Need help with the 8 step program

[CSJ]

Update! I managed to get Malwarebytes to work. It removed 10 Viruses. I did 3 complete full scans. But I'm still getting the Error Message below when I try to open HiJackThis.


1)"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item"


Also, I cannot install SUPERAntiSpyware. Every time I do try to install I get this Error Message

2)"Error 1321. Windows Installer has insufficient privileges to modify this file: C/Program Files/SUPERAntiSpyware/SUPERAntiSpyware.exe."


Then I'm given these three options. :Abort: :Retry: :Ignore:

When I select Retry, nothing happens. When I select Ignore, the program installs. But when I try to open the program. I get the First above Error Message.

I'm not sure what is causing this so, please, if anyone knows how to fix this please tell me. Thanks.

 

[Bobbye]

Chris, let's keep the thread together. I'd like to check out those error messages before someone else addresses any malware issue you may have:

It appears that you may be having a permission issue. Before I go further, please tell me what operating system you're using. I'd also like to know what problems you are experiencing- I just saw a joke on the other thread so you need to give us some information.

I am also going to ask you if you are using a legitimate copy of the OS. We've had several people lately who were not, so when there are error like this, it's something that needs to be verified.

Hold on those programs and let's handle this.

 

[CSJ]

I'm currently using Windows XP and yes it is legitimate. The problems I'm having are just the error messages. Earlier though my Google searches were getting re-directed. But that problem went away after running malwarebytes.

Before I was infected all of my anti virus programs worked. If you want I can even tell you exactly when this started to happen. It started right after I download Bit-torrent. And I mean literally right afterwards. Within 10 minutes of downloading it. The funny thing is I didn't even download any torrents.

I went to the pirate bay looking for an album. When I found it. I made sure that the the pirate bay said that the user was trusted. When I confirmed that he was I clicked the link (I DID NOT! download any torrent. I was still in the search bar). Right after that my computer started to freeze. Then I was suddenly exited off of IE and then a red "X" appeared saying I was infected. The red "x" is gone now but I still can't open up HijackThis or SUPERAntiSpyware. But I can open Malwarebytes and AVG Free.

Anything else you'd like to know?

 

[Bobbye]

Okay, let's try to troubleshoot the errors. 'Permission' errors can have multiple causes. I'd like you to try this:

Un-install IE Enhanced security from Windows Components: (you access Add/Remove Programs through the Control Panel> Windows Components are on the left.

On the Windows 2003 server, go to add/remove windows components, then uninstall the Internet Explorer Enhanced Security component.

This has been the most consistent 'fix' for this error.

If Mbam has not resolve a problem for you, since you know exactly wen this began, I would have had you try System Restore. But doing so now might undo what it did.

If the above doesn't resolve it, do this: See if you find an Error that corresponds to the time of the Error message. If so, that will give us more information to work on.

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES

• You can ignore Warnings and Information Events.
• If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
• You don't need to include the lines of code in the box below the Description, if any.
• Please do not copy the entire Event log.

Errors are time coded. Check the computer clock on message display.

I also have 2 policy program you can try if this doesn't work and in truth, you might have to go through the full cleaning steps- problem is malware helpers aren't available right now. But we'll go one step at a time.

I have taken it for granted that you are signing on as the Administrator- is that correct?

 

[CSJ]

Event Type: Error
Event Source: MsiInstaller
Event Category: None
Event ID: 11321
Date: 9/30/2009
Time: 5:16:59 PM
User: CHRIS\Owner
Computer: CHRIS
Description:
Product: SUPERAntiSpyware Free Edition -- Error 1321. Windows Installer has insufficient privileges to modify this file: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.

Data:
0000: 7b 43 44 44 43 42 42 46 {CDDCBBF
0008: 31 2d 32 37 30 33 2d 34 1-2703-4
0010: 36 42 43 2d 39 33 38 42 6BC-938B
0018: 2d 42 43 43 38 31 41 31 -BCC81A1
0020: 45 45 41 41 41 7d EEAAA}

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 9/30/2009
Time: 9:12:57 PM
User: N/A
Computer: CHRIS
Description:
Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 9/30/2009
Time: 9:00:13 PM
User: N/A
Computer: CHRIS
Description:
The following boot-start or system-start driver(s) failed to load:
SASKUTIL

I have taken it for granted that you are signing on as the Administrator- is that correct?

Yes, I am logged in as Administrator. Also I could not find "IE Enhanced security" in Windows Components so I'm assuming I don't have it. I Forgot to mention (in case it matters later on) that I already UN-installed Bit-torrent.

 

[Bobbye]

Good job Chris. But the errors can't be resolved. The permission problem does have a cause as far as I can determine, but you will need to go through the steps as originally outlined. Sorry, but is was worth the try.

 

[CSJ]

Just to make sure. Which steps are you referring to? The 8-Step Program? If so I'll try and see what I can do. Thanks for your help.

 

[Bobbye]

Yes. sorry, didn't mean to confuse you: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[CSJ]

I was looking through the forums when I came across a link called Kaspersky Online Scanner. Someone named kritius suggested it to somebody. He use use it and save a log after it scans then post the log. My intentions are to hopefully do the same and let somebody fix my problem. Here's what he said to do

3)I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
o Extended (If available, otherwise use standard)
o Scan Options:
o Scan Archives
o Scan Mail Bases
Click OK
Under select a target to scan, select My Computer
The scan will take a while so be patient and let it run.
Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
Click the Save Report As... button (see red arrow below)

If someone can read my log and tell me what to do. that would be great.

 

[Bobbye]

Chis, this scan is usually used as a follow up. It's not meant to take the place of cleaning programs. And it 'finds' but it doesn't 'fix.' Until the permission/policy problem is resolved, it is likely you still won't be able to function.

Here is a policy program. It is used to try and resolve a permission problem.

FixPolicies.exe from Bill Castner:

• 1Download FixPolicies by Bill Castner and save to your desktop
• 2Double click on FixPolicies.exe to run it.
• 3Click on Install. It will create a folder named FixPolicies on your desktop.
• 4Open the FixPolicies folder.
• 5Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.

When you have finished, reboot the computer- see if it resolved the permission problem so you can run the appropriate scans.

 

[CSJ]

Thanks for your help. But. None of those links work. I get a "404 Not Found" message for both of them thanks anyways.

I think I'm just going to leave things as they are for now. I might still have some Malware/Spyware on my PC but at the moment thing seem fine. Thanks for all your help.

 

[Bobbye]

My apology. I guess CastleCops took it with them when they left:

This should get you the FixPolicies download:
http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe

 

[CSJ]

I saved FixPolocies to my desktop and installed it. But when I ran Fix_policies.cmd it didn't work. command prompt comes on for 2 seconds and then vanishes. swreg.exe won't run either.

What kind of virus is this?

 

[Bobbye]

Chris, please follow the steps here to take ownership of a file or folder:
https://www.techspot.com/vb/all/win...ssing-data-from-different-XP2000-install.html

When that is finished, try doing what you did previously when you got the 'permissions' error.

Let me know= what system problems you currently have, if any.