1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinAntiVirusPro..06 & Spywarequake - Help!

Discussion in 'Virus & Other Malware Removal' started by yadkin, Jul 12, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. yadkin

    yadkin Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    23
    Novice here, but what a great site! I've read a good deal on what's already been posted here and elsewhere. Long story made short. Roomate clicked on pop ups and downloaded nasty stuff. Norton doesn't seem to detect. I've never had virus problems so need some help to remove the Winantivirus. I think i've taken care of the spywarequake...Any help is appreciated. Here's the HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:29:33 PM, on 7/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper -

    {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CIEIntegrator Object -

    {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program

    Files\WinAntiVirus Pro 2006\winpgi.dll
    O2 - BHO: Yahoo! IE Services Button -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: PCTools Site Guard -

    {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

    C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: (no name) -

    {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} -

    C:\WINDOWS\system32\hp100.tmp (file missing)
    O2 - BHO: IEFW Object -

    {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program

    Files\WinAntiVirus Pro 2006\iefwbho.dll
    O2 - BHO: PCTools Browser Monitor -

    {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

    C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: CNavExtBho Class -

    {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus -

    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: (no name) -

    {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - (no file)
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroCheck]

    C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

    Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common

    Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program

    Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program

    Files\WinAntiVirus Pro 2006\WinAV.exe"
    O4 - HKLM\..\Run: [CompanionWizard] "C:\Program

    Files\Common Files\Companion Wizard\compwiz.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

    Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware

    Doctor\swdoctor.exe" /Q
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

    Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft

    Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk =

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk =

    C:\Program Files\America Online 9.0\aoltray.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary -

    file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

    Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

    Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Spyware Doctor -

    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

    C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Yahoo! Services -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com -

    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

    Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com -

    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

    Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Real.com -

    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

    (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/

    client/wuweb_site.cab?1121722006046
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

    (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: msnim -

    {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon -

    C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America

    Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec

    Corporation - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service

    (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. -

    C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

    Symantec Corporation - C:\Program Files\Norton

    AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec

    Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools

    Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

    Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service

    (WANMiniportService) - America Online, Inc. -

    C:\WINDOWS\wanmpsvc.exe
     
  2. yadkin

    yadkin Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    23
    What's the best way for me to go about eliminating these?
     
  3. yadkin

    yadkin Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    23
    Help!..start up is getting slower and slower along with IE
     
  4. yadkin

    yadkin Thread Starter

    Joined:
    Jul 12, 2006
    Messages:
    23
    I deleted some of the obvious problem files from my first HGT log, and used spybot to identify others, but I'm still getting the WindowsAntiVirus software add. Here's a recent HGT log and panda scan results following:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:42:43 PM, on 7/13/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Common Files\Companion Wizard\compwiz.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper -

    {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) -

    {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

    Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: CNavExtBho Class -

    {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus -

    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NeroCheck]

    C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

    Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common

    Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program

    Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

    C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [CompanionWizard] "C:\Program

    Files\Common Files\Companion Wizard\compwiz.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

    Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

    Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft

    Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk =

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk =

    C:\Program Files\America Online 9.0\aoltray.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary -

    file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

    Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

    Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com -

    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

    Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com -

    {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

    Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Real.com -

    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O10 - Unknown file in Winsock LSP: c:\program files\winantivirus

    pro 2006\mailscan.dll
    O12 - Plugin for .spop: C:\Program Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

    (Symantec AntiVirus scanner) -

    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.

    cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

    (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/

    client/wuweb_site.cab?1121722006046
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

    (Symantec RuFSI Utility Class) -

    http://security.symantec.com/sscv6/SharedContent/common/bin/ca

    bsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

    (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WgaLogon -

    C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America

    Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec

    Corporation - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service

    (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Firewall service (FWSvc) - Unknown owner -

    C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

    Symantec Corporation - C:\Program Files\Norton

    AntiVirus\navapsvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec

    Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

    Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec

    Corporation - C:\Program Files\Common Files\Symantec

    Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service

    (WANMiniportService) - America Online, Inc. -

    C:\WINDOWS\wanmpsvc.exe

    PANDA Active Scan results:


    Incident Status Location

    Adware:adware/xpasswordmanager Not disinfected c:\windows\system32\ld100.tmp
    Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ld577F.tmp
    Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\program files\WinAntiVirus Pro 2006
    Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\default\Application Data\winantiviruspro2006freeinstall[1].exe
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\default\Cookies\[email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\default\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\default\Cookies\[email protected][4].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\default\Cookies\[email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\default\Cookies\[email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\default\Desktop\smitRem\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\default\Desktop\smitRem.exe[smitRem/Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\default\Desktop\VundoFix.exe[process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\1HSIVBXP\smitRem[1].exe[smitRem/Process.exe]
    Adware:Adware/SecurityError Not disinfected C:\Program Files\ZipCodec\uninst.exe
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/482762

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice