 Antivirus software blocked! |
  |
 24.09.2006 13:29
Post
#1
|
|
|
Member  Group: Members Posts: 19 Joined: 24.09.2006  |
Hi,
My mcafee was deleted and now I have problems installing any antivirus - antispam software. Tried to install Kaspersky Anti-Virus and Kaspersky Online Scanner without success. I've tried every online virus scanner I know ( trendmicro, panda - online, bitdefender ...) and Stinger but the problem still remain. Any help will be appreciated! Here is my hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 10:46:23, on 24/09/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\acs.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe D:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe D:\WINDOWS\System32\sstray.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\WINDOWS\System32\ctfmon.exe D:\WINDOWS\System32\hldrrr.exe D:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.bin D:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe D:\Program Files\Netropa\Onscreen Display\OSD.exe D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe D:\WINDOWS\system32\cisvc.exe D:\WINDOWS\System32\inetsrv\inetinfo.exe D:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE D:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe D:\Program Files\NetLimiter 2 Pro\nlsvc.exe D:\WINDOWS\System32\svchost.exe C:\C-copy\C_copy\Software\Virtualmachines\VMware Workstation\vmware-authd.exe D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe D:\WINDOWS\System32\vmnat.exe D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe D:\WINDOWS\System32\vmnetdhcp.exe D:\Program Files\NetLimiter 2 Pro\NLClient.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\cidaemon.exe D:\WINDOWS\system32\cidaemon.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\GB\Desktop\antivirus\stng260.exe D:\PROGRA~3\INCRED~1\bin\IMApp.exe D:\Documents and Settings\GB\Desktop\antivirus\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\Program Files\Xi\NetXfer\NXIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\Program Files\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [proxim_orinoco_11abg] D:\Program Files\ORiNOCO\WirelessClient\Utility\orinoco.exe -nogui O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CleanUp] D:\DOCUME~1\GB\LOCALS~1\Temp\200692495050_mcappins.exe /v=3 /cleanup O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - HKCU\..\Run: [Update Service] D:\PROGRA~3\COMMON~1\TEKNUM~1\update.exe /startup O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Shortcut to lanman_stop.lnk = D:\lanman_stop.bat O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...ebscan_ansi.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2339.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - D:\WINDOWS\System32\acs.exe O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McDetect.exe - MagicISO, Inc. - (no file) O23 - Service: McTskshd.exe - MagicISO, Inc. - (no file) O23 - Service: MWAgent - MicroWorld Technologies Inc. - D:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR3\RpcSandraSrv.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\C-copy\C_copy\Software\Virtualmachines\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\System32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\System32\vmnat.exe O23 - Service: WUSB54Gv4SVC - Unknown owner - D:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing) Thanks. |
 |
 
|
|
24.09.2006 13:33
Post
#2
|
|
 True legend Group: Moderators Posts: 52486 Joined: 28.01.2006 From: Timisoara, Romania |
Hello
Boot into safe mode and rename this file D:\WINDOWS\System32\hldrrr.exe. Rename it to hldrrr.old or something like that. Which version of kav did you try to install 5 or 6? If you tried to install 5, install 6. This post has been edited by lucianbara: 24.09.2006 13:34 -------------------- |
|
|
|
|
24.09.2006 13:41
Post
#3
|
|
|
Member Group: Members Posts: 19 Joined: 24.09.2006 |
Thanks for the quick replay!
I've tried to install latest I suppose - kav6.0.0.303en. |
|
|
|
|
24.09.2006 13:42
Post
#4
|
|
|
True legend Group: Moderators Posts: 52486 Joined: 28.01.2006 From: Timisoara, Romania |
and what error message did you get?
-------------------- |
|
|
|
|
24.09.2006 14:02
Post
#5
|
|
|
Member Group: Members Posts: 19 Joined: 24.09.2006 |
I've renamed hldrrr.exe but the problem still remain.
The error message is: " Error 1304.Error writing to file D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe. Verify that you have access to that directory." |
|
|
|
|
24.09.2006 14:05
Post
#6
|
|
|
True legend Group: Moderators Posts: 52486 Joined: 28.01.2006 From: Timisoara, Romania |
Ok.
Delete the folder d:\program files\kaspersky lab Then run regsupreme and perform a scan of the registry in normal mode and fix all errors. Try to copy the installer to the root of the c: drive (c:\) then install it from there. Do you have any other security software installed on the pc? -------------------- |
|
|
|
|
24.09.2006 14:17
Post
#7
|
|
|
Member Group: Members Posts: 19 Joined: 24.09.2006 |
OK I'll give it a try.
|
|
|
|
|
24.09.2006 14:57
Post
#8
|
|
|
Member Group: Members Posts: 19 Joined: 24.09.2006 |
Well, it didn't helped.
I'm receiving similar error messages when trying to install other antivirus software. As I set before, mcafee was deleted probably from a virus (not uninstalled). I've downloaded uninstaller but when I'm trying to install it I'm getting the same error massage as by KAV. Any other suggestions? |
|
|
|
|
24.09.2006 14:58
Post
#9
|
|
|
True legend Group: Moderators Posts: 52486 Joined: 28.01.2006 From: Timisoara, Romania |
Try to install kav 5, its installer is not as "sensitive" as kav 6.
-------------------- |
|
|
|
|
24.09.2006 15:03
Post
#10
|
|
|
Member Group: Members Posts: 19 Joined: 24.09.2006 |
Can you provide a link to kav 5?
Thanks |
|
|
|
|
24.09.2006 15:06
Post
#11
|
|
 Global Moderator Group: Global moderators Posts: 25600 Joined: 7.04.2005 |
QUOTE(Darik @ 24.09.2006 14:03) Can you provide a link to kav 5? Thanks  ftp://d5y.kaspersky-labs.com/beta/kav50/P...glish/setup.exe, it's the lastest version 5.0.712, remember to uncheck the network protection during the install if you use a firewall! -------------------- |
|
|
|
|
24.09.2006 15:08
Post
#12
|
|
|
Global Moderator Group: Global moderators Posts: 25600 Joined: 7.04.2005 |
Have you made sure you haven't got visitors in the restrictedzone in IE + your hostfile?
Also try to use this tool before installing kaspersky:http://downloads.ewido.net/ewido_micro.exe -------------------- |
|
|
|
|
24.09.2006 15:32
Post
#13
|
|
|
Member Group: Members Posts: 19 Joined: 24.09.2006 |
The same error with kav 5.
QUOTE(Don Pelotas @ 24.09.2006 13:08) Have you made sure you haven't got visitors in the restrictedzone in IE + your hostfile? Also try to use this tool before installing kaspersky:http://downloads.ewido.net/ewido_micro.exe I'll try this. Thanks |
|
|
|
|
24.09.2006 15:56
Post
#14
|
|
|
Global Moderator Group: Global moderators Posts: 25600 Joined: 7.04.2005 |
Also do the 2 part of this:http://forum.kaspersky.com/index.php?showt...=0&#entry190756.
-------------------- |
|
|
|
|
24.09.2006 16:13
Post
#15
|
|
 Advanced Member Group: Members Posts: 323 Joined: 12.09.2006 From: France - Alsace |
Hello ,
To test : erreur 1304 http://kb.kaspersky.fr/index.php?PopShowID...t=erreur%201304 Delete the folder D:\program files\kaspersky lab and D:\Documents and Settings\All Users\Application Data\Kaspersky Lab This post has been edited by snook: 24.09.2006 16:25 -------------------- My first language is French, I don't speak English.My posts (and your posts ^^) are translate by Google translation.
Snooker blog GSi Parser 2 |
|
|
|
|
24.09.2006 16:15
Post
#16
|
|
|
True legend Group: Moderators Posts: 52486 Joined: 28.01.2006 From: Timisoara, Romania |
QUOTE(Darik @ 24.09.2006 15:32) The same error with kav 5. I'll try this. Thanks It can't be the same error. What's the exact text insie it. -------------------- |
|
|
|
|
24.09.2006 17:01
Post
#17
|
|
|
Member Group: Members Posts: 19 Joined: 24.09.2006 |
The message is:
Error opening file for writing: "D:\ Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe" |
|
|
|
|
24.09.2006 17:04
Post
#18
|
|
|
Global Moderator Group: Global moderators Posts: 25600 Joined: 7.04.2005 |
Is XP also located in D:\ ....?.......................oops it is.
-------------------- |
|
|
|
|
24.09.2006 17:06
Post
#19
|
|
|
Global Moderator Group: Global moderators Posts: 25600 Joined: 7.04.2005 |
What did the ewido scan + the two tools find?
-------------------- |
|
|
|
|
24.09.2006 17:17
Post
#20
|
|
|
Global Moderator Group: Global moderators Posts: 25600 Joined: 7.04.2005 |
You should also try the McAfee removaltool:http://forums.mcafeehelp.com/viewtopic.php...&highlight=mcpr.
-------------------- |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21.11.2009 19:46 |