Results 1 to 2 of 2

Thread: System Care Antivirus Program

  1. #1
    Junior Member
    Join Date
    May 2006
    Posts
    13

    Default System Care Antivirus Program

    Hello.

    This program System Care Antivirus got installed today on my laptop. This is my 2nd thread since in 1st one didn't use the proper guideline so hers the correct one. :P

    DDS log:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
    Run by Uroš at 18:12:23 on 2013-04-30
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.386.1060.18.3582.2085 [GMT 2:00]
    .
    AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
    C:\Program Files\ASUS\ATK Hotkey\HControl.exe
    C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Windows\System32\ACEngSvr.exe
    C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
    C:\Program Files\ASUS\ATK Hotkey\WDC.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program files\P4G\BatteryLife.exe
    C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live - Pomoc pri vpisu: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [PlayNC Launcher] <no file>
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
    mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
    mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
    mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
    mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
    mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
    mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
    mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
    mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\WDDMStatus.lnk.disabled
    StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\WDSmartWare.lnk.disabled
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{DEAA2408-FAC9-45BC-9A93-7A4DE88E4EC8} : DHCPNameServer = 192.168.1.1
    LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-4 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-4 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-4 53328]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-4 138680]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-30 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-30 701512]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-4 1153368]
    R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\srs labs\srs premium sound\SRS_VolSync.exe [2009-4-7 70880]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-4 254040]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-4 352920]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-4-21 90112]
    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-30 22856]
    R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-8-20 233128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [2008-4-7 6656]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-04-30 10:55:10 -------- d-----w- c:\users\uroš\appdata\roaming\Malwarebytes
    2013-04-30 10:55:02 -------- d-----w- c:\programdata\Malwarebytes
    2013-04-30 10:55:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-04-30 10:55:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-04-30 10:00:31 -------- d-----w- c:\programdata\A04141CE3D1CCC560000A040A191D08B
    2013-04-17 11:54:52 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a2ca011-5321-4fd2-93bb-ad09755ea7dc}\mpengine.dll
    2013-04-10 12:07:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-04-10 12:07:24 64000 ----a-w- c:\windows\system32\smss.exe
    2013-04-10 12:07:24 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2013-04-10 12:07:24 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-04-10 12:07:22 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-10 12:07:20 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2013-04-10 12:07:19 376320 ----a-w- c:\windows\system32\winsrv.dll
    2013-04-10 12:06:29 2049024 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2013-04-30 12:13:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2013-03-15 13:50:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-15 13:50:11 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-15 13:50:10 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-13 17:01:12 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-13 17:01:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-11 23:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe
    2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2006-03-20 13:37:52 5689344 ----a-w- c:\program files\Media Player Clasic.exe
    .
    ============= FINISH: 18:12:58,15 ===============

    Cant't post the aswMBR log yet as it looks im having problems with it because it hangs during the scan.
    Also for information i used prematurely Malwarebyte earlier today and at the end it removed some infected files because i didnt follow proper guideline if you need the log for that let me know.
    Last edited by tashi; 2013-05-01 at 01:21. Reason: Merged two posts

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi Nadesico,

    If you still need help simply reply back.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •