Windows installer problems in XP

By mastermiaow · 19 replies
Jun 30, 2009
  1. Hi

    At the moment I am unable to install any anti virus package. I have tried both Mcaffee and Avast. I have spoken to someone from technical support from broadband provider which provides Mcaffee as part of the broadband package and he thinks it is a problem with windows installer. With Mcaffee I got an installation error message. I have run malware and panda anti virus scan and have deleted the trojans that I found but I am still unable to install antivirus.
    The error message I got from my attempt with avast.exe is in the attached file:

    I wonder if anyone has any advice?

    Many thanks

  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

  3. mastermiaow

    mastermiaow TS Rookie Topic Starter


    Your suggestion worked and I really appreciate it :wave:
    Maybe you also have suggestions for how to run the BT connection manager for mobile broadband in that every time I install it almost freezes the system. I am not sure if this is a windows installer problem as well. But although there is an icon showing in the task bar that it is running I am unable to run the programme from the shortcut on the desktop.

    Anyway thanks again for your help :)

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Matthew, please scan with HijackThis so I can see what AV entries are on the system:

    Please download HijackThis from here.

    Save it to a permanent folder (such as C:\HJT).

    Next, open HijackThis, and select Do a system scan and save a logfile.

    A Notepad document will open. Please attach the log on your next reply.
  5. mastermiaow

    mastermiaow TS Rookie Topic Starter

    hijack this

    ~Thanks for this bobbye

    My computer does seem to be playing up still despite having run malawarebytes anti malware, panda anti virus online scan and now having avast up and running. It seems to use a lot of resources for no apparent reason and of course I can't run the mobile broadband software.
    Here is the log attached.

    Many thanks again

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Matthew, I see that you are very active with BitComet. This is a file sharing program. The P2P programs almost always add malware to the system. I recommend you uninstall it.

    If you decide not to, please do not use it during our time together. If you do and I see it is adding to the system problems, I will withdraw my support.

    You have two antivirus program running, Avast and Eset Nod32. Please uninstall one of them.
    You also have 4 online Active scanners running and that is not fine. you need to disable/remove them. HijackThis can remove some entries and you will then disable the Active X processes.

    You are very out of date with both Java and Adobe Reader. These present vulnerabilities to the system. They will be updated.we need to clean your system up!

    You also have processes running in the background that started on boot. I will have you stop those.

    IF at any time you decide you don't want to do these things, please let me know. Ask questions if you don't understand.

    This is not a malware cleaning- that can't be don't with just a HijackThis log. but I see some conflict potential and you can stop that.

    Please reopen HijackThis to 'do system scan only'
    Check each of the following if present. Do not click on 'Fix Checked' until you have checked each entry:

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

    Close all Windows except for HijackThis. Click on 'Fix Checked.'

    Boot into Safe Mode
    [*] Restart your computer and start pressing the F8 key on your keyboard.
    [*] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    Go to Start> Run> type in msconfig> enter> Selective Startup Startup tab> Uncheck everything EXCEPT the following:
    Any Avast entries
    hkcmd.exe (IF you are using HotKeys)

    Control Panel> Add/Remove Programs> UNINSTALL the following if present:
    C:\Program Files\Eset\nod32krn.exe
    BitComet as advised

    Disable online AV scanners:
    Open Internet Explorer> Tools> Manage Add-ons> find each of the following (there are 2 sections for the dialog box- add-ons current used and add-ons previously used: look in both sections)> highlight> Disable:
    ewidoOnlineScan (or any AVG entry)

    Reboot the system into Normal Mode: NOTE: ignore and close the nag message after checking 'don't show this message again.' Stay in Selective Startup.

    Let me jnow how this works.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36


    Update Java:

    Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 14 ):
    Please install it and then reboot your computer.

    Remove the older versions of Java:

    1. Click Start, Control Panel, Add/Remove Programs.
    2. Delete all Java updates except J2SE Runtime Environment 6.0 Update 14

    Update Adobe Reader 9.1
    Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version :
    Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat:

    Uninstall any earlier Adobe Reader entries after update.

    How could users remove the HouseCall 6.5 Internet Explorer ActiveX Plug-in?
    You can do this to remove processes from the system.

    • [1]. Stop HouseCall scanning, if enabled.
      [2]. Open the browser and then click Tools >Internet Options.
      [3]. Click the General tab and then click Settings under the Temporary Internet files section.
      [4]. Click View Objects and then right-click HouseCall ActiveX 6.5.
      [5]. Click Remove.

      Note: Deleting these folders also removes all the quarantined files and backup files from previous scans or cleans, as well as log files.
      Where does HouseCall 6.5 store the ActiveUpdate TmuDumpt.txt log file?
  8. mastermiaow

    mastermiaow TS Rookie Topic Starter

    Thank you Bobbye

    Hi Bobbye

    I wrote you a long message but firefox ended suddenly and it was all deleted so here goes again! First I really appreciated your help - you don't know me and yet you took the time to help a complete stranger...
    I have followed your instructions but unfortunately could not install Java and am attaching printscreen of error message.
    Otherwise I have uninstalled bit comet. Would your recommend a safer file sharing software? I normally download music and videos and would like to continue doing this...
    Also I have previously tried to install sp3 for windows (I assume good for security) but it has resulted in my not being able to open excel files and so I restored to earlier point - do you think again I should try to download and install sp3 again?

    Many thanks again Bobbye
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Sorry I missed it Matthew. I think everyone has had a long message sail off into cyberspace!

    Go to the Control Panel> Add/Remove Programs> Uninstall any Java there.
    Then go to the download site and try for Java v6u14 again:

    As for file sharing: is one better than another? I don't think so. IF you're going to share files, you'll also share malware. Unfortunately, that's how it works. Here are some references that might help you understand better:

    Credits to kritius:
    You do not have to share files to download music and videos. I think the draw to 'sharing' is avoiding the copyright restrictions.

    I'd like you to run a full system scan with the AV. Save the log and attach it here> if you got one on the system,

    Follow with new scan with HijackThis after following the removals instructions and attach new log.
  10. mastermiaow

    mastermiaow TS Rookie Topic Starter

    still problems!

    Hi Bobbye

    I uninstalled java but on attempt to install of v6u14, it is still showing same error message as last time as per print screen.
    I ran panda online virus scan and it came up with lots of infected files which I am attaching. The scan took far longer than an hour (30% after 90 mins and I had to go out so not sure how long it took).
    I also did hijack this and am attaching.
    What programme do you recommend for downloading music and videos?

    Many thanks again

  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Matthew, in the future, please don't include .doc files. They can present a danger to us opening them.

    The malware is in the restore points. Do not use the System Restore feature. When the system is clean, we have you drop the old restore points and set a new, clean one.

    At the beginning of this thread, I had you run HijackThis only to see how many AV programs were running- but that is not a malware cleaning. The cleaning includes running Malwarebytes and Superantispyware: The second program finds and removes the Tracking Cookies.

    To prevent them in the future:
    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others.

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus:
    Easy List:

    You can now delete all the quarantined items from the AV scan.

    I don't see any homepage set up in the HijackThis log.

    Special Consideration: I suspect you got the AskBar from a pre-checked download or update screen. Watch that carefully. You have to uncheck it before downloading. Most of us don't recommend using the AskBar. It tends to share many ads.

    Here are the removal instructions:

    When you have finished the above, please do the following:
    Run Malwarebytes
    Run Superantispyware
    Rescan with HijackThis

    Attach logs for all 3 programs.
  12. mastermiaow

    mastermiaow TS Rookie Topic Starter

    Instructions followed

    Hey Bobbye

    Many thanks again for your comprehensive instructions. It has taken me some time to follow everything through! Everything seems to be working a lot better although I have not tried to install the mobile broadband software which was one of the original problems.

    • firefox
    Firefox didn't give me the
    option to just delete all third party cookies

    • askbar
    could not find askbar toolbar in addons of firefox

    • asbardis
    didn't find obsolete software key asbbardis in CCleaner but did find it in Hijack this O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    • Hijack this
    I only fixed the askbardis not all the other ones which were listed

    I didn't find these
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O4 - HKLM\..\RunOnce: [AskSBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3)

    I ran MalwaryeBytes and Hijack this and am attaching logs. I could not find a way to attach a log of superantispyware so took a print screen but it is in word and you said don't attach docs....It found an adware tracking cookie and a trojan agent Gen Fakey.
    Should I now download Java? Windows SP3?
    What software programme would you recommend for downloading music or videos?

    Many thanks again Bobbye - you rock :D
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Regarding Firefox and Third Party Cookies:
    Open Tools> Options> Privacy> UNCHECK 'accept third party Cookies'.

    Open Tools> Options> Privacy> Show Cookies> Delete the ones you don't want.

    If you do this regularly and prevent new 3rd party Cookies (those ad-ons help) then you'll only have a few new Cookies each time. So you can keep those that have registrations and passwords

    Regarding Ask Bar> you got that because it was pre-checked on the Fox-It download screen. Got to watch that in downlaods and updates. More software companies are doing it and it's easier to prevent than remove.

    Please reopen HijackThis to 'do system scan only'
    Check the following if present:

    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)

    Close all Windows and click on Fix Checked. (Note on abovr entry" FoxIt download had AsBar checked.

    Still show a spyware entry: Please do a fulkkl system scan with your AV. Save and Attach log.

    Then:please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)


    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Give AV log and Combofix report. We'll close up and clean up if they are clean.
  14. mastermiaow

    mastermiaow TS Rookie Topic Starter

    2 steps forward 1 step backwards

    Hi Bobbye

    Things seemed to be a lot better but now my wireless mouse and keyboard have stopped working and after changing batteries etc I assume it is something to do with the problems I have been experiencing.....
    Anyway here are latest logs.

    OK I have done this and understand what you are asking.

    So where do I uncheck this?

    I scanned and fixed as requested however i seem to have deleted the log. I ran another scan after doing panda quick scan and combo fix and and am attaching log.

    I am not sure if the first sentence is a question or statement? How would I do know if spyware entry is shown? I am not sure what fulkkl means - I assume full. I ran Panda online full scan. It hadn't finished after 3 hours and then the computer started shutting down - like something had got into the sytem again. After restarting I ran quick scan which detected a cookie as the only infection - log attached.

    • I tried to rename it with brackets around .exe but wouldn't allow me. Seemed to work fine as combo-fix.exe
      It asked me to download microsoft recovery console which I did.
      log posted

      Many thanks again for your help
  15. mastermiaow

    mastermiaow TS Rookie Topic Starter

    wireless mouse working again but no luck with wireless keyboard
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Matthew, you still have significant problems. I'm going to see if touch can pick this thread up as I'll be off the cleaning for a while:

    I've given you the short P2P Warning. You also use Azureus, now called Vuze : Bittorrent Client.

    As for "I am not sure what fulkkl means"> it was suppose to be "full". Spell checked was asleep.
    It should have been:
    But you have globally open ports for BitComet> not good- either the ports or the program. File sharing and malware go hand in hand.
    Close these ports in your firewall.
    13220:TCP"= 13220:TCP:BitComet 13220 TCP
    "13220:UDP"= 13220:UDP:BitComet 13220 UDP
    "17479:TCP"= 17479:TCP:BitComet 17479 TCP
    "17479:UDP"= 17479:UDP:BitComet 17479 UDP
    "15109:TCP"= 15109:TCP:BitComet 15109 TCP
    "15109:UDP"= 15109:UDP:BitComet 15109 UDP
    "13814:TCP"= 13814:TCP:BitComet 13814 TCP
    "13814:UDP"= 13814:UDP:BitComet 13814 UDP
    "14141:TCP"= 14141:TCP:BitComet 14141 TCP
    "14141:UDP"= 14141:UDP:BitComet 14141 UDP
    "13415:TCP"= 13415:TCP:BitComet 13415 TCP
    "13415:UDP"= 13415:UDP:BitComet 13415 UDP
    "15100:TCP"= 15100:TCP:BitComet 15100 TCP
    "15100:UDP"= 15100:UDP:BitComet 15100 UDP
    "27589:TCP"= 27589:TCP:BitComet 27589 TCP
    "27589:UDP"= 27589:UDP:BitComet 27589 UDP

    I don't know what the installer problem is. The File extension MSP is for Microsoft Paint bitmap picture Apparently they were bad entries as Combofix deleted them.
  17. mastermiaow

    mastermiaow TS Rookie Topic Starter

    Hi Bobbye

    I uninstalled bitcomet/vuze/azureus some days ago when advised to do so and there is nothing listed under add/remove programmes. I have now closed the ports.
    It would be helpful to know whether I should install XP SP3 and what a recommended programme for downloading music/videos is.
    Meannwhile I will run another full AV scan - hopefully it will be a lot quicker this time! I await further instructions :wave:

  18. mastermiaow

    mastermiaow TS Rookie Topic Starter

    panda anti virus log

    Attached as promised. I tried to use search feature to find A0005785.exe trojan as panda was unable to disinfect - firefox wanted to close down once scan was completed.
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Matthew, I am trying to get someone to take this thread over, so hold tight.

    Do not use System Restore as the restore points are infected.
  20. mastermiaow

    mastermiaow TS Rookie Topic Starter

    Anybody out there


    I am still in need of help. At the moment the two signifcant problems are:

    • wireless keyboard
    This has stopped working and I assume to do with above problems

    • opening .xls
    I had a problem with this on Friday - error message to do with a SKU? Looked up online. changed registry entry no and it worked fine. Today I am getting a message that a cab entry is missing. This is probably due to the Microsoft security updates I downloaded last week. I cannot use restore as it is showing no dates to restore to...

    I have not attempted to use installer for the mobile broadband. Attached is hijack this log from today. Would really appreciate a hand to finish the job :)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...