TechSpot

Fao Rik HJT and log

By Dave H
Dec 8, 2007
  1. Ok I think this is what you are asking for Rik.
     
  2. Rik

    Rik Banned Posts: 3,814

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCXMNTR.EXE

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
    O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll (file missing)
    O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll (file missing)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


    Click on the fix checked button.

    Close HJT.

    Do you know and trus the following entries?

    O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
    O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
    O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe


    Post a fresh HJT log when done.


    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    new hjt log

    Hya Rik ok I have followed your instructions to the letter here is the new hjt log do I now restart in normal mode?
     
  4. Rik

    Rik Banned Posts: 3,814

    Yes, I need an HJT log from normal mode rather than safe mode.


    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    HJT in normal mode

    Hya Rik, ok this is done in normal mode. I am still getting the same message. if I right click. nothing of virgin media should be on my system. I must admit having fun doing all this. lol
     
  6. Rik

    Rik Banned Posts: 3,814

    In that case, go into add/remove programs and uninstall everything to do with virgin media then post a fresh HJT log.



    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    does not remove pc gaurd in add/remove

    Hya Rik, well I have tried removing Virgin Media Pc gaurd but when I click on remove nothing happens I have tried in safe mode also. When I right click on an icon on my desk top I have noticed there is also a message saying 'Error 1706 no valid source could be found for pc gaurd windows unable to install'.
     
  8. Rik

    Rik Banned Posts: 3,814

    Your HJT log looks clean. Could you please produce a combofix log from Viruses/Spyware/Malware, preliminary removal instructions.

    Follow step 12 only.


    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    combo log and latest HJD Fao Rik

    Hya Rik as requsted.
     
  10. Rik

    Rik Banned Posts: 3,814

    Can you please accurately discribe the popups you are getting. I am having some trouble tracking down the source.



    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    pop up discriptions faoRik

    Ok Rik, here is the list step by step.

    first box after right clicking is titled Pc Guard, ;The feature you are trying to use is on a CD-ROM or other removable disk that is not available' Then in a drop down box in the same pop up it says use source with number '1' in the drop down list.

    second box- titled Pc Gaurd ;the path cannot be found, try to find installation package titled ;Pc Gaurd msi'

    Third box- Titled Pc Gaurd says, Error 1706 no valid source could be found for product Pc Gaurd, the windows installer cannot continue'.

    After this I get the options I wanted in first place when right clicking on on icon on desk top.

    This is exact to the letter, i am sure you can sus it out i wait in antisipation even thoe you are doing all the work which is much appreciated for your time and effort. Thanks
     
  12. momok

    momok TS Rookie Posts: 2,265

    I think you left out these, Rik.

    C:\WINDOWS\unvise32.exe
    C:\WINDOWS\system32\dcads-remove.exe
    C:\WINDOWS\system32\superiorads-uninst.exe

    Gosh I hate lexmark printers.

    Regards,
    momok
     
  13. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    not missed out Rik

    Hya no Rik has not missed these files as I have just re-installed my printer. I have had no problems with the Lexmark X73. I have had it for 4 years and been ok no problems what so ever.
     
  14. baros1954

    baros1954 Banned Posts: 37

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Download on of the following free firewall programmes, but don`t install it yet.

    Zonealarm, Kerio or Comodo free firewall programmes.

    Disconnect from the net.


    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Virgin Broadband

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    PCguard Firewall (RP_FWS)

    Close the services window.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O23 - Service: PCguard Firewall (RP_FWS) - Unknown owner - C:\Program Files\Virgin Broadband\PCguard\fws.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\Program Files\Virgin Broadband<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Install whichever firewall programme you chose and reconnect to the net.

    Go HERE, download and install the latest version of Java.

    Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

    After doing the above, you should be ok, but post back if you still have problems.

    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. Rik

    Rik Banned Posts: 3,814

    Have a look with windows explorer for the following file.

    C:\Program Files\Virgin Broadband\PCguard\fws.exe

    Delete it if you find it then reboot your pc, hopefully it will stop your popups.
     
  16. momok

    momok TS Rookie Posts: 2,265

    My comments on the lexmark printers were because they always lengthen ComboFix logs unnecessarily full of weird looking legit entries. Those 3 entries that I mentioned do not belong to lexmark; they should not be left on your system.
     
  17. Rik

    Rik Banned Posts: 3,814

    Feel free to step in momok:), im still learning about combofix useage.

    I was concentrating on the popup problem before moving on to anything else.



    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    Rik/baros1954 still not cured

    Hya well i tried everything you told me to do but still no change. as before the Pc gaurd in add/remove programs does no remove you can click on remove but nothing happens. I have attached another HJT log
     
  19. Rik

    Rik Banned Posts: 3,814

    Did you try what I suggested in post number 15?


    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  20. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    I understand what you mean now Lol
     
  21. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    Dont want to sound too thick but how do i do it

    I get a pop up saying path not found. I dont think we are going to crack this one well I mean you lot but thanks for your time and effort if you need anymore information or for me to do something let me know. Thanks again

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
     
  22. Rik

    Rik Banned Posts: 3,814

    Click on your "my computer". then "search" on the menu bar, then "all files and folders" and type in fws.exe, then click search.

    If it's found, delete it.



    This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. baros1954

    baros1954 Banned Posts: 37

    Download the Ccleaner programme from HERE.

    Install and run the programme. Click the tools button and click on any Virgin entries in the list. Click the Delete Entry button and click ok. Close the Ccleaner programme.

    The Virgin entries should now be gone from your add remove programmes list.
     
  24. Dave H

    Dave H TS Rookie Topic Starter Posts: 79

    Hya rik, I did a search but no results. i shall now try the cc cleaner way just posted will let you both know.

    Hya I have run this program and still no change.

    Hya Rick I thought I would run these logs for you again so you can check if I have missed anything. let me know if you want me to try anything else. Thanks

    Here are the log reports

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
     
  25. baros1954

    baros1954 Banned Posts: 37

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...