Tech Support Forum - View Single Post - WinAntiVirusPro

mbsales11701 · 10-01-2007, 08:39 AM

Deckard's System Scanner v20070905.67
Run by Tom Roach on 2007-10-01 10:32:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
104: 2007-10-01 14:32:38 UTC - RP355 - Deckard's System Scanner Restore Point
103: 2007-10-01 14:17:25 UTC - RP354 - Installed WinZip 11.1
102: 2007-09-30 07:00:16 UTC - RP353 - Software Distribution Service 3.0
101: 2007-09-29 17:11:48 UTC - RP352 - Removed Adobe® Photoshop® Album Starter Edition 3.2
100: 2007-09-29 16:55:46 UTC - RP351 - Installed Windows Internet Explorer 7.

-- First Restore Point --
1: 2007-09-24 19:33:06 UTC - RP252 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Tom Roach.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-01 10:39:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tom Roach\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Tom Roach.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: NetStar BHO - {0B7C598E-0DB8-4B64-B521-2F4872D5CAA5} - C:\netstar\bho\NetStarBHO.dll
O2 - BHO: (no name) - {534A3E28-2B67-5797-55C6-08628A7497AD} - C:\Program Files\Tdipkpan\jpsoaown.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\rqrqppq.dll
O2 - BHO: (no name) - {F18DA700-D6F0-4F52-83DF-DC49AEB4477C} - C:\WINDOWS\system32\ssttr.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\bksdbptt.dll",sitypnow
O4 - HKEY_LOCAL_MACHINE\..\Run: [jofqrcto] rundll32.exe "C:\Program Files\jofqrcto\rspetgpo.dll",Init
O4 - HKEY_LOCAL_MACHINE\..\Run: [gjyxknan] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gjyxknan.dll"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvkad.dll,startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: HTTPS://www.mbnetstar.com (HKEY_LOCAL_MACHINE)
O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - http://207.184.38.65/apps/common/inc...NFIG-CHECK.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AF4075E-D0A2-40FF-9918-0BC7C5E88F51}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\system32\antiwpa.dll
O20 - Winlogon Notify: rqrqppq - C:\WINDOWS\system32\rqrqppq.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\system32\wingdm32.dll
O23 - Service: Dell 1100 Status Monitor Service (Dell1100_FUService) - Unknown owner - "C:\Program Files\DELL\Dell Laser Printer 1100\LocalSM\ssmsrvc /Service
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Dell1100_FUService (Dell 1100 Status Monitor Service) - "c:\program files\dell\dell laser printer 1100\localsm\ssmsrvc /service (file missing)
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2007-09-01 and 2007-10-01 -----------------------------

2007-10-01 10:36:21 0 d-------- C:\Program Files\Trend Micro
2007-10-01 10:25:28 0 d-------- C:\Program Files\SpywareBlaster
2007-10-01 10:22:11 0 d-------- C:\ie-spyad_zo
2007-10-01 10:17:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-01 09:55:42 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-01 09:35:10 87104 --a------ C:\WINDOWS\system32\vahylvrc.dll
2007-09-29 13:11:45 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\Leadertech
2007-09-29 13:05:14 0 d-------- C:\WINDOWS\system32\vldpmvww
2007-09-29 12:52:18 0 d-------- C:\WINDOWS\network diagnostic
2007-09-29 12:39:03 0 d-------- C:\WINDOWS\pss
2007-09-29 12:36:31 0 d-------- C:\Program Files\SecCenter
2007-09-29 12:36:30 0 d-------- C:\Program Files\Tdipkpan
2007-09-29 12:36:30 114688 --a------ C:\Documents and Settings\All Users\Application Data\gjyxknan.dll
2007-09-29 12:36:28 0 d-------- C:\Program Files\jofqrcto
2007-09-29 12:35:32 15360 --a------ C:\WINDOWS\system32\drvkadr.dll
2007-09-29 12:35:32 104448 --a------ C:\WINDOWS\system32\drvkad.dll
2007-09-29 12:35:14 36352 --a------ C:\WINDOWS\system32\tuvtqpo.dll
2007-09-29 09:43:45 84032 --a------ C:\WINDOWS\system32\bksdbptt.dll
2007-09-28 12:13:45 69184 --a------ C:\WINDOWS\system32\kspqpyjm.dll
2007-09-28 03:35:03 75328 --a------ C:\WINDOWS\system32\kgtimvwl.exe <Not Verified; ; DDC>
2007-09-27 16:02:27 0 d-------- C:\Program Files\Common Files\Download Manager
2007-09-26 16:00:34 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\Tenebril
2007-09-26 15:55:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-09-26 15:53:18 0 d-------- C:\WINDOWS\system32\tenarchlib
2007-09-26 15:53:18 180224 --a-s---- C:\WINDOWS\system32\archlib.dll <Not Verified; Tenebril Incorporated; Tenebril architecture technology>
2007-09-26 12:57:33 0 d-------- C:\Program Files\Alwil Software
2007-09-25 03:33:31 2001229 ---hs---- C:\WINDOWS\system32\rttss.bak2
2007-09-24 17:07:18 1165 --a------ C:\WINDOWS\mozver.dat
2007-09-24 15:33:24 2027891 ---hs---- C:\WINDOWS\system32\rttss.bak1
2007-09-24 15:32:52 244832 --a------ C:\WINDOWS\system32\ssttr.dll
2007-09-24 14:31:37 44054 --a------ C:\WINDOWS\system32\yayvtut.dll
2007-09-24 14:31:37 44054 --a------ C:\WINDOWS\system32\fccdbxv.dll
2007-09-24 14:31:37 44054 --a------ C:\WINDOWS\system32\cbxxxwx.dll
2007-09-24 14:31:35 21504 --a------ C:\WINDOWS\system32\wingdm32.dll
2007-09-24 14:31:31 44054 --a------ C:\WINDOWS\system32\rqrqppq.dll
2007-09-24 14:27:44 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\WinRAR
2007-09-24 14:18:11 60928 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; antiwpa-user32>
2007-09-24 12:01:26 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\Mozilla
2007-09-18 03:00:25 0 d-------- C:\Program Files\MSXML 4.0
2007-09-17 11:35:38 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\Ahead
2007-09-17 11:35:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-17 11:33:38 0 d-------- C:\Program Files\Nero
2007-09-17 11:33:38 0 d-------- C:\Program Files\Common Files\Ahead
2007-09-17 11:33:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-17 11:33:00 0 d-------- C:\WINDOWS\RegisteredPackages
2007-09-17 11:16:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-15 15:02:46 0 d-------- C:\Program Files\uTorrent
2007-09-15 15:02:40 0 d-------- C:\Documents and Settings\Tom Roach\Application Data\uTorrent

-- Find3M Report ---------------------------------------------------------------

2007-09-29 13:12:49 0 d-------- C:\Program Files\Online Services
2007-09-29 13:12:02 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-29 12:33:11 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-09-29 09:52:49 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-09-27 16:02:27 0 d-------- C:\Program Files\Common Files
2007-07-06 13:37:31 34 --a------ C:\WINDOWS\system32\BD2040.DAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B7C598E-0DB8-4B64-B521-2F4872D5CAA5}]
12/20/2006 04:15 PM 36864 --a------ C:\netstar\bho\NetStarBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{534A3E28-2B67-5797-55C6-08628A7497AD}]
09/29/2007 12:36 PM 114688 --a------ C:\Program Files\Tdipkpan\jpsoaown.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
09/24/2007 02:31 PM 44054 --a------ C:\WINDOWS\system32\rqrqppq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F18DA700-D6F0-4F52-83DF-DC49AEB4477C}]
09/24/2007 03:32 PM 244832 --a------ C:\WINDOWS\system32\ssttr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/05/2005 02:22 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/05/2005 02:19 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/05/2005 02:23 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/07/2006 07:14 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/07/2006 07:15 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 AM]
"SC2"="C:\Program Files\SecCenter\scprot4.exe" [09/29/2007 12:36 PM]
"SearchIndexer"="C:\WINDOWS\system32\bksdbptt.dll" [09/29/2007 09:43 AM]
"jofqrcto"="C:\Program Files\jofqrcto\rspetgpo.dll" [09/29/2007 12:36 PM]
"gjyxknan"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\gjyxknan.dll" []
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [11/19/2003 08:47 AM]
"CTDrive"="C:\WINDOWS\system32\drvkad.dll" [09/29/2007 12:35 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"= C:\WINDOWS\system32\rqrqppq.dll [09/24/2007 02:31 PM 44054]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll 09/24/2007 11:08 AM 60928 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqppq]
rqrqppq.dll 09/24/2007 02:31 PM 44054 C:\WINDOWS\system32\rqrqppq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll 09/24/2007 02:31 PM 21504 C:\WINDOWS\system32\wingdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssttr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2007-10-01 10:40:52 ------------