GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Antivirus System Pro - i need help removing it

View previous topic View next topic Go down

Antivirus System Pro - i need help removing it

Post by jati on Thu Nov 19, 2009 2:59 am

Last night I was on the internet and avast detected viruses and I sent them to the virus chest, these were 1) Win32:Trojen-gen, and 2) Win32:Rootkit-gen[Rtk].
But this awful Antivirus System PRO somehow got past Avast. I have spent all day today trying to get rid of it. So far I have tried:
1) Avast scan in safe mode
2) Spybot scan in safe mode
3) your advice - malwarebytes scan in safe mode
4) CCleaner - cleaner tab - windows and applications analyzed and cleaned
5) Disk Cleanup
6) Rootalyzer - quickscan found nothing
7) Trendmicro housecall quickscan - found nothing

Here is the Hijackthis log (in safemode, do you need it from a full boot-up?Crying

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:42 PM, on 11/18/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9EC370-6B2E-44E9-B9C3-2EC036FC93A2}: NameServer = 192.168.1.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate1ca2becdd2571c6) (gupdate1ca2becdd2571c6) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10191 bytes

Please help.

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Thu Nov 19, 2009 6:49 pm

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log with a fresh copy of HijackThis log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Thu Nov 19, 2009 7:37 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3197
Windows 6.0.6002 Service Pack 2 (Safe Mode)

11/19/2009 2:27:21 PM
mbam-log-2009-11-19 (14-27-21).txt

Scan type: Quick Scan
Objects scanned: 100383
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:03 PM, on 11/19/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9EC370-6B2E-44E9-B9C3-2EC036FC93A2}: NameServer = 192.168.1.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate1ca2becdd2571c6) (gupdate1ca2becdd2571c6) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9949 bytes

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Fri Nov 20, 2009 6:51 am

Go Start and then to Run,
Type in: sfc /scannow
Click OK.
Have Windows CD/DVD handy.
If System File Checker (sfc) finds any errors, it may ask you for the CD/DVD.
If sfc does not find any errors in Windows XP, it will simply quit, without any message.

If you don't have Windows CD....

Go Start and then Run
type in regedit and click OK


Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

On the right hand side, find: SourcePath

It probably has an entry pointing to your CD-ROM drive, usually D and that is why it is asking for the XP CD.
All we need to do is change it to: C:
Now, double click the SourcePath setting and a new box will pop up.
Change the drive letter from your CD drive to your root drive, usually C:
Close Registry Editor.

Now restart your computer and try sfc /scannow again!

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

==

Then, please post a new HijackThis log after successfully completing the operation above.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Fri Nov 20, 2009 3:11 pm

Ok Jay -
I ran sfc in SAFE MODE, I hope that's okay.
Found nothing.
I reboot and ran it again, found nothing.
Let me know if I need to run it in normal mode.
I don't like doing a normal boot because the virus makes the HD run alot and some programs don't work.
Here is the new Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:57 AM, on 11/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A9EC370-6B2E-44E9-B9C3-2EC036FC93A2}: NameServer = 192.168.1.1
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate1ca2becdd2571c6) (gupdate1ca2becdd2571c6) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9916 bytes

Thanks for your help so far. This is exciting!!

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Fri Nov 20, 2009 6:46 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Fri Nov 20, 2009 9:31 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c237d9300ded14429e01c018a712228d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-20 09:12:37
# local_time=2009-11-20 04:12:37 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775166 100 100 0 194107621 0 0
# compatibility_mode=5892 16776574 100 56 7069577 95343173 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=468006
# found=11
# cleaned=11
# scan_time=7090
C:\Program Files (x86)\distributed.net\dnetc.com probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\JJBladester\AppData\Local\ljttdf\ffwdsysguard.exe a variant of Win32/Kryptik.BBM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\BACKUPS\basicRecoverApps\NERO 8 Ultra Edition 8.3.2.1b + KEYGEN\Setup\Nero-8.3.2.1b_eng.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
E:\BACKUPS\basicRecoverApps\WinRAR_3.71_Corporate_Edition\WinRAR_3.71_Corporate_Edition.exe a variant of Win32/Injector.AU trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\p2px\done\Nero 8.3.6.0 Ultra Edition + Serials\Nero 8.3.6.0.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
G:\apps\eac-0.99pb4.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
G:\p2px\app\DarkBASIC Professional\DarkBASIC professional.exe probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\p2px\app\FinePrint Software All In One\All In One FinePrint Software.exe probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C
G:\p2px\app\Pinnacle Studio 10 + keygen + patch 10.1 + Bonus DVD\Pinnacle.Studio.Plus.10.Keygen\keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\p2px\app\WinAVI.Video.Converter.7.7\keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
H:\Archived\serArchived\PowerDVD XP v4.0 Keygen.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Sat Nov 21, 2009 2:27 am

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Sat Nov 21, 2009 7:31 pm

Jay,
Here is what happen.
I did a normal boot in order to update Java. Antivirus system pro appears to be gone (was it the sysgaurd file that ESET found?). I updated Java, and went back to safemode to do the Kaspersky online scan anyway. I left the scan going and when to bed. When I got up it had found 7 things, but the computer had froze around 6 am, and was only at 44% done (my Dad has a several HDs connected and he hoards tons of files on them!). So today I did the scan but just the 'critical areas', and it found nothing.
So what do you recommend I do next, if anything? I want to be confident that our computer is secure. Also, when things are back to normal, should also have an anti-spyware app running in real time in addition to anti-virus? (e.g. spybot).

Thanks.

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Sun Nov 22, 2009 1:59 am

I want to make sure that it is gone, since you have a 64-bit system. Usually with this rogue software and many others, ComboFix - our best cleaner - usually removes them very good. But, ComboFix will not work on 64-bit systems.

So, these tools will have to work:

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    winlogon.exe
    comres.dll
    crypt32.dll
    gpedit.dll
    rundll32.exe
    sfc.dll
    svchost.exe
    cngaudit.dll
    beep.sys
    wscntfy.exe
    atapi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

==

Please download the Kaspersky AVP Tool from [You must be registered and logged in to see this link.].
  • Save it to your desktop.
  • Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.

