Tech Support Forum - View Single Post - WinAntiVirusPro

mbsales11701 · 10-02-2007, 04:32 PM

COMBOFIX LOG

ComboFix 07-10-02.2 - Tom Roach 2007-10-02 17:58:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.632 [GMT -4:00]
Running from: C:\Documents and Settings\Tom Roach\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tom Roach\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\VundoFix Backups
C:\VundoFix Backups\bksdbptt.dll.bad
C:\VundoFix Backups\cbxxxwx.dll.bad
C:\VundoFix Backups\drvgokr.dll.bad
C:\VundoFix Backups\drvkadr.dll.bad
C:\VundoFix Backups\fccdbxv.dll.bad
C:\VundoFix Backups\rqrqppq.dll.bad
C:\VundoFix Backups\rttss.bak1.bad
C:\VundoFix Backups\rttss.bak2.bad
C:\VundoFix Backups\rttss.ini.bad
C:\VundoFix Backups\ssttr.dll.bad
C:\VundoFix Backups\ttpbdskb.ini.bad
C:\VundoFix Backups\yayvtut.dll.bad

.
((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
.

2007-10-02 15:53 36,352 --a------ C:\WINDOWS\system32\awturol.dll
2007-10-02 15:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 20:58 <DIR> d-------- C:\bintheredunthat
2007-10-01 20:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-01 20:19 <DIR> d-------- C:\BFU
2007-10-01 13:42 34,304 --a------ C:\WINDOWS\system32\urqqrqo.dll
2007-10-01 10:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-01 10:32 <DIR> d-------- C:\Deckard
2007-10-01 10:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-01 10:22 <DIR> d-------- C:\ie-spyad_zo
2007-10-01 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-01 09:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-01 09:35 87,104 --a------ C:\WINDOWS\system32\vahylvrc.dll
2007-09-29 13:11 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\Leadertech
2007-09-29 13:05 <DIR> d-------- C:\WINDOWS\system32\vldpmvww
2007-09-29 12:39 <DIR> d-------- C:\WINDOWS\pss
2007-09-29 12:35 36,352 --a------ C:\WINDOWS\system32\tuvtqpo.dll
2007-09-29 12:35 104,448 --a------ C:\WINDOWS\system32\drvkad.dll
2007-09-27 16:02 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-09-26 16:00 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\Tenebril
2007-09-26 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-09-26 15:53 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-09-26 15:53 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-09-26 12:57 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-26 12:57 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-26 12:57 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-26 12:57 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-26 12:57 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-26 12:57 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-26 12:57 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-26 12:57 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-26 12:57 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-24 17:07 1,165 --a------ C:\WINDOWS\mozver.dat
2007-09-24 14:27 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\WinRAR
2007-09-24 14:18 60,928 --a------ C:\WINDOWS\system32\antiwpa.dll
2007-09-19 12:31 61,480 --a------ C:\Documents and Settings\Tom Roach\GoToAssistDownloadHelper.exe
2007-09-18 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-17 11:35 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\Ahead
2007-09-17 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-17 11:33 <DIR> d-------- C:\Program Files\Nero
2007-09-17 11:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-17 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-09-17 11:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-15 15:02 <DIR> d-------- C:\Program Files\uTorrent
2007-09-15 15:02 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 12:33 --------- d-------- C:\Program Files\Microsoft IntelliPoint
2007-09-29 09:52 --------- d-------- C:\Program Files\Microsoft IntelliType Pro
.

((((((((((((((((((((((((((((( snapshot@2007-10-02_16.09.03.82 )))))))))))))))))))))))))))))))))))))))))
.
----atw 16,384 2007-10-02 22:00:56 C:\WINDOWS\Temp\Perflib_Perfdata_590.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B7C598E-0DB8-4B64-B521-2F4872D5CAA5}]
2006-12-20 16:15 36864 --a------ C:\netstar\bho\NetStarBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-11-19 08:47]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
C:\WINDOWS\system32\antiwpa.dll 2007-09-24 11:08 60928 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)

R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 Dell1100_FUService;Dell 1100 Status Monitor Service;"C:\Program Files\DELL\Dell Laser Printer 1100\LocalSM\ssmsrvc /Service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 18:01:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-02 18:02:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-02 18:02
C:\ComboFix2.txt ... 2007-10-02 16:09
.
--- E O F ---

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:42 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: NetStar BHO - {0B7C598E-0DB8-4B64-B521-2F4872D5CAA5} - C:\netstar\bho\NetStarBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - http://207.184.38.65/apps/common/inc...NFIG-CHECK.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AF4075E-D0A2-40FF-9918-0BC7C5E88F51}: NameServer = 4.2.2.1,4.2.2.2
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\system32\antiwpa.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

--
End of file - 5401 bytes

I have the ONLINESCAN saved, but it is an HTML file and it wont let me upload it. Not sure if i did anything wrong, but it did report no malware and i ran the full system scan.

Computer seems to be running better...no more avast popups saying a trojan was trying to invade my computer. Thanks for the help it is much appriciated.

10-02-2007, 04:32 PM	#6 (permalink)
mbsales11701 Registered User Join Date: Oct 2007 Posts: 7 OS: windows xp	Re: WinAntiVirusPro - 5 steps completed COMBOFIX LOG ComboFix 07-10-02.2 - Tom Roach 2007-10-02 17:58:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.632 [GMT -4:00] Running from: C:\Documents and Settings\Tom Roach\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Tom Roach\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Viewpoint C:\VundoFix Backups C:\VundoFix Backups\bksdbptt.dll.bad C:\VundoFix Backups\cbxxxwx.dll.bad C:\VundoFix Backups\drvgokr.dll.bad C:\VundoFix Backups\drvkadr.dll.bad C:\VundoFix Backups\fccdbxv.dll.bad C:\VundoFix Backups\rqrqppq.dll.bad C:\VundoFix Backups\rttss.bak1.bad C:\VundoFix Backups\rttss.bak2.bad C:\VundoFix Backups\rttss.ini.bad C:\VundoFix Backups\ssttr.dll.bad C:\VundoFix Backups\ttpbdskb.ini.bad C:\VundoFix Backups\yayvtut.dll.bad . ((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))) . 2007-10-02 15:53 36,352 --a------ C:\WINDOWS\system32\awturol.dll 2007-10-02 15:52 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-01 20:58 <DIR> d-------- C:\bintheredunthat 2007-10-01 20:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-01 20:19 <DIR> d-------- C:\BFU 2007-10-01 13:42 34,304 --a------ C:\WINDOWS\system32\urqqrqo.dll 2007-10-01 10:36 <DIR> d-------- C:\Program Files\Trend Micro 2007-10-01 10:32 <DIR> d-------- C:\Deckard 2007-10-01 10:25 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-01 10:22 <DIR> d-------- C:\ie-spyad_zo 2007-10-01 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-10-01 09:55 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-01 09:35 87,104 --a------ C:\WINDOWS\system32\vahylvrc.dll 2007-09-29 13:11 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\Leadertech 2007-09-29 13:05 <DIR> d-------- C:\WINDOWS\system32\vldpmvww 2007-09-29 12:39 <DIR> d-------- C:\WINDOWS\pss 2007-09-29 12:35 36,352 --a------ C:\WINDOWS\system32\tuvtqpo.dll 2007-09-29 12:35 104,448 --a------ C:\WINDOWS\system32\drvkad.dll 2007-09-27 16:02 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2007-09-26 16:00 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\Tenebril 2007-09-26 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril 2007-09-26 15:53 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll 2007-09-26 15:53 <DIR> d-------- C:\WINDOWS\system32\tenarchlib 2007-09-26 12:57 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-26 12:57 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-26 12:57 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-26 12:57 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-26 12:57 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-26 12:57 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-26 12:57 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-26 12:57 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-09-26 12:57 <DIR> d-------- C:\Program Files\Alwil Software 2007-09-24 17:07 1,165 --a------ C:\WINDOWS\mozver.dat 2007-09-24 14:27 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\WinRAR 2007-09-24 14:18 60,928 --a------ C:\WINDOWS\system32\antiwpa.dll 2007-09-19 12:31 61,480 --a------ C:\Documents and Settings\Tom Roach\GoToAssistDownloadHelper.exe 2007-09-18 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-09-17 11:35 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\Ahead 2007-09-17 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2007-09-17 11:33 <DIR> d-------- C:\Program Files\Nero 2007-09-17 11:33 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-09-17 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-09-17 11:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-09-15 15:02 <DIR> d-------- C:\Program Files\uTorrent 2007-09-15 15:02 <DIR> d-------- C:\Documents and Settings\Tom Roach\Application Data\uTorrent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-29 12:33 --------- d-------- C:\Program Files\Microsoft IntelliPoint 2007-09-29 09:52 --------- d-------- C:\Program Files\Microsoft IntelliType Pro . ((((((((((((((((((((((((((((( snapshot@2007-10-02_16.09.03.82 ))))))))))))))))))))))))))))))))))))))))) . ----atw 16,384 2007-10-02 22:00:56 C:\WINDOWS\Temp\Perflib_Perfdata_590.dat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B7C598E-0DB8-4B64-B521-2F4872D5CAA5}] 2006-12-20 16:15 36864 --a------ C:\netstar\bho\NetStarBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06] "Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-11-19 08:47] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] C:\WINDOWS\system32\antiwpa.dll 2007-09-24 11:08 60928 C:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NBService"=3 (0x3) R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys S3 Dell1100_FUService;Dell 1100 Status Monitor Service;"C:\Program Files\DELL\Dell Laser Printer 1100\LocalSM\ssmsrvc /Service [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\LaunchU3.exe -a . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-02 18:01:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-02 18:02:51 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-02 18:02 C:\ComboFix2.txt ... 2007-10-02 16:09 . --- E O F --- HIJACKTHIS LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:37:42 PM, on 10/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing) O2 - BHO: NetStar BHO - {0B7C598E-0DB8-4B64-B521-2F4872D5CAA5} - C:\netstar\bho\NetStarBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - http://207.184.38.65/apps/common/inc...NFIG-CHECK.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5AF4075E-D0A2-40FF-9918-0BC7C5E88F51}: NameServer = 4.2.2.1,4.2.2.2 O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\system32\antiwpa.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- End of file - 5401 bytes I have the ONLINESCAN saved, but it is an HTML file and it wont let me upload it. Not sure if i did anything wrong, but it did report no malware and i ran the full system scan. Computer seems to be running better...no more avast popups saying a trojan was trying to invade my computer. Thanks for the help it is much appriciated.