BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
WinAntiVirus Pro
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > WinAntiVirus Pro  
Forum Quick Jump
 
New Topic Post reply to : WinAntiVirus Pro Printable version of : WinAntiVirus Pro
[ << Previous Thread | Next Thread >> ]

Southerner3000
New Member


Date Joined Mar 2007
Total Posts : 19
 
   Posted 9/6/2007 4:46 PM (GMT +3)    Quote: WinAntiVirus ProAlert an admin about: WinAntiVirus Pro
hello, i keep getting popups from winantivirus pro and my pc is really slow, heres the rootchk.exe log:
 
********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
06/09/2007 14:41:57.32
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 14:41:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden files: 0
 
 
heres the combofix log file:
 
ComboFix 07-08-30.3 - "Admin" 2007-09-06 14:44:08.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.579 [GMT 1:00]
 * Created a new restore point

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Admin\Desktop\internet explorer.lnk
C:\WINDOWS\cookies.ini

(((((((((((((((((((((((((   Files Created from 2007-08-06 to 2007-09-06  )))))))))))))))))))))))))))))))

2007-09-06 14:42 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-06 14:19 <DIR> d-------- C:\VundoFix Backups
2007-09-06 12:45 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-06 12:30 1,310,875 ---hs---- C:\WINDOWS\system32\nnnmp.bak2
2007-09-05 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-05 18:50 6,448 ---hs---- C:\WINDOWS\system32\nnnmp.bak1
2007-09-05 18:50 244,832 --a------ C:\WINDOWS\system32\pmnnn.dll
2007-09-05 18:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-09-05 17:45 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-05 17:31 <DIR> d-------- C:\Program Files\Webzen
2007-09-05 17:30 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\InstallShield
2007-09-05 16:48 <DIR> d-------- C:\Program Files\Replay Converter
2007-09-04 18:56 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-09-04 18:56 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-09-04 18:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 18:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
2007-09-04 18:56 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\TuneUp Software
2007-09-04 17:21 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\WinRAR
2007-09-02 19:39 <DIR> d-------- C:\DOCUME~1\Admin\.housecall6.6
2007-09-02 15:51 <DIR> d-------- C:\Program Files\Paint.NET
2007-09-01 19:58 212,480 --------- C:\WINDOWS\pcdlib32.dll
2007-09-01 19:57 <DIR> d-------- C:\Program Files\Serif
2007-09-01 19:38 <DIR> d-------- C:\Program Files\AVTJet Impression Workshop
2007-09-01 19:08 <DIR> d-------- C:\Program Files\DAZ
2007-09-01 19:07 <DIR> d-------- C:\Program Files\Common Files\DAZ
2007-09-01 18:39 <DIR> d-------- C:\Program Files\Blender Foundation
2007-09-01 17:43 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Help
2007-08-31 12:29 1,898 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-08-30 18:12 <DIR> d-------- C:\ProgramData
2007-08-30 16:19 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Uniblue
2007-08-30 15:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-24 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-24 23:20 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Talkback
2007-08-24 23:19 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-24 23:14 <DIR> d-------- C:\Program Files\Google
2007-08-24 22:59 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-08-24 22:59 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-08-24 22:58 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-24 22:58 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2007-08-24 22:55 <DIR> d-------- C:\WINDOWS\FLV Player
2007-08-24 22:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\GetRightToGo
2007-08-22 18:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-21 15:27 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-08-21 15:27 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-08-21 15:27 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-21 15:27 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-21 15:26 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-08-21 15:26 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-08-21 15:26 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-08-21 15:26 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-08-21 15:25 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2007-08-21 15:25 <DIR> d-------- C:\Program Files\Logitech
2007-08-21 15:25 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-08-21 15:24 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-21 15:24 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-21 15:18 <DIR> d-------- C:\Program Files\EA SPORTS
2007-08-21 13:29 <DIR> d-------- C:\DOCUME~1\Admin\Contacts
2007-08-21 13:27 <DIR> d-------- C:\Program Files\iTunes
2007-08-21 13:27 <DIR> d-------- C:\Program Files\iPod
2007-08-21 12:39 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Ahead
2007-08-21 12:33 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-21 12:32 <DIR> d-------- C:\games
2007-08-21 12:22 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-21 12:15 <DIR> d-------- C:\WINDOWS\NV25722968.TMP
2007-08-21 12:14 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-21 12:14 <DIR> d-------- C:\NVIDIA
2007-08-21 12:00 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
2007-08-21 11:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-21 11:55 <DIR> d-------- C:\Program Files\QuickTime
2007-08-21 11:55 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-21 11:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-21 11:54 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-21 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-21 11:53 <DIR> d-------- C:\Program Files\CCleaner
2007-08-21 11:31 16,176 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2007-08-21 11:31 141,246 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2007-08-21 00:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-21 00:12 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-21 00:02 <DIR> d-------- C:\Program Files\MSBuild
2007-08-20 23:59 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-20 23:59 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-20 23:58 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-20 23:58 <DIR> d-------- C:\c076f57a9fde8a712d
2007-08-20 23:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-20 23:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-20 23:57 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-20 23:47 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-20 23:35 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-20 23:35 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-20 23:35 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-20 23:16 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-20 23:16 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-08-20 23:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-20 23:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-20 23:15 74,240 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2007-08-20 23:15 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-20 23:15 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-20 23:13 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-20 23:10 <DIR> d-------- C:\Program Files\Steam
2007-08-20 22:59 43,352 --a------ C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-30 15:02 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FC590F8-29B5-44F1-9F37-1310B2C5848A}]
2007-09-05 18:50 244832 --a------ C:\WINDOWS\system32\pmnnn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984544AB-5FA6-46AF-BE1D-E21804DAD281}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 09:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 01:39]
"iKeyWorks"="C:\PROGRA~1\Keyboard\Ikeymain.exe" [2002-11-22 11:22]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 14:12]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-01-24 18:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00]
"Steam"="c:\program files\steam\steam.exe" [2007-08-20 23:10]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-04-23 14:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmxw32]
winmxw32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmnnn
R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-09-05 14:00:35 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-21 10:55:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 14:45:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-06 14:46:45
C:\ComboFix-quarantined-files.txt ... 2007-09-06 14:46
 --- E O F ---
 
and heres the hjt log:
 
Logfile of HijackThis v1.99.1
Scan saved at 14:48:11, on 06/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7FC590F8-29B5-44F1-9F37-1310B2C5848A} - C:\WINDOWS\system32\pmnnn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {984544AB-5FA6-46AF-BE1D-E21804DAD281} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187647156843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
 
 

 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12980
 
   Posted 9/6/2007 6:47 PM (GMT +3)    Quote: WinAntiVirus ProAlert an admin about: WinAntiVirus Pro
Hello smile
 
 
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
File::
C:\WINDOWS\system32\pmnnn.dll
 
 ----------------------------------------------
 
Save this as CFScript.txt
 
 
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
 
 
Post new hijackthis log along with new combofix log and tell how things are running ?
 


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Southerner3000
New Member


Date Joined Mar 2007
Total Posts : 19
 
   Posted 9/6/2007 9:06 PM (GMT +3)    Quote: WinAntiVirus ProAlert an admin about: WinAntiVirus Pro
i installed vista and the entry seems to have disappeared, but my system keeps crashing and is extremely slow. here is my new HJT log:
 
Logfile of HijackThis v1.99.1
Scan saved at 19:04:00, on 06/09/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\XpertVision\TBPANEL.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2I2SW2Y\iTunesSetup[1].exe
C:\Windows\system32\msiexec.exe
C:\Users\Admin\Desktop\HJT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintsfc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12980
 
   Posted 9/7/2007 4:50 AM (GMT +3)    Quote: WinAntiVirus ProAlert an admin about: WinAntiVirus Pro
It looks clean. Do You  have atleast 2,5 ghz processor and 2gb ram ? Otherwise, Vista will not run properly


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Southerner3000
New Member


Date Joined Mar 2007
Total Posts : 19
 
   Posted 9/7/2007 6:31 PM (GMT +3)    Quote: WinAntiVirus ProAlert an admin about: WinAntiVirus Pro
ah theres the problem, i have 1gb of ram and i think 1.8 ghz processor, but it shows as 2 of them? (intel core 2 duo processor). i'll do a fresh xp install and upgrade my ram.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12980
 
   Posted 9/7/2007 6:59 PM (GMT +3)    Quote: WinAntiVirus ProAlert an admin about: WinAntiVirus Pro
1.8 ghz processor is fine, especially with dual core, however 1 Gb ram will certainly help


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 
New Topic Post reply to : WinAntiVirus Pro Printable version of : WinAntiVirus Pro
 
Forum Information
Currently it is Saturday, October 25, 2014 2:12 AM (GMT +3)
There are a total of 60,696 posts in 13,332 threads.
In the last 3 days there were 1 new threads and 25 reply posts. View Active Threads
Who's Online
This forum has 36551 registered members. Please welcome our newest member, 270bajigur.
6 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Errors, warnings, infections, trojans and junk (28)10/24/2014 9:41:58 PM (Deb1957)
Bullguard firewall blocks dns requests for virtual machine clients (3)10/24/2014 11:55:39 AM (leok)