• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
hulagu

Ad-Aware unable to remove/quarantine threats

1 post in this topic

I ran Ad-Aware 2008 earlier this week and it was unable to delete/quarantine some of the threats identified. When the scan was finished, here's roughly what it told me:

Redirected Hostfile Entry category: Miscellaneous TAI: 4

Hosts file entry IP Address: 127.0.0.1

Host name: {THEREALSEARCH.COM, GREG-SEARCH.COM, APPROVEDLINKS.COM, VSE-MOE.BIZ, AIFIND.INFO, FIND4U.NET, I-LOOKUP.COM, IE-SEARCH.COM, ITSEASY.US}

 

Any ideas? Below are my ComboFix and HijackThis logs. (Also, after I ran ComboFix, an Internet Explorer icon popped up on my Desktop, which is strange, because I have deleted IE and replaced it with Firefox.)

 

ComboFix 08-07-31.06 - Keegan 2008-11-19 22:02:05.5 - NTFSx86

Running from: C:\Documents and Settings\Keegan\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

.

 

((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))

.

 

2008-11-16 22:14 . 2008-11-16 22:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-11-02 12:09 . 2004-08-04 01:56 343,040 --a------ C:\WINDOWS\system32\mspaint.exe

2008-11-02 12:09 . 2004-08-04 01:56 343,040 --a--c--- C:\WINDOWS\system32\dllcache\mspaint.exe

2008-11-02 12:09 . 2003-03-31 05:00 114,688 --a--c--- C:\WINDOWS\system32\dllcache\calc.exe

2008-11-02 12:09 . 2003-03-31 05:00 114,688 --a------ C:\WINDOWS\system32\calc.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-19 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7

2008-11-17 04:14 --------- d-----w C:\Program Files\Lavasoft

2008-09-24 03:57 --------- d-----w C:\Program Files\Paint.NET

2008-09-20 03:33 --------- d-----w C:\Documents and Settings\Keegan\Application Data\SolidWorks

2006-10-09 12:22 36,272 ----a-w C:\Documents and Settings\Keegan\Application Data\GDIPFONTCACHEV1.DAT

.

 

((((((((((((((((((((((((((((( [email protected]_ 0.55.43.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll

+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll

+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll

+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\updspapi.dll

+ 2008-05-02 13:30:08 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll

+ 2008-05-02 14:01:49 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll

+ 2008-05-02 13:42:10 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll

+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll

+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll

+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll

+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll

+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll

+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe

+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll

+ 2008-04-11 18:39:39 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll

+ 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll

+ 2008-04-12 05:22:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll

+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll

+ 2007-12-03 15:25:31 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll

+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe

+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe

+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe

+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll

+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe

+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll

+ 2008-05-01 15:04:00 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll

+ 2008-05-01 14:33:02 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll

+ 2008-05-01 14:38:05 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll

+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll

+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe

+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll

+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe

+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll

+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll

+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll

+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll

+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe

+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll

+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll

+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe

+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll

+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe

+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll

+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi.dll

+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB944338-v2$\jscript.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\updspapi.dll

+ 2004-08-04 07:56:46 417,792 -c----w C:\WINDOWS\$NtUninstallKB944338-v2$\vbscript.dll

+ 2004-08-04 07:56:43 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll

+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll

+ 2005-07-26 04:39:45 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll

+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe

+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll

+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll

+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll

+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll

+ 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe

+ 2004-08-04 07:56:42 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll

+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe

+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll

+ 2005-06-29 01:46:00 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll

+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe

+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll

+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe

+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\updspapi.dll

+ 2008-09-24 03:57:46 102,400 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\431343df6d45ea5d4a10cc26fadae79e\DdsFileType.ni.dll

+ 2008-09-24 03:57:47 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\58dd669935b698a80a7209e111a01021\ICSharpCode.SharpZipLib.ni.dll

+ 2008-09-24 03:57:38 114,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\f45ea7a3fe72ea840b39c3b3104f6767\Interop.WIA.ni.dll

+ 2008-09-24 03:57:36 253,952 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\04ebaac245683d357d7e72dbc72be55d\PaintDotNet.Base.ni.dll

+ 2008-09-24 03:57:44 1,953,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\dc62a33b30bbd42638be7d581be45066\PaintDotNet.Core.ni.dll

+ 2008-09-24 03:57:45 770,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\e01033bcf151c468a3a4c3064034f8d2\PaintDotNet.Data.ni.dll

+ 2008-09-24 03:57:49 753,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\53732619844d19010fc56289b4ae27d0\PaintDotNet.Effects.ni.dll

+ 2008-09-24 03:57:39 348,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\de11cbcc2627cb8453fd35c811962eb6\PaintDotNet.Resources.ni.dll

+ 2008-09-24 03:57:38 23,040 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\178acbd94b5303ee55af6efccbd0514e\PaintDotNet.StylusReader.ni.dll

+ 2008-09-24 03:57:37 643,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\b2e88cd257cd1c20ecf5b7bbd241fef7\PaintDotNet.SystemLayer.ni.dll

+ 2008-09-24 03:57:54 2,195,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet\79297328391619d816b1de5daa13d3a9\PaintDotNet.ni.exe

+ 2008-09-24 03:57:34 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll

+ 2008-09-24 03:57:35 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2008-09-24 03:57:55 29,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\6c6aa7239ee8063a58c9130960253d27\WiaProxy32.ni.exe

- 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2008-09-24 03:57:20 77,610 ----a-r C:\WINDOWS\Installer\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}\_6FEFF9B68218417F98F549.exe

- 2000-08-31 13:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe

+ 2000-08-31 14:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe

- 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

+ 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

- 2007-07-31 00:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

+ 2008-07-19 03:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

- 2007-07-31 00:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2008-07-19 03:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll

- 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll

+ 2008-04-11 18:50:43 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll

- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2008-05-01 14:30:33 331,776 -c----w C:\WINDOWS\system32\dllcache\msadce.dll

+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll

+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

- 2007-07-31 00:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

+ 2008-07-19 03:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

- 2007-07-31 00:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

+ 2008-07-19 03:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

- 2007-07-31 00:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

+ 2008-07-19 03:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

- 2007-07-31 00:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2008-07-19 03:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

- 2007-07-31 00:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

+ 2008-07-19 03:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

- 2007-07-31 00:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2008-07-19 03:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2008-04-29 16:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

+ 2008-04-29 16:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

+ 2008-04-29 16:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll

+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll

- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2008-05-16 16:58:04 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-08-12 02:28:52 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

- 2008-07-31 02:11:59 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-11-08 13:38:50 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-07-31 02:11:59 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-11-08 13:38:50 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-07-19 03:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll

+ 2008-07-19 03:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll

- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe

+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe

- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

+ 2004-06-19 03:43:16 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll

- 2007-07-31 00:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

+ 2008-07-19 03:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

- 2007-07-31 00:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

+ 2008-07-19 03:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

- 2007-07-31 00:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

+ 2008-07-19 03:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

- 2007-07-31 00:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

+ 2008-07-19 03:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

- 2007-07-31 00:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll

+ 2008-07-19 03:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll

- 2007-07-31 00:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

+ 2008-07-19 03:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

- 2007-07-31 00:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2008-07-19 03:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

+ 2008-11-18 01:21:32 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat

+ 2008-07-29 10:23:06 59,904 ----a-w C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_bdb5a47a\vcomp90.dll

+ 2008-07-29 13:05:08 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_8babbe9a\vcomp90.dll

+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 12:49 307200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]

"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44 32881]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51 233472]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 13:12 176128]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 04:05 590848]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]

"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 04:16 219136]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

"MSACM.CEGSM"= mobilev.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office10\\POWERPNT.EXE"=

"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"62515:UDP"= 62515:UDP:Cisco VPN Service

"67:UDP"= 67:UDP:DHCP Discovery Service

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d69f7f62-a0d8-11db-92b4-0007e96523c7}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Keegan\Application Data\Mozilla\Firefox\Profiles\t8cbcmh8.default\

FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava11.dll

FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava12.dll

FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava13.dll

FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava14.dll

FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava32.dll

FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll

FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPOJI610.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-19 22:04:11

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> ?:\WINDOWS\System32\CSCDLL.dll

.

Completion time: 2008-11-19 22:10:45

ComboFix-quarantined-files.txt 2008-11-20 04:10:42

ComboFix2.txt 2008-08-02 05:56:34

ComboFix3.txt 2008-07-31 03:36:13

 

Pre-Run: 59,354,931,200 bytes free

Post-Run: 59,370,958,848 bytes free

 

284 --- E O F --- 2008-09-16 01:30:22

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:20:15 PM, on 11/19/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Keegan\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe

 

--

End of file - 6162 bytes

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0