//some 3rd party need geo

Can't install Mcafee and other problems HELP!

  djack 22:03 16 Mar 05
Locked

Hi djack on the keyboard again,
Trying to fix my nephews computer it has been full of viruses,trojans,adwareetc,etc. And what a nightmare it has been.His pc runs xp witha AMD processor a Packard Bell system.I tried to load Mcafee from a brand new disk and it will let you select from the installation menu "install Mcafee virus scan"when it opens the windows with the four buttons on it which you select from the buttons are not active ie.they don't display properly and the installation freezes up.This is the second disk I have tried (Version 9 Mcafee)and the result is the same.
Also I have run the new Microsoft Spyware and let it delete all it finds and run spybot.But there still seems to be spyware or something still on the pc!I did take the hard drive of anf connect it to mine and ran the Mcafee software and it found plenty of viruses and trojans etc,etc but still all is not well.Another thing that will not work is "search"I cannot search c: or any crive on the system!!the search page is just blank.And there is more I cannot download service pack 2 I have tried all the usual settings checks to make auto update in control panel but the auto update page is greyed out and refuses all attempts to change it!Any help with these problems will be greatfully received djack.

  stalion 22:17 16 Mar 05

best for you to post a hijack this log on here
download the program hijack this to it's own folder ,run it and post the result on here not more than 800 words in each section.Also double space betwwen the lines to make it easier to read
click here

  djack 16:01 17 Mar 05

Hello Stalion,
Done what you recommended and hopefully I will attatch the report as you suggested to this post.
Logfile of HijackThis v1.99.1
Scan saved at 13:47:14, on 17/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common
Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\swwhost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\apps\ABoard\ABoard.exe

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\Ooexyh.exe

C:\Program Files\BT Voyager 105 ADSL
Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\System32\winlite.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

C:\WINDOWS\System32\gah95on6.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\System32\Spool32x.exe

C:\WINDOWS\System32\ixplorer.exe

C:\WINDOWS\System32\SVSS32.EXE

C:\WINDOWS\System32\MSHTML32.exe

C:\WINDOWS\System32\cosine.exe

C:\WINDOWS\System32\aheadchk.exe

C:\temp\salm.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\WINDOWS\dyxkboh.exe

C:\WINDOWS\System32\MSHTML32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\WINZIP\winzip32.exe

C:\hijack\HijackThis.exe

------------------------------------------

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1


Part 1
-----------------------------------------

  djack 16:20 17 Mar 05

I have tried several times to post the rest of the log in volumes less than 800 words and keep getting error messages from the site and fails to post.
Don't know what to do now djack.

  djack 16:30 17 Mar 05

O1 - Hosts: 206.161.200.105 click here

O1 - Hosts: 206.161.200.105 your.com

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4
SDK\system\vcsplay.exe"

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [hgvsjif] C:\WINDOWS\hgvsjif.exe

O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ooexyh.exe

O4 - HKLM\..\Run: [Dbymú" ü‰üžigÝY] C:\WINDOWS\iuyvtx.exe


O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁz î[ 8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\iuyvtx.exe

O4 - HKLM\..\Run: [[email protected]]­ú" ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\iuyvtx.exe

O4 - HKLM\..\Run: [¢‰¸u0ÔÁÐ]­ú" ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\iuyvtx.exe

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [[email protected]]­ú" ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\iuyvtx.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁz îžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\iuyvtx.exe

O4 - HKLM\..\Run: [REGRUN] C:\WINDOWS\system32\lc32.exe

O4 - HKLM\..\Run: [NAV Auto Updates] navwindows.exe

O4 - HKLM\..\Run: [qzav] C:\WINDOWS\qzav.exe

O4 - HKLM\..\Run: [Microsofts media] wingtp.exe

O4 - HKLM\..\Run: [Windows Sound Manager] SndMon16.exe

O4 - HKLM\..\Run: [TASKMANAGE] taskrnager.exe

O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe

O4 - HKLM\..\Run: [Microsoft Java Virtual Machine] msjvm.exe

O4 - HKLM\..\Run: [Microsoft boot system cfg32] actboost.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs

O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe

O4 - HKLM\..\Run: [PPPOEOE] winlite.exe

  djack 16:31 17 Mar 05

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe

O4 - HKLM\..\Run: [ITUNES] itunes.exe

O4 - HKLM\..\Run: [Windows Services] Spool32x.exe

O4 - HKLM\..\Run: [System Restore DLLs] ixplorer.exe

O4 - HKLM\..\Run: [sysPersonalFirewall] tskm0nitor.exe

O4 - HKLM\..\Run: [Dot.net Networking] SNSS32.EXE

O4 - HKLM\..\Run: [MS windows Data list process] MSDATLST.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [Windows Service Support Call] SVSS32.EXE

O4 - HKLM\..\Run: [MS HTML Location Class] MSHTML32.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] swwhost.exe

O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe

O4 - HKLM\..\Run: [cosine] cosine.exe

O4 - HKLM\..\Run: [Windows Manager System] aheadchk.exe

O4 - HKLM\..\Run: [setmode] C:\WINDOWS\system32\Wscript.exe //e:VBS C:\DRIVERS\SETMODE\SETMODE.NEC

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [dyxkboh] C:\WINDOWS\dyxkboh.exe

