Fao Rik HJT and log
- Thread starter Dave H
- Start date
- Status
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ALCXMNTR.EXE
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll (file missing)
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Click on the fix checked button.
Close HJT.
Do you know and trus the following entries?
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
Post a fresh HJT log when done.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ALCXMNTR.EXE
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll (file missing)
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Click on the fix checked button.
Close HJT.
Do you know and trus the following entries?
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKCU\..\Run: [ClearAllHistory] C:\Program Files\ClearAllHistory\cah.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
Post a fresh HJT log when done.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
In that case, go into add/remove programs and uninstall everything to do with virgin media then post a fresh HJT log.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
does not remove pc gaurd in add/remove
Hya Rik, well I have tried removing Virgin Media Pc gaurd but when I click on remove nothing happens I have tried in safe mode also. When I right click on an icon on my desk top I have noticed there is also a message saying 'Error 1706 no valid source could be found for pc gaurd windows unable to install'.
Hya Rik, well I have tried removing Virgin Media Pc gaurd but when I click on remove nothing happens I have tried in safe mode also. When I right click on an icon on my desk top I have noticed there is also a message saying 'Error 1706 no valid source could be found for pc gaurd windows unable to install'.
Your HJT log looks clean. Could you please produce a combofix log from Viruses/Spyware/Malware, preliminary removal instructions.
Follow step 12 only.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Follow step 12 only.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Can you please accurately discribe the popups you are getting. I am having some trouble tracking down the source.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
pop up discriptions faoRik
Ok Rik, here is the list step by step.
first box after right clicking is titled Pc Guard, ;The feature you are trying to use is on a CD-ROM or other removable disk that is not available' Then in a drop down box in the same pop up it says use source with number '1' in the drop down list.
second box- titled Pc Gaurd ;the path cannot be found, try to find installation package titled ;Pc Gaurd msi'
Third box- Titled Pc Gaurd says, Error 1706 no valid source could be found for product Pc Gaurd, the windows installer cannot continue'.
After this I get the options I wanted in first place when right clicking on on icon on desk top.
This is exact to the letter, i am sure you can sus it out i wait in antisipation even thoe you are doing all the work which is much appreciated for your time and effort. Thanks
Ok Rik, here is the list step by step.
first box after right clicking is titled Pc Guard, ;The feature you are trying to use is on a CD-ROM or other removable disk that is not available' Then in a drop down box in the same pop up it says use source with number '1' in the drop down list.
second box- titled Pc Gaurd ;the path cannot be found, try to find installation package titled ;Pc Gaurd msi'
Third box- Titled Pc Gaurd says, Error 1706 no valid source could be found for product Pc Gaurd, the windows installer cannot continue'.
After this I get the options I wanted in first place when right clicking on on icon on desk top.
This is exact to the letter, i am sure you can sus it out i wait in antisipation even thoe you are doing all the work which is much appreciated for your time and effort. Thanks
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Download on of the following free firewall programmes, but don`t install it yet.
Zonealarm Kerio or Comodo free firewall programmes.
Disconnect from the net.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Virgin Broadband
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
PCguard Firewall (RP_FWS)
Close the services window.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: PCguard Firewall (RP_FWS) - Unknown owner - C:\Program Files\Virgin Broadband\PCguard\fws.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\Program Files\Virgin Broadband<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Install whichever firewall programme you chose and reconnect to the net.
Go HERE, download and install the latest version of Java.
Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.
After doing the above, you should be ok, but post back if you still have problems.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download on of the following free firewall programmes, but don`t install it yet.
Zonealarm Kerio or Comodo free firewall programmes.
Disconnect from the net.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Virgin Broadband
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
PCguard Firewall (RP_FWS)
Close the services window.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: PCguard Firewall (RP_FWS) - Unknown owner - C:\Program Files\Virgin Broadband\PCguard\fws.exe (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\Program Files\Virgin Broadband<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Install whichever firewall programme you chose and reconnect to the net.
Go HERE, download and install the latest version of Java.
Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.
After doing the above, you should be ok, but post back if you still have problems.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Feel free to step in momok
, im still learning about combofix useage.
I was concentrating on the popup problem before moving on to anything else.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
, im still learning about combofix useage.I was concentrating on the popup problem before moving on to anything else.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Dont want to sound too thick but how do i do it
I get a pop up saying path not found. I dont think we are going to crack this one well I mean you lot but thanks for your time and effort if you need anymore information or for me to do something let me know. Thanks again
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
I get a pop up saying path not found. I dont think we are going to crack this one well I mean you lot but thanks for your time and effort if you need anymore information or for me to do something let me know. Thanks again
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
Click on your "my computer". then "search" on the menu bar, then "all files and folders" and type in fws.exe, then click search.
If it's found, delete it.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If it's found, delete it.
This thread is for the use of Dave H only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Hya rik, I did a search but no results. i shall now try the cc cleaner way just posted will let you both know.
Hya I have run this program and still no change.
Hya Rick I thought I would run these logs for you again so you can check if I have missed anything. let me know if you want me to try anything else. Thanks
Here are the log reports
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
Hya I have run this program and still no change.
Hya Rick I thought I would run these logs for you again so you can check if I have missed anything. let me know if you want me to try anything else. Thanks
Here are the log reports
(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.)
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
- Status
Similar threads
