008-03-08 16:48 1,981,440 ----a-w C:\WINNT\Internet Logs\xDBAD.tmp

2008-03-08 00:08 --------- d-----w C:\Documents and Settings\Lee Hughes.LEE-0JUA3KLRO0R\Application Data\AVG7

2008-03-07 21:20 --------- d---a-w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-07 21:19 --------- d---a-w C:\Program Files\Lavasoft

2008-03-07 21:19 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Lavasoft

2008-03-07 02:53 513,536 ----a-w C:\WINNT\Internet Logs\xDBAB.tmp

2008-03-07 02:53 1,976,320 ----a-w C:\WINNT\Internet Logs\xDBAC.tmp

2008-03-06 15:51 1,975,296 ----a-w C:\WINNT\Internet Logs\xDBAA.tmp

2008-03-06 14:38 1,974,784 ----a-w C:\WINNT\Internet Logs\xDBA9.tmp

2008-03-05 23:32 1,973,760 ----a-w C:\WINNT\Internet Logs\xDBA8.tmp

2008-03-04 22:10 1,972,736 ----a-w C:\WINNT\Internet Logs\xDBA7.tmp

2008-03-03 15:59 1,971,200 ----a-w C:\WINNT\Internet Logs\xDBA6.tmp

2008-03-01 15:54 1,964,544 ----a-w C:\WINNT\Internet Logs\xDBA5.tmp

2008-03-01 14:43 --------- d---a-w C:\Program Files\Yahoo!

2008-02-29 18:05 1,955,840 ----a-w C:\WINNT\Internet Logs\xDBA4.tmp

2008-02-28 21:53 1,953,280 ----a-w C:\WINNT\Internet Logs\xDBA3.tmp

2008-02-27 14:00 281,088 ----a-w C:\WINNT\Internet Logs\xDBA1.tmp

2008-02-27 14:00 1,951,744 ----a-w C:\WINNT\Internet Logs\xDBA2.tmp

2008-02-26 21:55 1,951,232 ----a-w C:\WINNT\Internet Logs\xDBA0.tmp

2008-02-20 16:09 403,456 ----a-w C:\WINNT\Internet Logs\xDB9E.tmp

2008-02-20 16:09 1,944,064 ----a-w C:\WINNT\Internet Logs\xDB9F.tmp

2008-02-19 23:19 1,943,552 ----a-w C:\WINNT\Internet Logs\xDB9D.tmp

2008-02-19 13:05 5,698,656 ----a-w C:\WINNT\Internet Logs\tvDebug.zip

2008-02-18 22:15 1,942,528 ----a-w C:\WINNT\Internet Logs\xDB9C.tmp

2008-02-14 03:15 --------- d-----w C:\Program Files\Coupons

2008-02-13 21:59 241,152 ----a-w C:\WINNT\Internet Logs\xDB9B.tmp

2008-02-12 22:56 1,928,704 ----a-w C:\WINNT\Internet Logs\xDB9A.tmp

2008-02-11 03:05 303,616 ----a-w C:\WINNT\Internet Logs\xDB99.tmp

2008-02-09 22:20 1,924,096 ----a-w C:\WINNT\Internet Logs\xDB98.tmp

2008-02-09 15:17 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\avg7

2008-02-09 14:38 26,944 ----a-w C:\WINNT\system32\drivers\avg7rsnt.sys

2008-02-09 14:37 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Grisoft

2008-02-08 16:35 44,288 ----a-w C:\WINNT\system32\drivers\cdr4_2K.sys

2008-02-08 07:21 1,908,224 ----a-w C:\WINNT\Internet Logs\xDB97.tmp

2008-02-07 17:21 297,472 ----a-w C:\WINNT\Internet Logs\xDB96.tmp

2008-02-02 13:58 726,016 ----a-w C:\WINNT\Internet Logs\xDB95.tmp

2008-01-31 15:29 1,880,064 ----a-w C:\WINNT\Internet Logs\xDB94.tmp

2008-01-31 04:00 1,879,552 ----a-w C:\WINNT\Internet Logs\xDB93.tmp

2008-01-30 15:18 1,878,528 ----a-w C:\WINNT\Internet Logs\xDB92.tmp

2008-01-28 11:21 1,874,944 ----a-w C:\WINNT\Internet Logs\xDB91.tmp

2008-01-27 17:06 1,873,408 ----a-w C:\WINNT\Internet Logs\xDB90.tmp

2008-01-27 14:22 1,872,896 ----a-w C:\WINNT\Internet Logs\xDB8F.tmp

2008-01-27 14:09 --------- d---a-w C:\Program Files\NetZero

2008-01-27 13:08 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\NetZero

2008-01-26 23:21 1,870,848 ----a-w C:\WINNT\Internet Logs\xDB8E.tmp

2008-01-25 22:25 101,888 ----a-w C:\WINNT\Internet Logs\xDB8C.tmp

2008-01-25 22:25 1,869,824 ----a-w C:\WINNT\Internet Logs\xDB8D.tmp

2008-01-25 17:09 --------- d---a-w C:\Program Files\Connection Wizard

2008-01-24 15:03 1,857,536 ----a-w C:\WINNT\Internet Logs\xDB8B.tmp

2008-01-24 15:02 121,344 ----a-w C:\WINNT\Internet Logs\xDB8A.tmp

2008-01-23 16:05 1,856,000 ----a-w C:\WINNT\Internet Logs\xDB89.tmp

2008-01-21 14:10 180,736 ----a-w C:\WINNT\Internet Logs\xDB87.tmp

2008-01-21 14:10 1,852,928 ----a-w C:\WINNT\Internet Logs\xDB88.tmp

2008-01-20 20:19 1,852,416 ----a-w C:\WINNT\Internet Logs\xDB86.tmp

2008-01-20 16:04 1,848,832 ----a-w C:\WINNT\Internet Logs\xDB85.tmp

2008-01-18 17:57 289,280 ----a-w C:\WINNT\Internet Logs\xDB83.tmp

2008-01-18 17:57 1,847,296 ----a-w C:\WINNT\Internet Logs\xDB84.tmp

2008-01-17 04:25 1,843,200 ----a-w C:\WINNT\Internet Logs\xDB82.tmp

2008-01-16 12:03 1,838,080 ----a-w C:\WINNT\Internet Logs\xDB81.tmp

2008-01-16 12:02 242,688 ----a-w C:\WINNT\Internet Logs\xDB80.tmp

2008-01-12 04:54 1,835,520 ----a-w C:\WINNT\Internet Logs\xDB7F.tmp

2008-01-11 18:37 90,624 ----a-w C:\WINNT\Internet Logs\xDB7D.tmp

2008-01-11 18:37 1,827,840 ----a-w C:\WINNT\Internet Logs\xDB7E.tmp

2008-01-10 15:06 434,176 ----a-w C:\WINNT\Internet Logs\xDB7B.tmp

2008-01-10 15:06 1,825,280 ----a-w C:\WINNT\Internet Logs\xDB7C.tmp

2008-01-09 16:56 1,814,016 ----a-w C:\WINNT\Internet Logs\xDB7A.tmp

2008-01-08 23:12 1,813,504 ----a-w C:\WINNT\Internet Logs\xDB79.tmp

2008-01-03 20:54 56,320 ----a-w C:\WINNT\Internet Logs\xDB77.tmp

2008-01-03 20:54 1,805,824 ----a-w C:\WINNT\Internet Logs\xDB78.tmp

2008-01-03 14:50 142,336 ----a-w C:\WINNT\Internet Logs\xDB75.tmp

2008-01-03 14:50 1,805,312 ----a-w C:\WINNT\Internet Logs\xDB76.tmp

2008-01-02 15:37 1,804,800 ----a-w C:\WINNT\Internet Logs\xDB74.tmp

2008-01-02 00:55 1,804,288 ----a-w C:\WINNT\Internet Logs\xDB73.tmp

2008-01-01 14:50 1,803,776 ----a-w C:\WINNT\Internet Logs\xDB72.tmp

2008-01-01 02:50 79,872 ----a-w C:\WINNT\Internet Logs\xDB70.tmp

2008-01-01 02:50 1,803,264 ----a-w C:\WINNT\Internet Logs\xDB71.tmp

2007-12-30 13:08 60,928 ----a-w C:\WINNT\Internet Logs\xDB6F.tmp

2007-12-29 13:44 1,800,704 ----a-w C:\WINNT\Internet Logs\xDB6E.tmp

2007-12-29 13:43 354,816 ----a-w C:\WINNT\Internet Logs\xDB6D.tmp

2007-12-27 15:34 1,794,560 ----a-w C:\WINNT\Internet Logs\xDB6C.tmp

2007-12-27 01:02 1,794,048 ----a-w C:\WINNT\Internet Logs\xDB6B.tmp

2007-12-26 13:20 1,793,536 ----a-w C:\WINNT\Internet Logs\xDB6A.tmp

