Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Windows Antivirus Pro manual removal in safe mode  (Read 8194 times)

0 Members and 1 Guest are viewing this topic.

garddfon

    Topic Starter


    Rookie

    Windows Antivirus Pro manual removal in safe mode
    « on: August 19, 2009, 09:01:17 AM »
    Dear Computer Hope,

    I have been infected with this virus and need help with manual removal of files, dlls and registry entries. I can only run Windows in safe mode and I am unable to run McAfee, Hijack This, or any other spyware removal applications. I am running Win XP but don't know how to tell which service pack I have in safe mode, I'm assuming SP2. I hope you can still help. I have found instructions elsewhere on how to remove registry entries and unregister .dll files through cmd prompt but in following instructions at hxxp://wiki-security.com/wiki/Parasite/WindowsAntivirusPro I went ahead and (unwisely?) deleted the Programmes\Windows Anti Virus Pro\ folder altogether and now do not have the .dlls to unregister.  Any advice would be greatly appreciated, thanks.

    garddfon
    « Last Edit: September 04, 2009, 10:05:09 AM by evilfantasy »

    Karnac



      Specialist

      Thanked: 211
      Re: Windows Antivirus Pro manual removal in safe mode
      « Reply #1 on: August 19, 2009, 09:48:22 AM »
      Stay out of the registry.

      You'll have to go here....

      http://www.computerhope.com/forum/index.php/topic,46313.0.html

      If you've lost your connection, download the programs to a USB stick on a good PC and transfer them to your PC.
      If you have difficulty, you may have to run them in safe mode, tap F8 at start, .
      If you have difficulty, you may have to rename the programs when you save them.
      If you get stuck on a step, proceed to the next .

      Post the logs for step 3,4 and 6.


      Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

      garddfon

        Topic Starter


        Rookie

        Re: Windows Antivirus Pro manual removal in safe mode
        « Reply #2 on: August 19, 2009, 01:45:30 PM »
        Hi Karnac,

        Thanks very much for the instructions. Here's the update on my situation.

        Step A Antivirus
        McAfee would not run a full scan. I downloaded AVG Free 8.5 and tried to install from USB stick but it will not install without an internet connection. I removed McAfee before trying to install AVG as per the instructions so currently have no Antivirus protection.

        Step 1 Add/Remove Programmes
        (had to access this through Start>Run...appwiz.cpl as all application shortcuts are disabled) - Windows Antivirus Pro is listed but I'll wait for advice before taking action.

        Step 2 House Cleaning
        Completed successfully.

        Step 3 SuperAntiSpyware
        Renamed the .exe but got the error messge box: "SUPERAntiSpyware Free Edition has encountered a problem and needs to close".

        Step 4 Malwarebytes
        Renamed the .exe and installed succesfully. Performed scan, 12 problems were found. Chose Remove Selected. Application requested reboot as per the note in your instructions. System froze on reboot. Rebooted again and reperformed scan. 2 infections were still found. Checked both logs – all problems successfully quarantined and removed except two the items which were supposed to be deleted on reboot. Both log files attached.

        Step 5 – not taken as not connected to internet.

        Step 6 – Hikack This
        Renamed the .exe and installed successfully. Performed scan. Log file attached.

        Thanks for all the help so far.

        garddfon


        [attachment deleted by admin]

        garddfon

          Topic Starter


          Rookie

          Re: Windows Antivirus Pro manual removal in safe mode
          « Reply #3 on: August 19, 2009, 01:51:56 PM »
          P.S. I should have mentioned that since my original post I managed to reboot in normal XP mode through choosing 'Last Known Good Configuration' on the f8 startup screen, so all the above was carried out in normal XP not safe mode.

          Karnac



            Specialist

            Thanked: 211
            Re: Windows Antivirus Pro manual removal in safe mode
            « Reply #4 on: August 19, 2009, 02:14:27 PM »
            Go here for self help

            http://www.computerhope.com/forum/index.php/topic,81761.0.html

            Paste your HJT log into the window of the process tool and follow the instructions at the end to remove the problems....


            Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

            garddfon

              Topic Starter


              Rookie

              Re: Windows Antivirus Pro manual removal in safe mode
              « Reply #5 on: September 04, 2009, 06:20:44 AM »
              Dear Karnac,

              Thanks for all your help. I have done what you suggested and followed the procedure in self help. Repeated scans in Hijack This and MalwareBytes have detected and fixed a number of problems but the following one seems impossible to shift, see extract from Self Help report below.

              Missing   o23 - service: antipyproex (antippro2009_100) - unknown owner - c:\windows\svchast.exe (file missing)
              Here's the link to the full report (http://www.computerhope.com/cgi-bin/process.pl?o=451543)

              I have not performed any of the tasks which require going online yet either as I'm not sure it's safe to do so.

              Your advice on the next step would be much appreciated.

              Regards,

              Garddfon

              Karnac



                Specialist

                Thanked: 211
                Re: Windows Antivirus Pro manual removal in safe mode
                « Reply #6 on: September 04, 2009, 06:43:27 AM »
                Evilfantasy will be assisting you from here on as you may require specialized tools to remove that entry.


                Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 488
                • Experience: Familiar
                • OS: Windows 10
                Re: Windows Antivirus Pro manual removal in safe mode
                « Reply #7 on: September 04, 2009, 10:07:43 AM »
                Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

                Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

                * XP users Double click on dds to run it.
                * If your antivirus or firewall try to block DDS then please allow it to run.
                * When finished DDS will open two (2) logs.

                1) DDS.txt
                2) Attach.txt

                * Save both logs to your desktop.
                * Please copy and paste the entire contents of both logs in your next reply.

                Note: DDS will instruct you to post the Attach.txt log as an attachment.
                Please just post it as you would any other log by copy and pasting it into the reply.

                garddfon

                  Topic Starter


                  Rookie

                  Re: Windows Antivirus Pro manual removal in safe mode
                  « Reply #8 on: September 15, 2009, 06:03:50 AM »
                  Dear evilfantasy,

                  Thanks for your latest instructions. Here are the DSS logs as requested.

                  Regards,

                  garddfon


                  Attach.txt

                  DDS (Ver_09-07-30.01)

                  Microsoft Windows XP Professional
                  Boot Device: \Device\HarddiskVolume2
                  Install Date: 26/03/2006 14:08:06
                  System Uptime: 15/09/2009 11:01:20 (0 hours ago)

                  Motherboard: Dell Inc. |  | 0FF049
                  Processor: Genuine Intel(R) CPU           T2300  @ 1.66GHz | Microprocessor | 1662/166mhz
                  Processor: Genuine Intel(R) CPU           T2300  @ 1.66GHz | Microprocessor | 1662/166mhz

                  ==== Disk Partitions =========================

                  C: is FIXED (NTFS) - 70 GiB total, 19.465 GiB free.
                  D: is CDROM ()
                  E: is Removable

                  ==== Disabled Device Manager Items =============

                  ==== System Restore Points ===================

                  RP1141: 02/09/2009 17:28:38 - Windows Defender Checkpoint
                  RP1142: 02/09/2009 17:28:38 - System Checkpoint
                  RP1143: 03/09/2009 18:49:49 - System Checkpoint
                  RP1144: 04/09/2009 13:32:14 - Removed SUPERAntiSpyware Free Edition
                  RP1145: 07/09/2009 20:07:50 - System Checkpoint
                  RP1146: 09/09/2009 23:18:06 - System Checkpoint
                  RP1147: 14/09/2009 20:53:22 - System Checkpoint

                  ==== Installed Programs ======================

                  4oD
                  Absolute Patience
                  Adobe After Effects 6.0
                  Adobe Flash Player 10 ActiveX
                  Adobe Flash Player 10 Plugin
                  Adobe Premiere Pro
                  Adobe Reader 7.0.9
                  Anarchy Effects VST v1.3
                  Anarchy Rhythms VST v1.0
                  Antares Auto-Tune 3.10 DirectX
                  Antares Autotune DX v4.15
                  Antares Microphone Modeler 1.31 DirectX
                  ARTEuro
                  AVG 8.5
                  AVG Identity Protection
                  Broadcom Management Programs
                  Bubblets 1.0
                  CCleaner (remove only)
                  CD-LabelPrint
                  CGoban 3
                  Conexant HDA D110 MDC V.92 Modem
                  Corel Paint Shop Pro X
                  Corel Photo Album 6
                  Cubase 4
                  Dell Media Experience
                  Dell System Restore
                  DellSupport
                  Digital Line Detect
                  DivX Content Uploader
                  DivX Web Player
                  Edirol HQ Orchestral v1.01
                  Google Earth
                  Google Updater
                  High Definition Audio Driver Package - KB835221
                  HijackThis 2.0.2
                  Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
                  Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
                  Hotfix for Windows Internet Explorer 7 (KB947864)
                  Hotfix for Windows XP (KB896256)
                  Hotfix for Windows XP (KB906569)
                  Hotfix for Windows XP (KB908673)
                  Hotfix for Windows XP (KB909394)
                  Hotfix for Windows XP (KB914440)
                  Hotfix for Windows XP (KB915865)
                  Hotfix for Windows XP (KB952287)
                  Hotfix for Windows XP (KB954550-v5)
                  Hotfix for Windows XP (KB961118)
                  Hoyle Board Games 2003
                  Hoyle Card Games 2003
                  Intel(R) Graphics Media Accelerator Driver
                  Intel(R) PROSet/Wireless Software
                  Internal Network Card Power Management
                  IrfanView (remove only)
                  iTunes
                  J2SE Runtime Environment 5.0 Update 11
                  J2SE Runtime Environment 5.0 Update 6
                  J2SE Runtime Environment 5.0 Update 9
                  Java 2 Runtime Environment, SE v1.4.2_03
                  Java(TM) 6 Update 2
                  Java(TM) 6 Update 3
                  Java(TM) 6 Update 5
                  Learn2 Player (Uninstall Only)
                  Lounge Lizard EP-2 v2.0
                  Malwarebytes' Anti-Malware
                  MangoDrum (MightyMango)
                  mCore
                  MCU
                  mDrWiFi
                  mHlpDell
                  Microsoft .NET Framework 1.1
                  Microsoft .NET Framework 1.1 Hotfix (KB928366)
                  Microsoft .NET Framework 2.0 Service Pack 2
                  Microsoft .NET Framework 3.0 Service Pack 2
                  Microsoft .NET Framework 3.5 SP1
                  Microsoft ActiveSync
                  Microsoft Internationalized Domain Names Mitigation APIs
                  Microsoft National Language Support Downlevel APIs
                  Microsoft Visual C++ 2005 Redistributable
                  Microsoft Works 7.0
                  mIWA
                  mLogView
                  mMHouse
                  Modem Helper
                  Mozilla Firefox (3.0.13)
                  Mozilla Thunderbird (1.5.0.7)
                  mPfMgr
                  mPfWiz
                  mProSafe
                  mSSO
                  MSXML 4.0 SP2 (KB927978)
                  MSXML 4.0 SP2 (KB936181)
                  MSXML 4.0 SP2 (KB954430)
                  MSXML 6 Service Pack 2 (KB954459)
                  mWlsSafe
                  mWMI
                  mXML
                  mZConfig
                  Native Instruments Absynth v3.0.2
                  Native Instruments B4
                  Native Instruments B4 Tone Wheels Bundle v1.11
                  NetWaiting
                  Ohmforce Hematohm VST v1.20
                  Ohmforce Mobilohm VST v1.04
                  Ohmforce OhmBoyz VST v1.40
                  Ohmforce Predatohm VST v1.30
                  Ohmforce Quad Frohmage Pro VST v1.10
                  PowerDVD 5.7
                  Prosoniq Morph VST v1.0
                  QuickSet
                  QuickTime
                  RealPlayer
                  Saffire PRO 2.1
                  SCRABBLEÆ 2005 EDITION
                  Seagate Manager Installer
                  Security Update for Step By Step Interactive Training (KB898458)
                  Security Update for Step By Step Interactive Training (KB923723)
                  Security Update for Windows Internet Explorer 7 (KB928090)
                  Security Update for Windows Internet Explorer 7 (KB929969)
                  Security Update for Windows Internet Explorer 7 (KB931768)
                  Security Update for Windows Internet Explorer 7 (KB933566)
                  Security Update for Windows Internet Explorer 7 (KB937143)
                  Security Update for Windows Internet Explorer 7 (KB938127)
                  Security Update for Windows Internet Explorer 7 (KB939653)
                  Security Update for Windows Internet Explorer 7 (KB942615)
                  Security Update for Windows Internet Explorer 7 (KB944533)
                  Security Update for Windows Internet Explorer 7 (KB950759)
                  Security Update for Windows Internet Explorer 7 (KB953838)
                  Security Update for Windows Internet Explorer 7 (KB956390)
                  Security Update for Windows Internet Explorer 7 (KB958215)
                  Security Update for Windows Internet Explorer 7 (KB960714)
                  Security Update for Windows Internet Explorer 7 (KB961260)
                  Security Update for Windows Internet Explorer 7 (KB963027)
                  Security Update for Windows Internet Explorer 7 (KB969897)
                  Security Update for Windows Internet Explorer 7 (KB972260)
                  Security Update for Windows Media Player (KB911564)
                  Security Update for Windows Media Player (KB952069)
                  Security Update for Windows Media Player (KB973540)
                  Security Update for Windows Media Player 10 (KB911565)
                  Security Update for Windows Media Player 10 (KB917734)
                  Security Update for Windows Media Player 10 (KB936782)
                  Security Update for Windows Media Player 6.4 (KB925398)
                  Security Update for Windows XP (KB890046)
                  Security Update for Windows XP (KB893756)
                  Security Update for Windows XP (KB896358)
                  Security Update for Windows XP (KB896422)
                  Security Update for Windows XP (KB896423)
                  Security Update for Windows XP (KB896424)
                  Security Update for Windows XP (KB896428)
                  Security Update for Windows XP (KB899587)
                  Security Update for Windows XP (KB899588)
                  Security Update for Windows XP (KB899589)
                  Security Update for Windows XP (KB899591)
                  Security Update for Windows XP (KB900725)
                  Security Update for Windows XP (KB901017)
                  Security Update for Windows XP (KB901190)
                  Security Update for Windows XP (KB901214)
                  Security Update for Windows XP (KB902400)
                  Security Update for Windows XP (KB904706)
                  Security Update for Windows XP (KB905414)
                  Security Update for Windows XP (KB905749)
                  Security Update for Windows XP (KB905915)
                  Security Update for Windows XP (KB908519)
                  Security Update for Windows XP (KB908531)
                  Security Update for Windows XP (KB911280)
                  Security Update for Windows XP (KB911562)
                  Security Update for Windows XP (KB911567)
                  Security Update for Windows XP (KB911927)
                  Security Update for Windows XP (KB912812)
                  Security Update for Windows XP (KB912919)
                  Security Update for Windows XP (KB913446)
                  Security Update for Windows XP (KB913580)
                  Security Update for Windows XP (KB914388)
                  Security Update for Windows XP (KB914389)
                  Security Update for Windows XP (KB916281)
                  Security Update for Windows XP (KB917159)
                  Security Update for Windows XP (KB917344)
                  Security Update for Windows XP (KB917422)
                  Security Update for Windows XP (KB917953)
                  Security Update for Windows XP (KB918118)
                  Security Update for Windows XP (KB918439)
                  Security Update for Windows XP (KB918899)
                  Security Update for Windows XP (KB919007)
                  Security Update for Windows XP (KB920213)
                  Security Update for Windows XP (KB920214)
                  Security Update for Windows XP (KB920670)
                  Security Update for Windows XP (KB920683)
                  Security Update for Windows XP (KB920685)
                  Security Update for Windows XP (KB921398)
                  Security Update for Windows XP (KB921503)
                  Security Update for Windows XP (KB921883)
                  Security Update for Windows XP (KB922616)
                  Security Update for Windows XP (KB922760)
                  Security Update for Windows XP (KB922819)
                  Security Update for Windows XP (KB923191)
                  Security Update for Windows XP (KB923414)
                  Security Update for Windows XP (KB923561)
                  Security Update for Windows XP (KB923689)
                  Security Update for Windows XP (KB923694)
                  Security Update for Windows XP (KB923980)
                  Security Update for Windows XP (KB924191)
                  Security Update for Windows XP (KB924270)
                  Security Update for Windows XP (KB924496)
                  Security Update for Windows XP (KB924667)
                  Security Update for Windows XP (KB925486)
                  Security Update for Windows XP (KB925902)
                  Security Update for Windows XP (KB926255)
                  Security Update for Windows XP (KB926436)
                  Security Update for Windows XP (KB927779)
                  Security Update for Windows XP (KB927802)
                  Security Update for Windows XP (KB928255)
                  Security Update for Windows XP (KB928843)
                  Security Update for Windows XP (KB929123)
                  Security Update for Windows XP (KB930178)
                  Security Update for Windows XP (KB931261)
                  Security Update for Windows XP (KB931784)
                  Security Update for Windows XP (KB932168)
                  Security Update for Windows XP (KB933729)
                  Security Update for Windows XP (KB935839)
                  Security Update for Windows XP (KB935840)
                  Security Update for Windows XP (KB936021)
                  Security Update for Windows XP (KB937894)
                  Security Update for Windows XP (KB938464)
                  Security Update for Windows XP (KB938829)
                  Security Update for Windows XP (KB941202)
                  Security Update for Windows XP (KB941568)
                  Security Update for Windows XP (KB941569)
                  Security Update for Windows XP (KB941644)
                  Security Update for Windows XP (KB941693)
                  Security Update for Windows XP (KB943055)
                  Security Update for Windows XP (KB943460)
                  Security Update for Windows XP (KB943485)
                  Security Update for Windows XP (KB944653)
                  Security Update for Windows XP (KB945553)
                  Security Update for Windows XP (KB946026)
                  Security Update for Windows XP (KB946648)
                  Security Update for Windows XP (KB948590)
                  Security Update for Windows XP (KB948881)
                  Security Update for Windows XP (KB950749)
                  Security Update for Windows XP (KB950760)
                  Security Update for Windows XP (KB950762)
                  Security Update for Windows XP (KB950974)
                  Security Update for Windows XP (KB951066)
                  Security Update for Windows XP (KB951376-v2)
                  Security Update for Windows XP (KB951376)
                  Security Update for Windows XP (KB951698)
                  Security Update for Windows XP (KB951748)
                  Security Update for Windows XP (KB952004)
                  Security Update for Windows XP (KB952954)
                  Security Update for Windows XP (KB953839)
                  Security Update for Windows XP (KB954211)
                  Security Update for Windows XP (KB954600)
                  Security Update for Windows XP (KB955069)
                  Security Update for Windows XP (KB956391)
                  Security Update for Windows XP (KB956572)
                  Security Update for Windows XP (KB956802)
                  Security Update for Windows XP (KB956803)
                  Security Update for Windows XP (KB956841)
                  Security Update for Windows XP (KB957095)
                  Security Update for Windows XP (KB957097)
                  Security Update for Windows XP (KB958470)
                  Security Update for Windows XP (KB958644)
                  Security Update for Windows XP (KB958687)
                  Security Update for Windows XP (KB958690)
                  Security Update for Windows XP (KB959426)
                  Security Update for Windows XP (KB960225)
                  Security Update for Windows XP (KB960715)
                  Security Update for Windows XP (KB960803)
                  Security Update for Windows XP (KB960859)
                  Security Update for Windows XP (KB961371)
                  Security Update for Windows XP (KB961373)
                  Security Update for Windows XP (KB961501)
                  Security Update for Windows XP (KB968537)
                  Security Update for Windows XP (KB969898)
                  Security Update for Windows XP (KB970238)
                  Security Update for Windows XP (KB971032)
                  Security Update for Windows XP (KB971557)
                  Security Update for Windows XP (KB971633)
                  Security Update for Windows XP (KB971657)
                  Security Update for Windows XP (KB973346)
                  Security Update for Windows XP (KB973354)
                  Security Update for Windows XP (KB973507)
                  Security Update for Windows XP (KB973869)
                  Sibelius 5
                  Skypeô 3.2
                  Sonic DLA
                  Sonic MyDVD LE
                  Sonic RecordNow Audio
                  Sonic RecordNow Copy
                  Sonic RecordNow Data
                  Sonic Update Manager
                  Sony DVD Architect 2.0
                  Sony Vegas 5.0a
                  Spybot - Search & Destroy 1.4
                  Steinberg PLEX VSTi v1.0
                  Steinberg Voice Designer v1.03
                  Synaptics Pointing Device Driver
                  Syncrosoft's License Control
                  SyncroSoft Emu (Remove only)
                  Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
                  Update for Windows XP (KB894391)
                  Update for Windows XP (KB898461)
                  Update for Windows XP (KB900485)
                  Update for Windows XP (KB904942)
                  Update for Windows XP (KB910437)
                  Update for Windows XP (KB916595)
                  Update for Windows XP (KB920872)
                  Update for Windows XP (KB922582)
                  Update for Windows XP (KB925720)
                  Update for Windows XP (KB927891)
                  Update for Windows XP (KB929338)
                  Update for Windows XP (KB930916)
                  Update for Windows XP (KB931836)
                  Update for Windows XP (KB932823-v3)
                  Update for Windows XP (KB933360)
                  Update for Windows XP (KB936357)
                  Update for Windows XP (KB938828)
                  Update for Windows XP (KB942763)
                  Update for Windows XP (KB951072-v2)
                  Update for Windows XP (KB955839)
                  Update for Windows XP (KB967715)
                  Update for Windows XP (KB973815)
                  Update Service
                  US122 Driver 3.40
                  USB Keyboard Device 1.0.1.0
                  Viewpoint Media Player
                  Warp VST V1.0
                  WebFldrs XP
                  Windows Defender
                  Windows Defender Signatures
                  Windows Genuine Advantage Notifications (KB905474)
                  Windows Imaging Component
                  Windows Installer 3.1 (KB893803)
                  Windows Internet Explorer 7
                  Windows Media Format Runtime
                  Windows Media Player 10
                  Windows Media Player 10 Hotfix - KB894476
                  Windows XP Hotfix - KB873339
                  Windows XP Hotfix - KB885250
                  Windows XP Hotfix - KB885835
                  Windows XP Hotfix - KB885836
                  Windows XP Hotfix - KB885855
                  Windows XP Hotfix - KB886185
                  Windows XP Hotfix - KB887472
                  Windows XP Hotfix - KB887742
                  Windows XP Hotfix - KB888113
                  Windows XP Hotfix - KB888302
                  Windows XP Hotfix - KB889673
                  Windows XP Hotfix - KB890859
                  Windows XP Hotfix - KB891781
                  Windows XP Hotfix - KB892627
                  Windows XP Hotfix - KB893056
                  WordBiz version 1.8
                  X-treme FX

                  ==== Event Viewer Messages From Past Week ========

                  08/09/2009 10:44:54, error: Service Control Manager [7000]  - The Nsynas32 service failed to start due to the following error:  The system cannot find the device specified.
                  08/09/2009 10:44:54, error: Service Control Manager [7000]  - The hakgu service failed to start due to the following error:  The system cannot find the file specified.
                  08/09/2009 10:44:54, error: Service Control Manager [7000]  - The AntipyProex service failed to start due to the following error:  The system cannot find the file specified.

                  ==== End Of File ===========================


                  dss.txt

                  DDS (Ver_09-07-30.01) - NTFSx86 
                  Run by simonp at 11:15:21.43 on 15/09/2009
                  Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
                  Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1014.402 [GMT 1:00]

                  AV: AVG Internet Security *On-access scanning enabled* (Outdated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

                  ============== Running Processes ===============

                  C:\WINDOWS\system32\svchost -k DcomLaunch
                  svchost.exe
                  C:\Program Files\Windows Defender\MsMpEng.exe
                  C:\WINDOWS\System32\svchost.exe -k netsvcs
                  C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
                  C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                  C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
                  C:\WINDOWS\Explorer.EXE
                  svchost.exe
                  svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
                  svchost.exe
                  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
                  C:\PROGRA~1\AVG\AVG8\avgfws8.exe
                  C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
                  C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
                  C:\Program Files\Kontiki\KService.exe
                  C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
                  C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
                  C:\WINDOWS\system32\svchost.exe -k imgsvc
                  C:\PROGRA~1\AVG\AVG8\avgam.exe
                  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
                  C:\PROGRA~1\AVG\AVG8\avgemc.exe
                  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
                  C:\Program Files\AVG\AVG8\avgcsrvx.exe
                  C:\Program Files\AVG\AVG8\avgcsrvx.exe
                  C:\WINDOWS\system32\igfxpers.exe
                  C:\WINDOWS\system32\igfxsrvc.exe
                  C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                  C:\WINDOWS\stsystra.exe
                  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  C:\Program Files\Dell\QuickSet\quickset.exe
                  C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
                  C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
                  C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
                  C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                  C:\WINDOWS\system32\dla\tfswctrl.exe
                  C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\Program Files\Kontiki\KHost.exe
                  C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
                  C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
                  C:\Program Files\Windows Defender\MSASCui.exe
                  C:\PROGRA~1\AVG\AVG8\avgtray.exe
                  C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
                  C:\Program Files\NetWaiting\netWaiting.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
                  C:\Program Files\Skype\Phone\Skype.exe
                  C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
                  C:\PROGRA~1\MICROS~3\rapimgr.exe
                  C:\Program Files\Digital Line Detect\DLG.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Skype\Plugin Manager\skypePM.exe
                  E:\dds.scr

                  ============== Pseudo HJT Report ===============

                  uStart Page = hxxp://www.google.co.uk/
                  uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb
                  uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
                  uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/probe/?lips=c0a80067
                  uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
                  mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
                  uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
                  BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
                  BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
                  BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
                  BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
                  BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
                  BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
                  BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
                  TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
                  TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
                  TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
                  uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
                  uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
                  uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
                  uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
                  uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
                  uRun: [kdx] c:\program files\kontiki\KHost.exe -all
                  uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
                  mRun: [igfxtray] c:\windows\system32\igfxtray.exe
                  mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
                  mRun: [igfxpers] c:\windows\system32\igfxpers.exe
                  mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
                  mRun: [SigmatelSysTrayApp] stsystra.exe
                  mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
                  mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
                  mRun: [ShowLOMControl] 1 (0x1)
                  mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
                  mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
                  mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
                  mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
                  mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
                  mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
                  mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
                  mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
                  mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
                  mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
                  mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
                  mRun: [<NO NAME>]
                  mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
                  mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
                  mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
                  mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
                  mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
                  dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                  dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
                  StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
                  StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
                  IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                  IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                  IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
                  IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
                  IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
                  Trusted Zone: internet
                  Trusted Zone: mcafee.com
                  DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
                  DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
                  DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
                  DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
                  DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
                  DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
                  DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
                  DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
                  DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
                  DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                  Notify: avgrsstarter - avgrsstx.dll
                  Notify: igfxcui - igfxdev.dll
                  SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll

                  ================= FIREFOX ===================

                  FF - ProfilePath - c:\docume~1\simonp\applic~1\mozilla\firefox\profiles\an2kcd0c.default\
                  FF - prefs.js: browser.search.selectedEngine - Google.co.uk
                  FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
                  FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
                  FF - component: c:\program files\avg\avg8\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
                  FF - component: c:\program files\avg\avg8\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
                  FF - component: c:\program files\avg\avg8\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
                  FF - component: c:\program files\avg\avg8\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
                  FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
                  FF - plugin: c:\program files\mozilla firefox\plugins\NPBOARDS.dll
                  FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
                  FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
                  FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
                  FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
                  FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

                  ---- FIREFOX POLICIES ----
                  FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

                  ============= SERVICES / DRIVERS ===============

                  R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
                  R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-2 12552]
                  R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-2 335240]
                  R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-2 27784]
                  R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-2 108552]
                  R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-2 908056]
                  R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-2 297752]
                  R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-9-2 1370488]
                  R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-7-22 5641736]
                  R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
                  R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
                  R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
                  R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-9-2 29208]
                  R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-7-22 121352]
                  R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-7-22 30216]
                  R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-7-22 27232]
                  R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2006-3-27 33792]
                  S2 AntipPro2009_100;AntipyProex;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
                  S2 hakgu;hakgu;c:\windows\system32\drivers\hxwtqzjh.sys --> c:\windows\system32\drivers\hxwtqzjh.sys [?]
                  S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-9-2 29208]
                  S3 ffPro26IO_1394;ffPro26IO_1394;c:\windows\system32\drivers\ffPro26IO_1394.sys [2008-4-10 116736]
                  S3 ffPro26IO_avs;ffPro26IO_avs;c:\windows\system32\drivers\ffPro26IO_avs.sys [2008-4-10 44544]
                  S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2006-3-27 16896]
                  S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2006-3-28 13504]
                  S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2009-4-23 131968]
                  S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2004-7-30 18304]
                  S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2009-4-23 39168]
                  S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [2006-3-28 22304]

                  =============== Created Last 30 ================

                  2009-09-02 18:45   <DIR>   --d-h---   C:\$AVG8.VAULT$
                  2009-09-02 17:50   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
                  2009-09-02 17:50   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
                  2009-09-02 17:50   <DIR>   --d-----   c:\docume~1\simonp\applic~1\SUPERAntiSpyware.com
                  2009-09-02 15:31   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Downloaded Installations
                  2009-09-02 15:31   12,552   a-------   c:\windows\system32\drivers\avgrkx86.sys
                  2009-09-02 15:31   11,952   a-------   c:\windows\system32\avgrsstx.dll
                  2009-09-02 15:31   108,552   a-------   c:\windows\system32\drivers\avgtdix.sys
                  2009-09-02 15:31   335,240   a-------   c:\windows\system32\drivers\avgldx86.sys
                  2009-09-02 15:31   <DIR>   --d-----   c:\windows\system32\drivers\Avg
                  2009-09-02 15:31   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
                  2009-09-02 15:29   50,968   a-------   c:\windows\system32\avgfwdx.dll
                  2009-09-02 15:29   29,208   a-------   c:\windows\system32\drivers\avgfwdx.sys
                  2009-08-20 11:57   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\avg8
                  2009-08-19 18:30   <DIR>   --d-----   c:\docume~1\simonp\applic~1\Malwarebytes
                  2009-08-19 17:51   <DIR>   --d-----   c:\program files\CCleaner
                  2009-08-19 17:46   <DIR>   --d-----   c:\docume~1\simonp\applic~1\AVG8
                  2009-08-19 17:01   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
                  2009-08-19 17:01   19,096   a-------   c:\windows\system32\drivers\mbam.sys
                  2009-08-19 17:01   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
                  2009-08-19 17:01   <DIR>   --d-----   c:\program files\TestMW
                  2009-08-19 16:58   <DIR>   --d-----   c:\program files\Inncognito
                  2009-08-19 15:23   <DIR>   --d-----   c:\program files\Spybot - Search & Destroy
                  2009-08-18 21:31   <DIR>   --d-----   c:\docume~1\simonp\applic~1\McAfee

                  ==================== Find3M  ====================

                  2009-08-05 10:11   204,800   a-------   c:\windows\system32\mswebdvd.dll
                  2009-08-05 10:11   204,800   --------   c:\windows\system32\dllcache\mswebdvd.dll
                  2009-07-22 17:23   74,760   a-------   c:\windows\system32\drivers\UniversalDD.sys
                  2009-07-22 17:23   25,608   a-------   c:\windows\system32\drivers\AVGIDSErHr.sys
                  2009-07-19 14:33   3,597,824   a-------   c:\windows\system32\dllcache\mshtml.dll
                  2009-07-19 14:32   6,067,200   --------   c:\windows\system32\dllcache\ieframe.dll
                  2009-07-17 19:55   58,880   a-------   c:\windows\system32\atl.dll
                  2009-07-17 19:55   58,880   --------   c:\windows\system32\dllcache\atl.dll
                  2009-07-13 10:08   286,720   a-------   c:\windows\system32\wmpdxm.dll
                  2009-07-13 10:08   286,720   a-------   c:\windows\system32\dllcache\wmpdxm.dll
                  2009-07-13 10:08   5,537,792   a-------   c:\windows\system32\dllcache\wmp.dll
                  2009-07-10 14:42   1,315,328   --------   c:\windows\system32\dllcache\msoe.dll
                  2009-06-29 12:07   13,824   --------   c:\windows\system32\dllcache\ieudinit.exe
                  2009-06-29 12:07   70,656   --------   c:\windows\system32\dllcache\ie4uinit.exe
                  2009-06-29 09:35   634,632   --------   c:\windows\system32\dllcache\iexplore.exe
                  2009-06-29 09:33   2,452,872   --------   c:\windows\system32\dllcache\ieapfltr.dat
                  2009-06-29 09:33   161,792   --------   c:\windows\system32\dllcache\ieakui.dll
                  2009-06-22 12:49   117,248   a-------   c:\windows\system32\mqtgsvc.exe
                  2009-06-22 12:49   19,968   a-------   c:\windows\system32\mqbkup.exe
                  2009-06-22 12:49   117,248   --------   c:\windows\system32\dllcache\mqtgsvc.exe
                  2009-06-22 12:49   19,968   --------   c:\windows\system32\dllcache\mqbkup.exe
                  2009-06-22 12:49   4,608   a-------   c:\windows\system32\mqsvc.exe
                  2009-06-22 12:49   4,608   --------   c:\windows\system32\dllcache\mqsvc.exe
                  2009-06-22 12:48   91,776   --------   c:\windows\system32\dllcache\mqac.sys
                  2009-03-29 19:03   13,012   a-------   c:\documents and settings\simonp\Bubblets.dat
                  2008-05-20 15:55   604   a---h---   c:\program files\STLL Notifier
                  2008-03-14 16:28   1,941   a-------   c:\program files\uninstal.log
                  2009-04-28 19:45   88   ---shr--   c:\windows\system32\107A2D91F8.sys
                  2009-01-09 14:54   104   ---shr--   c:\windows\system32\F8912D7A10.sys
                  2009-04-28 19:45   6,736   a--sh---   c:\windows\system32\KGyGaAvL.sys
                  2009-05-15 18:38   32,768   a--sh---   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051520090516\index.dat

                  ============= FINISH: 11:16:24.64 ===============


                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 488
                  • Experience: Familiar
                  • OS: Windows 10
                  Re: Windows Antivirus Pro manual removal in safe mode
                  « Reply #9 on: September 18, 2009, 03:17:40 PM »
                  Download ComboFix from one of the below links. You must rename it before saving it!

                  Important! You MUST save ComboFix to your desktop. DO NOT run it yet!

                  Link 1
                  Link 2

                  Rename ComboFix to Combo-Fix before saving it to the desktop.





                  Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

                  Delete these files/folders, as follows:

                  1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
                  It must be Notepad, not Wordpad.
                  2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

                  Code: [Select]
                  KillAll::

                  Driver::
                  AntipPro2009_100
                  AntipyProex
                  hakgu

                  File::
                  c:\windows\svchast.exe
                  c:\windows\system32\drivers\hxwtqzjh.sys

                  Folder::
                  c:\program files\messenger
                  c:\program files\viewpoint

                  DDS::
                  uSearch Page = hxxp://search.bearshare.com/sidebar.html?src=ssb
                  uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
                  mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb
                  TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
                  TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
                  uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
                  mRun: [<NO NAME>]
                  IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

                  Firefox::
                  FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

                  3. Go to the Notepad window and click Edit > Paste
                  4. Then click File > Save
                  5. Name the file CFScript.txt - Save the file to your Desktop
                  6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



                  ComboFix will begin to execute, just follow the prompts.
                  After reboot (in case it asks to reboot), it will produce a log for you.
                  Post that log (Combofix.txt) in your next reply.

                  Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

                  ----------

                  Go to Add or Remove Programs and uninstall:

                  .
                  ----------

                  Your Java is out of date.

                  Older versions have vulnerabilities that malicious sites can use to infect your system.

                  First install the new Sun Java Runtime Environment

                  Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

                  Be sure to close all browser windows before beginning the install.

                  Remove the old version(s)

                  Download JavaRa
                  * Unzip the file and open the JavaRa.exe
                  * Click Remove Older Versions
                  * JavaRa will search for and remove any outdated version of Java and remove any that are found.
                  * Click Additional Tasks
                  * Place a check next to Remove Useless JRE Files and click Go
                  * Exit JavaRa
                  * Delete the JavaRa files from the Desktop

                  Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

                  ----------

                  garddfon

                    Topic Starter


                    Rookie

                    Re: Windows Antivirus Pro manual removal in safe mode
                    « Reply #10 on: September 21, 2009, 09:09:46 AM »
                    Dear Evilfantasy,

                    Many thanks for the instructions. Here is the log file as requested.

                    Regards,

                    garddfon

                    ComboFix 09-09-20.01 - simonp 21/09/2009 15:43.1.2 - NTFSx86
                    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1014.305 [GMT 1:00]
                    Running from: c:\documents and settings\simonp\Desktop\Combo-Fix.exe
                    Command switches used :: c:\documents and settings\simonp\Desktop\CFScript.txt
                    AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

                    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

                    FILE ::
                    "c:\windows\svchast.exe"
                    "c:\windows\system32\drivers\hxwtqzjh.sys"
                    .

                    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                    .

                    c:\program files\messenger
                    c:\program files\messenger\custsat.dll
                    c:\program files\messenger\logowin.gif
                    c:\program files\messenger\lvback.gif
                    c:\program files\messenger\msgsc.dll
                    c:\program files\messenger\msgslang.dll
                    c:\program files\messenger\msmsgs.exe
                    c:\program files\messenger\newalert.wav
                    c:\program files\messenger\newemail.wav
                    c:\program files\messenger\online.wav
                    c:\program files\messenger\type.wav
                    c:\program files\messenger\xpmsgr.chm
                    c:\windows\Installer\15af4d.msi
                    c:\windows\Installer\1c4d5.msi
                    c:\windows\Installer\59923.msi
                    c:\windows\Installer\807ce.msi
                    c:\windows\Installer\aaf8d.msi
                    c:\windows\Installer\b36f6c.msp
                    c:\windows\Installer\debc.msi
                    c:\windows\Installer\e1b68.msi

                    .
                    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
                    .

                    -------\Legacy_ANTIPPRO2009_100
                    -------\Legacy_HAKGU
                    -------\Service_AntipPro2009_100
                    -------\Service_hakgu


                    (((((((((((((((((((((((((   Files Created from 2009-08-21 to 2009-09-21  )))))))))))))))))))))))))))))))
                    .

                    2009-09-21 11:48 . 2009-09-21 11:47   411368   ----a-w-   c:\windows\system32\deploytk.dll
                    2009-09-02 17:45 . 2009-09-03 11:58   --------   d-----w-   C:\$AVG8.VAULT$
                    2009-09-02 17:05 . 2009-09-02 17:05   --------   d-----w-   c:\documents and settings\simonp\Local Settings\Application Data\AVG Security Toolbar
                    2009-09-02 16:50 . 2009-09-02 16:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
                    2009-09-02 16:50 . 2009-09-04 12:36   --------   d-----w-   c:\documents and settings\simonp\Application Data\SUPERAntiSpyware.com
                    2009-09-02 16:50 . 2009-09-04 12:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
                    2009-09-02 14:31 . 2009-09-02 14:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Downloaded Installations
                    2009-09-02 14:31 . 2009-09-02 14:31   12552   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
                    2009-09-02 14:31 . 2009-09-02 14:31   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
                    2009-09-02 14:31 . 2009-09-02 14:31   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
                    2009-09-02 14:31 . 2009-09-02 14:31   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
                    2009-09-02 14:31 . 2009-09-02 14:31   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
                    2009-09-02 14:31 . 2009-09-21 11:30   --------   d-----w-   c:\windows\system32\drivers\Avg
                    2009-09-02 14:31 . 2009-09-02 14:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
                    2009-09-02 14:29 . 2009-09-02 14:29   50968   ----a-w-   c:\windows\system32\avgfwdx.dll
                    2009-09-02 14:29 . 2009-09-02 14:29   29208   ----a-w-   c:\windows\system32\drivers\avgfwdx.sys

                    .
                    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2009-09-21 14:53 . 2008-10-27 16:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kontiki
                    2009-09-21 14:52 . 2009-08-19 14:23   --------   d-----w-   c:\program files\Spybot - Search & Destroy
                    2009-09-21 14:36 . 2007-07-11 10:14   --------   d-----w-   c:\documents and settings\simonp\Application Data\Skype
                    2009-09-21 12:08 . 2006-03-20 21:41   --------   d-----w-   c:\program files\Java
                    2009-09-21 11:46 . 2007-05-29 11:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
                    2009-09-20 21:38 . 2009-01-06 13:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
                    2009-09-02 14:29 . 2009-08-20 10:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
                    2009-08-19 17:30 . 2009-08-19 17:30   --------   d-----w-   c:\documents and settings\simonp\Application Data\Malwarebytes
                    2009-08-19 16:51 . 2009-08-19 16:51   --------   d-----w-   c:\program files\CCleaner
                    2009-08-19 16:47 . 2009-05-03 11:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
                    2009-08-19 16:46 . 2009-08-19 16:46   --------   d-----w-   c:\documents and settings\simonp\Application Data\AVG8
                    2009-08-19 16:04 . 2009-08-19 16:01   --------   d-----w-   c:\program files\TestMW
                    2009-08-19 16:01 . 2009-08-19 16:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
                    2009-08-19 15:58 . 2009-08-19 15:58   --------   d-----w-   c:\program files\Inncognito
                    2009-08-18 20:31 . 2009-08-18 20:31   --------   d-----w-   c:\documents and settings\simonp\Application Data\McAfee
                    2009-08-05 09:11 . 2004-08-11 17:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
                    2009-08-03 12:36 . 2009-08-19 16:01   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                    2009-08-03 12:36 . 2009-08-19 16:01   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
                    2009-08-01 10:28 . 2009-05-08 21:53   --------   d-----w-   c:\documents and settings\LocalService\Application Data\SACore
                    2009-08-01 10:24 . 2006-03-27 21:11   52304   ----a-w-   c:\documents and settings\simonp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
                    2009-08-01 00:56 . 2009-08-01 00:56   --------   d-----w-   c:\program files\MSBuild
                    2009-08-01 00:56 . 2009-08-01 00:56   --------   d-----w-   c:\program files\Reference Assemblies
                    2009-07-22 16:23 . 2009-07-22 16:23   74760   ----a-w-   c:\windows\system32\drivers\UniversalDD.sys
                    2009-07-22 16:23 . 2009-07-22 16:23   25608   ----a-w-   c:\windows\system32\drivers\AVGIDSErHr.sys
                    2009-07-17 18:55 . 2004-08-11 17:00   58880   ----a-w-   c:\windows\system32\atl.dll
                    2009-07-13 09:08 . 2004-08-11 17:00   286720   ----a-w-   c:\windows\system32\wmpdxm.dll
                    2009-06-29 16:12 . 2004-08-11 17:00   827392   ----a-w-   c:\windows\system32\wininet.dll
                    2009-06-29 16:12 . 2004-08-11 17:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
                    2009-06-29 16:12 . 2004-08-11 17:00   17408   ----a-w-   c:\windows\system32\corpol.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   95744   ----a-w-   c:\windows\system32\mqsec.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   661504   ----a-w-   c:\windows\system32\mqqm.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   517120   ----a-w-   c:\windows\system32\mqsnap.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   48640   ----a-w-   c:\windows\system32\mqupgrd.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   471552   ----a-w-   c:\windows\system32\mqutil.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   47104   ----a-w-   c:\windows\system32\mqdscli.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   225280   ----a-w-   c:\windows\system32\mqoa.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   186880   ----a-w-   c:\windows\system32\mqtrig.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   177152   ----a-w-   c:\windows\system32\mqrt.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   16896   ----a-w-   c:\windows\system32\mqise.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   138240   ----a-w-   c:\windows\system32\mqad.dll
                    2009-06-25 18:36 . 2004-08-11 17:00   123392   ----a-w-   c:\windows\system32\mqrtdep.dll
                    2008-05-20 14:55 . 2008-05-20 14:55   604   ---ha-w-   c:\program files\STLL Notifier
                    2008-03-14 15:28 . 2008-03-14 15:13   1941   ----a-w-   c:\program files\uninstal.log
                    2009-04-28 18:45 . 2006-10-06 00:41   88   --sh--r-   c:\windows\system32\107A2D91F8.sys
                    2009-01-09 13:54 . 2006-03-27 21:10   104   --sh--r-   c:\windows\system32\F8912D7A10.sys
                    2009-04-28 18:45 . 2006-03-27 21:10   6736   --sha-w-   c:\windows\system32\KGyGaAvL.sys
                    .

                    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    *Note* empty entries & legit default entries are not shown
                    REGEDIT4

                    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
                    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

                    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

                    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
                    2009-07-24 08:56   1062144   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

                    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

                    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
                    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

                    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
                    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
                    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
                    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
                    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
                    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "ShowLOMControl"="1 (0x1)" [X]
                    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
                    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
                    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
                    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-21 149280]
                    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
                    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]
                    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
                    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
                    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
                    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
                    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
                    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
                    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
                    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
                    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
                    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-13 155648]
                    "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
                    "4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
                    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
                    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
                    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-02 2007832]
                    "AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-07-22 1600008]
                    "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]

                    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
                    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

                    c:\documents and settings\All Users\Start Menu\Programs\Startup\
                    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
                    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-3-20 24576]

                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
                    2009-09-02 14:31   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
                    @="Service"

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                    "EnableFirewall"= 0 (0x0)

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                    "%windir%\\system32\\sessmgr.exe"=
                    "c:\\Program Files\\iTunes\\iTunes.exe"=
                    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                    "c:\\Program Files\\Kontiki\\KService.exe"=
                    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
                    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
                    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
                    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
                    "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
                    "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
                    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
                    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
                    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
                    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

                    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

                    R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [22/07/2009 17:23 25608]
                    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [02/09/2009 15:31 12552]
                    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/09/2009 15:31 335240]
                    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/09/2009 15:31 108552]
                    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/09/2009 15:30 908056]
                    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/09/2009 15:30 297752]
                    R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [02/09/2009 15:30 1370488]
                    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [22/07/2009 17:23 5641736]
                    R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [22/07/2009 17:23 571912]
                    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28/10/2008 16:42 156968]
                    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
                    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [02/09/2009 15:29 29208]
                    R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [22/07/2009 17:23 121352]
                    R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [22/07/2009 17:23 30216]
                    R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [22/07/2009 17:23 27232]
                    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [27/03/2006 18:27 33792]
                    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [02/09/2009 15:29 29208]
                    S3 ffPro26IO_1394;ffPro26IO_1394;c:\windows\system32\drivers\ffPro26IO_1394.sys [10/04/2008 15:48 116736]
                    S3 ffPro26IO_avs;ffPro26IO_avs;c:\windows\system32\drivers\ffPro26IO_avs.sys [10/04/2008 15:48 44544]
                    S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [27/03/2006 18:27 16896]
                    S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [28/03/2006 09:29 13504]
                    S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [23/04/2009 11:50 131968]
                    S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [30/07/2004 12:02 18304]
                    S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [23/04/2009 11:50 39168]
                    S3 USBKT1X1;M-Audio USB Keystation;c:\windows\system32\drivers\usbkt1x1.sys [28/03/2006 09:29 22304]
                    .
                    Contents of the 'Scheduled Tasks' folder

                    2009-09-21 c:\windows\Tasks\Google Software Updater.job
                    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-06 22:28]

                    2009-09-21 c:\windows\Tasks\MP Scheduled Scan.job
                    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

                    2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{74E648E9-0735-49EE-BE00-E2FDFD544E18}.job
                    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

                    2009-09-21 c:\windows\Tasks\WGASetup.job
                    - c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 22:18]
                    .
                    .
                    ------- Supplementary Scan -------
                    .
                    uStart Page = hxxp://www.google.co.uk/
                    uInternet Connection Wizard,ShellNext = hxxp://www.hackerwatch.org/probe/?lips=c0a80067
                    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
                    Trusted Zone: internet
                    Trusted Zone: mcafee.com
                    FF - ProfilePath - c:\documents and settings\simonp\Application Data\Mozilla\Firefox\Profiles\an2kcd0c.default\
                    FF - prefs.js: browser.search.selectedEngine - Google.co.uk
                    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
                    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
                    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
                    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
                    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
                    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
                    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
                    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
                    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

                    ---- FIREFOX POLICIES ----
                    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
                    .
                    - - - - ORPHANS REMOVED - - - -

                    AddRemove-Anarchy Effects VST v1.3 - c:\progra~1\STEINB~1\VSTPLU~1\ANARCH~2\UNWISE.EXE
                    AddRemove-Anarchy Rhythms VST v1.0 - c:\progra~1\STEINB~1\VSTPLU~1\ANARCH~1\UNWISE.EXE
                    AddRemove-HijackThis - c:\program files\Inncognito\Incog\HijackThis.exe
                    AddRemove-Native Instruments Absynth v3.0.2 - c:\progra~1\ABSYNT~1\UNWISE.EXE
                    AddRemove-Ohmforce Hematohm VST v1.20 - c:\progra~1\STEINB~1\VSTPLU~1\Hematohm\UNWISE.EXE
                    AddRemove-Ohmforce Mobilohm VST v1.04 - c:\progra~1\STEINB~1\VSTPLU~1\Ohmforce\Mobilohm\UNWISE.EXE
                    AddRemove-Ohmforce OhmBoyz VST v1.40 - c:\progra~1\STEINB~1\VSTPLU~1\OhmBoyz\UNWISE.EXE
                    AddRemove-Ohmforce Predatohm VST v1.30 - c:\progra~1\STEINB~1\VSTPLU~1\PREDAT~1\UNWISE.EXE
                    AddRemove-Ohmforce Quad Frohmage Pro VST v1.10 - c:\progra~1\STEINB~1\VSTPLU~1\OHMFOR~1\QUADFR~1\UNWISE.EXE
                    AddRemove-Prosoniq Morph VST v1.0 - c:\progra~1\STEINB~1\VSTPLU~1\PROSON~1\UNWISE.EXE
                    AddRemove-Warp VST V1.0 - c:\progra~1\STEINB~1\VSTPLU~1\WARPVS~1.0\UNWISE.EXE



                    **************************************************************************

                    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                    Rootkit scan 2009-09-21 15:52
                    Windows 5.1.2600 Service Pack 2 NTFS

                    scanning hidden processes ... 

                    scanning hidden autostart entries ...

                    scanning hidden files ... 


                    c:\windows\TEMP\TMP000000294AF21BCF2303176A 524288 bytes

                    scan completed successfully
                    hidden files: 1

                    **************************************************************************
                    .
                    --------------------- LOCKED REGISTRY KEYS ---------------------

                    [HKEY_USERS\S-1-5-21-770456451-3562159303-2418692189-1005\Software\Microsoft\SystemCertificates\AddressBook*]
                    @Allowed: (Read) (RestrictedCode)
                    @Allowed: (Read) (RestrictedCode)

                    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1727FC36-5D3D-4896-9DEE-AFE8A6A530BF}\Version*Version]
                    "Version"=hex:ac,6b,4e,f9,2e,07,46,fc,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,
                       30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,\
                    .
                    --------------------- DLLs Loaded Under Running Processes ---------------------

                    - - - - - - - > 'explorer.exe'(328)
                    c:\windows\system32\WININET.dll
                    c:\windows\system32\ieframe.dll
                    .
                    ------------------------ Other Running Processes ------------------------
                    .
                    c:\program files\Intel\Wireless\Bin\EvtEng.exe
                    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
                    c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
                    c:\program files\Java\jre6\bin\jqs.exe
                    c:\progra~1\AVG\AVG8\avgam.exe
                    c:\program files\AVG\AVG8\avgrsx.exe
                    c:\progra~1\AVG\AVG8\avgnsx.exe
                    c:\program files\AVG\AVG8\avgcsrvx.exe
                    c:\program files\Kontiki\KService.exe
                    c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
                    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
                    c:\windows\system32\wdfmgr.exe
                    c:\program files\AVG\AVG8\avgcsrvx.exe
                    c:\windows\system32\igfxsrvc.exe
                    c:\windows\system32\wscntfy.exe
                    c:\program files\iPod\bin\iPodService.exe
                    c:\program files\AVG\AVG8\avgtray.exe
                    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
                    c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe
                    c:\progra~1\MICROS~3\rapimgr.exe
                    c:\program files\Skype\Plugin Manager\skypePM.exe
                    .
                    **************************************************************************
                    .
                    Completion time: 2009-09-21 16:00 - machine was rebooted
                    ComboFix-quarantined-files.txt  2009-09-21 15:00

                    Pre-Run: 20,419,534,848 bytes free
                    Post-Run: 20,494,442,496 bytes free

                    309   --- E O F ---   2009-08-18 09:29

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Calm like a bomb
                    • Thanked: 488
                    • Experience: Familiar
                    • OS: Windows 10
                    Re: Windows Antivirus Pro manual removal in safe mode
                    « Reply #11 on: September 21, 2009, 09:19:12 AM »
                    * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
                    * Now type Combo-Fix /u in the runbox
                    * Make sure there's a space between Combo-Fix and /u
                    * Then hit Enter

                    * The above procedure will:
                    * Delete the following:
                    * ComboFix and its associated files and folders.
                    * Reset the clock settings.
                    * Hide file extensions, if required.
                    * Hide System/Hidden files, if required.
                    * Set a new, clean Restore Point.

                    ----------

                    Clean out your temporary internet files and temp files.

                    Download TFC by OldTimer to your desktop.

                    Double-click TFC.exe to run it.

                    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                    TFC will close all programs when run, so make sure you have saved all your work before you begin.

                    * Click the Start button to begin the cleaning process.
                    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                    * Please let TFC run uninterrupted until it is finished.

                    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

                    ----------

                    Use the Kaspersky Lab Online Scanner

                    In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

                    • Click on SCAN NOW
                    • Click Accept.
                    • The program will then begin downloading the latest definition files.
                    • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
                    • The scan will take a while, so be patient and let it finish.
                    When the scan is done, in the Scan is complete window, any infection is displayed.
                    There is no option to clean/disinfect, however, we need to analyze the information on the report.

                    To obtain the report:
                    Click on: Save Report As
                    • Next, in the Save as prompt, Save in area, select: Desktop.
                    • In the File name area use KScan, or something similar.
                    • In Save as type: click the drop arrow and select: Text file [*.txt]
                    • Then, click: Save


                    Copy and paste the Kaspersky Online Scanner Report in your next reply.

                    Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

                    If needed, this animation will guide you through the process.

                    garddfon

                      Topic Starter


                      Rookie

                      Re: Windows Antivirus Pro manual removal in safe mode
                      « Reply #12 on: September 22, 2009, 03:05:24 AM »
                      Hello again,

                      Thanks for those instructions.

                      1. I get the following error when I try to remove Combo-Fix: "Windows cannot find 'Combo-Fix' Make sure you typed the name correctly, and then try again." The file is called 'Combo-Fix.exe' and located on the Desktop as per the instructions.

                      2. Done.

                      3. I've been offline up until now and my AVG firewall is currently blocking everything; I'm not sure how to safely configure AVG to go online to use the Kaspersky tool.

                      Many thanks.

                      Garddfon

                      evilfantasy

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Calm like a bomb
                      • Thanked: 488
                      • Experience: Familiar
                      • OS: Windows 10
                      Re: Windows Antivirus Pro manual removal in safe mode
                      « Reply #13 on: September 22, 2009, 08:32:56 AM »
                      You will need to manually delete the Combo-Fix files.

                      Delete ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt

                      Is AVG a trial or paid version?

                      You can try to create a rule in the AVG Firewall.  To do this you will need to open the AVG Control Center, Right click on the Firewall, and then left click on Configure.

                      garddfon

                        Topic Starter


                        Rookie

                        Re: Windows Antivirus Pro manual removal in safe mode
                        « Reply #14 on: September 22, 2009, 09:18:17 AM »
                        OK thanks.

                        At the moment I've got AVG Internet Security Suite 8.5 on trial 'til 2/10/09. I have run the Firewall Configuration Wizard, which creates a new Profile (standalone computer in my case). I can see from the profile settings that my defined adapters and networks are all classified as unsafe but I'm not sure what configurations settings I actually need and not convinced that changing the definitions to 'safe' is the right thing to do... 

                        Really appreciate your help.

                        Garddfon