How to Remove Personal Antivirus [Delete Guide]

Thankyou soooo much Geek Police. You rock. I cant beleive that there is actually a bunch of computer experts out here in cyberspace helping people like us for free. You guys are amazing.

Thanks, by following your instructions, I was able to get rid of the "personal anitvirus" message that kept popping up every 30 seconds

Thank you!! This worked! I had to download the removal program on my other computer and then save it to my infected computer...but in half an hour the virus was gone and for free. This is the real deal, no scam here.

Hi, i have installed malware bytes along with tons of others. Malware bytes got rid of it personal anti spyware the first time but it keeps coming back. Any advice?

I have a program on my computer called persoal virus removal can`t get it off.I did not put this on, it is saving my system is infected. what can I do?

Hello,
I have had no luck with removing Personal Anti virus using the methods discussed on this board.
I have tried running combofix, here are the results:

ComboFix 09-07-14.08 - vpnerry-newburn 07/16/2009 20:33.1.2 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.1918.965 [GMT -5:00]
Running from: c:\users\vpnerry-newburn\Downloads\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton 360 *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1351270306-1498828423-4002604896-500
c:\$recycle.bin\S-1-5-21-1591949361-2229242592-308272366-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\windows\system32\AutoRun.inf
c:\windows\system32\file.exe.tmp

The rest of the combo fix file

((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.
2009-07-17 01:06 . 2009-07-17 01:06 -------- d-----r- c:\program files\Norton Support
2009-07-17 00:41 . 2009-06-28 08:03 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090715.067\NAVENG32.DLL
2009-07-17 00:41 . 2009-06-28 08:03 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090715.067\NAVEX32A.DLL
2009-07-17 00:41 . 2009-06-28 08:03 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090715.067\EECTRL.SYS
2009-07-17 00:41 . 2009-06-28 08:03 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090715.067\ECMSVR32.DLL
2009-07-17 00:41 . 2009-06-28 08:03 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090715.067\ERASER.SYS
2009-07-17 00:41 . 2009-06-28 08:03 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090715.067\CCERASER.DLL
2009-07-17 00:41 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\Scxpx86.dll
2009-07-17 00:41 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys
2009-07-17 00:41 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys
2009-07-17 00:41 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSxpx86.dll
2009-07-17 00:41 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSviA64.sys
2009-07-17 00:32 . 2009-07-17 00:32 -------- d-----w- c:\program files\test
2009-07-15 08:00 . 2009-07-15 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090715.067\NAVENG.SYS
2009-07-15 08:00 . 2009-07-15 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090715.067\NAVEX15.SYS
2009-07-12 00:06 . 2009-07-12 00:06 -------- d-----w- c:\users\vpnerry-newburn\AppData\Roaming\Malwarebytes
2009-07-12 00:05 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 00:05 . 2009-07-14 23:34 -------- d-----w- c:\program files\Test2
2009-07-12 00:05 . 2009-07-12 00:05 -------- d-----w- c:\programdata\Malwarebytes
2009-07-12 00:05 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-11 00:27 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\Scxpx86.dll
2009-07-11 00:27 . 2009-03-12 23:24 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSviA64.sys
2009-07-11 00:27 . 2009-03-12 23:24 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSvix86.sys
2009-07-11 00:27 . 2009-03-12 23:24 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys
2009-07-11 00:27 . 2009-03-12 23:24 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSxpx86.dll
2009-06-28 10:51 . 2009-06-28 23:11 -------- d-----w- C:\4f99a44daa7285366316d687d4b90c5b
2009-06-27 14:03 . 2009-06-27 14:03 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-26 08:00 . 2009-06-26 08:00 -------- d-----w- c:\windows\CheckSur
2009-06-22 18:16 . 2009-06-25 01:15 -------- d-----w- C:\42dbf6832a6070a5398a55
2009-06-22 00:01 . 2009-06-22 00:01 -------- d-----w- c:\program files\Common Files\Uninstall
2009-06-22 00:01 . 2009-06-22 00:01 -------- d-----w- c:\program files\PersonalAV
.

Here's the rest of the combo fix test file:

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 00:19 . 2008-02-11 04:26 92184 ----a-w- c:\users\vpnerry-newburn\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-29 01:21 . 2008-03-01 14:59 1356 ----a-w- c:\users\vpnerry-newburn\AppData\Local\d3d9caps.dat
2009-06-28 23:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-28 23:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-28 23:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-28 21:05 . 2007-12-08 08:10 -------- d-----w- c:\programdata\NVIDIA
2009-06-25 01:15 . 2009-03-17 00:37 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-25 01:15 . 2007-12-08 08:27 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 16:27 . 2009-03-19 13:41 1460 ----a-w- c:\users\vpnerry-newburn\AppData\Roaming\wklnhst.dat
2009-06-09 21:55 . 2009-06-09 21:55 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2CEB.tmp.exe
2009-05-28 01:22 . 2009-05-28 01:20 116839 ----a-w- c:\windows\hpqins00.dat
2009-05-16 22:38 . 2009-05-16 22:38 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-09 05:50 . 2009-06-09 22:01 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-09 22:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-30 12:52 . 2009-06-15 01:19 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:44 . 2009-06-15 01:19 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-04-30 12:42 . 2009-06-15 01:19 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 13:01 . 2009-06-09 22:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:56 . 2009-06-09 22:01 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 21:29 . 2009-04-22 21:29 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-21 12:04 . 2009-06-09 22:01 2028032 ----a-w- c:\windows\system32\win32k.sys
2007-12-08 07:32 . 2007-12-08 07:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
2009-04-13 16:12 3962184 ----a-w- c:\users\vpnerry-newburn\AppData\LocalLow\CyberDefender\cdmyidd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\vpnerry-newburn\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-04-13 3962184]
[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\vpnerry-newburn\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-04-13 3962184]
[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-02-19 1232896]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-04 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-08 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HostManager"="c:\program files\Common Files\AOL\1204384318\ee\AOLSoftware.exe" [2006-09-26 50736]
"InstallAol"="c:\program files\Online Services\Aolus\InstallAol.exe" [2007-08-13 181584]
"2Wire Wireless Manager"="c:\program files\2Wire Wireless Manager\2Wire.exe" [2007-10-01 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E5D4823-E659-42DC-ADD5-E484A6AC24FA}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{335AF392-29D2-474E-8415-964FD6098196}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{113157BF-D55B-4460-9D79-F7F5D8CF89FE}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0A5EBDFC-29CB-411B-B72B-F7D65ED71374}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BFC26CD8-06FA-4A52-8EFE-0A1A7CABAAFB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8DB691A0-F295-49E8-842B-A83600445513}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D31192F1-533A-44D4-98F7-2D34386C9DC9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{061D000B-428A-4090-8298-8C5301752BA1}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{F4827E72-E3AE-47ED-AFF1-3CEF8AC86857}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{3CBB6115-60BA-4FBD-823A-243A834780D0}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{E4CC4BD8-7D7D-411E-90DE-5AB9401BFFDB}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{6F3C7E99-69FB-4631-B50C-C41CA11DAE10}"= UDP:c:\program files\Common Files\aol\1204384318\ee\aolsoftware.exe:AOL Shared Components
"{51A808ED-10B9-49DE-B4B7-040B202E0F0D}"= TCP:c:\program files\Common Files\aol\1204384318\ee\aolsoftware.exe:AOL Shared Components
"{12122EEA-031C-4FD7-A221-6DC6B29371CE}"= UDP:c:\program files\Online Services\Aolus\AOLSETUP.EXE:AOL
"{57DBB9CC-7533-4782-BD4D-ADF8F05954A9}"= TCP:c:\program files\Online Services\Aolus\AOLSETUP.EXE:AOL
"{9A292DEC-D341-417C-A46B-9BCE019724D6}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{B882CB69-5CE9-4EA5-A9E7-8C0CF574F029}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{5E3D62A3-47E6-4AF5-8093-0088355C52DF}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{DDAF9BB1-FA19-41E1-8E66-569CD77F49E2}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{58CE86CB-7594-4CDB-B06D-555FBEBDA2B1}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{806A76AB-7DE9-46EF-AD7B-9FA286092277}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{490D2DC3-5C5D-40A0-9DF4-801CC98665FD}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{1443B3BB-9F0E-452A-A379-432EBC0B3BFB}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{2028591D-1713-4E81-8857-00300C5A28BB}"= UDP:c:\program files\AOL 9.0a\waol.exe:AOL
"{375BD338-B7BC-4D42-B896-C5B93E3EF7F0}"= TCP:c:\program files\AOL 9.0a\waol.exe:AOL
"{3F0A3FDD-4677-440F-99CD-E08CFBC90E42}"= UDP:c:\program files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{032B39FD-7A0F-4CB6-AF5C-9A83288745D3}"= TCP:c:\program files\TurboTax\Deluxe 2006\32bit\ttax.exe:TurboTax
"{9475898D-9393-469C-A056-864B22CDD379}"= UDP:c:\program files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{B306443D-CEEF-4E96-B904-3A6267BB9A7B}"= TCP:c:\program files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{A7D580EA-6184-450A-B8E8-3FCB4B2A5EE0}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{0AEC26F2-7320-4304-8F78-F35A9B30D5D7}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{B817B331-DA71-4C8B-A597-B01742672B0B}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{EA4C382F-A7B5-41DF-8871-4424CD9E8F75}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{194C8B41-20D6-462C-A712-8EEE90C74289}"= UDP:c:\program files\AOL 9.0b\waol.exe:AOL
"{C2C67F20-4BE2-46F1-AD59-C96A24CD4962}"= TCP:c:\program files\AOL 9.0b\waol.exe:AOL
"{282D4CFC-62E1-43B2-96B8-DFA671651936}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{68EDB24F-99FB-47F1-BBBA-01B429E5C527}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.087\SymEFA.sys [4/22/2009 4:29 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.087\BHDrvx86.sys [4/22/2009 4:29 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.087\cchpx86.sys [4/22/2009 4:29 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys [7/16/2009 7:41 PM 293424]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [4/22/2009 4:29 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/28/2009 3:03 AM 101936]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [12/8/2007 2:42 AM 464384]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.087\symndisv.sys [4/22/2009 4:29 PM 39984]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [1/22/2009 4:06 PM 857600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-02-27 19:07]
2009-07-01 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2009-04-22 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
2009-07-17 c:\windows\Tasks\PersonalAV.job
- c:\program files\PersonalAV\pav.exe [2009-06-22 00:01]
2009-07-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
2009-02-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{DAD83E96-82A7-4F9F-8F8D-5FECD111A0C1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-27 11:31]
.

Here's the rest of the combo fix file:

.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 20:38
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\users\VPNERR~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-17 20:41
ComboFix-quarantined-files.txt 2009-07-17 01:41
Pre-Run: 454,804,209,664 bytes free
Post-Run: 454,729,261,056 bytes free
260 --- E O F --- 2009-06-26 08:38

YOU GUYS ROCK!!!!
THANK YOU MY PC IS ALL FIXED BECAUSE OF YOU!!!!
I WILL SPEAD THE WORD ABOUT THIS SITE!!!!
**** Personal Antivirus Victum, Fixed my GeekPolice****
Happy in Michigan

Thanks so much for helping me get rid of this virus. Thanks also to the person who said they had to download the malware program onto a CD and then load it on their computer. I had to do the same thing as the virus was not letting me get to any sites that would potentially get rid of it.

Just a question regarding this 'Personal Antivirus' removal - I'll download the recommended fix but I would like to know why my McAfee AV program didn't catch this and can't remove it.

Hello bh77,

Malware writers specifically wrote the malware code to bypass top antivirus softwares.

It's also difficult to develop an antivirus to detect the signature or behaviour of a virus which no one will see until after it has begun its infection.

kspeaker@charter.net wrote:

Thanks so much for helping me get rid of this virus. Thanks also to the person who said they had to download the malware program onto a CD and then load it on their computer. I had to do the same thing as the virus was not letting me get to any sites that would potentially get rid of it.

Hello,
I had to do the same thing. I downloaded it to my laptop to a CD then loaded into my desktop. Inferno I could just kiss you. I've been trying all day to find out how to get rid of this junk without having to pay "Spyware Doctor" to do it for me. I think they're in on the scam too.
Thanks
Ingr2

ok i don't know what's going on but i can't download the malware. i tried once before and it downloaded but then i couldn't open it and now every time i click the link and press download it says error. i really need help getting this personal antivirus off because i do my work on my laptop and i can't afford to lose my things can any one help me?

How do I do this for my laptop from my main PC?

Using the malwarebytes anti-malware really worked. At first, I didn't know how to get in on the computer since the Personal Anti-virus program was stopping it, but I copied from another PC and loaded it that way and did the updates and I could hardly believe that it worked. The computer repair store wanted $130 to do the same thing. Thank you very much.
Daniel

All,
Thank you very much!!! This was so easy to use and I appreciate being able to use my browser again!!!

I downloaded the Malwarebytes and did do the scans and clicked the remove button. But the Personal Antivirus is still here! What should I do???

THANK YOU FOR YOUR HELP WITH THIS!!!!!!!!!!!!!!!

holly_jocky wrote:

I downloaded the Malwarebytes and did do the scans and clicked the remove button. But the Personal Antivirus is still here! What should I do???

Hello,

Please open a new topic regarding your problem here: http://www.geekpolice.net/virus-spyware-malware-removal-f11/

be sure to update after downloading.
first time running, didn't find pav, then after updating, it found and removed it.
restarted after removing malware and checked for updates, again.
there was another update already!

thank you. I got rid of this Personal Antivirus thing. Your instructions were clear. Thanks so much. Is it not possible to report these people to the police? It's a serious crime. It is like somebody has just come to your house and dumped a whole lot of garbage on your lawn and parked themselves there and then asked you to pay them to remove it ... the cyber version.

You guys are great, this info solved the problem. keep up the good work.

Good thing I handled this before my dad started buying things.
(He thinks he knows everything there is to know about viruses and such.)
Thankyou.

I just want to thank you so much. I don't know how the darn thing got on my computer and it even disabled my antivirus program but it is gone now for good. Thank you so much.

I followed instructions on how to remove personal antivirus with malware bytes but how do i know it works

If Personal Antivirus doesn't pop up anymore than it's been removed.

I'll admit that I was concerned that, by downloading this software, I was just inviting another virus onto my computer. I decided the risk was worth it because the Personal Antivirus program was just that annoying. I had to boot my computer in Safe Mode With Networking to be able to download geekpolice's software, but it worked like a charm. Very fast scan and resolution and the malware has been completely removed. So I highly recommend using this software if you're plagued with the Personal Antivirus malware.

Thank you soooooo much, I have successfully deleted Personal AV from my computer.
I downloaded the Malwarebytes Anti Malware file as you suggested ......... did a complete scan with it............. all was removed instantly.

Bronii

does help come through email only?

dmitch wrote:

does help come through email only?

We do not provide support via e-mail. Only through the forums.

Your instruction to download Malwarebytes' Anti Malware worked like a charm! It took me less than 6 minutes to remove it with your instructions. Thank you, thank you for saving my sanity, I'm not sure how much longer I could have continued with those crazy popups.

Excellent work Geekpolice!!!!!!

good info

Last edited by pesto126 on 3rd August 2009, 12:10 pm; edited 1 time in total (Reason for editing : posted new topic)

Thank you so much. Was very helpful. Saved me so much time.

Been trying to get rid of Personal Antivirus for most of the morning, without much luck. Tried downloading most anti-spyware programs including Malwarebytes Anti-Malware but the programs won't scan because I think the Personal Antivirus spyware is stopping .exe files from opening. Have tried changing the names to suffixes like .bat or .com but no luck. Did a very quick scan with McAffee which didn't appear to do much However, in the past few minutes, the icons to Personal Antivirus have disappeared, no pop ups are coming up and the internet appears to be running relatively smoothly. The only thing that remains is when I load the internet and type in something with the word 'spyware' in it, if i click on the relevant link, it takes me to a completely different page.
Have I got rid of it then? Any advice?
Cheers

Hello,

Please open a new topic regarding your problem here: http://www.geekpolice.net/virus-spyware-malware-removal-f11/

Thank you so much! PA was so annoying and this just worked like magic! And thanks "Kinkyafro" for the advise!

Wow! I have spent three days trying to get that infernal Personal AV off my computer. Suddenly I thought of looking it up on the internet and this is where I found myself. I followed the directions and the Malware installed as you said. THANKS SO MUCH! Something finallly worked!

Janetlu

a big thank u this has worked and im know back online with no viruses cheers your a life saver

how do you get rid of this random thing on a laptop???????????????PLZ HELP

This virus was bugging the hell out of me for a long time until you came up.
Much thanks! Keep up the good work!

Thanks for the great and easy-to-follow instructions!

My dad recently accidentally downloaded PAV on his computer and I found Geek Police via a Google search. The instructions provided on how to remove PAV from my dad's computer worked just fine.

I started with a Quick Scan, which didn't take very long to do, but then decided after rebooting that I better do a Complete Scan. Be warned the Complete Scan can take around 2 hours or so, but it gets rid of a lot of crapware from the computer.

Interesting to note is my dad paid BIG money for Norton 360 and it NEVER located the PAV malware! I had to download a FREE program to get rid of PAV. Shame on Norton!

a big thank you for the info you shared re: how to delete the personal antivirus..it has brought me wrinkles for a while as i didn't have a clue on how to get rid of it.... job well done! great! hopefully it'll not invade my pc's system again..

Thank you so much for your help!!!! I followed the procedures and HURRAY! It's gone!

thanks,

Freelock1

Having spent ages working out what Personal Antivirus was and trying to remove it you finally came along and helped so I can go to bed!!! thanks, you are stars!!!
x

I'm really worried, an hour ago or so this personal antivirus thing got onto my computer, it was telling me that a bunch of viruses were going to destroy my computer, while i had a second antivirus software telling me that nothing was wrong. I figured that if i were to delete it, things would be alright, but when i deleted it the window was still there and i couldn't close it.
However, i could no longer find the file in my computer, so i figured that if i were to shut down my computer, when i rebooted it the window would be gone and everything would be okay. Instead, my computer will no longer turn on. When ever i try to turn it on it just makes a lot of whirring noises and the screen stays black. I'm really world as this computer is only about three months old, and still brand new. I would hate to lose it so soon.

:Clapping:
this has been so helpful thanks alot you have given me peace of mind
as i nearly ended up just trashing my computer :smile2:
:Clapping:

Thank you so much after trying for days to remove Personal Antivirus I followed your instructions and within minutes it was gone. I highly recommend this method. Thank you Thank you Thank you.

It worked first time for free.

So I purchased it afterwards for their good job.