O4 - HKLM\..\RunServices: [NAV Auto Updates] navwindows.exe

O4 - HKLM\..\RunServices: [Microsofts media] wingtp.exe

O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon16.exe

O4 - HKLM\..\RunServices: [TASKMANAGE] taskrnager.exe

O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe

O4 - HKLM\..\RunServices: [Microsoft Java Virtual Machine] msjvm.exe

O4 - HKLM\..\RunServices: [Microsoft boot system cfg32] actboost.exe

O4 - HKLM\..\RunServices: [Sygate Personal Firewall] MSNSRV32.exe
O4 - HKLM\..\RunServices: [System Networking] sysnet.exe

O4 - HKLM\..\RunServices: [PPPOEO] pingppac.exe

O4 - HKLM\..\RunServices: [Microsoft is Gay] nesse69.exe

O4 - HKLM\..\RunServices: [PPPOEOE] winlite.exe

O4 - HKLM\..\RunServices: [Windows Services] Spool32x.exe

O4 - HKLM\..\RunServices: [System Restore DLLs] ixplorer.exe

O4 - HKLM\..\RunServices: [sysPersonalFirewall] tskm0nitor.exe

O4 - HKLM\..\RunServices: [Dot.net Networking] SNSS32.EXE

O4 - HKLM\..\RunServices: [ITUNES] itunes.exe

O4 - HKLM\..\RunServices: [MS windows Data list process] MSDATLST.exe

O4 - HKLM\..\RunServices: [MS HTML Location Class] MSHTML32.exe

O4 - HKLM\..\RunServices: [Microsoft Windows Update] swwhost.exe

O4 - HKLM\..\RunServices: [Windows Service Support Call] SVSS32.EXE

O4 - HKLM\..\RunServices: [Windows Manager System] aheadchk.exe

O4 - HKLM\..\RunServices: [cosine] cosine.exe

O4 - HKLM\..\RunServices: [Internet Content Publisher] icp.exe

O4 - HKLM\..\RunServices: [msupdate] update.exe

O4 - HKLM\..\RunOnce: [Microsoft Windows Update] swwhost.exe

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [NAV Auto Updates] navwindows.exe

O4 - HKCU\..\Run: [Windows Sound Manager] SndMon16.exe

O4 - HKCU\..\Run: [TASKMANAGE] taskrnager.exe

  djack 16:34 17 Mar 05

O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe

O4 - HKCU\..\Run: [Microsoft Java Virtual Machine] msjvm.exe

O4 - HKCU\..\Run: [Microsoft boot system cfg32] actboost.exe

O4 - HKCU\..\Run: [Sygate Personal Firewall] MSNSRV32.exe

O4 - HKCU\..\Run: [wvsvc] wvsvc.exe

O4 - HKCU\..\Run: [Norton Personal Firewall] kah.exe

O4 - HKCU\..\Run: [Mcafee Auto Protect] mcafeshield.exe

O4 - HKCU\..\Run: [NAV Auto Protect] mcafee32.exe

O4 - HKCU\..\Run: [mark the service] xxtra32.exe

O4 - HKCU\..\Run: [Print Driver] SAgent.exe

O4 - HKCU\..\Run: [Windows Services] Spool32x.exe

O4 - HKCU\..\Run: [sysPersonalFirewall] tskm0nitor.exe

O4 - HKCU\..\Run: [MS windows Data list process] MSDATLST.exe

O4 - HKCU\..\Run: [Microsoft Windows Update] swwhost.exe

O4 - HKCU\..\Run: [MS HTML Location Class] MSHTML32.exe

O4 - HKCU\..\Run: [cosine] cosine.exe

O4 - HKCU\..\Run: [Windows Manager System] aheadchk.exe

O4 - HKCU\..\RunServices: [Print Driver] SAgent.exe

O4 - HKCU\..\RunOnce: [Microsoft Windows Update] swwhost.exe

O4 - Startup: Resume Windows Update Installation.lnk = ?

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=click here

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted IP range: 67.19.178.84

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O19 - User stylesheet: (file missing)

O21 - SSODL: mtklef - {8A0EE62E-EE60-41BD-9AB3-5960247FC54E} - C:\WINDOWS\System32\rzdwr32.dll (file missing)

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Network Client (nwclnte) - Unknown owner - C:\WINDOWS\SYSTEM\winlogon.exe (file missing)

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

  djack 16:39 17 Mar 05

Hello stalion,
Managed to post the rest of the report in stages don't know what went wrong the first time I did a word count so I didn't exceed the 800 limit.Never mind done it now hope you can pin point any problems that are obvious.
Greatfull for your help.
cheers djack

  Fruit Bat /\0/\ 16:42 17 Mar 05

A few things wrong here

Process File: salm or salm.exe
Process Name: 180Search Assistant

is just one of them Please wait untill Nellie2 or Mark2 logs in they are the experts in this sort of thing.

DO NOT delete anything until they have had a look and tell you exactly what to do. Please be patient as they often don't log in until quite late.

  stalion 16:46 17 Mar 05

as Fruit Bat /\0/\ above says all the best.

  stalion 19:25 17 Mar 05

ignore this it's just to put your post to the top of the helproom

This thread is now locked and can not be replied to.

What is Google Allo? What is Google Duo? Google Allo UK release date rumours and features: Google…

1995-2015: How technology has changed the world in 20 years

These clever designs help visualise a complex intelligence tool

iOS 10 troubleshooting tips: Simple fixes for the most common iOS 10 problems, from network…