==

Please include the Kaspersky AVP log, and the SystemLook log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Sun Nov 22, 2009 8:20 pm

Here's the systemlook log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:26 on 21/11/2009 by JJBladester (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a--- 177152 bytes [15:22 17/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\Windows\SysWOW64\scecli.dll --a--- 177152 bytes [15:22 17/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll --a--- 239616 bytes [09:24 02/11/2006] [11:19 02/11/2006] 32EF13F20B28966D29DE5EABE036431D
C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll --a--- 235520 bytes [14:40 04/02/2009] [05:03 19/01/2008] 35F1DD99F9903BC267C2AF16B09F9BF7
C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll --a--- 235520 bytes [15:23 17/09/2009] [07:11 11/04/2009] 9922ADB6DCA8F0F5EA038BEFF339C08B
C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll --a--- 176640 bytes [12:13 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61
C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll --a--- 177152 bytes [14:40 04/02/2009] [04:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll --a--- 177152 bytes [15:22 17/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a--- 592896 bytes [15:23 17/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\Windows\SysWOW64\netlogon.dll --a--- 592896 bytes [15:23 17/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll --a--- 684032 bytes [09:28 02/11/2006] [11:18 02/11/2006] BFAB28B54DF41208CF3490FF26E53FD9
C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll --a--- 716800 bytes [14:41 04/02/2009] [05:03 19/01/2008] 5D0A4891F8CD0E9E64FF57A6A34044F5
C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll --a--- 717312 bytes [15:23 17/09/2009] [07:11 11/04/2009] A3F1B171702CA04744EE514243B45BFB
C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll --a--- 559616 bytes [12:13 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B
C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll --a--- 592384 bytes [14:41 04/02/2009] [04:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll --a--- 592896 bytes [15:23 17/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE

Searching for "eventlog.dll"
C:\Perl64\lib\auto\Win32\EventLog\EventLog.dll -ra--- 24576 bytes [19:26 24/08/2009] [19:26 24/08/2009] D901597307B5015105D257A6E224E331

Searching for "winlogon.exe"
C:\Windows\System32\winlogon.exe --a--- 314368 bytes [15:23 17/09/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\SysWOW64\winlogon.exe --a--- 314368 bytes [15:23 17/09/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe --a--- 397312 bytes [09:27 02/11/2006] [11:16 02/11/2006] 9642EED809219A2F914DD8E40A09C48B
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe --a--- 406016 bytes [14:40 04/02/2009] [05:00 19/01/2008] 856491FCED98093D824B9EB2892F564A
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe --a--- 405504 bytes [15:23 17/09/2009] [07:11 11/04/2009] 6D0773A3A65D28B663F334C90441D01A
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe --a--- 308224 bytes [12:24 02/11/2006] [09:45 02/11/2006] 9F75392B9128A91ABAFB044EA350BAAD
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a--- 314880 bytes [14:40 04/02/2009] [04:33 19/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe --a--- 314368 bytes [15:23 17/09/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452

Searching for "comres.dll"
C:\Windows\System32\comres.dll --a--- 1291264 bytes [14:41 04/02/2009] [02:48 19/01/2008] 4211249955AF9133E2E357CC92B54DFD
C:\Windows\SysWOW64\comres.dll --a--- 1291264 bytes [14:41 04/02/2009] [02:48 19/01/2008] 4211249955AF9133E2E357CC92B54DFD
C:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6000.16386_none_8698b45fa1a43985\comres.dll --a--- 1236992 bytes [07:40 02/11/2006] [09:36 02/11/2006] ABA23A6409F468FC0EB936CB381453BD
C:\Windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_88cf765b9e8f4a59\comres.dll --a--- 1291264 bytes [14:41 04/02/2009] [03:27 19/01/2008] DDEE5FE5C3C3141CE02DE6B7B2BF686B
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6000.16386_none_2a7a18dbe946c84f\comres.dll --a--- 1236992 bytes [12:14 02/11/2006] [08:50 02/11/2006] 4843A1784BA6434DFF80F841DDC592C6
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll --a--- 1291264 bytes [14:41 04/02/2009] [02:48 19/01/2008] 4211249955AF9133E2E357CC92B54DFD

Searching for "crypt32.dll"
C:\Windows\System32\crypt32.dll --a--- 978944 bytes [15:23 17/09/2009] [06:28 11/04/2009] 6659EC6006FD99A3AF1B8A6306F8BE3C
C:\Windows\SysWOW64\crypt32.dll --a--- 978944 bytes [15:23 17/09/2009] [06:28 11/04/2009] 6659EC6006FD99A3AF1B8A6306F8BE3C
C:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_b5579b639946273c\crypt32.dll --a--- 1262592 bytes [09:25 02/11/2006] [11:16 02/11/2006] 0BA5615088523B37394F42E3733EAA51
C:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_b78e5d5f96313810\crypt32.dll --a--- 1254400 bytes [14:41 04/02/2009] [05:01 19/01/2008] 35F494C3AFC788FA8AA2D3F68A283459
C:\Windows\winsxs\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6002.18005_none_b979d66b9353035c\crypt32.dll --a--- 1259520 bytes [15:24 17/09/2009] [07:11 11/04/2009] 92399DADA49153870A7C178B7116C356
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606\crypt32.dll --a--- 974336 bytes [12:14 02/11/2006] [09:46 02/11/2006] 360191D2A50180C3E0673BAB7F5529E0
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\crypt32.dll --a--- 977408 bytes [14:41 04/02/2009] [04:34 19/01/2008] D4D86075510C02F887528207D8E0D713
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6002.18005_none_5d5b3ae7daf59226\crypt32.dll --a--- 978944 bytes [15:23 17/09/2009] [06:28 11/04/2009] 6659EC6006FD99A3AF1B8A6306F8BE3C

