1. Lots of pop-ups when connecting to the internet via IE
2. A new error message on the startup having to do with not finding the .dll for rastmon (which makes me think I did something right in all of the steps to clean up the comp.)
3. Panda Scan couldn't disinfect the items it found.
Here are my logs:
1. Panda Scan:
Incident Status Location
Spyware:spyware/marketscore No disinfected C:\WINNT\SYSTEM32\rk.bin
Spyware:spyware/surfsidekick No disinfected C:\WINNT\SYSTEM32\sav2.exe
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\System Files
Adware:adware/elitebar No disinfected C:\Documents and Settings\WK12\Favorites\Casino & Carrers
Adware:adware/addestroyer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AdDestroyer
Adware:adware/virtualbouncer No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VBouncer
Spyware:spyware/betterinet No disinfected Windows Registry
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINNT\etb\xml\images\casino.bmp
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINNT\etb\xml\images\dating.bmp
Adware:Adware/Exact.BargainBuddyNo disinfected C:\WINNT\etb\xml\images\virus.bmp
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINNT\pf78.exe
Adware:Adware/Popper No disinfected C:\WINNT\system32\93_app13.exe
Adware:Adware/QoolShown No disinfected C:\WINNT\system32\installer216.exe
Adware:Adware/Pacimedia No disinfected C:\WINNT\system32\sav2.exe
Two Ewido Scans (two due to the fact that it updated in the middle of my scan)
1:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:53:55 AM, 11/7/2005
+ Report-Checksum: 1DAEB3D7
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
[1624] C:\WINNT\system32\rastmon.dll -> Spyware.SafeSurfing : Error during cleaning
C:\Documents and Settings\WK12\Cookies\wk12@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\WK12\Cookies\wk12@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\WK12\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\WK12\Cookies\wk12@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\WK12\Local Settings\Temporary Internet Files\Content.IE5\48QIK1J8\mm[1].js -> Spyware.Chitika : Cleaned with backup
::Report End
2:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:14:07 AM, 11/7/2005
+ Report-Checksum: 875C70ED
+ Scan result:
[1624] C:\WINNT\system32\rastmon.dll -> Spyware.SafeSurfing : Error during cleaning
C:\WINNT\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3ABSPLAT.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3ACCUQ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3AMERS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3ASKNOW2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3CARQ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3CARQ2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3CCB.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3CHOCPBMM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3CHRISMORT.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3CREDITCARD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3DIRTYH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3ENDOMET.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3FREECS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3FREEIPOD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3FREEIPOD2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3FREEXBOX.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3HAIRLOSS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3HYDRO.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3KAN1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3KAN10.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3KAN11.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3KAN12.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3KAN2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3KAN6.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3KAN7.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3LEXREPAIR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3LMORON.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3LOWRATE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3MYDISH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3MYINKS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3NETFLIX2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3ODYSSEY.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3PARTYPOKER.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3PASSION.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3PCHSWEEPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3POP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3SPORTSINT.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3SUPERIOR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASI3WEIGHTL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASICLRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASIEPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASIPP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASIRCPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASISS2RE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\ASISSRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\bspace.html -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\SPECAUTO.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\SPECENTER.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPF.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPFAM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPFI.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPFIN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPG.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPHL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPJ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPMTV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPSHOP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPSP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\bsx32\TMPW.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\Downloaded Program Files\pcs_0002.exe -> Spyware.Pacer : Cleaned with backup
C:\WINNT\rdafnynb.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\system32\APD123.exe -> Spyware.Pacer : Cleaned with backup
C:\WINNT\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINNT\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINNT\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINNT\system32\__delete_on_reboot__rastmon.dll -> Spyware.SafeSurfing : Cleaned with backup
::Report End
HJT
Logfile of HijackThis v1.99.1
Scan saved at 11:33:06 AM, on 11/7/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\System Files\System.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\WK12\Desktop\Anti-Spyware Programs\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {BAA1B2BD-46A1-13D4-EC40-5735A73738BC} - C:\WINNT\aguiqidd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINNT\system32\nsoCC.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINNT\system32\irasfjjp.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C5BEFB18-50AF-C65C-526B-139E85E29118} - C:\WINNT\aguiqidd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {6E89F18A-6FA9-3C3B-BB76-17AE9FEAB50E} - C:\WINNT\aguiqidd.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [System service76] C:\WINNT\etb\pokapoka76.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [irassync] C:\WINNT\system32\irasyncd.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [irassync] C:\WINNT\system32\irasyncd.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126618848593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
I followed all the steps indicated, from AdAware and Spybot to Windows Updates. Please help! Thanks!!