MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Software Support arrow Operating Systems : Microsoft arrow Topic: Installer Keeps Running & 1304 Errors
May 26, 2020, 12:20:03 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 26, 2020, 12:20:03 PM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Installer Keeps Running & 1304 Errors  (Read 4422 times)
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« on: June 26, 2004, 09:22:22 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:  XP PRO - latest service packs/patches
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:  1304 Error



When I launch certain programs, WIndows Installer pops up automatically, and if I let it run, it gives 1304 Errors, specifically having problems finding files that actually exist and are in fact accessible.  It is VERY difficult to cancel out of this installer.  You have to hit cancel about 20 times and it seems to finally give up.

I recently installed Symantec Norton System Works Professional 2004 (NSW) on this machine, over a home network.  It worked fine for a few days.  The installation source was a copy of the product CD that was on another PC on my network.  The reason I mention this is that MS has an article in their knowledge base #312596 for MS-Office 2000.  Although I have Office 2003, this article details a problem when software is installed over a network to a local PC.  Suspiciously, NSW is running fine on the PC where the source files physically reside.

In any event the problem first exhibited itself related to a sub-program of NSW called Norton Password Manager.  I have not actively used this password manager, however it pops up on the right side of the task bar occasionally when I am entering a password.  I've never used it otherwise.

So the problem occured when the installer popped up and reported that it was installing Norton Password Manager (even though it was already installed and running).  I cancelled out a few times (hit cancel a million times) and tried to kill it from the task manager.  I scanned for Viruses with Nortn, McAfee and others finding nothing.

It would give me these 1304 File Not FOund errors specifying a particular path and DLL from Symantec.  That DLL was there and there is no problem with the file/path, etc...

Symantec tech support advised me to uninstall NSW and re-install.  I uninstalled (a very ugly and long process).  Re-booted a few times.  Now the Installer runs when I load IE and Outlook 2003.  Each time the 1304 error complains that it can't find a valid file that is in fact in the right location.

I can eventually CANCEL out of the installer and run Outlook & IE.  The re-install of NSW FAILED and crashed.  Symantec is famous for these type problems with installation/uninstalling.

To add insult to injury and to beat me while I'm down, I've somehow contracted a Trojan.StartPage problem while looking around to find a solution to the INSTALLER problem.  I think I can resolve the StartPage problem with remedies defined elsewhere on this site.

I'm not sure where to begin with the installer program problem.  I'm tempted to copy all my critical files/data to a network connected PC and format/re-install XP Pro and my myriad of other applications ( 5 hours minimum with updates/drivers/serial numbers/downloads etc...)

Sorry for the long post, but I thought a comprehensive explanation would save time and help to avoid some tangents.  SpyKiller, NAV, TRend Micro come back with clean virus/adware/spyare scans.  I'm unable to re-load NSW as it crashes during the re-install.

ANY HELP WOULD BE MUCH APPRECIATED!!!

THANKS!
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #1 on: June 26, 2004, 10:37:54 PM »

Try running McAfee Stinger:
http://download.nai.com/products/mcafee-avert/stinger.exe
This will detect any Trojan's you might have.

Download,Update and Run Ad-Aware:
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Spybot:
http://www.download.com/redir?pid=10289035&merid=104443&mfgid=104443<ype=dl_dlnow&lop=link&edId=3&siteId=4&oId=3000-8022-10289035&ontId=8022&destUrl=%2F3001-8022-10289035.html

Fix or Repair everything they find.

I f that dowsn't work...download and run HiJackThis:
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a PERMANENT FOLDER say in MyDocuments,call it HJT.
DO NOT CREATE IN TEMP/TEMPORARY INTERNET FOLDERS
Download HJT to that folder and run it.
Save the logfile to the folder and open with NotePad,copy the ENTIRE logfile and paste it here in your post.

Cactus
« Last Edit: June 26, 2004, 10:38:54 PM by Cactus » Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #2 on: June 27, 2004, 05:41:58 AM »

Dear Cactus,

Thank you for your reply!  I followed your instructions exactly.  Stinger found nothing.  Spybot and Ad Aware found many things and I remedied them all.  Unfortunately, every time I re-boot many of the items I deleted with Ad Aware come right back.  Especially the About:Blank items which seem to impact my IE Home page.

More importantly, each time I re-boot, my PC runs Windows Installer and tries to install MS-Office XP, which is in fact, already installed and working.

I ran Hijack as you directed and the results were as follows:

Logfile of HijackThis v1.97.7
Scan saved at 1:03:33 AM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\bp_bg.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PC PROTECTION UTILS\Hijack_This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\bp_bg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00.07.02&http://www.thomasville.com/Products/product.asp?ItemID=2385
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://courier.sigaba.com/courier5.2/couriercontrol.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/170ca99c77c1c1c20303/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37901.7839930556
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



---


Windows Installer tries to load Office XP Small business.  It continues to look for files on the CD drive  like a .MSI file.  I have the actual CDs, but even when I put them in, the Installer fails to find the file it claims it is looking for...just as when it tried to install Norton Password Manager, etc...

I will await your reply.  I very much appreciate your assistance.

BTW, do you think it is worth purchasing the full version of Ad-Aware?  I'd be interested in your opinion, or a list of tools and utilities you recommend using on a regular basis, if I can ever get stabilized again.

Thanks!

Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #3 on: June 27, 2004, 01:25:52 PM »

Try running CWShredder:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe

It'll fix anything it finds.
Post back a new HJT logfile.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #4 on: June 28, 2004, 03:25:29 AM »

HI Cactus,

I ran CWShredder and I still have the WIndows Installer problem, exactly as before...

Here is the latest HJT log file:

Logfile of HijackThis v1.97.7
Scan saved at 11:24:03 PM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\bp_bg.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\ACT\SideACT.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PC PROTECTION UTILS\Hijack_This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\bp_bg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00.07.02&http://www.thomasville.com/Products/product.asp?ItemID=2385
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://courier.sigaba.com/courier5.2/couriercontrol.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/170ca99c77c1c1c20303/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37901.7839930556
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



THANKS!
Logged

 
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #5 on: June 28, 2004, 03:32:37 AM »

HI Cactus,

I was looking through the HJT log and it seems like the following entry might have something to do with my problem...what do you think?

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -


Not sure why this would be running unless I was actually installing something purposefully...

Just a thought.
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #6 on: June 28, 2004, 03:41:46 AM »

Press Ctrl/Alt/Del and "End Task" or "End Process" on each of the following: (They may or may not be there)

iexplore.exe
spykiller.exe


Turn off System Restore. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

Go to Control Panel / Add/Remove Programs and remove the following if they are there:

SpyKiller

Now delete these Folders or Files that are Highlighted: (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

C:\Program Files\SpyKiller\spykiller.exe

Now, empty all your TEMP Folders (WinXp has up to 4 of them) / Temporary Internet Files Folder and then empty your "Recycle Bin" and reboot.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #7 on: June 28, 2004, 04:10:06 AM »

HI Cactus,

Before proceeding, I wanted to let you know that SpyKiller is a product I purchased and installed knowingly.  It has frequently found and cleaned many problems for me.  Here is their URL:

http://www.spykiller.com/index.asp

Are you sure you want me to remove it completely?

Thanks.
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #8 on: June 28, 2004, 04:19:54 AM »

I would recommend uninstalling SpyKiller and using Ad-Aware and/or Spybot Search & Destroy instead (SpyKiller yields a ton of false positives and also charges if you actually want to remove something).
Ad-Aware---Download & Update
http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Spybot Search & Destroy
http://www.download.com/redir?pid=10289035&merid=104443&mfgid=104443<ype=dl_dlnow&lop=link&edId=3&siteId=4&oId=3000-8022-10289035&ontId=8022&destUrl=%2F3001-8022-10289035.html

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #9 on: June 30, 2004, 04:41:57 AM »

Hi Cactus,

I followed your recommended steps and everything seems to be working well.  It seemed to have remedied the WIndows Installer problem and the Trojan.StartPage problem.

I have to tell you that deleting all the TEMP files took considerable time.  Also I was unable to empty the Recycle Bin on the first attempt.  I got a low memory warning and the empty command would NOT work, even though I have 1 GB RAM.  I rebooted and it worked fine thereafter.  I seem to be back to normal.

Can you suggest a minimum list of recommended items like SpyBot and Ad Aware, your favorite virus protector, firewall, etc.  that should be run regularly?

Thanks for your assistance!!!  You've been extremely helpful.

TAQ-1
Logged

 
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #10 on: June 30, 2004, 05:30:08 PM »

HI Cactus,

I guess I spoke too soon.  The WIndows Installer problem is resolved, but the Trojan.StartPage problem has re-occurred.  I will forward a HIJACK log to you this evening, when I get home from work.

Thanks,

TAQ-1
Logged

 
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #11 on: July 01, 2004, 02:30:59 AM »

HI Cactus,

Here is the latest log:

Logfile of HijackThis v1.97.7
Scan saved at 10:10:50 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\bp_bg.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wisptis.exe
C:\PC PROTECTION UTILS\Hijack_This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CY_BG] C:\WINDOWS\bp_bg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00.07.02&http://www.thomasville.com/Products/product.asp?ItemID=2385
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1CE17C82-8DE2-4EF6-ACF9-3A8B21830475} (Courier52 Control) - http://courier.sigaba.com/courier5.2/couriercontrol.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/170ca99c77c1c1c20303/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37901.7839930556
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


This **** seems to be recurring even after deletion...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank


Thanks,

TAQ-1
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #12 on: July 01, 2004, 02:54:18 AM »

Did you goto TOOLS>INTERNET OPTIONS and reset your homepage?

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
TAQ-1
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #13 on: July 01, 2004, 12:39:06 PM »

Yes.  Each time.  It works fine for a while, but then inevitably it hijacks my home page and I get the about:blank page.  Fortunately, since I can then go to any page I desire, this is only an annoyance.  The indications are that it is this trojan.StartPage, but I can't find a definitive set of steps to eradicate it permanently.

TAQ-1
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 17, 2018, 01:24:22 PM