2007-12-24 13:40 1,791,488 ----a-w C:\WINNT\Internet Logs\xDB69.tmp

2007-12-23 21:43 1,790,976 ----a-w C:\WINNT\Internet Logs\xDB68.tmp

2007-12-22 14:43 1,786,368 ----a-w C:\WINNT\Internet Logs\xDB67.tmp

2007-12-22 11:13 1,785,856 ----a-w C:\WINNT\Internet Logs\xDB66.tmp

2007-12-22 03:25 316,416 ----a-w C:\WINNT\Internet Logs\xDB64.tmp

2007-12-22 03:25 1,785,344 ----a-w C:\WINNT\Internet Logs\xDB65.tmp

2007-12-21 03:49 1,782,784 ----a-w C:\WINNT\Internet Logs\xDB63.tmp

2007-12-20 13:26 1,780,224 ----a-w C:\WINNT\Internet Logs\xDB62.tmp

2007-12-19 16:50 1,779,712 ----a-w C:\WINNT\Internet Logs\xDB61.tmp

2007-12-19 13:26 1,779,200 ----a-w C:\WINNT\Internet Logs\xDB60.tmp

2007-12-17 15:01 1,776,128 ----a-w C:\WINNT\Internet Logs\xDB5F.tmp

2007-12-16 20:49 1,775,616 ----a-w C:\WINNT\Internet Logs\xDB5E.tmp

2007-12-16 14:36 229,376 ----a-w C:\WINNT\Internet Logs\xDB5C.tmp

2007-12-16 14:36 1,775,104 ----a-w C:\WINNT\Internet Logs\xDB5D.tmp

2007-12-15 22:09 1,744,384 ----a-w C:\WINNT\Internet Logs\xDB5B.tmp

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

12/15/07 11:32p 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [12/15/07 11:32p 262144]

 

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [12/15/07 11:32p 262144]

 

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03/17/05 11:10a 536576]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [09/04/07 04:40p 6856704]

"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [10/15/07 07:29p 1636864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p 111376 C:\WINNT\system32\mobsync.exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/11/07 06:02a 282624]

"LoadQM"="loadqm.exe" [05/03/00 05:23p 7536 C:\WINNT\loadqm.exe]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 04:05p 919016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [02/09/08 09:38a 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 02:05p 186640]

 

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

EPSON Background Monitor.lnk - C:\ESM2\STMS.exe [2007-05-13 07:39:01 233984]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-09-04 13:23:00 65588]

Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 13:23:00 53317]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a------ 02/09/08 09:38a 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

 

R0 amd751;AMD AGP Bus Filter;C:\WINNT\system32\DRIVERS\amd751.sys [09/28/99 10:37a]

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys [02/09/08 09:38a]

R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [06/19/03 02:05p]

R3 Winacpci;Winacpci;C:\WINNT\system32\DRIVERS\winacpci.sys [09/24/99 06:55p]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-13 15:27:05 C:\WINNT\Tasks\Check Updates for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-13 10:57:49

Windows 5.0.2195 Service Pack 4 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 03/13/2008 11:00:06

ComboFix-quarantined-files.txt 2008-03-13 16:00:01

.

2008-03-12 16:36:48 --- E O F ---

 

And now a new HijackThis log.

Share this post


Link to post
Share on other sites

And now a new HijackThis log.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:23:09 AM, on 3/13/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=sp&...amp;O=A&UT=

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll

O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll

O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"

O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?84cd19e2649aab1c6331bd5f7be2e

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?84cd19e2649aab1c6331bd5f7be2e

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174262353894

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182609235700

O17 - HKLM\System\CCS\Services\Tcpip\..\{713E8E4A-0998-404D-A0E4-7D1F6DDB7FF8}: NameServer = 64.136.52.73 64.136.44.73

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7042 bytes

 

That's everything you asked for....I don't understand any of it....you HAVE to be a genius if you understand it....Thanks for any help you can give me.....Ileane

Share this post


Link to post
Share on other sites

Ok good - don't worry about understanding it. I do and these are just diagnostics I wanted to get info on what is running on there. The good news is - I don't see malware signs that I was looking for

 

You didn't run ComboFix correctly - the downloaded exe file has to be saved to your desktop first before running it. Don't run it again, though, I can see enough to make sure there isn't malware on there that I was looking for. So that's the good thing.

 

And the logs give me some ideas about why your installation may not be working.

 

1. First of all, you sure have a lot of toolbars installed. Did you install all those on purpose? These are the toolbars:

 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll

O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

 

None of them are bad, it just seems like it might be an annoyance to have all those taking up all your browser window space. Let me know.

 

2. You have a bunch of temporary files from Zone Alarm that really need to be removed as they can cause some flakiness. Again these are not bad, it is just house cleaning to make sure everything is working properly.

 

Navigate to this folder:

 

C:\WINNT\Internet Logs

 

You will see a bunch of files in there that have a name that ends in .tmp, something like this:

 

xDB5B.tmp

 

You can delete all of those. If there are one or two that object or won't remove, that's normal. Just remove the ones that you can.

 

Try to remember to periodically clear out that internet logs folder from those temp files left behind by Zone Alarm periodically.

 

3. Is the Zone alarm program you have just the firewall or do you have the entire security suite installed (ZA firewall, antispyware and antivirus in one)?

 

4. When you tried to install Ad-Aware did you actually download the installation file and save it first to your desktop and try to install it from there? Or did you do as above with Combofix where you ran it straight from the download location instead of saving it first?

Share this post


Link to post
Share on other sites

I deleted all the .tmp files as you told me to....My Zone Alarm is just the firewall. I installed both Ad-AwareSE and 2007 by SAVE (saving them to my computer) The 2007 has been deleted from my programs, but the installer is still on my desktop....same with SE which I re-installed and am using now.I run it every day when I get off my computer. I am also using SpywareBlaster at startup and on Fridays I run my Spybot, AVG Anti-Spyware and AVG 7.5. I also clear out temporary files and run my defragger. I didn't even know about those internet temporary files....I will add that to my friday routine..Anything else I should be doing? I didn't install the stuff on my toolbar..My friend must have when she set me up...Some of the things shown in the scan do not even show on the toolbar...I don't know what some of them even are. Do you? ....

Share this post


Link to post
Share on other sites

Ok, good. That's the right way to run all those programs and I do know that they will all play nicely together as long as you shut down any realtime protection on the others when doing an on-demand scan.

 

The .tmp files from Zone Alarm I just know about from experience. It's supposed to remove them when done but doesn't always and as I said can sometimes cause flakiness so it's a good idea to clean them out periodically.

 

As for the toolbars I would personally only keep two of them. The others look like they came with other software as bundled installs and if you don't really use them, there is no need to have them. If you should decide you miss one or something you can alway go get a fresh one, but generally those toolbars are more annoyance and bother than anything.

 

Keep these two:

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

 

O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll

 

They look like they were installed on purpose and may serve a usefulness.

 

These others look like extra junk installed with other freebies (like Zone Alarm). Usually you can opt out of extra unwanted software when you install those programs (like Zone Alarm). You need to be sure to look for the Options "box" when installing it and remove the checkmark for the "extra optional software". Here is a screenshot of what I am talking about:

http://sunbeltblog.blogspot.com/2007/12/an...uccumbs-to.html

.................

 

Hijackthis can take care of those unnecessary toolbars the easiest if you don't see them in the list to remove.

 

Open HijackThis and do a *system scan only*

 

When it finishes, place a checkmark in the boxes next to these entries (only):

 

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll

 

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

 

O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

 

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

 

Now close all browsers you have open. Then press the *fix checked* button. Reboot your PC.

That should remove all those extra ones and give you a little less cluttered window.

 

That done, let's see if we can get your Ad-Aware to install.

 

And it's good you are saving the installer to your desktop. Let's make sure it's a recent one and not corrupted or anything and we'll start fresh. That means I want you to delete the existing installer you have for Ad-Aware 2007 and download a fresh new one to your desktop. But first go through these next steps before attempting another install.

 

First you'll need to remove the existing SE from your system and it's best to do that first using "Add/Remove" programs in the control panel.

 

Next follow the steps outlined here by spike-nz:

http://www.lavasoftsupport.com/index.php?s...ost&p=71276

 

That done, then try installing Ad-Aware 2007 and let us know how you make out.

Share this post


Link to post
Share on other sites

I couldn't find the Microsoft Install Cleanup Utility..otherwise I followed your directions and did a new install from the Lavasoft Home Page (c/net) and got a slightly different Application Error...It reads:-Exception EAccessViolation in Module Ad-Aware2007.eve at 001DD084. Acess Violation at address 005DD084 in module 'Ad-Aware2007.exe.' Read of address 00000414.

Share this post


Link to post
Share on other sites

Sorry about the link. It was the wrong one, so I fixed it. For future reference, this is the correct link for the Windows Installer Cleanup Utility:

http://support.microsoft.com/kb/290301

(the download link itself is about 1/3 of the way down that page) and it can sometimes help when programs having a problem uninstalling or with the Windows installer itself.

 

Can you open the Ad-Aware program at all? If so, see if you can get today's latest software update which might address some of the issues with this error message we have been seeing.

Share this post


Link to post
Share on other sites

One other thought, have you run a disk check for error on the system?

 

Basic error checking

 

1. Double left click on the My Computer icon

2. Right click on the “C:†drive

3. Left click on Properties

4. Left click on the Tools tab

5. Left click on Check Now … under Error-checking

6. Left click Start

 

If you want to do a more in-depth error checking there are 2 other options available:

 

First option is to Automatically fix file system errors (choosing this option will require a restart of the computer to run). When choosing this option you will see a box pop up that says, "The check disk could not be preformed because exclusive access to the drive could not be obtained. Do you want to schedule this disk check to occur next time you restart the computer?"

 

When prompted for this you would choose Yes if you want it to run on the next reboot of the system.

 

The second option for error checking is Scan for and attempt recovery of bad sectors (this will not require a restart of the system)

Share this post


Link to post
Share on other sites

I downloaded the Microsoft Cleaner....Saved it to my computer...installed it and it disappeared...have you any idea where it went to?

Share this post


Link to post
Share on other sites
I downloaded the Microsoft Cleaner....Saved it to my computer...installed it and it disappeared...have you any idea where it went to? Also... I deleted the Ad-Aware2007 and ran the basic error checking from 'My Computer' both options...then I re-installed the 2007 and ran the basic error checking again, both options. Still got the same Application Error.

Share this post


Link to post
Share on other sites

Ok, if you are going the uninstall route again, uninstall the current Ad-Aware 2007. Then if you installed the Windows Installer Cleanup Utility, use it next. Here is how to do that:

 

By default, the setup program installs the Windows Installer Clean Up Utility files to a folder beneath the Program Files folder. This folder is called "Windows Installer Clean Up."

All the files that are used by the utility (Msicuu.exe, Msizap.exe, and this Readme file) are copied into this folder, and a shortcut is created on the Programs menu under the Start menu.

 

 

HOW DO I RUN THE WINDOWS INSTALLER CLEAN UP UTILITY?

To run the Windows Installer Clean Up Utility, use either of the following methods:

- Click 'Start', click 'All Programs' (or 'Programs' on some operating systems), and then click the shortcut for the

Windows Installer Clean Up Utility.

- Find and run the Msicuu.exe file.

 

Remove any remnants of the prior Ad-Aware install files if any are found.

 

Then I would recommend you run the disk cleanup in case there are any errors in system files.

 

Then try to reinstall Ad-Aware

Share this post


Link to post
Share on other sites

Oh, and I also see you were having some problems to reply to a post without the quote of the prior post in it. It's a small little trick. There are actually TWO reply buttons. Scroll down a little bit use the one that says: Add Reply and not the "reply That way you can just type in your message without the prior post being quoted into it :unsure:

 

post-65-1205541219.gif

Share this post


Link to post
Share on other sites

The Windows Install Cleaner listed:-Adobe Reader - Map Button - Form Fill - Word - Works - Messenger - Popup Blocker - Quick Time - Smart Menus - Toolbars (Multiple I haven't deleted them yet) - Word in Works - Windows Installer Clean up .... I could either 'Select All', Clear All, or Exit.

Share this post


Link to post
Share on other sites
Sign in to follow this