1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: WinAntiVirusPro - pls help

Discussion in 'Virus & Other Malware Removal' started by mozzer65, Feb 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. mozzer65

    mozzer65 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    69
    i have a win xp home sp2 - all windows updated ok.
    but i continually have the WinAntiVirusPro keep popping up.
    below is a hjt log and the last avg scan completed.
    the machine did also have norton internet security on it - but this i have fully removed using the symntec removal tool.

    TIA


    Logfile of HijackThis v1.99.1
    Scan saved at 13:18:25, on 08/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com/
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 13:11:02 08/02/2007

    + Scan result:



    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062470.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062471.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062472.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062473.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062474.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062475.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062476.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062477.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062478.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062479.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062480.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062469.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP167\A0062742.DLL -> Proxy.Dlena.bz : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{847EFD80-7A7E-4349-AFA1-E4168C583A44}\RP164\A0062505.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).


    ::Report end
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Is Norton's Internet Security Suite still installed or active?

    Download WinPFind.exe to your desktop and double click on it open it and then select “extract” to extract the files. This will create a folder named WinPFind on your desktop.

    Start in Safe Mode Using the F8 method:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode menu item.
    • Press the Enter key.

    Double click on the WinPFind folder on your desktop to open it and then double click on the WinPFind.exe file to start the program.

    • Click “Configure scan options”
    • Under “Run AdOns” select the following:
      • Policies.def
      • Security.def
    • Click “apply”
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new Hijack This log.
     
  3. mozzer65

    mozzer65 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    69
    thx for your reply.. but in the meantime i have resolved this issue - by running a vundofix and hjt clean up. thanks anyway for your time.
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542260

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice