Vista Anti-Virus Pro

View previous topic View next topic Go down

Vista Anti-Virus Pro

Post by keano1 on Fri Feb 05, 2010 6:47 pm

Hi,
Seem to have the same Anti-Virus Pro problem that many others on this site have encountered but unfortunately after completing the Malwarebytes scan nothing has changed. I followed the step by step instructions to the letter and everything seem to go well but on re-booting the virus is still there.

Below is the information from the Hijackthis download;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:51, on 05/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\craig\AppData\Local\av.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIENE.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIENE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIENE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\craig\Downloads\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EPSON Stylus Photo PX700W(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\Windows\TEMP\E_S8DB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON PX700W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\Windows\TEMP\E_SBF17.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON PX700W Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\Windows\TEMP\E_SA07E.tmp" /EF "HKCU"
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6238 bytes

keano1
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-02-05
OS : Windows Vista

View user profile

Back to top Go down

Re: Vista Anti-Virus Pro

Post by Belahzur on Fri Feb 05, 2010 6:58 pm

If you've already run MBAM, can you post the log please? Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

MBAM Script

Post by keano1 on Fri Feb 05, 2010 7:16 pm

Hi,
MBAM Script from a Full scan.

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

05/02/2010 18:17:44
mbam-log-2010-02-05 (18-17-44).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 231396
Time elapsed: 39 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mnowida (Trojan.Agent.U) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pxala (Trojan.Agent.U) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\My Book\Craig\Unzipped\radio.decoder\BP Fiat_Alfa_Peug Calc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\craig\AppData\Local\Temp\xacromnwes.exe (Trojan.Inject) -> Quarantined and deleted successfully.
F:\Craig\Unzipped\radio.decoder\BP Fiat_Alfa_Peug Calc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\craig\AppData\Local\nLPIcs.dll (Trojan.Agent.U) -> Delete on reboot.
C:\Users\craig\AppData\Local\uqakigat.dll (Trojan.Agent.U) -> Delete on reboot.

Thanks

keano1
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-02-05
OS : Windows Vista

View user profile

Back to top Go down

Re: Vista Anti-Virus Pro

Post by Belahzur on Fri Feb 05, 2010 7:28 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Vista Anti-Virus Pro

Post by keano1 on Fri Feb 05, 2010 7:38 pm

Hi,

Update downloaded fine but when i click "ok" to install nothing happens. Have tried it 3 times so far and still nothing.

keano1
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-02-05
OS : Windows Vista

View user profile

Back to top Go down

Re: Vista Anti-Virus Pro

Post by Belahzur on Fri Feb 05, 2010 8:29 pm

Okay, uninstall MBAM, then re-download the 1.44 installer from [You must be registered and logged in to see this link.] and install that version.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Vista Anti-Virus Pro

Post by keano1 on Fri Feb 05, 2010 9:01 pm

ok, thanks, will try tomorrow as i live in england and it's getting late.

keano1
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-02-05
OS : Windows Vista

View user profile

Back to top Go down

Re: Vista Anti-Virus Pro

Post by Belahzur on Fri Feb 05, 2010 9:15 pm

Hehe, I'm a night owl. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Vista Anti-Virus Pro

Post by keano1 on Sat Feb 06, 2010 11:35 am

Hi,

Problem solved !!

Thanks very much for the help - much appreciated.

keano1
Novice
Novice

Status :
Online
Offline

Posts : 8
Joined : 2010-02-05
OS : Windows Vista

View user profile

Back to top Go down

Re: Vista Anti-Virus Pro

Post by Belahzur on Sat Feb 06, 2010 7:21 pm

Please post the new MBAM log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum