Help please - can't remove Personal Antivirus and Mcafee won't update

Options
1235»

Comments

  • angus1
    angus1 Posts: 195 Forumite
    First Post
    Options
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-20 5674352]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
    "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-31 111376]
    Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-31 51984]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-23 00:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1184763857\\ee\\aolsoftware.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
    S1 aswSP;avast! Self Protection; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]

    --- Other Services/Drivers In Memory ---
    *Deregistered* - ATWPKT2
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44edf72e-ea0b-11dd-99a0-00038a000015}]
    \Shell\AutoRun\command - F:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44edf732-ea0b-11dd-99a0-00038a000015}]
    \Shell\AutoRun\command - F:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89df1c9f-dd0c-11dc-9896-00038a000015}]
    \Shell\AutoRun\command - F:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89df1ca3-dd0c-11dc-9896-00038a000015}]
    \Shell\AutoRun\command - F:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9f16ce0-4d39-11dd-98e2-00038a000015}]
    \Shell\AutoRun\command - F:\AutoRun.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9f16ce1-4d39-11dd-98e2-00038a000015}]
    \Shell\AutoRun\command - F:\AutoRun.exe
    .
    Contents of the 'Scheduled Tasks' folder
    2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-30 00:34]
    2009-05-04 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 07:20]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.facebook.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
    TCP: {193AD1D4-F7CF-4269-8916-C026ECFC39F5} = 205.188.146.145
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-03 13:33
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(612)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Completion time: 2009-05-04 13:35
    ComboFix-quarantined-files.txt 2009-05-04 01:35
    ComboFix2.txt 2009-05-03 03:39
    ComboFix3.txt 2009-05-03 01:37
    Pre-Run: 7,408,046,080 bytes free
    Post-Run: 7,539,261,440 bytes free
    244 --- E O F --- 2009-05-01 21:15
    (Angus is my dog, not me ...) ;)
  • angus1
    angus1 Posts: 195 Forumite
    First Post
    Options
    I did the malwarebyte scan after the combofix as you said and it came back with no suspicious items found.

    Does that mean we're nearly there? :D
    (Angus is my dog, not me ...) ;)
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    First Anniversary Combo Breaker
    Options
    Limewire is a downloading program (usually used to download copyrighted content such as chart music). But plenty of files have trojans etc in too so my advice is to remove it yes (Aside from the fact that if the police or whoever are taking note you could end up in court)

    And yes ~ id say your systems clean now :)

    These are not needed but the following 2 programs are good for a general cleanup (computer generally runs a little quicker after using them)

    Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
    http://www.filehippo.com/download_ccleaner/
    Run the CLEANER scan (UNTICK 'cookies')
    Then run the REGISTRY scan (Backup the registry when it asks)


    reboot

    Download GLARY UTILITIES (Make sure you click 'DOWNLOAD NOW' ~ UNTICK the ASK toolbar on installation)
    http://www.download.com/Glary-Utilities/3000-2094_4-10508531.html
    Run the ONE CLICK scan
    :idea:
  • angus1
    angus1 Posts: 195 Forumite
    First Post
    Options
    Hi alienrik, thank you so much for all your help and patience. Really appreciate the time you gave. :A

    I'll remove limewire and do as you suggest regarding keeping the computer clean.

    Should I also keep the superantispyware program and run that regularly?

    Thanks again
    (Angus is my dog, not me ...) ;)
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    First Anniversary Combo Breaker
    Options
    Id suggest AGAINT glary utilities actually as somones reported a problem with it just today

    Id suggest keeping Malwarebytes and Dupersntispyware
    :idea:
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 12 Election 2024: The MSE Leaders' Debate
  • 344K Banking & Borrowing
  • 250.3K Reduce Debt & Boost Income
  • 450.1K Spending & Discounts
  • 236.1K Work, Benefits & Business
  • 609.4K Mortgages, Homes & Bills
  • 173.5K Life & Family
  • 248.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards