Tech Support Forum banner
Cancel

winantivirus pro 2007 pop-up, help needed, HJT Log inside.

1178 Views 5 Replies 2 Participants Last post by  Ried
L
This keeps flashing up now and then:


This is my HJT log:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\**********\Start Menu\Programs\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe



I can't see anything there that relates to this problem, can anyone help?

Thanks
See less See more
Save
Like
Status
Not open for further replies.
1 - 6 of 6 Posts
Ried
Hello Lostnumber,

Please post the log once more, being sure to include the header information.
Save
Like
L
Logfile of HijackThis v1.99.1
Scan saved at 6:00:53 AM, on 1/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\*************\Start Menu\Programs\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
See less See more
Save
Like
Ried
Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply.
See less See more
Save
Like
L
"James" - 07-01-23 17:39:06 Service Pack 2
ComboFix 07-01-23.2 - Running from: "C:\Documents and Settings\James.WOODHOUSE.000\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-23 to 2007-01-23 ))))))))))))))))))))))))))))))))))


2007-01-23 13:12 <DIR> d-------- C:\Program Files\Smart Projects
2007-01-23 13:12 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-01-23 13:12 <DIR> d-------- C:\Program Files\BAMMediaPlayer
2007-01-23 13:12 <DIR> d-------- C:\Program Files\Altnet
2007-01-23 00:39 <DIR> d-------- C:\Program Files\Traction Software(2)
2007-01-22 07:47 <DIR> d-------- C:\DOCUME~1\JAMESW~1.000\Application Data\Tenebril
2007-01-22 07:42 <DIR> d-------- C:\Program Files\SpyCatcher 2006
2007-01-22 07:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Tenebril
2007-01-22 07:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Tenebril
2007-01-19 23:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-01-16 19:43 <DIR> d-------- C:\Program Files\Split Join Convert MOV
2007-01-16 18:57 <DIR> d-------- C:\DOCUME~1\JAMESW~1.000\Application Data\GeoVid
2007-01-16 18:53 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-01-15 22:41 <DIR> d-------- C:\Program Files\Total Video Converter
2007-01-14 23:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\AOL Downloads
2007-01-11 20:23 <DIR> d-------- C:\Program Files\AVD Video Processor 7.5 TRIAL
2007-01-11 20:19 <DIR> d-------- C:\Program Files\CoffeeCup Software
2007-01-11 18:16 <DIR> d-------- C:\My Media Files
2007-01-05 23:43 36,864 --a------ C:\WINDOWS\system32\force.dll
2007-01-05 23:43 36,864 --a------ C:\WINDOWS\system32\ffdrv.dll
2007-01-05 23:43 208,896 --a------ C:\WINDOWS\system32\sjjoy.dll
2007-01-05 23:43 208,896 --a------ C:\WINDOWS\system32\gamteccpl.dll
2007-01-05 23:43 <DIR> d-------- C:\Program Files\SmartJoy
2007-01-05 23:28 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-01-03 03:57 <DIR> d-------- C:\Program Files\PKR
2006-12-31 19:29 <DIR> d-------- C:\Program Files\Zoom Player
2006-12-31 19:13 <DIR> d-------- C:\Program Files\Shareaza
2006-12-31 19:13 <DIR> d-------- C:\Program Files\BroadJump
2006-12-31 19:13 <DIR> d-------- C:\DOCUME~1\JAMESW~1.000\Application Data\Shareaza
2006-12-31 19:10 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-31 19:10 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-12-31 19:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Microsoft Corporation
2006-12-31 19:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-31 17:59 <DIR> d-------- C:\Program Files\eMule
2006-12-31 17:47 <DIR> d-------- C:\Program Files\Need2Find
2006-12-31 17:39 <DIR> d-------- C:\DOCUME~1\JAMESW~1.000\.gnunet
2006-12-31 17:27 <DIR> d-------- C:\DOCUME~1\JAMESW~1.000\Application Data\Shareaza(2)
2006-12-27 15:54 <DIR> d-------- C:\Program Files\Dan Elwell's Broadband Speed Test
2006-12-26 17:58 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2006-12-26 16:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-26 15:04 11,886 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2006-12-26 15:04 <DIR> d-------- C:\Program Files\Slim Multimedia Keyboard
2006-12-26 14:47 7,734 --a------ C:\WINDOWS\system32\Repository.reg
2006-12-26 14:47 65,312 --a------ C:\WINDOWS\system32\drivers\lvselsus.sys
2006-12-26 14:47 527,136 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-12-26 14:47 40,352 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-12-26 14:47 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2006-12-26 14:47 264,992 --a------ C:\WINDOWS\system32\lvcodec2.dll
2006-12-26 14:47 211,744 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-12-26 14:47 21,536 --a------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2006-12-26 14:47 121,632 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-12-26 14:47 1,512,224 --a------ C:\WINDOWS\system32\drivers\lvpopflt.sys
2006-12-26 14:47 1,083,680 --a------ C:\WINDOWS\system32\drivers\lvuvc.sys
2006-12-26 14:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\Application Data\Logitech
2006-12-26 14:32 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-12-24 02:18 <DIR> d-------- C:\Playstation Emulator
2006-12-24 02:04 2,297,552 --a------ C:\WINDOWS\system\d3dx9_26.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-23 13:13 -------- d-------- C:\Program Files\quicktime
2007-01-23 13:12 -------- d--h----- C:\Program Files\installshield installation information
2007-01-23 13:12 -------- d-------- C:\Program Files\dap
2007-01-22 06:26 -------- d-------- C:\DOCUME~1\JAMESW~1.000\Application Data\adobe
2007-01-14 19:13 -------- d-------- C:\DOCUME~1\JAMESW~1.000\Application Data\limewire
2007-01-12 01:09 -------- d-------- C:\DOCUME~1\JAMESW~1.000\Application Data\macromedia
2007-01-05 22:30 -------- d-------- C:\Program Files\limewire
2006-12-31 19:13 -------- d-------- C:\Program Files\kazaa lite k++
2006-12-31 19:13 -------- d-------- C:\Program Files\kazaa
2006-12-31 19:13 -------- d-------- C:\Program Files\instafink
2006-12-31 19:11 -------- d-------- C:\Program Files\poker
2006-12-31 19:11 -------- d-------- C:\Program Files\mozilla firefox
2006-12-31 19:09 -------- d-------- C:\Program Files\logitech
2006-12-31 19:09 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-21 13:01 -------- d-------- C:\Program Files\last.fm
2006-12-13 18:45 -------- d-------- C:\Program Files\Common Files\motive
2006-11-28 03:30 -------- d-------- C:\Program Files\absolute mp3 splitter
2006-11-27 21:19 -------- d-------- C:\Program Files\movie maker
2006-11-21 19:20 2 --a------ C:\WINDOWS\system32\grecorder.dll
2006-11-17 06:11 737280 --a--c--- C:\WINDOWS\iun6002.exe
2006-11-15 20:48 323624 --a------ C:\WINDOWS\system32\wiaaut.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-23 17:40:59
C:\ComboFix2.txt ... 07-01-23 17:38
See less See more
Save
Like
Ried
I see you ran combofix twice, please post the ComboFix2.txt here as well.
Save
Like
1 - 6 of 6 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top