Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis notepad info. Malware problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hijackthis notepad info. Malware problems

Unread postby gem » January 24th, 2008, 4:43 am

I think I have removed the two items. How can I be sure?
I removed the first from my programmes and pasted the second in the box on my computer , it then brought up the file which I then deleted.
I have not done the last part yet (clean up).
Thanks.
Gem
gem
Regular Member
 
Posts: 17
Joined: January 11th, 2008, 8:12 pm
Advertisement
Register to Remove

Re: Hijackthis notepad info. Malware problems

Unread postby Bob4 » January 24th, 2008, 8:13 am

___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.



to navigate to folders in order to delete them.
click my computer /local disk c:/>>prgram files>> Now look for the folder named AntiVirusPro.
Rick click on it and choose delete.

Do the exact same for


click my computer >>local disk c:>>Documents and Settings>>Stewart Gemmell>>Application Data>>Now look for the folder namedAnti-Virus-Pro.com
Rick click on it and choose delete.


_________________________________

Once that's done I want to run clean up a bit different.

Click Start/run and copy and paste this in exactly

ComboFix /u

hit enter.

When that's done:
___________________________
  • Open OTmoveit.
  • Click on Cleanup!.
  • Allow it to access the internet if any security software asks about it.

    It will ask you if you want to start the clean up process :
  • Click yes.
  • When it's ready it will ask you to reboot.
    Do so now.
    Then finish up with the rest of the instructions.

___________________________________________

Let me know that all went OK. Still looking into your MPS player details.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Hijackthis notepad info. Malware problems

Unread postby gem » January 24th, 2008, 5:46 pm

I managed to do all the actions you said and all seems fine.
I tried to download the driver from dell but this did not work. It downloaded and installed but the printer still will not work.
Before I was getting an error message saying that 'communication not available... check the following)
This error has happened before a few times but usually I just uninstall then reinstall from the dell drivers and utilities disk and all is fine. This time I cant get the disk to load in and I cant uninstall the printer programme. I even tried from the list of programmes on the c: drive in my computer but it stops after a few seconds saying it can't complete the action.
The error now showing is saying incorrect port detected and I followed the troubleshoot suggestions but it seems fine.

As for the mp3 players I tried re loading the software for this but when I am asked to connect the player to complete the install it is not picked up although the USB port works for my camera when downloading pics. All three of the players (all Creative products) that we have in our house are not detected when plugged in, usually I get the box with options to use napster, wm player or other programmes to connest the player with but this function seems to be disabled.
Thanks,
Gem
gem
Regular Member
 
Posts: 17
Joined: January 11th, 2008, 8:12 pm

Re: Hijackthis notepad info. Malware problems

Unread postby Bob4 » January 24th, 2008, 6:49 pm

Was I correct in assuming the make a model of your printer ?

Dell All-in-One Printer 944

Exact name a model number are important.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Hijackthis notepad info. Malware problems

Unread postby Bob4 » January 24th, 2008, 7:02 pm

I also want to see a registry key for this.

click start/run and copy and paste this in exactly.




regedit /e desktop\pnp.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost"





This will place a notepad file on your desktop called pnp.txt.
Open that and copy the contents in your next reply for me.

____________________________
____________________________
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Hijackthis notepad info. Malware problems

Unread postby gem » January 24th, 2008, 7:08 pm

Yes, Dell 944 all in one. I have just checked on the Dell forums and there were a couple of other users with the same problem as I have been getting. This looks like a problem with some firmware upgrades or the like. not too much info about how to fix and I have had enough of 45minute calls to Dell's customer support to go through the same thing over and over(faulty hard drive that took six weeks to diagnose and fix!!)
I don't think the malware had a lot of influence with this.
I think if I could uninstall the printer related programmes then I could install and this worked before. I have frequently had an error message saying that 'Dell device monitor has encountered a problem and needs to close' Could this have any bearing on this?
gem
Regular Member
 
Posts: 17
Joined: January 11th, 2008, 8:12 pm

Re: Hijackthis notepad info. Malware problems

Unread postby Bob4 » January 24th, 2008, 7:16 pm

Yes that can most certainly have a bearing on your printer problem.
Did you see my post about the registry key I want to see?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Hijackthis notepad info. Malware problems

Unread postby gem » January 24th, 2008, 7:22 pm

Sorry I just missed the next part. Here it is;

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"DisplayName"="Universal Plug and Play Device Host"
"DependOnService"=hex(7):53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,48,00,\
54,00,54,00,50,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Provides support to host Universal Plug and Play devices."
"FailureActions"=hex:ff,ff,ff,ff,00,00,00,00,00,00,00,00,01,00,00,00,04,00,03,\
00,01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
75,00,70,00,6e,00,70,00,68,00,6f,00,73,00,74,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Security]
"Security"=hex:01,00,14,80,bc,00,00,00,c8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,8c,00,06,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,14,\
00,8f,01,02,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
gem
Regular Member
 
Posts: 17
Joined: January 11th, 2008, 8:12 pm

Re: Hijackthis notepad info. Malware problems

Unread postby Bob4 » January 24th, 2008, 8:09 pm

OK I thinks we may have found it. ;)

______________________________
Check a service

Go to Start " Run " type: Services.msc " OK.
Scroll down and find this service: Plug and Play
Double-click on it.
Under Start up type choose automatic
Then the General tab, click the Start button.
If it's not laready runing

NEXT:


Back up the registry


Download ERUNT
Save it to your desktop. Run and install this program.

In the box that opens ONLY choose
System registry.

Then click OK.






Next
__________________________________

Open note pad and copy the text in the box exactly to notepad.


Code: Select all
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
  00,65,00,00,00
"DisplayName"="Universal Plug and Play Device Host"
"DependOnService"=hex(7):53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,48,00,\
  54,00,54,00,50,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Provides support to host Universal Plug and Play devices."
"FailureActions"=hex:ff,ff,ff,ff,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
  00,01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  75,00,70,00,6e,00,70,00,68,00,6f,00,73,00,74,00,2e,00,64,00,6c,00,6c,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Security]
"Security"=hex:01,00,14,80,bc,00,00,00,c8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,8c,00,06,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
  02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
  00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,14,\
  00,8f,01,02,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,\
  12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00







Make sure there are NO blank lines before Windows Registry Editor Version 5.00
Make sure there IS one blank line at the end of the file.



Then click on the FILE menu and select save as
Save the file as regfix.reg. Save the file to the desktop.
IMPORTANT: make sure to save the file as "all types" and NOT as a text file.

Now double click the file on the desktop
When asked if you want this to merge with the registry.
Click YES!

____________________________
Next
Take a deep breath and
Try one of your devices now. MP3 player I guess.
Fingers crossed!!
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Hijackthis notepad info. Malware problems

Unread postby gem » January 24th, 2008, 8:49 pm

I am sure I did everything as asked but after merging the registry items the mp3 player is still not detected.
gem
Regular Member
 
Posts: 17
Joined: January 11th, 2008, 8:12 pm

Re: Hijackthis notepad info. Malware problems

Unread postby Bob4 » January 24th, 2008, 8:58 pm

delete the pnp.txt file on the desktop

click start/run

copy this in eaxcactly

regedit /e desktop\pnp.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost"


so I can see that registry key again. Post the new PNP.txt file.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Hijackthis notepad info. Malware problems

Unread postby gem » January 24th, 2008, 9:04 pm

Here is the new one;

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,00,00
"DisplayName"="Universal Plug and Play Device Host"
"DependOnService"=hex(7):53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,48,00,\
54,00,54,00,50,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Description"="Provides support to host Universal Plug and Play devices."
"FailureActions"=hex:ff,ff,ff,ff,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
75,00,70,00,6e,00,70,00,68,00,6f,00,73,00,74,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Security]
"Security"=hex:01,00,14,80,bc,00,00,00,c8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,8c,00,06,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,14,\
00,8f,01,02,00,01,01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,\
12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
gem
Regular Member
 
Posts: 17
Joined: January 11th, 2008, 8:12 pm

Re: Hijackthis notepad info. Malware problems

Unread postby Bob4 » January 24th, 2008, 9:19 pm

Name and type of MP3 player ?

What else isn't auto detected ?
Last edited by Bob4 on January 24th, 2008, 9:36 pm, edited 1 time in total.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Hijackthis notepad info. Malware problems

Unread postby gem » January 24th, 2008, 9:33 pm

All creative. Vision M 60GB, Zen Microphoto 8GB, Zen Vplus 2GB.
I just tried my camera again and it was detected right away.
gem
Regular Member
 
Posts: 17
Joined: January 11th, 2008, 8:12 pm

Re: Hijackthis notepad info. Malware problems

Unread postby Bob4 » January 24th, 2008, 9:38 pm

OK so the camera was detected now and it wasn't before ?

So it's just the MP3 player? Or is there another device you need to try.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware