[Solved] Fake antivirus "System" removal

swisstonyholmes · Mar 12, 2011

Broni,

I get the following error message when I try to run the installer if this helps,

C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\FR40LYZF\esetsmartinstaller_enu[1].exe is not a valid Win32 application.

Broni · Mar 12, 2011

Try this scan instead....

Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Free scan now button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View report.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

swisstonyholmes · Mar 12, 2011

Broni,

BitDefender failed to update its virus definitions although it is giving me the option to continue the scan anyway although the results will properly not be 100% accurate.

Do you want me to continue with the scan?

swisstonyholmes · Mar 12, 2011

Broni,

Just a side note I have disabled AVG real time protection although you did say in one of your earlier posts that AVG may interfere with other scans, could this be the case and should I remove it?

Broni · Mar 12, 2011

Do you have a different browser installed?
If so, try it.
If not, install Firefox: http://www.mozilla.com/en-US/firefox/ and try ESET, or BitDefender.

Broni · Mar 12, 2011

If I were you, I'd definitely get rid of AVG altogether.

swisstonyholmes · Mar 12, 2011

Broni,

BitDefender running scans now successfully on Firefox, I will keep you posted of the results.

Thanks.

swisstonyholmes · Mar 12, 2011

Broni,

Results of the scan are shown below.

QuickScan Beta 32-bit v0.9.9.77
-------------------------------
Scan date: Sun Mar 13 00:18:17 2011
Machine ID: 730AFEC6

No infection found.
-------------------

Processes
---------
(unsigned) B's Recorder GOLD8 256 C:\WINDOWS\system32\bgsvcgen.exe
(unsigned) CLCapSvc Module 388 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
(unsigned) CLSched Module 2616 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
(unsigned) Cyberlink Media Library Server 420 C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
(unsigned) FinePixViewer 2416 C:\Program Files\FinePixViewer\QuickDCF2.exe
(unsigned) Hewlett-Packard Company KBD EXE 1524 C:\hp\KBD\kbd.exe
(unsigned) hpsysdrv 3204 C:\WINDOWS\system\hpsysdrv.exe
(unsigned) InstallShield Update Service 804 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

(verified) hpwuSchd Application 1476 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(verified) Apple Mobile Device Service 224 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(verified) AVG IDS 1156 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(verified) AVG IDS 3020 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(verified) AVG Internet Security 2012 C:\Program Files\AVG\AVG10\avgcsrvx.exe
(verified) AVG Internet Security 3656 C:\Program Files\AVG\AVG10\avgemcx.exe
(verified) AVG Internet Security 2948 C:\Program Files\AVG\AVG10\avgnsx.exe
(verified) AVG Internet Security 2068 C:\Program Files\AVG\AVG10\avgtray.exe
(verified) AVG Internet Security 232 C:\Program Files\AVG\AVG10\avgwdsvc.exe
(verified) AVG Internet Security 852 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
(verified) AVG Internet Security 3144 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
(verified) Bonjour 276 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) Firefox 2588 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) iTunes 712 C:\Program Files\iPod\bin\iPodService.exe
(verified) iTunes 828 C:\Program Files\iTunes\iTunesHelper.exe
(verified) Java(TM) Platform SE 6 U24 672 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 1812 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft® Windows® Operating System 1440 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 2240 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3972 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 2256 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 968 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 956 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 640 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1716 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1268 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1636 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 184 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 516 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1356 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1180 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1448 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 908 C:\WINDOWS\system32\winlogon.exe
(verified) NVIDIA Driver Helper Service, Version 8 924 C:\WINDOWS\system32\nvsvc32.exe
(verified) Realtek HD Audio Sound Effect Manager 588 C:\WINDOWS\RTHDCPL.EXE
(verified) Registry Monitor 1580 C:\WINDOWS\PixArt\PAC207\Monitor.exe

Network activity
----------------
Process AVGIDSAgent.exe (1156) connected on port 80 (HTTP) --> 199.7.48.190
Process AVGIDSAgent.exe (1156) connected on port 80 (HTTP) --> 199.7.51.190
Process firefox.exe (2588) connected on port 80 (HTTP) --> 2.19.133.115
Process firefox.exe (2588) connected on port 80 (HTTP) --> 88.221.94.203
Process firefox.exe (2588) connected on port 80 (HTTP) --> 88.221.94.200
Process firefox.exe (2588) connected on port 80 (HTTP) --> 2.20.32.74
Process firefox.exe (2588) connected on port 80 (HTTP) --> 88.221.94.209
Process firefox.exe (2588) connected on port 80 (HTTP) --> 66.220.156.11
Process firefox.exe (2588) connected on port 80 (HTTP) --> 74.55.96.66
Process firefox.exe (2588) connected on port 80 (HTTP) --> 88.221.94.9
Process firefox.exe (2588) connected on port 80 (HTTP) --> 88.221.94.201
Process firefox.exe (2588) connected on port 80 (HTTP) --> 74.125.230.155
Process firefox.exe (2588) connected on port 80 (HTTP) --> 74.125.230.156
Process firefox.exe (2588) connected on port 80 (HTTP) --> 74.125.230.154
Process firefox.exe (2588) connected on port 80 (HTTP) --> 209.85.143.100

Process svchost.exe (1180) listens on ports: 135 (RPC)
Process svchost.exe (1448) listens on ports: 2869 (SSDP event notification, UPNP)

Autoruns and critical files
---------------------------
(unsigned) Hewlett-Packard Company KBD EXE C:\hp\KBD\kbd.exe
(unsigned) HPBootOp C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
(unsigned) InstallShield Update Service C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
(unsigned) nwiz.exe C:\WINDOWS\system32\nwiz.exe
(unsigned) QuickTime C:\Program Files\QuickTime\qttask.exe
(unsigned) Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE
(unsigned) Registry Shaver C:\Program Files\REGSHAVE\REGSHAVE.EXE

(verified) hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
(verified) AVG Internet Security C:\Program Files\AVG\AVG10\avgtray.exe
(verified) EPSON Status Monitor 3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
(verified) fasttraktype Dynamic Link Library C:\WINDOWS\system32\ftutil2.dll
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
(verified) Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
(verified) Registry Monitor C:\WINDOWS\PixArt\PAC207\Monitor.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
(unsigned) EPSON Web-To-Page c:\program files\epson\epson web-to-page\epson web-to-page.dll
(unsigned) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
(unsigned) Java(TM) Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
(unsigned) Symantec Shared Components C:\WINDOWS\Downloaded Program Files\symdlmgr.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) AVG Internet Security c:\program files\avg\avg10\avgssie.dll
(verified) bdoscandel.exe C:\WINDOWS\bdoscandel.exe
(verified) bdscanonline C:\WINDOWS\Downloaded Program Files\oscan82.ocx
(verified) BitDefender QuickScan C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\qejx0uh4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
(verified) GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll
(verified) Java(TM) Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 6 U24 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
(verified) Panda ActiveScan 2.0 C:\WINDOWS\Downloaded Program Files\as2stubie.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) Skype Toolbars c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Missing files
-------------
File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\WINDOWS\System32\hidserv.dll
--> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"

Scan
----
(unsigned) MD5: 308c9ddbd043903534514b097396e017 C:\hp\KBD\aol.dll
(unsigned) MD5: 261e5e3602941656a1442b255c936b9e C:\hp\KBD\cfg.dll
(unsigned) MD5: c81be1b951c36e97d3da90da745da5f7 C:\hp\KBD\kbd.exe
(unsigned) MD5: f68a3f0d63be926ed65ed1c8c5b03a3d C:\hp\KBD\led.dll
(unsigned) MD5: 205db5a0dd15df2657efd4b64d0cc4a3 C:\hp\KBD\msg.dll
(unsigned) MD5: 60db5561f7b646fa217e9ea6561e6705 C:\hp\KBD\msikbdif.dll
(unsigned) MD5: fb8bfcdf02173e59f8336c3eaece76e5 C:\hp\KBD\Onl.dll
(unsigned) MD5: 5f1ec8079dcc3acb3315966a9a7e2391 C:\hp\KBD\OSD.DLL
(unsigned) MD5: 2ae54f20144b2af570587a8478d02885 C:\hp\KBD\PS2.dll
(unsigned) MD5: 2f420c4dcffacf50f73cab6c27dda901 C:\hp\KBD\sct.dll
(unsigned) MD5: 996fc333026a68a66078a4ab6c9ea54c C:\hp\KBD\url.dll
(unsigned) MD5: f8c008da6f620e822394781c894a06db C:\hp\KBD\usb.dll
(unsigned) MD5: 9064d871ef0125b58cc58afc767f1e47 C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
(unsigned) MD5: 763dab43bdab27316dbf3373192823d7 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(unsigned) MD5: 1cfdcb99812c62e19c47896a5857d342 C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
(unsigned) MD5: ae8d7cb5cc33837a3b9e5cee61b0f7d0 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll
(unsigned) MD5: 15bbbedd7b17bf2b6b5ce84213992969 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
(unsigned) MD5: 98756f69ce437fae387225c85df6ef9b C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll
(unsigned) MD5: 79f04cf5877c2be0ba630d05a0bd0a14 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLMLClient.dll
(unsigned) MD5: 07a0617aecf017457d7358ef178fccbd C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
(unsigned) MD5: 039d4ce917beebb7038eb8ecdd90cc25 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll
(unsigned) MD5: 413004e6939c725f751889e70fddec05 C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll
(unsigned) MD5: 230f34eb9c919978c23e6939120db35c c:\program files\epson\epson web-to-page\epson web-to-page.dll
(unsigned) MD5: 398e8cb982f046eff1cf517cd4cc9f0f C:\Program Files\FinePixViewer\QuickDCF2.exe
(unsigned) MD5: e5f697b9626d3959bfd68f4b958971a9 C:\Program Files\FinePixViewer\wia_register_event.dll
(unsigned) MD5: a789b145f17fa5c2326907f4872fe173 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
(unsigned) MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: 45bda3d349da131faf7192c3c6124d3b C:\Program Files\Mozilla Firefox\freebl3.dll
(unsigned) MD5: 3d92a3102a75d75cf165bb2503db2d05 C:\Program Files\Mozilla Firefox\nssdbm3.dll
(unsigned) MD5: 9fc405765fabe03d708ddd2909e6fc70 C:\Program Files\Mozilla Firefox\softokn3.dll
(unsigned) MD5: 295f3f6856b4e75444039227d001b9cd C:\Program Files\QuickTime\QTSystem\QTCF.dll
(unsigned) MD5: e2177dfefe6dba82e13a66f1bcbce56b C:\Program Files\QuickTime\QTSystem\QuickTime.qts
(unsigned) MD5: 18bf2d5cb7e6a979b61a9ac0f05bff26 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
(unsigned) MD5: 43cf388dab66e46f5f2231ae8bb7089a C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
(unsigned) MD5: 8cbd57d84729debee1e83cb5fa3e3d7a C:\Program Files\QuickTime\qttask.exe
(unsigned) MD5: 552e9ca7b91120fb7d49cd5c10018dc3 C:\Program Files\REGSHAVE\REGSHAVE.EXE
(unsigned) MD5: fb9e5c251cf6c37749f296bacb34a69b C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
(unsigned) MD5: 6f88f1de97b7ba6e2be4dc29aeeacf0d C:\WINDOWS\Downloaded Program Files\isusweb.dll
(unsigned) MD5: 2c58372f36fa9ac9937a188fae31ec06 C:\WINDOWS\Downloaded Program Files\symdlmgr.dll
(unsigned) MD5: e1a1206a4fb19b675e947b29ccd25fba C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
(unsigned) MD5: f3eaea279f09a7779c18793c87640794 C:\WINDOWS\SMINST\RECGUARD.EXE
(unsigned) MD5: 9317118077072c08cd84597d2925249a C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
(unsigned) MD5: 71489fa2c4a238f178e30ae6e4449013 C:\WINDOWS\system32\bgsvcgen.exe
(unsigned) MD5: 0940030d5a5869067ccc03e3b0b8dec7 C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
(unsigned) MD5: 4c9577888c53243e2991456f510488a1 C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
(unsigned) MD5: 0457e25bb122b854e267cf552dcdc370 C:\WINDOWS\System32\Drivers\PxHelp20.sys
(unsigned) MD5: 306521935042fc0a6988d528643619b3 C:\WINDOWS\system32\drivers\STAROPEN.sys
(unsigned) MD5: 5ab61f434fc83cf87eff68a20e5f93e2 C:\WINDOWS\system32\framedyn.dll
(unsigned) MD5: ae0a7905c97ba30211c700c3e12dfd83 C:\WINDOWS\system32\nwiz.exe
(unsigned) MD5: 06a1ecb63df139ec639e084d4ab3c9d7 C:\WINDOWS\system\hpsysdrv.exe

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.05 MB sent, 1.28 KB recvd
Scanned 1075 files and modules - 81 seconds

==============================================================================

Broni · Mar 12, 2011

Did I tell you, I'm not a big fan of IE?

Broni · Mar 12, 2011

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

swisstonyholmes · Mar 12, 2011

Broni,

Not many people are, whats next?

Broni · Mar 12, 2011

We posted at the same time.
Look up

swisstonyholmes · Mar 12, 2011

Broni,

Good advice and I will let you know should I have any more problems thanks very much once again, its been a pleasure working with you

Tony.

Broni · Mar 12, 2011

Good luck and stay safe

Broni · Mar 12, 2011

Oh, make sure, you run all those last steps.

swisstonyholmes · Mar 12, 2011

Broni,

Will do cheers!

Broni · Mar 12, 2011

Cool beans

TechSpot

[Solved] Fake antivirus "System" removal

swisstonyholmes Newcomer, in training

Broni Malware Annihilator

swisstonyholmes Newcomer, in training

swisstonyholmes Newcomer, in training

Broni Malware Annihilator

Broni Malware Annihilator

swisstonyholmes Newcomer, in training

swisstonyholmes Newcomer, in training

Broni Malware Annihilator

Broni Malware Annihilator

swisstonyholmes Newcomer, in training

Broni Malware Annihilator

swisstonyholmes Newcomer, in training

Broni Malware Annihilator

Broni Malware Annihilator

swisstonyholmes Newcomer, in training

Broni Malware Annihilator