Searching for "gpedit.dll"
C:\Windows\System32\gpedit.dll --a--- 950784 bytes [15:23 17/09/2009] [06:28 11/04/2009] 4E51A7052D162B2BA85612B486A68A45
C:\Windows\SysWOW64\gpedit.dll --a--- 950784 bytes [15:23 17/09/2009] [06:28 11/04/2009] 4E51A7052D162B2BA85612B486A68A45
C:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6000.16386_none_281a061d2059c8e7\gpedit.dll --a--- 995840 bytes [09:29 02/11/2006] [11:17 02/11/2006] 7995351BE07B250D16C8BDE24F255251
C:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6001.18000_none_2a50c8191d44d9bb\gpedit.dll --a--- 996352 bytes [14:41 04/02/2009] [05:01 19/01/2008] 5DE5E6AEA096D3DCE9830A35F56D7ABC
C:\Windows\winsxs\amd64_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6002.18005_none_2c3c41251a66a507\gpedit.dll --a--- 1013248 bytes [15:23 17/09/2009] [07:11 11/04/2009] 0BC0B3C27E4A5F4FFD864C6BA7F4F4A6
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6000.16386_none_cbfb6a9967fc57b1\gpedit.dll --a--- 935936 bytes [12:16 02/11/2006] [09:46 02/11/2006] 1C2761A389791C98E8A11A1539D6BB71
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6001.18000_none_ce322c9564e76885\gpedit.dll --a--- 936960 bytes [14:41 04/02/2009] [04:34 19/01/2008] E3DDEB38C6303086F79C6B7E83C372C8
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6002.18005_none_d01da5a1620933d1\gpedit.dll --a--- 950784 bytes [15:23 17/09/2009] [06:28 11/04/2009] 4E51A7052D162B2BA85612B486A68A45

Searching for "rundll32.exe"
C:\Windows\System32\rundll32.exe --a--- 44544 bytes [12:20 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A
C:\Windows\SysWOW64\rundll32.exe --a--- 44544 bytes [12:20 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A
C:\Windows\winsxs\amd64_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_31ed2b17665cf346\rundll32.exe --a--- 46592 bytes [09:33 02/11/2006] [11:16 02/11/2006] 10446646D128E580C46615338E74E672
C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_d5ce8f93adff8210\rundll32.exe --a--- 44544 bytes [12:20 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A

Searching for "sfc.dll"
C:\Windows\System32\sfc.dll --a--- 4608 bytes [12:21 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\SysWOW64\sfc.dll --a--- 4608 bytes [12:21 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.0.6000.16386_none_011d9cd417a405da\sfc.dll --a--- 6144 bytes [09:05 02/11/2006] [11:19 02/11/2006] 2CCA759379C220D29F0066CA49E9259F
C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_03545ed0148f16ae\sfc.dll --a--- 6144 bytes [09:05 02/11/2006] [11:19 02/11/2006] 2CCA759379C220D29F0066CA49E9259F
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6000.16386_none_a4ff01505f4694a4\sfc.dll --a--- 4608 bytes [12:21 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll --a--- 4608 bytes [12:21 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8

Searching for "svchost.exe"
C:\Windows\System32\svchost.exe --a--- 21504 bytes [14:41 04/02/2009] [04:33 19/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\SysWOW64\svchost.exe --a--- 21504 bytes [14:41 04/02/2009] [04:33 19/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_0fa33328c0c01e47\svchost.exe --a--- 26624 bytes [09:10 02/11/2006] [11:16 02/11/2006] 6B30067D55E10E4DEBDC842FB1911479
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe --a--- 27648 bytes [14:41 04/02/2009] [05:00 19/01/2008] CDA9F1373805AF88F6FA4F2064BBA24D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe --a--- 22016 bytes [12:21 02/11/2006] [09:45 02/11/2006] 10DA15933D582D2FEDCF705EFE394B09
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe --a--- 21504 bytes [14:41 04/02/2009] [04:33 19/01/2008] 3794B461C45882E06856F282EEF025AF

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 11776 bytes [12:14 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\SysWOW64\cngaudit.dll --a--- 11776 bytes [12:14 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll --a--- 14848 bytes [09:24 02/11/2006] [11:16 02/11/2006] 21322B1A2AD337C579F4A65EA0D25193
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a--- 11776 bytes [12:14 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

Searching for "beep.sys"
No files found.

Searching for "wscntfy.exe"
No files found.

Searching for "atapi.sys"
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys --a--- 22584 bytes [14:41 04/02/2009] [05:07 19/01/2008] 1898FAE8E07D97F2F6C2D5326C633FAC
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys --a--- 20952 bytes [15:23 17/09/2009] [07:15 11/04/2009] E68D9B3A3905619732F7FE039466A623

-=End Of File=-

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Sun Nov 22, 2009 8:29 pm

The Kaspersky log:
Dear Jay- the log file is 845 mbs!! When i open it the program goes to not responding.
I would be embarassed to post it anyways because all of it was key generators and cracks hoarded away by another user of this computer. Sad tearing

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Mon Nov 23, 2009 6:19 am

Please navigate to the following file,

C:\Perl64\lib\auto\Win32\EventLog\EventLog.dll

and right-click and choose Copy. Then, navigate to C:\Windows\system32
then right-click in white space and click Paste.

==

Please navigate to the following file,

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

and right-click and choose Copy. Then, navigate to C:\Windows\system32
then right-click in white space and click Paste.

==

Please download DDS by sUBs from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • Please follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Mon Nov 23, 2009 6:32 pm

Dear Jay-
I copied the two files like you said.
I ran dds.scr, but no pop-up text file appeared at the end. And, there was no option for the "optional-scan". There are a bunch of files left on the desktop. I am posting the one called DDS.txt. Is this the one you need?
Also: I notice in the log that it says windows defender is enabled, but I have the windows defender service disabled. (??)
also: I first tried to run it in safemode and it didn't work. Perhaps you want to mention that in the instructions in the future.


DDS (Ver_09-11-23.01) - NTFSX64
Run by JJBladester at 13:08:56.55 on Mon 11/23/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2794 [GMT -5]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\system32\taskeng.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dllhost.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\JJBladester\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Tue Nov 24, 2009 12:47 am

No big deal. Let us take a different route, real quick.

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Tue Nov 24, 2009 3:20 am

spiderkill.txt:

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows [Version 6.0.6002]

********************Drivers list********************


Volume in drive C is Charlotte
Volume Serial Number is FCDB-010E

Directory of C:\Windows\System32\Drivers

11/18/2009 05:33 PM .
11/18/2009 05:33 PM ..
11/02/2006 04:43 AM 65,024 1394bus.sys
04/11/2009 02:15 AM 325,608 acpi.sys
06/27/2008 07:51 AM 88,632 adfs.sys
11/02/2006 06:52 AM 485,480 adp94xx.sys
11/02/2006 06:51 AM 339,560 adpahci.sys
11/02/2006 06:51 AM 184,424 adpu160m.sys
11/02/2006 06:51 AM 178,792 adpu320.sys
04/11/2009 12:44 AM 406,016 afd.sys
11/02/2006 07:03 AM 62,056 AGP440.sys
11/02/2006 07:00 AM 15,976 aliide.sys
11/02/2006 07:00 AM 15,976 amdide.sys
11/02/2006 04:00 AM 47,104 amdk8.sys
11/01/2006 01:42 PM 37,888 AmdLLD64.sys
11/02/2006 07:03 AM 76,392 arc.sys
11/02/2006 07:03 AM 76,392 arcsas.sys
08/17/2009 11:05 AM 22,096 aswFsBlk.sys
08/17/2009 11:05 AM 65,616 aswMonFlt.sys
08/17/2009 11:04 AM 27,216 aswRdr.sys
08/17/2009 11:06 AM 89,680 aswSP.sys
08/17/2009 11:04 AM 58,448 aswTdi.sys
01/18/2008 10:37 PM 22,016 asyncmac.sys
04/11/2009 02:15 AM 20,952 atapi.sys
04/11/2009 02:15 AM 123,368 ataport.sys
07/02/2009 11:18 AM 53,248 ati2erec.dll
07/02/2009 12:51 PM 6,036,480 atikmdag.sys
11/02/2006 07:01 AM 28,264 battc.sys
01/18/2008 10:34 PM 15,616 bdasup.sys
10/31/2006 02:25 AM 14,136 BIOS64.sys
01/18/2008 09:54 PM 90,624 bowser.sys
09/18/2006 04:30 PM 18,432 BrFiltLo.sys
09/18/2006 04:30 PM 8,704 BrFiltUp.sys
01/18/2008 11:29 PM 119,296 bridge.sys
11/02/2006 03:43 AM 86,528 BrSerId.sys
09/18/2006 04:30 PM 47,104 BrSerWdm.sys
09/18/2006 04:30 PM 14,976 BrUsbMdm.sys
09/19/2006 06:42 AM 14,720 BrUsbSer.sys
08/22/2007 03:09 PM 10,088 BS_Flash64.sys
06/16/2008 05:02 PM 15,408 BS_I2cIo.sys
11/02/2006 04:44 AM 50,688 bthmodem.sys
01/18/2008 09:53 PM 90,624 cdfs.sys
12/10/2007 03:00 AM 10,224 cdr4_xp.sys
12/10/2007 03:00 AM 10,224 cdralw2k.sys
04/11/2009 12:34 AM 79,872 cdrom.sys
11/02/2006 04:43 AM 41,984 circlass.sys
04/11/2009 02:15 AM 164,840 Classpnp.sys
11/02/2006 07:00 AM 18,024 cmdide.sys
11/02/2006 07:01 AM 21,096 compbatt.sys
04/11/2009 02:15 AM 39,400 crashdmp.sys
11/02/2006 07:01 AM 25,192 crcdisk.sys
04/10/2009 11:54 PM 97,792 dfsc.sys
04/11/2009 02:15 AM 67,032 disk.sys
04/11/2009 12:34 AM 19,968 Diskdump.sys
11/02/2006 06:50 AM 88,168 djsvs.sys
01/18/2008 10:28 PM 145,408 Dot4.sys
01/18/2008 10:28 PM 19,968 Dot4Prt.sys
01/18/2008 10:28 PM 42,496 Dot4usb.sys
01/18/2008 11:20 PM 122,368 drmk.sys
11/02/2006 04:43 AM 6,144 drmkaud.sys
04/11/2009 02:15 AM 29,656 Dumpata.sys
01/18/2008 10:08 PM 16,896 dxapi.sys
04/11/2009 12:09 AM 98,816 dxg.sys
09/24/2009 08:27 PM 893,440 dxgkrnl.sys
09/18/2006 04:27 PM 141,824 E1G6032E.sys
04/11/2009 02:15 AM 155,112 ecache.sys
11/02/2006 06:52 AM 368,232 elxstor.sys
11/05/2009 01:03 AM en-US
11/18/2009 08:07 PM etc
04/10/2009 11:54 PM 187,904 exfat.sys
04/10/2009 11:54 PM 198,144 fastfat.sys
01/18/2008 10:28 PM 29,696 fdc.sys
01/19/2008 12:09 AM 70,200 fileinfo.sys
01/18/2008 09:58 PM 33,280 filetrace.sys
01/18/2008 10:28 PM 24,576 flpydisk.sys
04/11/2009 02:15 AM 275,432 fltMgr.sys
01/18/2008 09:53 PM 16,384 fs_rec.sys
04/11/2009 02:15 AM 166,888 FWPKCLNT.SYS
11/02/2006 07:03 AM 65,640 GAGP30KX.SYS
05/18/2009 01:17 PM 34,152 GEARAspiWDM.sys
09/18/2006 04:24 PM 3,440,660 gm.dls
09/18/2006 04:24 PM 646 gmreadme.txt
03/08/2007 04:19 PM 25,088 grmngen.sys
03/08/2007 04:19 PM 12,800 grmnusb.sys
03/26/2009 10:05 PM 38,448 hcmon.sys
04/11/2009 12:39 AM 948,736 hdaudbus.sys
04/11/2009 12:39 AM 275,456 HdAudio.sys
11/02/2006 04:44 AM 34,304 hidbth.sys
04/11/2009 12:39 AM 49,152 hidclass.sys
11/02/2006 04:43 AM 25,600 hidir.sys
01/18/2008 10:33 PM 31,616 hidparse.sys
04/11/2009 12:39 AM 15,872 hidusb.sys
11/02/2006 07:02 AM 43,112 HpCISSs.sys
04/11/2009 12:42 AM 606,720 http.sys
11/02/2006 07:00 AM 18,024 i2omgmt.sys
11/02/2006 07:01 AM 33,384 i2omp.sys
01/18/2008 10:28 PM 64,000 i8042prt.sys
11/02/2006 06:51 AM 280,680 iaStorV.sys
11/02/2006 07:02 AM 44,648 iirsp.sys
11/02/2006 07:00 AM 16,488 intelide.sys
11/02/2006 04:00 AM 44,032 intelppm.sys
04/11/2009 12:43 AM 67,584 ipfltdrv.sys
11/02/2006 04:22 AM 77,824 IPMIDrv.sys
01/18/2008 10:37 PM 115,712 ipnat.sys
01/18/2008 10:36 PM 119,296 irda.sys
01/18/2008 10:36 PM 17,408 irenum.sys
11/02/2006 07:01 AM 21,096 isapnp.sys
11/02/2006 07:02 AM 37,480 iteatapi.sys
11/02/2006 07:02 AM 37,480 iteraid.sys
01/19/2008 12:08 AM 42,040 kbdclass.sys
11/02/2006 04:37 AM 20,480 kbdhid.sys
04/11/2009 12:33 AM 188,416 ks.sys
06/16/2009 01:00 AM 515,656 ksecdd.sys
01/18/2008 10:28 PM 20,864 ksthunk.sys
01/18/2008 10:35 PM 59,392 lltdio.sys
11/02/2006 07:03 AM 78,440 lsi_fc.sys
11/02/2006 07:03 AM 78,440 lsi_sas.sys
11/02/2006 07:04 AM 78,440 lsi_scsi.sys
01/18/2008 09:59 PM 109,568 luafv.sys
09/10/2009 02:53 PM 22,104 mbam.sys
01/18/2008 10:29 PM 22,016 mcd.sys
02/24/2009 05:35 PM 255,552 mcdbus.sys
11/02/2006 07:01 AM 32,872 megasas.sys
01/18/2008 10:38 PM 40,448 modem.sys
01/18/2008 10:32 PM 49,152 monitor.sys
01/19/2008 12:08 AM 39,992 mouclass.sys
11/02/2006 04:37 AM 19,968 mouhid.sys
01/19/2008 12:09 AM 70,200 mountmgr.sys
11/02/2006 06:50 AM 93,800 mpio.sys
01/18/2008 10:35 PM 81,408 mpsdrv.sys
11/02/2006 07:02 AM 39,016 Mraid35x.sys
04/10/2009 11:55 PM 139,264 mrxdav.sys
04/10/2009 11:55 PM 135,168 mrxsmb.sys
04/10/2009 11:55 PM 273,408 mrxsmb10.sys
04/10/2009 11:55 PM 105,984 mrxsmb20.sys
11/02/2006 07:01 AM 24,680 msahci.sys
11/02/2006 06:50 AM 97,384 msdsm.sys
01/18/2008 09:53 PM 26,112 msfs.sys
01/05/2008 03:30 AM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
01/19/2008 12:07 AM 17,976 msisadrv.sys
04/11/2009 02:15 AM 215,528 msiscsi.sys
01/18/2008 10:28 PM 11,008 mskssrv.sys
11/02/2006 04:37 AM 7,040 mspclock.sys
11/02/2006 04:37 AM 6,656 mspqm.sys
04/11/2009 02:15 AM 310,760 msrpc.sys
01/19/2008 12:08 AM 34,872 mssmbios.sys
01/18/2008 10:28 PM 7,936 mstee.sys
04/11/2009 02:15 AM 59,880 mup.sys
04/11/2009 02:15 AM 738,264 ndis.sys
01/18/2008 10:37 PM 24,064 ndistapi.sys
01/18/2008 10:36 PM 22,016 ndisuio.sys
04/11/2009 12:43 AM 169,472 ndiswan.sys
01/18/2008 10:37 PM 59,904 ndproxy.sys
01/18/2008 10:36 PM 44,544 netbios.sys
04/11/2009 12:42 AM 248,320 netbt.sys
04/11/2009 02:15 AM 347,112 netio.sys
11/02/2006 07:03 AM 51,816 nfrd960.sys
04/10/2009 11:54 PM 44,544 npfs.sys
01/18/2008 10:36 PM 24,064 nsiproxy.sys
04/11/2009 02:15 AM 1,515,496 ntfs.sys
11/02/2006 04:37 AM 6,144 null.sys
02/18/2009 01:44 PM 11,808 nvBridge.kmd
11/02/2006 06:50 AM 112,744 nvraid.sys
01/26/2008 02:02 AM 165,408 nvrd64.sys
11/02/2006 07:02 AM 48,232 nvstor.sys
01/26/2008 02:02 AM 163,872 nvstor64.sys
11/02/2006 06:50 AM 124,008 NV_AGP.SYS
04/11/2009 12:40 AM 187,392 nwifi.sys
11/02/2006 04:43 AM 72,192 ohci1394.sys
04/11/2009 12:42 AM 94,208 pacer.sys
01/18/2008 10:28 PM 96,768 parport.sys
04/11/2009 02:15 AM 73,176 partmgr.sys
04/11/2009 02:15 AM 178,664 pci.sys
04/11/2009 02:14 AM 14,312 pciide.sys
04/11/2009 02:15 AM 49,640 pciidex.sys
11/02/2006 06:51 AM 203,368 pcmcia.sys
10/23/2006 09:08 PM 712,704 PEAuth.sys
04/11/2009 12:39 AM 218,112 portcls.sys
01/18/2008 09:52 PM 47,104 processr.sys
02/06/2008 03:00 AM 54,480 PxHlpa64.sys
11/02/2006 06:52 AM 990,312 ql2300.sys
11/02/2006 06:50 AM 124,008 ql40xx.sys
01/18/2008 10:37 PM 46,592 qwavedrv.sys
01/18/2008 10:37 PM 14,848 rasacd.sys
04/11/2009 12:43 AM 124,928 rasl2tp.sys
04/11/2009 12:43 AM 50,176 raspppoe.sys
04/11/2009 12:43 AM 98,816 raspptp.sys
04/11/2009 12:43 AM 78,336 rassstp.sys
04/10/2009 11:55 PM 287,744 rdbss.sys
01/18/2008 10:42 PM 7,168 RDPCDD.sys
11/02/2006 04:53 AM 305,664 rdpdr.sys
01/18/2008 10:42 PM 7,168 RDPENCDD.sys
04/11/2009 12:48 AM 209,920 rdpwd.sys
04/11/2009 12:42 AM 140,288 rmcast.sys
04/11/2009 12:43 AM 40,960 RNDISMP.sys
01/18/2008 10:38 PM 11,264 rootmdm.sys
01/18/2008 10:35 PM 75,776 rspndr.sys
05/16/2007 05:43 PM 1,083,168 RTKVHD64.sys
01/15/2007 09:28 AM 88,064 Rtlh64.sys
11/02/2006 06:50 AM 90,216 sbp2port.sys
01/19/2008 12:11 AM 173,112 scsiport.sys
09/29/2006 06:51 PM 23,040 secdrv.sys
01/18/2008 10:28 PM 23,552 serenum.sys
01/18/2008 10:28 PM 94,208 serial.sys
01/18/2008 10:28 PM 26,624 sermouse.sys
11/02/2006 04:38 AM 14,848 sffdisk.sys
11/02/2006 04:38 AM 15,360 sffp_mmc.sys
11/02/2006 04:38 AM 15,872 sffp_sd.sys
11/02/2006 04:38 AM 16,384 sfloppy.sys
11/02/2006 07:02 AM 42,600 sisraid2.sys
11/02/2006 07:03 AM 74,856 sisraid4.sys
04/11/2009 12:42 AM 88,064 smb.sys
01/18/2008 10:28 PM 20,992 smclib.sys
02/08/2009 02:57 PM 237,600 snman380.sys
04/11/2009 02:15 AM 19,432 spldr.sys
03/13/2009 07:48 PM 594,432 spsys.sys
02/08/2009 02:36 PM 868,848 sptd.sys
04/10/2009 11:57 PM 440,832 srv.sys
09/14/2009 04:45 AM 174,592 srv2.sys
04/10/2009 11:57 PM 143,360 srvnet.sys
04/11/2009 02:15 AM 164,328 Storport.sys
04/11/2009 12:39 AM 68,224 stream.sys
11/02/2006 07:00 AM 13,032 swenum.sys
11/02/2006 07:02 AM 49,256 symc8xx.sys
12/20/2007 04:13 PM 165,424 symsnap.sys
11/02/2006 07:02 AM 44,648 sym_hi.sys
11/02/2006 07:02 AM 48,232 sym_u3.sys
01/18/2008 10:29 PM 29,184 tape.sys
08/14/2009 11:39 AM 1,425,992 tcpip.sys
08/14/2009 09:09 AM 40,448 tcpipreg.sys
04/11/2009 12:44 AM 26,112 tdi.sys
01/18/2008 10:42 PM 16,384 tdpipe.sys
02/08/2009 02:57 PM 1,581,088 tdrpm174.sys
01/18/2008 10:42 PM 29,696 tdtcp.sys
04/11/2009 12:43 AM 94,720 tdx.sys
04/11/2009 02:15 AM 62,440 termdd.sys
02/08/2009 02:57 PM 83,488 tifsfilt.sys
02/08/2009 02:57 PM 880,160 timntr.sys
01/18/2008 10:42 PM 29,184 tssecsrv.sys
01/18/2008 10:36 PM 18,432 TUNMP.SYS
01/18/2008 10:36 PM 28,160 tunnel.sys
11/02/2006 07:03 AM 64,616 UAGP35.SYS
04/10/2009 11:54 PM 299,008 udfs.sys
11/02/2006 07:03 AM 65,640 ULIAGPKX.SYS
11/02/2006 06:51 AM 279,656 uliahci.sys
11/02/2006 06:50 AM 148,072 ulsata.sys
11/02/2006 06:51 AM 174,696 ulsata2.sys
01/18/2008 10:34 PM 41,984 umbus.sys
11/05/2009 11:11 AM UMDF
01/18/2008 10:34 PM 9,728 umpass.sys
04/11/2009 12:43 AM 19,456 usb8023.sys
11/07/2008 02:23 PM 40,448 usbaapl64.sys
04/11/2009 12:39 AM 98,944 USBAUDIO.sys
04/11/2009 12:39 AM 32,640 USBCAMD2.sys
01/18/2008 10:34 PM 95,744 usbccgp.sys
11/02/2006 04:43 AM 79,360 usbcir.sys
01/18/2008 10:33 PM 7,680 usbd.sys
04/11/2009 12:39 AM 49,664 usbehci.sys
04/11/2009 12:39 AM 273,920 usbhub.sys
04/11/2009 12:39 AM 24,064 usbohci.sys
04/11/2009 12:39 AM 259,584 usbport.sys
01/18/2008 11:10 PM 24,064 usbprint.sys
01/18/2008 11:09 PM 41,984 usbscan.sys
04/11/2009 12:39 AM 77,824 USBSTOR.SYS
11/02/2006 04:43 AM 28,672 usbuhci.sys
01/19/2008 06:45 PM 45,104 v2imount.sys
01/18/2008 10:32 PM 28,672 vga.sys
01/18/2008 10:32 PM 29,184 vgapnp.sys
11/02/2006 07:00 AM 18,024 viaide.sys
01/18/2008 10:32 PM 126,464 videoprt.sys
03/26/2009 10:05 PM 65,072 vmci.sys
03/26/2009 10:06 PM 29,744 VMkbd.sys
03/26/2009 04:31 PM 24,112 vmnet.sys
03/26/2009 04:31 PM 20,016 vmnetadapter.sys
03/26/2009 04:31 PM 38,960 vmnetbridge.sys
03/26/2009 10:05 PM 30,256 vmnetuserif.sys
03/26/2009 04:31 PM 37,680 vmusb.sys
03/26/2009 10:06 PM 76,336 vmx86.sys
04/11/2009 02:15 AM 67,048 volmgr.sys
04/11/2009 02:15 AM 408,024 volmgrx.sys
04/11/2009 02:15 AM 269,288 volsnap.sys
01/19/2008 06:40 PM 20,528 vproeventmonitor.sys
11/02/2006 06:50 AM 128,104 vsmraid.sys
11/02/2006 04:40 AM 26,624 wacompen.sys
04/11/2009 12:43 AM 86,528 wanarp.sys
04/11/2009 12:09 AM 40,448 watchdog.sys
11/02/2006 07:01 AM 21,608 wd.sys
01/19/2008 12:12 AM 881,720 Wdf01000.sys
01/19/2008 12:08 AM 37,944 WdfLdr.sys
01/19/2008 07:12 PM 151,656 WimFltr.sys
11/02/2006 04:09 AM 14,336 wmiacpi.sys
01/19/2008 12:07 AM 19,512 wmilib.sys
09/30/2009 07:51 PM 46,592 WpdUsb.sys
01/18/2008 10:37 PM 20,992 ws2ifsl.sys
01/18/2008 10:33 PM 65,024 WUDFPf.sys
01/18/2008 10:33 PM 108,544 WUDFRd.sys
291 File(s) 46,379,589 bytes

Directory of C:\Windows\System32\Drivers\en-US

11/05/2009 01:03 AM .
11/05/2009 01:03 AM ..
11/02/2006 10:13 AM 9,216 acpi.sys.mui
11/02/2006 10:13 AM 8,192 afd.sys.mui
11/02/2006 10:13 AM 2,560 AGP440.sys.mui
11/02/2006 10:13 AM 2,048 amdide.sys.mui
11/02/2006 10:13 AM 14,336 amdk8.sys.mui
11/02/2006 10:13 AM 3,072 ati2mpad.sys.mui
11/02/2006 10:13 AM 3,584 ati2mtag.sys.mui
11/02/2006 10:13 AM 3,072 atikmdag.sys.mui
11/02/2006 10:13 AM 7,168 battc.sys.mui
11/02/2006 10:13 AM 2,560 BrParwdm.sys.mui
11/02/2006 10:13 AM 10,240 BrSerId.sys.mui
11/02/2006 10:13 AM 4,608 bthpan.sys.mui
04/11/2009 02:05 AM 7,680 bthport.sys.mui
11/02/2006 10:13 AM 2,560 cmbp0wdm.sys.mui
11/02/2006 10:13 AM 2,560 cxbp0wdm.sys.mui
11/02/2006 10:13 AM 2,560 Dot4usb.sys.mui
10/08/2009 06:20 PM 3,584 dxgkrnl.sys.mui
11/02/2006 10:13 AM 4,608 fltmgr.sys.mui
11/02/2006 10:13 AM 2,560 GAGP30KX.SYS.mui
11/02/2006 10:13 AM 3,072 gpr400.sys.mui
11/02/2006 10:13 AM 3,584 grserial.sys.mui
04/11/2009 02:07 AM 3,584 hdaudbus.sys.mui
11/02/2006 10:13 AM 3,072 hidbth.sys.mui
01/19/2008 12:01 AM 27,136 http.sys.mui
11/02/2006 10:13 AM 10,240 i8042prt.sys.mui
11/02/2006 10:13 AM 14,336 intelppm.sys.mui
11/02/2006 10:13 AM 5,632 IPMIDrv.sys.mui
11/02/2006 10:13 AM 3,584 ipnat.sys.mui
11/02/2006 10:13 AM 3,584 isapnp.sys.mui
11/02/2006 10:13 AM 4,096 kbdclass.sys.mui
11/02/2006 10:13 AM 2,560 kbdhid.sys.mui
01/18/2008 11:57 PM 6,144 luafv.sys.mui
11/02/2006 10:13 AM 3,584 modem.sys.mui
11/02/2006 10:13 AM 4,096 mouclass.sys.mui
11/02/2006 10:13 AM 2,560 mouhid.sys.mui
01/19/2008 12:10 AM 19,968 mpio.sys.mui
11/02/2006 10:13 AM 3,584 msdsm.sys.mui
11/02/2006 10:13 AM 3,072 mssmbios.sys.mui
11/02/2006 10:13 AM 56,320 ntfs.sys.mui
11/02/2006 10:13 AM 4,608 nv4_mini.sys.mui
11/02/2006 10:13 AM 2,560 NV_AGP.SYS.mui
11/02/2006 10:13 AM 11,776 ohci1394.sys.mui
11/02/2006 10:13 AM 3,072 pacer.sys.mui
11/02/2006 10:13 AM 3,584 parport.sys.mui
11/02/2006 10:13 AM 8,192 pci.sys.mui
11/02/2006 10:13 AM 4,096 pcmcia.sys.mui
11/02/2006 10:13 AM 2,560 pnpmem.sys.mui
11/02/2006 10:13 AM 14,336 processr.sys.mui
11/02/2006 10:13 AM 3,584 pscr.sys.mui
11/02/2006 10:14 AM 2,560 qwavedrv.sys.mui
11/02/2006 10:13 AM 3,072 RNDISMP.sys.mui
11/02/2006 10:13 AM 3,072 rndismpx.sys.mui
11/02/2006 10:13 AM 3,584 scmstcs.sys.mui
11/02/2006 10:13 AM 3,584 SCR111.sys.mui
11/02/2006 10:13 AM 3,072 scsiport.sys.mui
11/02/2006 10:13 AM 10,240 serial.sys.mui
11/02/2006 10:13 AM 5,120 sermouse.sys.mui
11/02/2006 10:13 AM 2,560 serscan.sys.mui
11/02/2006 10:13 AM 2,560 srv.sys.mui
11/02/2006 10:13 AM 2,560 stcusb.sys.mui
01/19/2008 12:01 AM 4,608 tpm.sys.mui
11/02/2006 10:13 AM 2,560 UAGP35.SYS.mui
11/02/2006 10:13 AM 2,560 ULIAGPKX.SYS.mui
11/02/2006 10:13 AM 3,072 umbus.sys.mui
01/19/2008 12:03 AM 24,064 volsnap.sys.mui
11/02/2006 10:13 AM 4,096 wacompen.sys.mui
11/02/2006 10:13 AM 2,048 wd.sys.mui
01/19/2008 12:00 AM 2,560 wdf01000.sys.mui
68 File(s) 426,496 bytes

Directory of C:\Windows\System32\Drivers\etc

11/18/2009 08:07 PM .
11/18/2009 08:07 PM ..
11/18/2009 03:11 PM 356,734 hosts
02/10/2009 10:17 PM 769 hosts.20090606-133623.backup
06/06/2009 12:36 PM 307,178 hosts.20091118-151159.backup
11/18/2009 08:07 PM 356,707 hosts.new
09/18/2006 04:37 PM 3,683 lmhosts.sam
09/18/2006 04:37 PM 407 networks
09/18/2006 04:37 PM 1,358 protocol
09/18/2006 04:37 PM 17,244 services
8 File(s) 1,044,080 bytes

Directory of C:\Windows\System32\Drivers\UMDF

11/05/2009 11:11 AM .
11/05/2009 11:11 AM ..
11/05/2009 01:03 AM en-US
09/30/2009 07:51 PM 299,008 WpdFs.dll
09/30/2009 07:51 PM 1,195,008 WpdMtpDr.dll
2 File(s) 1,494,016 bytes

Directory of C:\Windows\System32\Drivers\UMDF\en-US

11/05/2009 01:03 AM .
11/05/2009 01:03 AM ..
09/30/2009 07:54 PM 2,560 wpdmtpdr.dll.mui
1 File(s) 2,560 bytes

Total Files Listed:
370 File(s) 49,346,741 bytes
14 Dir(s) 475,459,985,408 bytes free


***********************Hidden Drivers********************
Volume in drive C is Charlotte
Volume Serial Number is FCDB-010E

Directory of C:\Windows\System32\Drivers

02/04/2009 09:39 PM 0 Msft_User_WpdFs_01_00_00.Wdf
11/05/2009 01:02 AM 0 Msft_User_WpdFs_01_07_00.Wdf
02/13/2009 09:03 PM 0 Msft_User_WpdMtpDr_01_00_00.Wdf
11/05/2009 01:03 AM 0 Msft_User_WpdMtpDr_01_07_00.Wdf
4 File(s) 0 bytes
0 Dir(s) 475,459,993,600 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
aswUpdSv.exe 1676 Normal C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
ashServ.exe 1700 High C:\Program Files\Alwil Software\Avast4\ashServ.exe
ashDisp.exe 2444 Normal C:\Program Files\Alwil Software\Avast4\ashDisp.exe
jusched.exe 2616 Normal C:\Program Files (x86)\Java\jre6\bin\jusched.exe
AppleMobileDeviceService.exe 2704 Normal C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 2724 Normal C:\Program Files (x86)\Bonjour\mDNSResponder.exe
vmnat.exe 2508 Normal C:\Windows\SysWOW64\vmnat.exe
vmnetdhcp.exe 2944 Normal C:\Windows\SysWOW64\vmnetdhcp.exe
vmware-authd.exe 2376 Normal C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
ashMaiSv.exe 3212 Normal C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
ashWebSv.exe 3248 Normal C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
wmplayer.exe 480 Normal C:\Program Files (x86)\Windows Media Player\wmplayer.exe
IntuitUpdateService.exe 2764 Normal C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
processes.exe 4576 Normal C:\Users\JJBladester\Desktop\SpiderKill\processes.exe


******************************************
EOF

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Tue Nov 24, 2009 3:42 am

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Tue Nov 24, 2009 3:55 am

LOL it's amazing there are so many different scans!
Here is the log:
(note: it said c:\watcam-1.3\binw\sc.exe is not compatible with 64-bit system)

Results of screen317's Security Check version 0.99.0
Windows Vista (UAC is disabled!)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
ESET Online Scanner v3
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Norton Ghost
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Tue Nov 24, 2009 4:01 am

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please consider updating to Windows Vista Service Pack 1 & 2.
Windows Vista Service Packs 1 & 2 contains all the updates released since the release plus support for new types of hardware and emerging hardware standards.
They are available via [You must be registered and logged in to see this link.] or as a standalone installation [You must be registered and logged in to see this link.].

==

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Tue Nov 24, 2009 4:24 am

Dear Jay,
the last log said Java was out of date but I already ran JavaRa and installed Java 6 update 17 previously. Did I not update it correctly?
Also, it appears to me that I already have service pack 2 on my Vista.

THANK YOU FOR YOUR GENEROUS HELP. Thank You! Bow or Thanks

I saw the thread about learning to fight malware. I want to learn to do it. Open Grin

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Tue Nov 24, 2009 4:28 am

You are welcome. Java should be fine then, as well as the service pack. Go ahead and get started on training. It is enjoyable and very rewarding. Reply to that thread about learning to fight malware, and I can answer any questions you have.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by jati on Tue Nov 24, 2009 4:35 am

Another question: is one of the free firewalls better for a 64-bit system?

jati
Novice
Novice

Status :
Online
Offline

Posts : 12
Joined : 2009-11-19
OS : Vista 64-bit
Points : 25868
# Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - i need help removing it

Post by Dr Jay on Tue Nov 24, 2009 5:01 am

I know for sure Comodo and PC Tools Firewall Plus is supported for 64 bit computers. Tallemu Online Armor is not compatible.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13704
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144790
# Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum