WinAntiVirus Pro

Posted 9/6/2007 1:46 PM
#53159
User avatar

Southerner3000 Valued member

Date Joined Nov 2016
Total Posts: 19
hello, i keep getting popups from winantivirus pro and my pc is really slow, heres the rootchk.exe log:


********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
06/09/2007 14:41:57.32

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 14:41:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0





heres the combofix log file:



ComboFix 07-08-30.3 - "Admin" 2007-09-06 14:44:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.579 [GMT 1:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Admin\Desktop\internet explorer.lnk
C:\WINDOWS\cookies.ini


((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))


2007-09-06 14:42 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-06 14:19 <DIR> d-------- C:\VundoFix Backups
2007-09-06 12:45 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-06 12:30 1,310,875 ---hs---- C:\WINDOWS\system32\nnnmp.bak2
2007-09-05 18:53 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-05 18:50 6,448 ---hs---- C:\WINDOWS\system32\nnnmp.bak1
2007-09-05 18:50 244,832 --a------ C:\WINDOWS\system32\pmnnn.dll
2007-09-05 18:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-09-05 17:45 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-05 17:31 <DIR> d-------- C:\Program Files\Webzen
2007-09-05 17:30 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\InstallShield
2007-09-05 16:48 <DIR> d-------- C:\Program Files\Replay Converter
2007-09-04 18:56 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-09-04 18:56 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-09-04 18:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-04 18:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
2007-09-04 18:56 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\TuneUp Software
2007-09-04 17:21 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\WinRAR
2007-09-02 19:39 <DIR> d-------- C:\DOCUME~1\Admin\.housecall6.6
2007-09-02 15:51 <DIR> d-------- C:\Program Files\Paint.NET
2007-09-01 19:58 212,480 --------- C:\WINDOWS\pcdlib32.dll
2007-09-01 19:57 <DIR> d-------- C:\Program Files\Serif
2007-09-01 19:38 <DIR> d-------- C:\Program Files\AVTJet Impression Workshop
2007-09-01 19:08 <DIR> d-------- C:\Program Files\DAZ
2007-09-01 19:07 <DIR> d-------- C:\Program Files\Common Files\DAZ
2007-09-01 18:39 <DIR> d-------- C:\Program Files\Blender Foundation
2007-09-01 17:43 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Help
2007-08-31 12:29 1,898 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-08-30 18:12 <DIR> d-------- C:\ProgramData
2007-08-30 16:19 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Uniblue
2007-08-30 15:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-08-24 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-24 23:20 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Talkback
2007-08-24 23:19 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-24 23:14 <DIR> d-------- C:\Program Files\Google
2007-08-24 22:59 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-08-24 22:59 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-08-24 22:58 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-24 22:58 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2007-08-24 22:55 <DIR> d-------- C:\WINDOWS\FLV Player
2007-08-24 22:55 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\GetRightToGo
2007-08-22 18:46 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-21 15:27 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-08-21 15:27 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-08-21 15:27 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-08-21 15:27 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-08-21 15:26 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-08-21 15:26 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-08-21 15:26 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-08-21 15:26 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-08-21 15:25 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2007-08-21 15:25 <DIR> d-------- C:\Program Files\Logitech
2007-08-21 15:25 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-08-21 15:24 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-08-21 15:24 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-21 15:18 <DIR> d-------- C:\Program Files\EA SPORTS
2007-08-21 13:29 <DIR> d-------- C:\DOCUME~1\Admin\Contacts
2007-08-21 13:27 <DIR> d-------- C:\Program Files\iTunes
2007-08-21 13:27 <DIR> d-------- C:\Program Files\iPod
2007-08-21 12:39 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Ahead
2007-08-21 12:33 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-21 12:32 <DIR> d-------- C:\games
2007-08-21 12:22 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-21 12:15 <DIR> d-------- C:\WINDOWS\NV25722968.TMP
2007-08-21 12:14 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-21 12:14 <DIR> d-------- C:\NVIDIA
2007-08-21 12:00 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
2007-08-21 11:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-21 11:55 <DIR> d-------- C:\Program Files\QuickTime
2007-08-21 11:55 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-21 11:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-21 11:54 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-21 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-21 11:53 <DIR> d-------- C:\Program Files\CCleaner
2007-08-21 11:31 16,176 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2007-08-21 11:31 141,246 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2007-08-21 00:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-21 00:12 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-21 00:02 <DIR> d-------- C:\Program Files\MSBuild
2007-08-20 23:59 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-08-20 23:59 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-08-20 23:58 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-08-20 23:58 <DIR> d-------- C:\c076f57a9fde8a712d
2007-08-20 23:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-20 23:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-20 23:57 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-20 23:47 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-08-20 23:35 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-08-20 23:35 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-08-20 23:35 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-08-20 23:16 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-20 23:16 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-08-20 23:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-20 23:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-20 23:15 74,240 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2007-08-20 23:15 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-20 23:15 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-20 23:13 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-20 23:10 <DIR> d-------- C:\Program Files\Steam
2007-08-20 22:59 43,352 --a------ C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-30 15:02 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-20 20:46 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FC590F8-29B5-44F1-9F37-1310B2C5848A}]
2007-09-05 18:50 244832 --a------ C:\WINDOWS\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984544AB-5FA6-46AF-BE1D-E21804DAD281}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 09:48 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 01:39]
"iKeyWorks"="C:\PROGRA~1\Keyboard\Ikeymain.exe" [2002-11-22 11:22]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 14:12]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-01-24 18:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00]
"Steam"="c:\program files\steam\steam.exe" [2007-08-20 23:10]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-04-23 14:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmxw32]
winmxw32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmnnn

R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-09-05 14:00:35 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-08-21 10:55:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 14:45:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 14:46:45
C:\ComboFix-quarantined-files.txt ... 2007-09-06 14:46

--- E O F ---




and heres the hjt log:



Logfile of HijackThis v1.99.1
Scan saved at 14:48:11, on 06/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7FC590F8-29B5-44F1-9F37-1310B2C5848A} - C:\WINDOWS\system32\pmnnn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {984544AB-5FA6-46AF-BE1D-E21804DAD281} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187647156843
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
Posted 9/6/2007 3:47 PM
#53164
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :smile:





Open notepad and copy/paste the text in the quote box below into it:

Quote:

-----------------------------------------------------

File::

C:\WINDOWS\system32\pmnnn.dll



----------------------------------------------



Save this as CFScript.txt



http://www.fromsej.saknet.dk/billeder/cfscript.gif



Referring to the picture above, drag CFScript.txt into ComboFix.exe.





Post new hijackthis log along with new combofix log and tell how things are running ?


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/6/2007 6:06 PM
#53171
User avatar

Southerner3000 Valued member

Date Joined Nov 2016
Total Posts: 19
i installed vista and the entry seems to have disappeared, but my system keeps crashing and is extremely slow. here is my new HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 19:04:00, on 06/09/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\XpertVision\TBPANEL.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2I2SW2Y\iTunesSetup[1].exe
C:\Windows\system32\msiexec.exe
C:\Users\Admin\Desktop\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintsfc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Posted 9/7/2007 1:50 AM
#53178
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
It looks clean. Do You have atleast 2,5 ghz processor and 2gb ram ? Otherwise, Vista will not run properly

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/7/2007 3:31 PM
#53230
User avatar

Southerner3000 Valued member

Date Joined Nov 2016
Total Posts: 19
ah theres the problem, i have 1gb of ram and i think 1.8 ghz processor, but it shows as 2 of them? (intel core 2 duo processor). i'll do a fresh xp install and upgrade my ram.
Posted 9/7/2007 3:59 PM
#53233
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
1.8 ghz processor is fine, especially with dual core, however 1 Gb ram will certainly help

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, July 28, 2017, 4:51 AM (GMT +2)
There are a total of 61,310 posts in 13,483 threads.
In the last 3 days there were 1 new threads and 5 reply posts.

Who's online

This forum has 38,066 registered members. Please welcome our newest member, MaxSlo.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.