I can't install or unistall any programs!! It might be virus related...

Well, I have been having this problem for a couple of days now. First, Everything was fine in my computer (I was running both norton antivirus and firewall 2003). The problem came when I installed microsoft's service pack 2. After the install, I started having trouble running both norton firewall and the windows security center at the same time. So I decided to take norton firewall off of the startup list. After this, the windows security center warned me that the position of my virus protection was unknown. So, I disabled norton anti-virus for a couple of days (a virus could have entered my computer at this time and maybe that is what is causing the problem).

Then, I thought that the windows security center (windows service pack 2) could do everything to secure my computer, so i tried to unistall both norton firewall and norton anti-virus. (before trying to uninstall both programs, i tried running them and nither of them worked. Norton firewall 2003 professional said the following message:Symantec integrator error # 0xE06D7363).
When i tried to unistall the firewall and the anti-virus, there was another problem. An error message appeared when i pressed the remove button in the add or remove programs. After this error message, i got frustrated, so i manually erased any file that had or was in a folder with "symantec or norton ". (i erased them using safe mode, because otherwise it wouldn't let me erase the symantec "shared components ").

After erasing all the files for the virus protection and firewall, i unistalled the service pack 2. Now, i cant install the service pack 2. When i go to the microsoft update website an error message appears saying: Windows Update has encountered an error and cannot display the requested page. Error number: 0x8007043C.

And this is where i am now. I am not running any antivirus or firewall. I have repeatedly tried to install the norton firewall... but it gives me this error message: The microsoft windows installer may be corrupted or your system may be infected with a virus. I tried contacting both symantec and microsoft for support, but they both charge for any kind of help. ( I used up my 2 free support calls for microsoft). Now i don't know what to do... if there is someone out there that could help, please let me know. I could give you more specific details about my problem. I would really appreciate any help you could give me.

 

Keeping you up to date...

ok. My problem still exists. I was looking around in the forum and i found e trust antivirus web scanner. (since i can't install an antivirus program this is the best i could find). It is still scanning my computer, but so far this is that it has found:
File: IF01.exe
Infection: Win32.Startpage.JG!downloader
Status: Infected

File: db.zip>Clone CD 3.06.1+crack+db/clonedb_2002.exe
Infection: Win32.Hybris.B
Status: Infected

Do any of you recognize this viruses and can you tell me if they have anything to do with my problem (My problem is described above)

Best wishes,
Fernando Rios

 

My computer is infected... what do i do now?

Edit Note: This and the next several posts were merged from a different thread. Related issues and best to keep all the stuff in one piece. Newt

Ok, so my computer is infected. What can you do after that? Can you get like a program to clean your computer or do you have to send it in for a "professional" to fix it?

 

Hi fer_rios25,

Sure, box it up and send it to me. I'll be happy to clean it up. ........just joking. You've come to the right place, I hope.

Not sure how you determined that you do indeed have a virus, so how about running an online virus scan with RAV. When done, click the report button and copy the contents of the window, then paste it here in a reply to this thread. Before doing anything else though, first turn on XP's firewall. Something is better than nothing.

 

Hi Fernando and welcome. Hopefully we can help out but as of now you have a real mess on your hands. I'm sure that is not news to you though.

For future reference, with XP SP2, the firewall is good but limited to blocking inbound traffic. Microsoft suggests that if you have a 3rd party version you continue to use that version but otherwise, the SP2 firewall is pretty good.

There is no AV protection with SP2. It has trouble identifying some 3rd party AV apps - problems mostly with the AV vendors not getting their code ready for SP2 before it arrived.

I imagine we can get you a functional system again but it will be a fairly long process and no guarantee that it will work normally. I almost never suggest a reinstall as the first thing to try but given your situation, I think it will be your best bet. If you prefer to troubleshoot the system, we can certainly help out with that.

You absolutely cannot run for long on the internet without AV protection and a firewall though. You will be reinfected about as soon as you are cleaned.

Please say if you want to reload completely or fight the existing problems. Wait for suggestions for either option. It would help to know if you have home or pro version of XP and if it is a normal commercial version or a 'recovery CD' such as some of the major vendors like Dell and Gateway provide for you rather than giving you a normal CD.

 

so far...

Well guys, thank you for showing interest in my problem. I thought I would get no response so I put my stuff in two different forums. Newt to answer your questions, I am running windows XP home edition, and it is an upgrade from windows ME. I do have the recovery cd (compaq) and in fact I have reloaded once and I don't plan on doing it again.

About my problem here's what's new. Yesterday (when i posted my first trend) i scaned my system with trendmicro and it found 10 infected files. I selected "delete" and i guess it just deleted the files. Today, I was able to install both McAfee firewall and antivirus ( i don't know how effective they will be because when i tried to update them many error messages came up including one that said "no communication channel ") Could this be a sign of a virus?

Noahdfear: I am running RAV canner as you suggested. I will paste the information as soon as i have it available. About the windows firewall, is that the one that comes with the sp2 or is it anotherone, because i don't know how to enable it.

thank you for your time,
Fernando Rios

 

Forget about enabling XP's firewall if McAfee's is functioning properly.

If you open My Network Places, then click view network connections in the left pane under network tasks, you will see a new option in that pane to change windows firewall settings.

 

Ok here it is...

Ok noahdfear, this is the report for the virus scan you suggested.

Scan started at 10/25/2004 4:38:01 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\cpruninst.exe->[wise.10] - TrojanDownloader:Win32/Adroar.A -> Infected
C:\WINDOWS\TEMP\cpr_fr.exe->[wise.10] - TrojanDownloader:Win32/Adroar.A -> Infected
C:\WINDOWS\TEMP\GLFA040.EXE->[wise.10] - TrojanDownloader:Win32/Adroar.A -> Infected
C:\WINDOWS\SYSTEM32\06wu29rd.exe - TrojanDropper:Win32/Small.GT -> Suspicious
C:\cpqdrv\PATCHES\DOS1111.BAT - BAT/RBTG.gen* -> Infected
G:\CPQS\PATCHES\DOS1111.BAT - BAT/RBTG.gen* -> Infected

Scanned
============================
Objects: 62877
Directories: 4245
Archives: 1701
Size(Kb): -142800
Infected files: 5

Found
============================
Viruses found: 3
Suspicious files: 1
Disinfected files: 0
Mail files: 94

Also, i am not running virus protection at this time, norton virus just stopped working and McAfee just recently stopped working also. What can i do? The McAfee firewall is still working, but i cannot update it because it shows this error message: "no communication channel" is that a bad thing?

Thanks for your time
Fernando

P.S. How can i keep from getting any more viruses?

 

did that help?

i was unable to get into the report, because every time i clicked on it it would show an error message: "A runtime error has occured. Do you wish to debug? line: 181 Error: access is denied" Is this a bad thing? What do i do now? I need help!!! Was i suppoosed to check the "autoclean" box before the scan started?

 

hijack this log

i know you didn't ask me to do this, but here's my log from hijack this...

Logfile of HijackThis v1.98.2
Scan saved at 6:02:52 PM, on 10/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\YSERVER.EXE
D:\My Documents\Applications\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "d:\program files\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\WebRebates\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=3c00&LC=0409 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Win32 Classes -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097024975587
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab



what do i do now?

 

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\WebRebates\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=3c00&LC=0409 (file missing)
O16 - DPF: Win32 Classes -


Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to you user account.


Now in safe mode, you will need to show hidden files and folders, as well as system files.

Open C:\WINDOWS and delete the file cpruninst.exe.
Open C:\WINDOWS\system32 and delete the file 06wu29rd.exe.
Open C:\cpqdrv\PATCHES and delete the file DOS1111.BAT.
Open G:\CPQS\PATCHES and delete the file DOS1111.BAT.
Open C:\Program Files and delete the folder WebRebates if present.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Documents and settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open C:\Windows\Prefetch, select all and delete.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.

Uncheck the /safeboot box and check everything on the startup tab in msconfig, then ok to reboot.

You would do well to uninstall Limeshop. There are safer file sharing programs that are just as good, such as WinMX.

You should try updating McAfee again now. If still no go, uninstall, reboot and reinstall.

Run another HJT scan and post the log.


Are you using a program named CloneCD or CloneDVD, and if so, what version(s)?

 

ok im going for it...

I am ready to do what you told me... and yes, i do have clone cd... version 3.3.4.1 i had downloaded another packet with many different versions but it was deleted by the Trendmicro web scan becase it said it contained a virus. Well I'll let you know when i finish the steps you described...

 

sp2

hey dave... should i update my computer to sp2 it is available now...


wouldn't the McAfee firewall do?

 

ok Dave, done!!!

here's the log for hjt...

Logfile of HijackThis v1.98.2
Scan saved at 8:26:29 PM, on 10/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\Q814033_WXP_SP2_x86_ENU.exe
d:\d93e8b324b605559a279ad418e6ddaa5\xpsp1hfm.exe
d:\d93e8b324b605559a279ad418e6ddaa5\sp2\update\update.exe
D:\My Documents\Applications\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "d:\program files\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097024975587
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab

Here are some observations I made while following your instructions:
1) In c:/windows/temp i couldn't delete the following file: "cmdlineExt02" Access is denied
2) When deleting files I clicked in "yes to all" in delete read-only files
3) The "compress old files" option was not listed in the disk cleanup
4) After disk cleanup was over, McAfee prompted me to do a "quick clean" using their program
5) After I restarted my computer in the regular mode (not safe, having checked on everything on the startup menu) the following things were wrong:
1. Rulaunch in McAfee showed an error message
2. Error viruscan synchronize service
3. Symantec error necessary component missing or damaged

ok, that's it... tell me what you think. And also would it be a good idea to erase these files on safemode regularly or is this just a way to solve my problem

As always, thank you for your time
Fernando Rios

 

One thing you really need to do is turn off the XP firewall if you are trying to run another. Firewalls are driver-level components and don't get along well. Right-clcik your connection in Network Connections, Advanced tab, and be sure the XP firewall is off.

Whenever you have a problem deleting a program, especially when it is in a temp folder where running programs shouldn't be (except for during installations and other, rare times), check your Task Manager to see if the program is running. If it is, terminate it so that you can delete it.

Don't even consider installing SP2 until your machine is running well. This is a major upgrade and is not intended to fix system problems. There can be enough problems with SP2 when installed on a well-functioning machine.

You're going to need to get rid of those viruses, one way or the other. Delete anything you can with the AV programs. If undeletable, check the Task Manager to see if they are running.

Run Ad-Aware and Spybot to remove any malware and foistware that may be compounding the problem.

You may want to consider the options that Newt mentioned. He has noted that we may never be able to get things back to "normal ", so I'd highly suggest saving all you want to save and formatting for a reinstall. Of course, if that is an option you do not want to consider, we will do our best to help you anyway.

 

Reloading...

I have considered the option of reloading my computer, as newt mentioned. I recently added a 200 gig hardrive to use as additional storage. I was wondering if i could just save all my personal files into this new drive and remove it from my computer before reloading. After the reload can I just put it back on and install the driver for it? Would there be any problem with the partitions? ( I didn't partition it so it is 200 GIG)

Also i had windows me originally, so do i have to unistall the xp upgrade and then reload with the restore cd or can i just restore it from xp?

thank you for your time,
Fernando Rios

 

I do not think enen that will help now. As I see it as being that nothing regaarding in/unistall works anyway.

1-Is it true that you have a Compaq machine ?

2-Did you put XP Upgrade overtop of ME ?

3-Did you do it to possibly fix some problems ?

If #2 & 3 get a YES then you made one big mistake right there.

An overtop upgrade should not be done to fix problems. It may well just make them worse. And I am led to believe that Windows ME is the worst to do this with anyway. ( I do not know

That applys to ANY overtop upgrade. SP2 for XP or XP over 98 or ME. Or even 98SE over 98FE.

BillyBob

 

response

1) I do have a compaq
2) Yes, I did the overtop upgrade. Nextime I do it, though, how can you do a full installation instead of overtop?
3) No, when I istalled XP home edition windows ME was running fine, since i didn't use the internet then.

Billybob, thank you for your prompt response and i will be waiting for your reply.

P.S. As I asked you in the private, what would i have to do with the Additional storage Hard drive? Can i just leave in my system while i wipe everything else and start over?

 

I do have a compaq

OK that pretty much leaves me out as I have no idea how to handlle an OEM ( compaq ) machine.

Next are you are you sure that your system can handle the FULL 200gig HD without being partitioned ? Some systems will and some won't.

BB

 

yeah, my system was able to take, though it only shows 189 out of the 200 gigs. Do you know anyone else in the BBS team who could help me, and if you do, can you please tell them to check my thread?