A kind of virus is corrupting almost all of my files, it completely disabled my Nod 32 antivirus so i can't scan with it or update, it also disables my Firewall automatically at start up, I'll have to enable it manually, and when i try to repair or uninstall the antivirus, even with an uninstaller, I get message like "The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2318"
What should I do please?

try doing it wiv explorer shutdown

@netotse
I don't understand, and i need to add that i can't download, install or uninstall with my system anymore.

start taskmanager and close explorer then from file-->>new (or you can use command prompt)
try to reinstall the antivirus it could be that the virus is a dll that links with explorer
and then run hijackthis (google it) you can post the log here and we'll see if we can sort it out for you or you can post it on the HJT forum
in the interim i suggest backing up your important files!

@netotse
Thanks, I'll b back soon.

I got HijackThis and below is the log
Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:16 PM, on 2/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Vista Rainbar\launcher.exe
C:\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\PROGRA~1\VISTAR~1\RAINBAR.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\JAP\jap.exe
C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\javaw.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winykuxs.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winethmq.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SS SS Plugin - {1D1B2879-99FF-11E3-8D96-D7ACAC95952A} - C:\Documents and Settings\All Users\BPK\pkwb.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\, \Run: [LaunchApp] Alaunch
O4 - HKLM\, \Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\, \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\, \Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\, \Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\, \Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\, \Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\, \Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\, \Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\, \Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\, \Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\, \Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\, \Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\, \Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\, \Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\, \Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\, \Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\, \Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\, \Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\, \Run: [keyword] C:\Documents and Settings\All Users\BPK\keyword.exe
O4 - HKLM\, \Run: [bpk] C:\Documents and Settings\All Users\BPK\bpk.exe
O4 - HKLM\, \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\, \Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\, \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\, \Run: [pk] C:\Documents and Settings\All Users\BPK\pk.exe
O4 - HKLM\, \Run: [bpko] C:\Documents and Settings\All Users\BPK\bpko.exe
O4 - HKLM\, \Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\, \Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\, \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\, \Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\, \Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\, \Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe
O4 - HKCU\, \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\, \Run: [PC Suite Tray] "C:\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\, \{AA312022-7143-4D67-8792-53A8AA5387DD}: NameServer = 85.255.113.93,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\, \{C378D45B-7289-4681-B19E-60941E3359FA}: NameServer = 41.222.40.54 193.219.193.190
O17 - HKLM\System\CCS\Services\Tcpip\, \{F51E3E95-A37E-4369-9831-8CD9672CECB0}: NameServer = 85.255.113.93,85.255.112.23
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.93,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.93,85.255.112.23
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11455 bytes

chineke!!!

chikend:

chineke!!!

Eehn? What??

WE HAVE HEARD YOUR CRIES AND WORRIES OVER VIRUS, DATA RECOVERY ISSUES AND HAVE COME TO YOUR RESCUE.

YOU CAN CALL ANY OF OUR HOTLINES NOW.
08050909892,01871160,07029742130
OR MAIL SWITCHTECH@YMAIL.COM

PLZ AVOID SYSTEM CRASH.
VIRUSES ARE DEADLY,

sorry i'ce been busy o and NEPA doesnt help, the bpko thingy shown in the log is a virus google it and u shld see how to get rid of it,

netotse:

sorry i'ce been busy o and NEPA doesnt help, the bpko thingy shown in the log is a virus google it and u shld see how to get rid of it,

Thanks!

Just in case you have not solved this problem or someone else having the same issue,

From the HJT log, i believe these files (pk.exe and pbko.exe) are the viruses. No windows program runs from such directory. They are set to run anytime anytime the system starts up.
--Delete them from the registry.
--Also end their processes from task manager if u find them running there.
--then locate the on the hard disk following( C:\Documents and Settings\All Users\BPK ) and delete

O4 - HKLM\, \Run: [pk] C:\Documents and Settings\All Users\BPK\pk.exe
O4 - HKLM\, \Run: [bpko] C:\Documents and Settings\All Users\BPK\bpko.exe

Also check under task manger for winykuxs.exe and winethmg.exe ( for other people with the same issue these name might vary because the virus creates them with random names but they will look alike i.e the same number of characters )

C:\DOCUME~1\Owner\LOCALS~1\Temp\winykuxs.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\winethmq.exe

backup data, reinstall os dont near backup yet, after fresh installation buy antivirus contact us preferably avg or free avg 30days, update it now scan your files in data storage patiently after complete virus removal reinstall backup,easy!.


contact miksonics@yahoo.com