error 703,, 0 ,0 trying to load malwarebyte to get rid of Your Pc Protector

View previous topic View next topic Go down

error 703,, 0 ,0 trying to load malwarebyte to get rid of Your Pc Protector

Post by derric on Tue Feb 02, 2010 3:41 pm

I was reading your previous posts, so here is copy of my system look and rootrepeal reports.
also I get axwin frame window:svchost.exe application Error

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 06:16 on 02/02/2010 by HP_Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll --a--- 181248 bytes [04:04 14/07/2009] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll --a--- 181248 bytes [01:00 27/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\dllcache\scecli.dll --a--c 180224 bytes [12:00 28/02/2006] [12:00 28/02/2006] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\system32\scecli.dll --a--- 180224 bytes [12:00 28/02/2006] [12:00 28/02/2006] 0F78E27F563F2AAF74B91A49E2ABF19A

Searching for "netlogon.dll"
C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll --a--- 408064 bytes [18:46 06/02/2009] [18:46 06/02/2009] 6C476D33D82F1054849790181E8F7772
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll --a--- 407040 bytes [04:04 14/07/2009] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll --a--- 407040 bytes [00:59 27/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\dllcache\netlogon.dll --a--c 407040 bytes [12:00 28/02/2006] [12:00 28/02/2006] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 28/02/2006] [12:00 28/02/2006] 96353FCECBA774BB8DA74A1C6507015A

Searching for "eventlog.dll"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll --a--- 56320 bytes [04:02 14/07/2009] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll --a--- 56320 bytes [00:57 27/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\dllcache\eventlog.dll --a--c 55808 bytes [12:00 28/02/2006] [12:00 28/02/2006] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\system32\eventlog.dll --a--- 55808 bytes [12:00 28/02/2006] [12:00 28/02/2006] 82B24CB70E5944E6E34662205A2A5B78

Searching for "winlogon.exe"
C:\Documents and Settings\HP_Owner\Local Settings\Temp\wz8694\Malwarebytes Anti-Malware 1.44\winlogon.exe ------ 5115824 bytes [23:09 08/01/2010] [23:09 08/01/2010] E6111E6D0B99286F99C35B09835DB9BA
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe --a--- 507904 bytes [04:05 14/07/2009] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe --a--- 507904 bytes [01:01 27/09/2008] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\dllcache\winlogon.exe --a--c 502272 bytes [12:00 28/02/2006] [12:00 28/02/2006] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\system32\winlogon.exe --a--- 502272 bytes [12:00 28/02/2006] [12:00 28/02/2006] 01C3346C241652F43AED8E2149881BFE

Searching for "comres.dll"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\comres.dll --a--- 792064 bytes [04:02 14/07/2009] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comres.dll --a--- 792064 bytes [00:57 27/09/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [12:00 28/02/2006] [12:00 28/02/2006] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\system32\dllcache\comres.dll --a--c 792064 bytes [12:00 28/02/2006] [12:00 28/02/2006] 6728270CB7DBB776ED086F5AC4C82310

Searching for "crypt32.dll"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\crypt32.dll --a--- 599040 bytes [04:02 14/07/2009] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\crypt32.dll --a--- 599040 bytes [00:57 27/09/2008] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\system32\crypt32.dll --a--- 597504 bytes [12:00 28/02/2006] [12:00 28/02/2006] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\system32\dllcache\crypt32.dll --a--c 597504 bytes [12:00 28/02/2006] [12:00 28/02/2006] EFC958396A7A7EF7E6D4A52B97512E18

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rundll32.exe --a--- 33280 bytes [04:04 14/07/2009] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rundll32.exe --a--- 33280 bytes [01:00 27/09/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\dllcache\rundll32.exe --a--c 33280 bytes [12:00 28/02/2006] [12:00 28/02/2006] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [12:00 28/02/2006] [12:00 28/02/2006] DA285490BBD8A1D0CE6623577D5BA1FF

Searching for "sfc.dll"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfc.dll --a--- 5120 bytes [04:04 14/07/2009] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll --a--- 5120 bytes [01:00 27/09/2008] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\dllcache\sfc.dll --a--c 5120 bytes [12:00 28/02/2006] [12:00 28/02/2006] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\system32\sfc.dll --a--- 5120 bytes [12:00 28/02/2006] [12:00 28/02/2006] E8A12A12EA9088B4327D49EDCA3ADD3E

Searching for "svchost.exe"
C:\Program Files\svchost.exe --a--- 37376 bytes [18:10 01/02/2010] [18:10 01/02/2010] 1EDC2204B5DC0A1C0B5793A1FCD98EE8
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe --a--- 14336 bytes [04:05 14/07/2009] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe --a--- 14336 bytes [01:00 27/09/2008] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\dllcache\svchost.exe --a--c 14336 bytes [12:00 28/02/2006] [12:00 28/02/2006] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\svchost.exe --a--- 14336 bytes [12:00 28/02/2006] [12:00 28/02/2006] 8F078AE4ED187AAABC0A305146DE6716

Searching for "cngaudit.dll"
No files found.

Searching for "beep.sys"
C:\WINDOWS\system32\dllcache\beep.sys --a--c 4224 bytes [12:00 28/02/2006] [12:00 28/02/2006] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys --a--- 4224 bytes [12:00 28/02/2006] [12:00 28/02/2006] DA1F27D85E0D1525F6621372E7B685E9

Searching for "wscntfy.exe"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe --a--- 13824 bytes [04:05 14/07/2009] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe --a--- 13824 bytes [01:01 27/09/2008] [00:12 14/04/2008] F92E1076C42FCD6DB3D72D8CFE9816D5
C:\WINDOWS\system32\dllcache\wscntfy.exe --a--c 13824 bytes [12:00 28/02/2006] [12:00 28/02/2006] 49911DD39E023BB6C45E4E436CFBD297
C:\WINDOWS\system32\wscntfy.exe --a--- 13824 bytes [12:00 28/02/2006] [12:00 28/02/2006] 49911DD39E023BB6C45E4E436CFBD297

Searching for "atapi.sys"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys --a--- 96512 bytes [04:02 14/07/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys --a--- 96512 bytes [00:57 27/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 95360 bytes [12:00 28/02/2006] [12:00 28/02/2006] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-
_______________________________________________________________________

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/02 06:45
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootre~1.sys
Image Path: C:\WINDOWS\system32\drivers\rootre~1.sys
Address: 0xF79C0000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\cf7bfe8b-92a4-4dc6-8df2-04bdb597ff4f.tmp
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\temp\470d584f-d531-41d7-b472-2c4ee654db7f.tmp
Status: Allocation size mismatch (API: 0, Raw: 65536)

==EOF==

derric
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-02-02
OS OS : xp
Points Points : 25008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: error 703,, 0 ,0 trying to load malwarebyte to get rid of Your Pc Protector

Post by Belahzur on Tue Feb 02, 2010 7:15 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: error 703,, 0 ,0 trying to load malwarebyte to get rid of Your Pc Protector

Post by derric on Fri Feb 05, 2010 3:50 am

Ok I downloaded malwarebyte again off another site, i got it to scan
clear up everything, however, i still get the axwin Frame window:svchost.exe
and when i go into internet explorer, for search, it redirect me to other sites
I took off easycleaner, just have AVG 8.5, AVG 9.0 would let me load it



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:43 PM, on 2/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0899083a-51e9-4a16-a7ea-27ae5c07d37c} - juliyowe.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1484952453-273231642-1589369050-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1484952453-273231642-1589369050-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1484952453-273231642-1589369050-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Adobe Loader] C:\Program Files\adgamma.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Adobe Loader] C:\Program Files\adgamma.exe (User 'Default user')
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\namagitu.dll niwaluyu.dll c:\windows\system32\gomopiwe.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: zekukakah - {4ad09b3e-bce3-4577-afbe-c43570a64dc2} - (no file)
O22 - SharedTaskScheduler: mujuzedij - {4ad09b3e-bce3-4577-afbe-c43570a64dc2} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 9425 bytes

derric
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-02-02
OS OS : xp
Points Points : 25008
# Likes # Likes : 0

View user profile

Back to top Go down

Re: error 703,, 0 ,0 trying to load malwarebyte to get rid of Your Pc Protector

Post by Belahzur on Fri Feb 05, 2010 5:04 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {0899083a-51e9-4a16-a7ea-27ae5c07d37c} - juliyowe.dll (file missing)
    O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\namagitu.dll niwaluyu.dll c:\windows\system32\gomopiwe.dll
    O21 - SSODL: zekukakah - {4ad09b3e-bce3-4577-afbe-c43570a64dc2} - (no file)
    O22 - SharedTaskScheduler: mujuzedij - {4ad09b3e-bce3-4577-afbe-c43570a64dc2} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum