my malware scanning and removal progress

IBM ThinkPad T42
Win XP (Build 2600.xpsp_sp2_gdr.070227-2254: Service Pack 2)

PROBLEMS:

1. Unable to access wireless network functions
2. Windows Firewall was turned off and can not be turned on
3. Symantec Antivirus logs shows a lot of files skipped
4. In general the computer is taking a long time to boot up and shutdown

So I'm following the READ & RUN ME FIRST Before Asking for Support thread on my old PC while cleaning the laptop. Notes below, and I guess I attach logs later.

oops, I got confused and ran them trying to install and configure. Moving on...rolleyes

Crap, I can't login as admin. I try all my passwords including simply <ENTER>, and there's one in particular that it consistantly 'hangs up' on, like 30 seconds before it denies me, all the others are pretty instant rejection. So I'm performing the scans under the one and only User account I have set up.

I don't see this SDHelper function, I'm pretty sure when I installed this, I left it checked. Per the READ & RUN ME thread, I disabled the Teatimer function and FixedSpyBot's Ignore Products Bug. Spybot S&D Help doesnt seem to work either, so I had to skip the SDHelper step.
It did find a bunch of Firewall and Antivirus blockers, this is looking promising :cool

Trying to install, I get...
ERROR- Windows Installer
The system administrator has set policies to prevent this installation. OK

on to AVG Anti-Spyware....

Well, I guess I don't have any infections, but it found 2 Medium Risk Threats (TrackingCookie.Paypal and Adware.Coupons). I "Apply all actions", go to "Reports", and it tells me "No Reports Availiable" and the "Save Report As" box is grayed-out. I double checked that the Reports Settings are set to "Auto gen report after every scan", I don't know why I'm not seeing a report.

I have a cable modem. It looks like I will have to post this now from the PC, unplug my network cable and connect it to the laptop.
Good timing, its about time to go to bed, I won't be able to finish this tonight. Any comments, etc appreciated, I'll check back tommorow and continue the scan/removal process.
:wave

 

Attempted to Uninstall IBM 32-bit Runtime Environment for Java 2, v1.4.1 with CCleaner, got a Windows Installer Error.
Attempted to Uninstall IBM 32-bit Runtime Environment for Java 2, v1.4.1 with Windows/Control Panel/Add or Remove Programs, got a Run a DLL as an App Error when clicking the Add or Remove Programs icon.

Plugged in network cable, no internet.
REBOOT into Safe Mode with Networking (I'm pretty sure that's where I was), still no internet.
REBOOT into Normal mode, and Spybot S&D starts up. When I did S&D yesterday, there were 2 file it couldn’t delete, and it scheduled a scan for next startup. Found the same 2 files, couldn’t remove. And still no internet.
SHUTDOWN is hung up, manually power off the laptop.
RESET cable modem (unplug for 10 seconds), boot in Safe Mode with Networking.
IE (Homepage is weather channel.com, it looks like a text-only version)-->MajorGeeks.com

The I Agree button and arrow don't kickoff BitDefender.

No go here, maybe try in Normal Mode...

IE is very slow, I get a Generic Host Process for Win 32 Services Error window.

Same deal, it looks like the BitDefender "I Agree" and Panda ActiveScan "Scan Your PC Now" buttons are disabled or something :cry

GetRunKey and ShowNew logs attached...well...the MANAGE ATTACHMENTS BUTTON is MIA, grrr. Let me transfer to the other computer and try from there.

 

Here's the GetRunKey and ShowNew logs. Do you think somethings wrong with my IE on the laptop, causing the BitDefender and PandaActiveScan buttons not to work, and eliminate the Manage Attachments button?

 

I really appreciate your time and effort, here's the HJT log :cool

 

I'm having difficulty removing the IBM Java.

First of all, when I use the Windows Control Panel /Add or Remove Programs, it gives me the following error...


So I try to uninstall with CCleaner, and I get this...


No problem deleting Mozilla Firefox from CCleaner, I'm surprised though, arent we supposed to be using an alternate to IE?

One more thing, it seems like every session, I get this random error...


Sorry for the big ugly Alt/PrtScreen-->Outlook-->PDF-->JPEG pics. I'm going to bed. Will it be OK to proceed with the HJT and Avenger while running IBM Java? Thanks.

 

OK..will do

I don't think my ThinkPad ever came with Win XP CDs. If it did, I can't find them.

Should I start another thread in a different forum for that random GENERIC error? I can't un-install IBM Java. Should I go ahead and run HJT and Avenger as your post #8? I suppose I''l try.

 

Latest Firefox...Installed

DONE

DONE

DONE

ATTACHED. It was still slow to boot up. I'll try the Uninstaller mentioned in Post#12, and will see how the computer is working.

I haven't cleared System Restore yet.

 

Still having trouble removing IBM Java. I installed Your_Uninstaller, it gave errors when Uninstalling the IBM Java, but then said successful. But it is still there, I can see it from the CCleaner Uninstall window, and can run IBM Java from the Start Menu. It is no longer visible in the Your_Uninstaller window. I rebooted the computer a few times. All my work was done in Normal Boot Mode (ie not Safe Mode)

Here's the windows I got when trying to uninstall IBM Java via Your_Uninstaller.
First was the msiexec.exe - Application Error seen in Post#8, then these...

 

Nothing found, no warnings from Symantec, log attached.

There was a Hacktool.Rootkit and a host of other viruses a few months ago. Re-installing Symantec and using the online help, we were able to get rid of everything, or so we thought.

I don't need to keep Symantec. As a matter of fact, after finding this webpage, I was going to remove Symantec and try one of the "lighter" freewares. I just need to get the computer right first.

As of now, I still can't access the Wireless network, Windows Firewall, Add/Remove Programs, Windows Security Center. Symantec Live Update also doesn't appear to be installing the latest definitions; even though I downloaded the latest, it is still showing 9/11/2007 Rev 16.

 

...and there are 2 files that appeared on my desktop around the time when the computer went haywire.... javacore.20070907.001108.3356.txt and javacore.20070906.234234.5684.txt
Both are 0 bytes in size, maybe that's why I can't attach them here.

 

I'm pretty sure I did everthing as you typed it. I'm not sure which program you're asking about here.

Both the Windows Installer and http://windowsupdate.microsoft.com/ hang up when connected. Something's up with IE too. Like the manage attachments button is MIA in this forum, I had to use Firefox to attach the logs. I also can't use the lil smileys interface, I have to type them manually

 

Nope, I never heard of Comodo til i got here. July 30th...that's around when the Hacktool.Rootkit and other viruses were finally "gone".

And the drivers folder...hmmm, frequently the sound driver needs to be cycled thru a disable/enable in order to get real sound, instead of default beeps.

 

I didnt try to install the Sun Java since the IBM Java is still there. Should I go ahead try?

 

OK, I downloaded the latest Sun Java to my desktop. It won't let me install it though. There are no errors, I get the hourglass when I dbl click it, or try to OPEN the .exe file from Explorer. The hourglass disappears after 20 seconds.

I wanted to try it in Safe Mode as 'administrator', but something bizzare is going on with the login. I am not positive of my password, but I think I know which one I used. The incorrect ones, including <blank> deny me right away, but the one I think is right, it takes about 30 seconds to get the same window

 

Now I moved the Sun Java (jre-6u2-windows-i586-p.exe) to a folder on the C:drive, and it at least looks like it wants to install. I get the msiexec.exe - Application Error and Windows Installer error windows seen in Post#9

 

I get a Windows File Protection window

It ran for about 10 minutes as the status bar moved to completion, and then it went away. That's all that happened.

 

Hmm, I guess it didn't go as planned?
In the cmd.exe window, I typed sfc /scannow. Nothing else happened in the cmd.exe window, I instantly get an open prompt. At the exact same time I get that window. I can't alt/PrtScreen it for some reason.

 

Well I did have Malware, so all this wasn't a wasted effort. I'm not sure waht CDs I have either, all I found was MS Office CDs. I will head over to the software forum for further assistance. Thanks again for all the help.

Yep still there, the date is pretty old, 8/4/2004

 

Alright, I havent posted up in the Software Forum yet. Somehow, I got Windows Update working, and it installed 3 updates. My laptop seemes a lot better, but I still couldnt open the Control Panel/Security Center. I Un-installed Symantec and installed AVG. Then I re-installed my digi-cam software Koadk EasyShare. After the required reboot, I was getting the same errors as before; something was disabling Windows Firewall and also AVG...sometimes, the Firewall is now on and AVG is running.

Anyways, I was able re-ran the compete list READ & RUN ME FIRST thread, could you take one another look at the logs? CounterSpy wouldnt run, so I used AVG instead (it had nothing to report)

Everything seemed to run as described, except SHOWNEW. It gave me an error window (quoted below). I hit CANCEL a few times, then when I hit IGNORE, it finally ran.

 

GETRUNKEY and SHOWNEW logs

 

I'm so sorry, I definitley missed that link. Fixed the 16-Bit Error in the registry, re-ran GetRunKey and ShowNew, logs attached.

Now, I'm positive I followed the link to clear my Symantec Quarantine before the first set of logs I did. I noticed all the Quarantine items when I ran BitDefender. I'm a little confused though; I uninstalled Symantec before this second round of logs. Can I just delete everything related to Symantec by hitting DELETE in WinExplorer?

Thanks again, I really appreciate someone who knows their stuff looking at this, rather than me making an even bigger mess rolleyes

 

DONE
I searched my hardrive for "Symantec" and found 3 hits
#1-Folder C:\IBMTOOLS\APPS\NORTONAV\NAV\EXTERNAL\SYMANTEC
Not much in this folder, but if I surf up to NORTONAN, there are some exe files in there.

hits #2&3 are in C:\WINDOWS\Downloaded Program Files.
Type=ActiveX Control, Status=Installed
#2-Symantec AntiVirus scanner
#3-Symantec RuFSI Utlity Class
...I think I'll right click/REMOVE these 2?

DONE

sweet...this didn't show up in Windows Add-Remove Programs, but CCleaner found it and seemed to uninstall it without a hiccup. We'll see how everything looks after a few reboots :cool

Good to hear..and see my computer working better

 

DONE

Shall I toggle System Restore, per Step 8 of the READ & RUN ME thread?

I still have DLL errors, Windows Firewall not booting up automatically and Kodak EasyShare software issues. I'll head over to the Softwear forum. Thanks for the help here. I've learned a great deal about my computer. :clap

 

What is supposed to happen with this? Its still acting the same.