Can't run antivirus software on W2K3

We will have to work on one machine at a time. And have two seperate threads, one for each.

Attach the log from MBAM

Also make sure you have followed all of the below:

Windows 2000 & 2003 Cleaning Procedure

 

Let's start by downloading a tool we will need.

Pocket Killbox

Save it to its own folder somewhere that you will be able to locate it later.

Open up task manager and end the process of the following processes if seen running:

• winhymr.exe
• w72c0f.exe

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
• O15 - ESC Trusted Zone: http://ardownload.adobe.com
• O15 - ESC Trusted Zone: http://www.adobe.com
• O15 - ESC Trusted Zone: http://wwwimages.adobe.com
• O15 - ESC Trusted Zone: *.download.com
• O15 - ESC Trusted Zone: http://runonce.msn.com
• O15 - ESC Trusted Zone: http://*.windowsupdate.com
• O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)

After clicking Fix exit HJT.

Now run Pocket Killbox by doubleclicking on killbox.exe

• select File, Cleanup, Delete All Backups
• Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
• Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhymr.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\w72c0f.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpykwdar
C:\Documents and Settings\Administrator\Local Settings\nsq12.tmp

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But if you do get this message, please let me know!)

If Killbox does not reboot just reboot your PC yourself.

After reboot look for all of the above files we had Pocket Killbox attempt to delete. If you still see them, delete them yourself.

Use windows explorer to find and delete the below folder:

Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know how things are running.

 

Very well then, if you are sure you're definately in the clear. However I shall leave this thread open in case yourequire further assistance.

 

Yes please. Do begin a new thread, because posting another set of logs here combined with all my old instructions for computer #1 would be confusing for us both.