Cannot install ANY programs?

Status
Not open for further replies.

Watchen

Posts: 17   +0
Hi, Working on son's computer, he has kids playing games but who KNOWs?

Had popups running all the time with FireFox and with IE 7.0. Could not delete, run programs, etc. He had a 'Win XP Backup' system backup, 1 months old so I restored that. That fixed most of the problems, so it runs good now and no popups but one last hitch!
> I cannot install any programs, nothing. I want to install some anti-spyware/ virus on there for him. <

Attached is his hijackthis log.


Thanks for your help and Thank for TechSpot, Watchen
 

Attachments

  • hijackthis.log
    5.1 KB · Views: 11
I'm assuming that Cruzin.exe if HijackThis?

I can't see anything in your HJT log that would account for your problems.

However, follow these instructions and see where it leads.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm429YYUS

O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

Click on the fix checked button.

Close HJT.

Please download Malwarebytes' Anti-Malware to your desktop use any of these links.
Malwarebytes
MajorGeeks

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please attach that log into your next reply.
 
Yes Cruzin.exe is Hijackthis

Hi gilliambrown

Just following TechSpots suggestions with renaming hijackthis in case malware hides from hihjack!

I have been working on this for about 20 hours now, 13 yesterday and 7 today. It runs great, fast and browsing no problem there - just cannot install anything?

Tried running Ms Anti malware removal tool "MRT", also tried Panda online scan but it hangs at 32% with 130 infections found. Then I have to cancel.

There was an old post about a simular problem back in 2005, and one thing they mentioned there was that even once everything was cleaned up they still could not install programs and the answer had to do with changes that were made to the system settings, which can only be reset with special software ???

I could not run regedit, folder options, etc. I found 'RRT' ( Reset Restrictions Tool) to reset "Folder Options" in WinExplorer and to be able to run regedit but nothing else.

I also ran ComboFix and got nothing out if it ??

Just finished the Malwarebytes' Anti-Malware scan, which came up with 122 infections, mostly adware, 9 trojans and at least 1 "rootkit.podunha" with 4 rootkit agents. I'll clean those and retry ??

Thanks
 
Cleaned 122 infections with MBAM and still cannot install anything??

kimsland Thanks for your reply, I will try your suggestion later (dinner time) but you are right NO anti NOTHING running. My son's computer, tried to warn him but as you know most of us have to learn the hard way, I did too (about backups).

Back in 30 minutes Thanks Again EveryONE
 
Just finished the Malwarebytes' Anti-Malware scan, which came up with 122 infections, mostly adware, 9 trojans and at least 1 "rootkit.podunha" with 4 rootkit agents. I'll clean those and retry ??
That's correct => retry
Retry updating \ scanning and removing all found issues in Malwarebytes scan

I'll post this too, in case it is relevant to your issue:
Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

Failing that, try here: https://www.techspot.com/vb/post684649-3.html

Then continue: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions
 
Hi Sorry I had to go eat dinner, need to keep peace in the house you know.

Here is the latest hihackthis log.

Wachen

Hi, I ran MBAM just fine and appears to have worked OK. I have not tried SAS. What is it?
 
Yes still cannot install anything

I ran MBAM, it found 122 infections, I cleaned them out with MBAM but still cannot install anything?

I just found and downloaded SAS. Will run it now.

BTW I am downloading and posting from my computer, not the infected one, and then have to copy and transfer to it with a thumb drive.

Oops mistaken, I had downloaded 'FixIt' that has a link to SAS but it does not work.

Tried Googling it and the website www.superantispyware.com/download.html does not work either ? ?
 
Ok, in addition to the SAS log, please do the following.

Download combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt
 
I have tried 4 links to SAS and none of them work, they keep timing out!! Last site I tried was SnapFiles and I have used them before for other things.

Will also do the combofix, another message said run MBAM then SAS 2-3 times so I'' do that and combofix so I'll be busy for next 10-1 minutes.

Thanks

Every time I try a link to SAS I get either a timeout or this message, "The connection to the server was reset while the page was loading."

Unable to find and download SAS!

OH I tried it from two different computers so it seems the hackers are rerouting these links!
 
So far Combofix does not come up with a warning where I can type "1" but does come up with a window that says, "this machine doe not have "Windows Recovery Console" and then recommends I install it.

Combofix looks for a disk to install "Windows Recovery Console" if I click "Yes" and I do not have one available so I click on NO and combfix runs with typing in a "1". It also says it has changed the system clock? It is running now will post it's log next.

Here is the combofix log

Don't see and attachment, as I usually do ? ?

I see the size exceeds techspot limit so - It was originally named log.txt and now I renamed it combfix1.log and combfix2.log??
 
If you have difficulty in posting the Combofix log, you can always copy and paste it if necessary.

Mod Edit:
This is not advised
 
Watchen

No more replying to yourself !
Use EDIT to add to your post, if it's still the last one in the thread
Also you must ATTACH the logs (if that's the issue?)

Yes still cannot install anything

I ran MBAM, it found 122 infections, I cleaned them out with MBAM but still cannot install anything?

I just found and downloaded SAS. Will run it now.
And the logs? (attached obviously)

Still waiting for the attached logs ...
 
Editing my Post 7-8 times !

Hi, Sorry, I tried editing my Post 7-8 times but I am unable to use EDIT to add to post - I keep getting an error message Invalid Post ~~~~ I forget the rest?
 
Yes because I was editing them!

But you may need to read what I said more clearly
Use EDIT to add to your post, if it's still the last one in the thread (ie it's not now)

And about those logs. You don't want to attach them?
By the way if Malwarebytes, found soooo many issues (and unknown if removed) then you should run it again (updated of course)
 
Editing my Post 7-8 times !

Hi, Sorry, I tried editing my Post 7-8 times but I am unable to use EDIT to add to post - I keep getting an error message Invalid Post ~~~~ I forget the rest?

I sent them 10 minutes ago, they went to a second page and then later I refreshed my page and they were gone, here we'll try again. If I try again it says "Aready attached this file in thread."

What do you mean Updated? I have the latest version and I have now run combofix 5 times?
 
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this:

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:


File::
c:\windows\imsins.BAK
C:\WinInstaller.exe
C:\WindowsInstaller-KB893803-v2-x86.exe
c:\windows\system32\NotePad_.exe
c:\windows\NotePad_.exe
C:\NotePad_.exe
C:\W25.exe
C:\W44.exe
C:\SD5.exe


Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply and let us know how things are going.

I must admit, I'm starting to think this is more of an OS corruption problem.
 
What do you mean Updated? I have the latest version and I have now run combofix 5 times?
Look I'm talking about Malwarebytes.
But because gillianbrown is helping you without even knowing the results (ie removed - no idea)

I'll come back at post#30 or something to help!

Unless you follow the instructions and post the log files, we're going to struggle to help you.
Hmm. so far it just looks like wasted replies then (seeming that was 13 posts ago - not including all the doubles and triples, ie about 18 posts ago)
 
New Combofix log

Hi kimsland and gillian Sorry not paying attention, I am getting very tired.

Here is the latest combofix. log and short too.

I'll next try running MBAM again.

One thing I forgot to mention that may help, when I try running an install program I see the dos cmd box popup for 2 seconds and then disappear or I get a message install program corrupted even though it WILL install on another computer
 
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this:

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with the Mbam log.

Let us know if you're still having problems.
 
MBAM & Combofix logs

Hi Sorry for the long wait. I did "Full" scans, rebooted and tried running an install program, still no luck ?

Here are the MBAM and Combofix logs.

I found a place to download SAS but have not installed it yet, that's next.


P.S. I have to go Very SORRY :- ( my back is hurting after 25 hours (13 yesterday & 12 today) in this HARD oak chair, my wife bought for me - it LOOKS great :- ) I don't know if you will be around tomorrow evening or not, I will be gone at least until afternoon tomorrow ( 2 PM West Coast time)!
 

Attachments

  • combofix.txt
    12 KB · Views: 5
Both logs look ok.

May I ask where and how you're trying to run an install programme, as you don't seem to be having problems installing Mbam/Combofix etc?

Anyway, once we've seen your SAS log, we may be in a position to offer some help.
 
Status
Not open for further replies.
Back