Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default I seem to have a problem, after using ccleaner or comodo

    Every time I run ccleaner or comodo registry cleaner this windows destination installer thingee pops up. And starts to install something.
    Then my firewall starts sending me alerts that the program MSI6E.tmp wants to run.
    As Im not sure what these tmp. files are trying to install I end up selecting block. So then another one will have a go.
    So far this morning I have blocked the following
    MSI12.tmp, MSI18.tmp, MSI1B.tmp, MSI1D.tmp, MSI29.tmp, MSI2E.tmp, MSI3.tmp, MSI35.tmp, MSI3A.tmp, MSI3F,tmp MSI44.tmp, MSI4D.tmp, MSI5E.tmp, MSI8.tmp, MSI76.tmp, MSI87.tmp, MSI90.tmp, MSI95.tmp, MSID.tmp.
    (they all have 0.0.0.0, product verison (0.0.0.0) file version, beside them in my firewall programs page.
    If I click on more information I always go to the same page http://www.tallemu.com/oasis2/search...F227D5BC167138
    Which really isnt helpful at all.
    Otherwise things seem to be working fine. But it is very persistant.
    Appears to be something about Inproc server32???? (Have no idea what that is about).
    Any Information would be appreciated.
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,854

    Default Re: I seem to have a problem, after using ccleaner or comodo

    Looks like some of those tmp files can belong to Norton AV, Nero, Google toolbar. And other programs

    BTW, trojan remover in your sig is up to 6.7.8 not 1.3.5. And I think your malwarebytes is out of date

  3. #3
    Senior Member Blam's Avatar
    Join Date
    Apr 2008
    Posts
    7,382

    Default Re: I seem to have a problem, after using ccleaner or comodo

    What firewall do you have?



    A few of those files could be malware-download HijackThis and post a log here:
    http://www.trendsecure.com/portal/en...HiJackThis.exe

    Disable System restore to avoid reinfection. Right click Mycomputer>properties>system restore tab>Tick "disable system restore on all drives"

    Then download MBAM, update and perform a full scan.
    http://www.malwarebytes.org/mbam.php

    Just saw you already had those programs...

    Blam


  4. #4
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default Re: I seem to have a problem, after using ccleaner or comodo

    Hi Speedy
    Oh okay,
    So I dont have any of those programs installed.
    However nortons was on here when first purchased. after a recovery i always uninstall it.
    I am updating Malwarebytes now.
    Just checked trojan remover (sorry) it is 6.7.8
    it seems the updater is 1.3.5 though

    So Ive just blocked another MSI99.tmp from installing.
    How do i disable this windows installer permanently. From installing programs
    I dont want?

    Thanks
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

  5. #5
    Senior Member Blam's Avatar
    Join Date
    Apr 2008
    Posts
    7,382

    Default Re: I seem to have a problem, after using ccleaner or comodo

    Windows Installer is needed-the problem lies within the root cause, which I suspect is malware.

    Post a log here-I have suspicions

    Blam


  6. #6
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default Re: I seem to have a problem, after using ccleaner or comodo

    Hi Blam
    I have online Armor 3.5.0.9
    I have hijack this 2.0.2
    and Malwarebytes 1.36 I have just updated it and now im running a scan.
    (see my signature

    I disabled system restore last time i was here (on both drives)
    I didnt turn them back on either. I wasnt sure if i was supposed too?

    Heres my hijack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:21:59 a.m., on 12/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18372)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/MyTradeMe/Buy/Watchlist.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.trademe.co.nz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dvdvideosoft.com/r/AfterInstall.htm
    O2 - BHO: Ad Annihilator Kernel - {15BB258F-B477-4DF6-A4E7-65EA4B016CB0} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
    O2 - BHO: Kutano Add-on - {18D81A5F-F8A5-4B78-A6CC-7E37DCAFC0BB} - C:\Program Files\Kutano\Kutano\kutano_ie_client.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: &Ad Annihilator - {A1C18A7B-55E9-4DA3-A880-D112C791A9D8} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O8 - Extra context menu item: [Add to organizer] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3250
    O8 - Extra context menu item: [Block this banner] Ctrl+Alt+B - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3245
    O8 - Extra context menu item: [Block this popup] Ctrl+Alt+K - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3256
    O8 - Extra context menu item: [Find blocking filter] Ctrl+Alt+F - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3254
    O8 - Extra context menu item: [Find this resource in resource list] Ctrl+Alt+L - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3253
    O8 - Extra context menu item: [Locate target document] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3255
    O8 - Extra context menu item: [Open all links] - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3247
    O8 - Extra context menu item: [Resume resource loading] Ctrl+Alt+R - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3251
    O8 - Extra context menu item: [Show/hide menu and toolbars] Ctrl+Alt+M - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3252
    O8 - Extra context menu item: [Unblock this banner] Ctrl+Alt+U - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3246
    O8 - Extra context menu item: [Unblock this popup] Ctrl+Alt+A - res://C:\Program Files\Ad Annihilator\AdAnnihilator.dll/3257
    O9 - Extra button: Show or Hide Kutano - {00052796-FEAB-42e6-9D54-F7EEA8C37470} - C:\Program Files\Kutano\Kutano\kutano_ie_client.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ad Annihilator Options - {6715FB17-6DC8-4ff8-8CED-9BEFC28E2704} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
    O9 - Extra 'Tools' menuitem: Ad Annihilator Options - {6715FB17-6DC8-4ff8-8CED-9BEFC28E2704} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
    O9 - Extra button: (no name) - {80D24BA0-53C8-4bfa-BE1D-450474F0E738} - C:\Program Files\Kutano\Kutano\kutano_ie_client.dll
    O9 - Extra 'Tools' menuitem: Kutano - {80D24BA0-53C8-4bfa-BE1D-450474F0E738} - C:\Program Files\Kutano\Kutano\kutano_ie_client.dll
    O9 - Extra button: (no name) - {BB15D76F-6189-4c89-A9F8-CED4F9D01328} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
    O9 - Extra 'Tools' menuitem: Ad Annihilator Toolbar - {BB15D76F-6189-4c89-A9F8-CED4F9D01328} - C:\PROGRA~1\ADANNI~1\ADANNI~1.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario &pf=laptop
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1241841484609
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A049996-C61E-4441-8E9D-C0B09A292F64}: NameServer = 203.97.78.43 203.97.78.44
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

    --
    End of file - 7973 bytes
    Last edited by iammcb; 12-05-2009 at 09:30 AM.
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

  7. #7
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,854

    Default Re: I seem to have a problem, after using ccleaner or comodo

    I would get rid of Ad annihilator and use privoxy instead if you use IE. Click on the Win32 download

    Install it then go to tools / internet options / connections / LAN settings, then click on proxy server / advanced. Type 127.0.0.1 to the right of http and 8118 in for the port

    Uninstall all versions of java, its out of date, then update it. One of those files may belong to that HP program. I have no idea what WOT is or does

  8. #8
    Senior Member Blam's Avatar
    Join Date
    Apr 2008
    Posts
    7,382

    Default Re: I seem to have a problem, after using ccleaner or comodo

    WOT is the Web of Trust Addon.

    From the HJT log it seems there is nothing nasty...unsure of what those temporary files are.

    What happens when you allow removal of them?

    Blam


  9. #9
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default Re: I seem to have a problem, after using ccleaner or comodo

    hi speedy
    yeah i was thinking about that IE8 add on too as when i installed it it said not verified.
    So i disabled all add ons that werent verified. too be safe.

    However this problem started to occur after i installed ccleaner and ran it.
    so that was about a week ago now.

    Java came with open office.
    so i may not be able to uninstall it?
    It was on the pcworld cd.
    I will try to update it though.
    (Much more recent than the preinstalled version i had.)

    Maybe it has something with HP Software Update?
    who knows heres my malwarebytes log

    Malwarebytes' Anti-Malware 1.36
    Database version: 2110
    Windows 5.1.2600 Service Pack 2

    12/05/2009 9:41:47 a.m.
    mbam-log-2009-05-12 (09-41-47).txt

    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 123737
    Time elapsed: 20 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

  10. #10
    Member iammcb's Avatar
    Join Date
    Mar 2009
    Location
    New Zealand
    Posts
    48

    Default Re: I seem to have a problem, after using ccleaner or comodo

    Blam

    what to you mean by that "What happens when you allow removal of them"
    If you mean what happens when i tell my firewall to block them
    The windows installer just sits there until i click the cancel button.
    Then it will say are you sure?
    I click on "course im sure im not installing a program at the moment...lol..."
    Then it says unable to write blah blah blah to the registry
    error blah blah blah
    (I think something like that.)

    I dont really know what the HP files are either???
    Last edited by iammcb; 12-05-2009 at 09:58 AM.
    I Have XP home[Stand Alone]SP2 IE8
    Avast 4.8 home
    Online Armor 3.5.0.9
    CCleaner 2.19.900
    Glary Utilities 2.12.0.658
    SuperAntiSpyware 4.26.1002
    Malwarebytes 1.36
    Spyware Blaster 4.1
    Trojan Remover 6.7.8
    Hijack this 2.0.2

Similar Threads

  1. Comodo Registry Cleaner vs CCleaner
    By NZHawk in forum PressF1
    Replies: 2
    Last Post: 27-11-2008, 08:41 AM
  2. Weird Problem re Zonalarm v Comodo
    By Tony.br in forum PressF1
    Replies: 3
    Last Post: 13-04-2007, 03:06 PM
  3. CCleaner
    By FoxyMX in forum PressF1
    Replies: 10
    Last Post: 04-06-2006, 08:43 PM
  4. CCleaner...
    By Naruto28 in forum PC World Chat
    Replies: 5
    Last Post: 07-12-2005, 02:42 PM
  5. CCleaner
    By Zach in forum PressF1
    Replies: 3
    Last Post: 30-11-2004, 02:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •