|
windows antivirus XP 2008 how do i get rid of it?
|
|
Senior Member
|
23. September 2008 @ 06:33 |
Link to this message
|
ok im trying to get rid of windows antivirus xp 2008
ive tried maleware bytes it oicks it up i think but when it says it got rid of it with reboot required it freezes on the restart any ideas?
|
|
Advertisement
|
 |
|
|
Senior Member
|
23. September 2008 @ 07:28 |
Link to this message
|
Originally posted by moggser's Danasoft Signature:
I'm not bald; it's a solar panel for a love machine
Hahaha... :D
Ok... first things first. Lets do some cleanup. If you have download Combofix before, delete that copy.
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.\
After that, please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.
Rename HijackThis(.exe) to scanner(.exe).
Next, run scanner(.exe). A window will pop up.
? Click on the button which says Main Menu, then Do a system scan and save a logfile.
? Please wait for the scan to be completed.
? After the scan has completed, a text window will pop up. Please post the contents of this window here.
This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.
NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
23. September 2008 @ 07:33 |
Link to this message
|
|
thanx for joining in and glad i amused ya lmao
any way for some reason i cant connect with this laptop so cant download anything fot the min im on the pc here
ive got malware bytes by mbamb presume thats no good?
|
Senior Member
|
23. September 2008 @ 08:41 |
Link to this message
|
|
Malwarebytes is good so long as it is updated. If your computer has no internet connection, MBAM cannot update, so we'll scan with that after we get the internet connection back.
Do you have a second computer to download the programs on and then transfer it to a flash drive? If so, do that.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
23. September 2008 @ 08:44 |
Link to this message
|
Originally posted by cdavfrew:
Malwarebytes is good so long as it is updated. If your computer has no internet connection, MBAM cannot update, so we'll scan with that after we get the internet connection back.
Do you have a second computer to download the programs on and then transfer it to a flash drive? If so, do that.
Best Regards :D
yeah i sure do lap top is sittn here beside me but for some reason it wont connect wirelessly for me prob somthing small i over looked
|
Senior Member
|
23. September 2008 @ 09:06 |
Link to this message
|
|
havedone that but when i run combo fix it just stays blank? done somthing wrong didn i lol
|
Senior Member
|
23. September 2008 @ 09:43 |
Link to this message
|
|
Hmmm... first, boot into safe mode. (Repeatedly press the F8 key after you press the power button). Scan with Malwarebytes, and then remove whatever it detects. If this works well, then run Combofix in normal mode again.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
23. September 2008 @ 10:26 |
Link to this message
|
heres what it came up with on safe mode going to run again now in normal mode
ComboFix 08-09-20.05 - Angela Kirby 2008-09-23 15:07:37.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.289 [GMT 1:00]
Running from: C:\Documents and Settings\Angela Kirby\Desktop\Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Angela Kirby\Application Data\rhcl4fj0ev2j
C:\WINDOWS\system32\pphcg4fj0ev2j.exe
.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.
2008-09-23 15:11 . 2008-09-23 15:11 <DIR> d-------- C:\Documents and Settings\Angela Kirby\Application Data\rhcl4fj0ev2j
2008-09-23 14:08 . 2008-09-23 14:58 <DIR> d-------- C:\Documents and Settings\Angela Kirby\.housecall6.6
2008-09-23 12:48 . 2008-09-23 12:48 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-23 12:48 . 2008-09-23 12:48 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-23 12:48 . 2008-09-23 12:48 <DIR> d-------- C:\Program Files\CCleaner
2008-09-19 23:47 . 2008-09-23 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-19 23:24 . 2008-09-23 12:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 23:24 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-19 23:24 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-19 22:25 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-09-19 22:19 . 2008-09-23 12:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-19 22:19 . 2008-09-23 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-19 21:33 . 2008-09-23 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-19 21:11 . 2008-09-23 12:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-19 19:00 . 2008-09-19 19:00 <DIR> d-------- C:\Documents and Settings\Angela Kirby\Application Data\Malwarebytes
2008-09-19 19:00 . 2008-09-19 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 17:26 . 2008-09-19 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-19 17:26 . 2008-09-19 17:26 <DIR> dr-h----- C:\$VAULT$.AVG
2008-09-17 11:35 . 2008-09-17 11:35 0 --a------ C:\WINDOWS\system32\13B.tmp
2008-09-15 18:04 . 2008-09-23 14:56 <DIR> d-------- C:\Program Files\3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 16:26 --------- d-----w C:\Program Files\NavDiag
2008-09-19 16:26 --------- d-----w C:\Documents and Settings\Angela Kirby\Application Data\AVG7
2008-09-19 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-09-19 16:13 --------- d-----w C:\Documents and Settings\Angela Kirby\Application Data\Apple Computer
2008-08-13 22:00 --------- d-----w C:\Program Files\Sun
2008-08-13 21:59 --------- d-----w C:\Program Files\Java
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 17:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 16:12 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-23 16:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-06-23 16:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-06-23 16:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-06-23 16:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-06-23 16:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-06-23 16:12 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-23 16:11 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-06-23 16:11 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-23 16:11 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-06-23 16:11 3,067,392 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 16:11 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-06-23 16:11 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-06-23 16:11 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-06-23 16:11 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-06-23 16:11 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-06-23 16:11 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-06-23 09:53 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-20 579584]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SM3"="C:\Program Files\3\3.exe" [2008-09-15 831488]
"SoundMan"="SOUNDMAN.EXE" [2006-06-20 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 C:\WINDOWS\system32\VTTrayp.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-11-10 C:\WINDOWS\sm56hlpr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-04 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ie/
O16 -: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
C:\WINDOWS\Downloaded Program Files\BeboUploader.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\BeboUploader.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 15:12:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Qoobox\Quarantine\C\WINDOWS\system32\pphcg4fj0ev2j.exe.vir
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-23 15:15:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-23 14:15:33
Pre-Run: 47,469,129,728 bytes free
Post-Run: 47,235,653,632 bytes free
159
|
Senior Member
|
23. September 2008 @ 10:48 |
Link to this message
|
|
No no no... read my instructions carefully about what to do in safe mode, not run Combofix.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
23. September 2008 @ 10:57 |
Link to this message
|
Originally posted by cdavfrew:
No no no... read my instructions carefully about what to do in safe mode, not run Combofix.
shite sorry ok ill do that now get back to ya promtly sorry for not reading last post right :(
|
Senior Member
|
23. September 2008 @ 11:47 |
Link to this message
|
|
ok i done that but its still there is there anything else?
|
Senior Member
|
23. September 2008 @ 11:57 |
Link to this message
|
here is the log for hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:46, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\pphcg4fj0ev2j.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SM3] C:\Program Files\3\3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5520 bytes
|
Senior Member
|
24. September 2008 @ 05:48 |
Link to this message
|
Hey moggser
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
Open Notepad and copy/paste the text in the code box below into it:
Folder::
C:\Program Files\3
Save this as CFScript.txt in the same folder as ComboFix.
Then drag the CFScript.txt into Combo-Fix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).
Do not click on the ComoboFix window, as it may cause it to stall.
Please run HijackThis.
? Click on the button which says Main Menu, then Do a system scan only.
? Please wait for the scan to be completed.
? After the scan has completed, check the following entries.
O4 - HKLM\..\Run: [SM3] C:\Program Files\3\3.exe
Click on the button Fix checked
NOTE:: Close all browsers before fixing anything.
Tell me what problems you have left.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
24. September 2008 @ 06:04 |
Link to this message
|
|
hey there
im not sure but i think i might of got rid o it
dont have the laptop with me today but its not there and dont come up on start up
also that 3.exe file was that part of the problem???? i deleted it and maybe few othere thing i though were belonging to it
hope this day finds you well :)
|
Senior Member
|
24. September 2008 @ 06:11 |
Link to this message
|
Originally posted by moggser:
im not sure but i think i might of got rid o it
What do you mean? Have you previously deleted the 3.exe file? How about the C:\Program Files\3? If so, when you get the chance to, follow my instructions regarding HijackThis.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
24. September 2008 @ 06:16 |
Link to this message
|
i mean i think i got the whole thing of the system antivirus xp does not show up when lap top starts and is not there when i look for it and one of the files from windows 32 that was part of it was deleted
the file (C:\Program Files\3?) is the 3 .exe aint it??
also i do beleive this was a bad one to?
C:\WINDOWS\system32\pphcg4fj0ev2j.exe
This message has been edited since posting. Last time this message was edited on 24. September 2008 @ 06:21
|
Senior Member
|
24. September 2008 @ 06:24 |
Link to this message
|
I mean the folder C:\Program Files\3. This should be deleted.
C:\WINDOWS\system32\pphcg4fj0ev2j.exe is a bad file and should be deleted.
Do you want more scans? Rogue antimalware usually leaves a whole lot of traces on a computer. Also check to make sure all your settings are intact (i.e. command prompt, regedit, task manager, control panel, desktop options)
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
24. September 2008 @ 06:35 |
Link to this message
|
i have deleted them 2 already as i thought they was the bad un's
everything else seems ok on the machine only thing i cant do is connect wirelessly could that of been effected??
i put you on my buddie list you dont mind do ya :)
|
Senior Member
|
24. September 2008 @ 09:21 |
Link to this message
|
Originally posted by moggser:
i put you on my buddie list you dont mind do ya :)
I added you too! :)
Exactly what problems do you have with your wireless? If you can't detect any wireless networks, then perhaps you have to reinstall your wireless driver. Simply download it from your computer's manufacturer's website.
Originally posted by cdavfrew:
Please run HijackThis.
? Click on the button which says Main Menu, then Do a system scan only.
? Please wait for the scan to be completed.
? After the scan has completed, check the following entries.
--------------------------------------------------------------------------------
O4 - HKLM\..\Run: [SM3] C:\Program Files\3\3.exe
--------------------------------------------------------------------------------
Click on the button Fix checked
NOTE:: Close all browsers before fixing anything.
Do this! It will prevent errors and slowdowns during your startup.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
24. September 2008 @ 10:06 |
Link to this message
|
|
the prob with the wireless is it picks up the network and connects but cant accses any web pages error is cant connect to server
ok ill do the hijack again and let you lnow later when i get that lap top again thanks again for all your help
|
Senior Member
|
24. September 2008 @ 10:10 |
Link to this message
|
|
Have you tried the wireless with other computers? It might be that the wireless network is not working...
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Senior Member
|
24. September 2008 @ 10:32 |
Link to this message
|
|
ive tried the same laptop on to diff networks and two diff locations
|
|
Advertisement
|
|
|
Senior Member
|
24. September 2008 @ 10:39 |
Link to this message
|
|
When you get the laptop again, download Advanced Windowscare Personala and run a scan with everything but Startup Manage checked. Fix all problems, and reboot. Try your internet again.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
