# Hidden Window on Shutdown



## SnagglePuss020 (Feb 21, 2007)

Everytime i shutdown my PC, i get a popup asking me if I want to end now or cancel. The box is named END NOW - HIDDEN WINDOW. Ive tried all sorts off things to get rid of it, i have also followed the other thread on the same problem, but to no avail. I also think it will be beneficial if i posted my log files instead of looking at someone else's. So here goes:

Hijack this log file:

Logfile of HijackThis v1.99.1
Scan saved at 23:23:13, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Sygate\SPF\smc.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\AlienGUIse\wbload.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\Unlocker\UnlockerAssistant.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Steam\Steam.exe
H:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Logitech\G-series Software\LGDCore.exe
H:\Documents and Settings\Romeo\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SmcService] H:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "H:\Program Files\GhostSurf 2006 Platinum\DeleteSatellite.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "H:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "H:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Alienware Dock.lnk = H:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WB - H:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - H:\Program Files\Sygate\SPF\smc.exe

Fixwareout report:

Fixwareout Last edited 2/11/2007
Post this report in the forums please 
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "System"="" 
....
....
»»»»» Misc files. 
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"H:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SmcService"="H:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"GhostSurfDelSatellite"="\"H:\\Program Files\\GhostSurf 2006 Platinum\\DeleteSatellite.exe\""
"UnlockerAssistant"="\"H:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\\WINDOWS\\system32\\ctfmon.exe"
"ccleaner"="\"H:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
"Steam"="\"H:\\Program Files\\Steam\\Steam.exe\" -silent"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Please help me solve this  Thanks.

SnagglePuss020


----------



## SnagglePuss020 (Feb 21, 2007)

Hi there, im trying to install some updates to software, one of them being BattleField 2142. When i click on download updates (Through EA Downloader) But when it gets near the end of the intallation, it gives the error message:

Internal Error 2392 - H: \ Documents and settings\MYNAME\ApplicationData\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C4F5-2DD52\Icon386ED4E3.exe, 3

Ive tried to update the installer, but its still the same. I downloaded msicuu2.exe which is the installer cleaner (Recommended from a different source) but i get the message when i try to install this. Please help me. Here are my Hijack this logfile and my Fixwareout log file:

Fixwareout:

Fixwareout Last edited 2/11/2007
Post this report in the forums please 
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "System"="" 
....
....
»»»»» Misc files. 
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"H:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SmcService"="H:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"GhostSurfDelSatellite"="\"H:\\Program Files\\GhostSurf 2006 Platinum\\DeleteSatellite.exe\""
"UnlockerAssistant"="\"H:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\\WINDOWS\\system32\\ctfmon.exe"
"ccleaner"="\"H:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
"Steam"="\"H:\\Program Files\\Steam\\Steam.exe\" -silent"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:23:13, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Sygate\SPF\smc.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\AlienGUIse\wbload.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\Unlocker\UnlockerAssistant.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Steam\Steam.exe
H:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Logitech\G-series Software\LGDCore.exe
H:\Documents and Settings\Romeo\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SmcService] H:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "H:\Program Files\GhostSurf 2006 Platinum\DeleteSatellite.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "H:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "H:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: Alienware Dock.lnk = H:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: interceptor.dll
O20 - Winlogon Notify: WB - H:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - H:\Program Files\Sygate\SPF\smc.exe

Thanks again.

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

Does it say shell con hidden window?


----------



## cybertech (Apr 16, 2002)

Threads merged, please continue to post to this one thread until the problem is solved.


----------



## SnagglePuss020 (Feb 21, 2007)

No, it doesnt say that message in the window, it just has End Program - Hidden Window. Thats all, i didnt know the two problems were related sorry for double thread  

SnagglePuss020


----------



## SnagglePuss020 (Feb 21, 2007)

Anyone got any help for me?  thanks in advance

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

Do you use MusicMatch at all


----------



## SnagglePuss020 (Feb 21, 2007)

Not at all, never had it installed neither

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

Run *ActiveScan* online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. 
Post the contents of the ActiveScan report.


----------



## SnagglePuss020 (Feb 21, 2007)

Heres the scan result:

Incident Status Location

Spyware:Cookie/Falkag Not disinfected H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\cookies.txt[as1.falkag.de/] 
Spyware:Cookie/Advertising Not disinfected H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\cookies.txt[.advertising.com/] 
Spyware:Cookie/Tribalfusion Not disinfected H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\cookies.txt[.tribalfusion.com/] 
Spyware:Cookie/Atlas DMT  Not disinfected H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\cookies.txt[.atdmt.com/] 
Hacktool:HackTool/RockXp4 Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar[RockXP4.exe] 
Hacktool:HackTool/Samdump Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar[RockXP4.exe][pwdump2\pwdump2.exe] 
Hacktool:HackTool/Samdump Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar[RockXP4.exe][pwdump2\samdump.dll] 
Hacktool:HackTool/RockXp4 Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar[RockXP4.exe][RockXP4_.exe] 
Hacktool:HackTool/RockXp4 Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\RockXP4.exe 
Potentially unwanted tool:Application/PerfectKeyLog.P Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar[i_bpk2003.exe][Setup.exe] 
Potentially unwanted tool:Application/PerfectKeylog.D Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar[i_bpk2003.exe][bpk.chm] 
Potentially unwanted tool:Application/Perfectkeylog.I Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar[i_bpk2003.exe][bpkhk.dll] 
Potentially unwanted tool:Application/Perfectkeylog.I Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar[i_bpk2003.exe][bpk.exe] 
Potentially unwanted tool:Application/Perfectkeylog.I Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar[i_bpk2003.exe][BPKr.exe] 
Potentially unwanted tool:Application/PerfectKeyLog.A  Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar[i_bpk2003.exe][bpkun.exe] 
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar[i_bpk2003.exe][bpkvw.exe] 
Potentially unwanted tool:Application/NirCmd.A Not disinfected H:\fixwareout\FindT\nircmd.exe

The perfect key logger i know of, its the trial version, which is in use.

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

How long has this been happening? Have you tried a System Restore?


----------



## SnagglePuss020 (Feb 21, 2007)

Been happening quite a while, so a system restore isnt really a favorable option, as i would lose quite alot of programs etc. Any ideas at all that i can try?

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

Please *RIGHT-CLICK HERE* to download Silent Runner's.
Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will receive a prompt:
*Do you want to skip supplementary searches?
click NO*

You will see a text file appear on the desktop - *it's not done, let it run (it won't appear to be doing anything!)*
Once you receive the prompt *All Done!*, open the text file on the desktop, copy that entire log, and paste it here.
**NOTE* If you receive any warning message about scripts, please choose to allow the script to run.*


----------



## SnagglePuss020 (Feb 21, 2007)

Heres the log:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"EA Core" = ""H:\Program Files\Electronic Arts\EA Link\Core.exe" -silent" ["Electronic Arts"]
"ccleaner" = ""H:\Program Files\CCleaner\ccleaner.exe" /AUTO" ["Piriform Ltd"]
"Yahoo! Pager" = ""H:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."]
"MSMSGS" = ""H:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Steam" = ""H:\Program Files\Steam\Steam.exe" -silent" ["Valve Corporation"]
"SpybotSD TeaTimer" = "H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"MsnMsgr" = ""H:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"DAEMON Tools" = ""H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"CTFMON.EXE" = "H:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SmcService" = "H:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Launch LGDCore" = ""H:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE" ["Logitech Inc."]
"Launch LCDMon" = ""H:\Program Files\Logitech\G-series Software\LCDMon.exe"" ["Logitech Inc."]
"ATICCC" = ""H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"THGuard" = ""H:\Program Files\TrojanHunter 4.6\THGuard.exe"" ["Mischel Internet Security"]
"GhostSurf Reminder" = ""H:\Program Files\GhostSurf 2006 Platinum\Privacy Control Center.exe" reminder" ["Tenebril Inc."]
"Adobe Photo Downloader" = ""H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "H:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "H:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "H:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "H:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "H:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "H:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "H:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "H:\PROGRA~1\TROJAN~1.6\contmenu.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "H:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "H:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "interceptor.dll" ["Tenebril Inc."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> WB\DLLName = "H:\Program Files\AlienGUIse\fastload.dll" ["Stardock"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
MyPhoneExplorer\(Default) = "{2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E}"
-> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"
\InProcServer32\(Default) = "H:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "H:\PROGRA~1\TROJAN~1.6\contmenu.dll" [null data]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "H:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "H:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "H:\PROGRA~1\TROJAN~1.6\contmenu.dll" [null data]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "H:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "H:\PROGRA~1\TROJAN~1.6\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "H:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "H:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "H:\Documents and Settings\Romeo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Romeo" & "All Users" startup folders:
-------------------------------------------------------

H:\Documents and Settings\Romeo\Start Menu\Programs\Startup
"Scheduler" -> shortcut to: "H:\Program Files\GhostSurf 2006 Platinum\Scheduler daemon.exe" ["Tenebril Incorporated"]

H:\Documents and Settings\All Users\Start Menu\Programs\Startup
"GhostSurf proxy" -> shortcut to: "H:\Program Files\GhostSurf 2006 Platinum\Proxy.exe" ["Tenebril Incorporated"]
"SpyCatcher Protector" -> shortcut to: "H:\Program Files\GhostSurf 2006 Platinum\Protector.exe" ["Tenebril Inc."]

Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "H:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"XoftSpySE" -> launches: "H:\Program Files\XoftSpySE\XoftSpy.exe -t" ["ParetoLogic"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://H|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "H:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Sygate Personal Firewall Pro, SmcService, "H:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
TuneUp Design Expansion, UxTuneUp, "H:\WINDOWS\System32\svchost.exe -k netsvcs" {"H:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 78 seconds.
---------- (total run time: 132 seconds)

Thanks.

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

Basically what you should try next is trial and error with msconfig. 
Have you ever used msconfig to disable startup programs?
I would disable everything. Then one by one re-enable an item. 
That can usually rule out which program is causing this error.


----------



## SnagglePuss020 (Feb 21, 2007)

Ok, i disabled most of the things i didn't recognize last night, but ill try them one by one.

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

Yeah, it's a tricky error - can be caused by many things.


----------



## SnagglePuss020 (Feb 21, 2007)

Hmm ok, i havnt tried to see if the Hidden Window thing pops up, as that really doesn't bother me. The other problem i am having is bothering me, as i cant update anything. The problem is in post 2 merged by the admin (The installer one) I just re-started my pc with nothing in startup and i still get the installer error. What should i try? i have tried to install the latest version 3.1 and its still the same. I have tried to install the Microsoft installer cleanup wizard (MSICUU.exe), but that gives me the error halfway through install, smart as Microsoft are lol. Thanks again for all the help!

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

Run *Kaspersky* online virus scan here: http://www.kaspersky.com/virusscanner

When given the option, choose the "Extended database" for the scan.
When it's finished, save the results from the scan and post them here.


----------



## SnagglePuss020 (Feb 21, 2007)

Kaspersky Scan log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 24, 2007 1:17:38 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/02/2007
Kaspersky Anti-Virus database records: 273002
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 54910
Number of viruses found: 4
Number of infected objects: 24 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:39:51

Infected Object Name / Virus Name / Last Action
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
H:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
H:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
H:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
H:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
H:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
H:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
H:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\cert8.db	Object is locked	skipped
H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\history.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\key3.db	Object is locked	skipped
H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\parent.lock	Object is locked	skipped
H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\search.sqlite	Object is locked	skipped
H:\Documents and Settings\Romeo\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\urlclassifier2.sqlite	Object is locked	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar/RockXP4.exe/data.rar/pwdump2/pwdump2.exe	Infected: not-a-virusSWTool.Win32.PWDump.2	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar/RockXP4.exe/data.rar/pwdump2/samdump.dll	Infected: not-a-virusSWTool.Win32.PWDump.2	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar/RockXP4.exe/data.rar/RockXP4_.exe	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar/RockXP4.exe/data.rar	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar/RockXP4.exe	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\Genuine_In_5_sec.rar	RAR: infected - 5	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\RockXP4.exe/data.rar/pwdump2/pwdump2.exe	Infected: not-a-virusSWTool.Win32.PWDump.2	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\RockXP4.exe/data.rar/pwdump2/samdump.dll	Infected: not-a-virusSWTool.Win32.PWDump.2	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\RockXP4.exe/data.rar/RockXP4_.exe	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\RockXP4.exe/data.rar	Infected: not-a-virusSWTool.Win32.RAS.a	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\Genuine_In_5_sec\RockXP4.exe	RarSFX: infected - 4	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar/i_bpk2003.exe/data.rar/Setup.exe	Infected: not-a-virus:Monitor.Win32.Perflogger.163	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar/i_bpk2003.exe/data.rar/bpkhk.dll	Infected: not-a-virus:Monitor.Win32.Perflogger.163	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar/i_bpk2003.exe/data.rar/bpk.exe	Infected: not-a-virus:Monitor.Win32.Perflogger.163	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar/i_bpk2003.exe/data.rar/BPKr.exe	Infected: not-a-virus:Monitor.Win32.Perflogger.163	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar/i_bpk2003.exe/data.rar/bpkun.exe	Infected: not-a-virus:Monitor.Win32.Perflogger.163	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar/i_bpk2003.exe/data.rar	Infected: not-a-virus:Monitor.Win32.Perflogger.163	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar/i_bpk2003.exe	Infected: not-a-virus:Monitor.Win32.Perflogger.163	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\PerfectKeyloggerV163rar\PerfectKeyloggerV163rar.rar	RAR: infected - 7	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\XoftSpySE 4.29.191+ crack\XoftSpySE 4.29.191+ crack.rar/patch.exe	Infected: Trojan-Downloader.Win32.Small.ebz	skipped
H:\Documents and Settings\Romeo\Desktop\Install Files\XoftSpySE 4.29.191+ crack\XoftSpySE 4.29.191+ crack.rar	RAR: infected - 1	skipped
H:\Documents and Settings\Romeo\Local Settings\Application Data\ApplicationHistory\cli.exe.e9be0176.ini.inuse	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\Cache\_CACHE_001_	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\Cache\_CACHE_002_	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\Cache\_CACHE_003_	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Application Data\Mozilla\Firefox\Profiles\f0fmghmn.default\Cache\_CACHE_MAP_	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\9238.rra	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\Cookies\index.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\History\History.IE5\index.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\Perflib_Perfdata_664.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\Perflib_Perfdata_718.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\Perflib_Perfdata_988.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\Perflib_Perfdata_d98.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\Perflib_Perfdata_da8.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\ntuser.dat	Object is locked	skipped
H:\Documents and Settings\Romeo\NTUSER.DAT.LOG	Object is locked	skipped
H:\Program Files\BitLord\Downloads\XoftSpySE 4.29.191+ crack\XoftSpySE 4.29.191+ crack\patch.exe	Infected: Trojan-Downloader.Win32.Small.ebz	skipped
H:\Program Files\BitLord\Downloads\XoftSpySE 4.29.191+ crack\XoftSpySE 4.29.191+ crack.rar/patch.exe	Infected: Trojan-Downloader.Win32.Small.ebz	skipped
H:\Program Files\BitLord\Downloads\XoftSpySE 4.29.191+ crack\XoftSpySE 4.29.191+ crack.rar	RAR: infected - 1	skipped
H:\Program Files\Sygate\SPF\debug.log	Object is locked	skipped
H:\Program Files\Sygate\SPF\rawlog.log	Object is locked	skipped
H:\Program Files\Sygate\SPF\seclog.log	Object is locked	skipped
H:\Program Files\Sygate\SPF\syslog.log	Object is locked	skipped
H:\Program Files\Sygate\SPF\tralog.log	Object is locked	skipped
H:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
H:\System Volume Information\_restore{52ED8848-DAF4-4296-BBB0-B0F80DAAD8A8}\RP13\change.log	Object is locked	skipped
H:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
H:\WINDOWS\Installer\{F5577101-33CC-4711-8235-3A95BCD49DB0}\ARPPRODUCTICON.exe	Object is locked	skipped
H:\WINDOWS\SchedLgU.Txt Object is locked	skipped
H:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb	Object is locked	skipped
H:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log	Object is locked	skipped
H:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb	Object is locked	skipped
H:\WINDOWS\SoftwareDistribution\EventCache\{C9B164D1-F1B9-4E0E-AFAF-B49C741A9337}.bin	Object is locked	skipped
H:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
H:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
H:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
H:\WINDOWS\system32\config\ACEEvent.evt	Object is locked	skipped
H:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
H:\WINDOWS\system32\config\default	Object is locked	skipped
H:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
H:\WINDOWS\system32\config\SAM	Object is locked	skipped
H:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
H:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
H:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
H:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
H:\WINDOWS\system32\config\software	Object is locked	skipped
H:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
H:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
H:\WINDOWS\system32\config\system	Object is locked	skipped
H:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
H:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
H:\WINDOWS\system32\h323log.txt	Object is locked	skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
H:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
H:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
H:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
H:\WINDOWS\Temp\Cookies\index.dat	Object is locked	skipped
H:\WINDOWS\Temp\History\History.IE5\index.dat	Object is locked	skipped
H:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
H:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
I:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
I:\System Volume Information\_restore{52ED8848-DAF4-4296-BBB0-B0F80DAAD8A8}\RP13\change.log	Object is locked	skipped

Scan process completed.

SnagglePuss020


----------



## Cheeseball81 (Mar 3, 2004)

Okay so you installed the keylogger - do you know what this is? Genuine_In_5_sec
XoftSpySE was a cracked version?


----------



## SnagglePuss020 (Feb 21, 2007)

Genuine in 5 sec, is a tool which "Makes windows a genuine version". I only used this because i bought my pc with windows pre installed and had to format, so i used my brothers CD and needed service pack 2, which required a genuine version.  
I installed the keylogger myself, as i am not the only one who uses my PC even though i dont allow anyone else to use it  . Xoftspy was cracked, i bought Xoftspy with "Subscribed Serial details" from ebay, which turned out to be a link to a cracked version.
Anywho, can you see anything from there that could be causing the installation errors? or how to re-install the installer so it will work again? Thanks again for your time

SnagglePuss020


----------



## rainforest123 (Dec 29, 2004)

Windows installer will not run in safe mode. If you have unchecked most or everything in the system configuration utility, Windows Installer may not run for that reason. 

Does the hidden window message appear EVERY time you shut down? If so, boot to safe mode. Does the problem happen in safe mode? 

Did the problem begin before or after you used the "Genuine in 5 sec" tool? 

RF123


----------



## SnagglePuss020 (Feb 21, 2007)

I used that tool ages ago and no problems, until about 3 weeks ago or more maybe, i dont really shut down my pc that much, so nothing has changed (Or should have) in the way it runs. Just the installer seems to be knacked  . Can i uninstall it and reinstall it somehow?

SnagglePuss020


----------



## dvk01 (Dec 14, 2002)

you have used an illegal crack to bypass windows authentication & expect help with a vital windows component 

You will not get that help here as we do not condone piracy in any shape or form

this is now closed


----------

