Winantivirus PRO 2005 Pop up (Help)

Hydra · September 15, 2005

Winantivirus PRO 2005 Pop up keeps coming up on my computer even when I am not connected to the internet. I know this is spyware but I've used Ad-Aware, Spy Bot S&D & various other scanners, but no success in removing it yet.

Could someone please explain how to remove this annoying spyware completely from my computer?

Cheerz

Chris · September 15, 2005

Try going into Add/Remove programs, and uninstalling it. Most official adware has this function now as it's against the law to not allow you to uninstall it.

Mercifull · September 15, 2005

HijackThis log?

Hydra · September 16, 2005

Doesn't show up in add/remove program list.

I don't really know much about computers so could guide me through that hijack this log?

Cheerz

Mercifull · September 16, 2005

Doesn't show up in add/remove program list.

I don't really know much about computers so could guide me through that hijack this log?

Cheerz

Sticky: FAQ - Index (Check here BEFORE posting a new Topic!!!)

Download HijackThis run the scan and post the content of the log file in this thread. I will tell you what to do next afterwards.

Hydra · September 16, 2005

Logfile of HijackThis v1.99.1

Scan saved at 11:07:56 PM, on 16/09/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\WINDOWS\Explorer[Caution: ExecutableFile]

C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

C:\Program Files\SwiftSwitch\SwiftSwitch[Caution: ExecutableFile]

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

c:\Program Files\Microsoft Money\System\urlmap[Caution: ExecutableFile]

C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.016\HijackThis[Caution: ExecutableFile]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au4.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au4.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=userinit[Caution: ExecutableFile]

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\font.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: ToolHelper - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\Toolbar.dll (file missing)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: ExecutableFile]

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: ExecutableFile] NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray[Caution: ExecutableFile]

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd[Caution: ExecutableFile]

O4 - HKLM\..\Run: [s3TRAY2] S3tray2[Caution: ExecutableFile]

O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE[Caution: ExecutableFile] /AUTORUN

O4 - HKLM\..\Run: [bigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable[Caution: ExecutableFile]" /r

O4 - HKLM\..\Run: [bigPond] "D:\5100[Caution: ExecutableFile]" -r

O4 - HKLM\..\Run: [ff] tkf[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Media service] notpad[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Microsoft Update] sys[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates[Caution: ExecutableFile] /auto

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32[Caution: ExecutableFile]

O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2[Caution: ExecutableFile] /AUTOSTART

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert[Caution: ExecutableFile] -boot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

O4 - HKLM\..\RunServices: [ff] tkf[Caution: ExecutableFile]

O4 - HKLM\..\RunServices: [Media service] notpad[Caution: ExecutableFile]

O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

O4 - HKLM\..\RunServices: [Microsoft Update] sys[Caution: ExecutableFile]

O4 - HKLM\..\RunServices: [Windeows NetStart Service2] tesmons[Caution: ExecutableFile]

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking[Caution: ExecutableFile]

O4 - HKCU\..\Run: [Microsoft Update] sys[Caution: ExecutableFile]

O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32[Caution: ExecutableFile]

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903[Caution: ExecutableFile]

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6307520390

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveap01.rightnowtech.com/6030-b ... a/RntX.cab

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

O20 - Winlogon Notify: font - C:\WINDOWS\system\font.dll

O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService[Caution: ExecutableFile]

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon[Caution: ExecutableFile]

Mercifull · September 16, 2005

Ok it might be worthwhile heading over to http://www.windowsupdate.com and downloading and patching your system. You are currently running an out-of-date copy og XP

Also you are running Switchshift which is an illegal third party application for Runescape. Do not listen to the claims that the creators of this about it being legal and approved by Jagex. It has never been formally approved and responses from Jagex CS regularly state that it is illegal and against the rules. It is also a bannable offence at tipit to post anything which proves that you are using this software. I doubt that the admins will ban you for this as you probably just missed the announcement but make a personal note to only use the official client in future.

Please run another scan and put tick boxes next to the following entries...