Anti Virus System Pro

View previous topic View next topic Go down

Anti Virus System Pro

Post by Stuarth on Sat Sep 19, 2009 7:35 pm

Hi,

My PC has been infected by AntiVirus System PRO - lots of extremely irritating pop ups, poor system performance and it won't allow me to run anti virus programs such as Norton etc. I've tried downloading other anti virus programs, however it won't let me run those either. I've tried a couple of things recommended on GeekPoice without success. Please help!!

Many thanks.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:27, on 19/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
C:\Program Files\RegGenie\RegGenieScheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Zango\bin\10.3.85.0\Weather.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\hfmvwk\emsfsysguard.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stuart Harvey\My Documents\Downloads\winlogon.scr
C:\Program Files\Outlook Express\msimn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: BitZipperSearch Toolbar - {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - C:\Program Files\BitZipperSearch\tbBit0.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O2 - BHO: BitZipperSearch Toolbar - {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - C:\Program Files\BitZipperSearch\tbBit0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BitZipperSearch Toolbar - {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - C:\Program Files\BitZipperSearch\tbBit0.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RegGenie Scheduler] C:\Program Files\RegGenie\RegGenieScheduler.exe
O4 - HKLM\..\Run: [system tool] C:\Program Files\hfmvwk\emsfsysguard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto
O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe"
O4 - HKCU\..\Run: [system tool] C:\Program Files\hfmvwk\emsfsysguard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

--
End of file - 9942 bytes

Stuarth
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-09-19
OS OS : XP Home
Points Points : 26333
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Virus System Pro

Post by Dr Jay on Sat Sep 19, 2009 8:49 pm

Hi

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    comres.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

RegGenie
Zango


Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 [You must be registered and logged in to see this link.]
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe"
O4 - HKLM\..\Run: [RegGenie Scheduler] C:\Program Files\RegGenie\RegGenieScheduler.exe
O4 - HKLM\..\Run: [system tool] C:\Program Files\hfmvwk\emsfsysguard.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto
O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe"
O4 - HKCU\..\Run: [system tool] C:\Program Files\hfmvwk\emsfsysguard.exe
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

Please reboot your computer.



Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Zango
C:\Program Files\RegGenie
C:\Program Files\hfmvwk


==

In your next reply, please include a fresh HijackThis log and the SystemLook log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Anti Virus System Pro

Post by Ron Rice on Wed Sep 23, 2009 12:44 am

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:30 on 22/09/2009 by Home Use (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [11:49 26/11/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [12:00 28/02/2006] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [11:49 26/11/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 28/02/2006] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [11:48 26/11/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [12:00 28/02/2006] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "comres.dll"
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [11:47 26/11/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [12:00 28/02/2006] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D

-=End Of File=-

Ron Rice
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-09-22
Gender Gender : Male
OS OS : windows xp
Points Points : 26302
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Virus System Pro

Post by Ron Rice on Wed Sep 23, 2009 12:45 am

I do not see these:RegGenie
Zango

Ron Rice
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-09-22
Gender Gender : Male
OS OS : windows xp
Points Points : 26302
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Virus System Pro

Post by Dr Jay on Wed Sep 23, 2009 2:46 am

[You must be registered and logged in to see this link.] wrote:SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:30 on 22/09/2009 by Home Use (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [11:49 26/11/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [12:00 28/02/2006] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [11:49 26/11/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 28/02/2006] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [11:48 26/11/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [12:00 28/02/2006] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "comres.dll"
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [11:47 26/11/2008] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [12:00 28/02/2006] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D

-=End Of File=-

[You must be registered and logged in to see this link.] wrote:I do not see these:RegGenie
Zango

==

Hi

Are you Stuarth as another screen-name? If not, please do not reply to this topic but start your own, here's how: please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum