• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Tarbow

Ad-aware Unable To Run To Completion

Recommended Posts

Hi guys, I've got a similar situation to that of a few others posting here. I run Ad-Aware SE and it always hangs, never finishing. I read a few posts here and tried running it in safe mode, and it still won't complete. It always freeze while scanning the innards of my system.

 

Here are my logs for ComboScan. Please let me know if you can figure out what's wrong with my system.

 

 

ComboScan v20070306.20 run by Owner on 2007-04-08 at 06:19:53

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created ComboScan Restore Point.

 

 

-- Last 5 Restore Point(s) --

47: 2007-04-08 11:20:06 UTC - RP503 - ComboScan Restore Point

46: 2007-04-07 13:36:06 UTC - RP502 - System Checkpoint

45: 2007-04-06 04:56:53 UTC - RP501 - System Checkpoint

44: 2007-04-04 22:40:42 UTC - RP500 - System Checkpoint

43: 2007-04-03 21:36:39 UTC - RP499 - Software Distribution Service 2.0

 

 

-- First Restore Point --

1: 2007-02-22 08:19:26 UTC - RP457 - Software Distribution Service 2.0

 

 

Performed disk cleanup.

 

 

-- HijackThis (run as Owner.exe) -----------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 6:21:48 AM, on 4/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\Owner\Desktop\comboscan.exe

C:\DOCUME~1\Owner\Desktop\Owner.exe

C:\WINDOWS\system32\notepad.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130190083312

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136955045475

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C663A64E-015E-4229-B31D-4A0B52706A6C}: NameServer = 68.94.156.1,68.94.157.1

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

 

 

-- File Associations -----------------------------------------------------------

 

.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

0R agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS

0R alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS

0R amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS

3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys

2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS

3R bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys

0R cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys

0R dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys

1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys

3R EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys

3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys

3R HSFHWICH - C:\WINDOWS\system32\drivers\HSFHWICH.sys

3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys

3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys

1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys

1S kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys

2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys

3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys

3S mxnic (Macronix MX987xx Family Fast Ethernet NT Driver) - C:\WINDOWS\system32\drivers\mxnic.sys

3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070407.017\NAVENG.SYS

3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070407.017\NAVEX15.SYS

3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys

3S nv - C:\WINDOWS\system32\drivers\nv4_mini.sys

0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys

1S P3 (Intel PentiumIII Processor Driver) - C:\WINDOWS\system32\drivers\p3.sys

3R Point32 (Microsoft IntelliPoint Filter Driver) - C:\WINDOWS\system32\drivers\point32.sys

4S s24trans (WLAN Transport) - C:\WINDOWS\system32\DRIVERS\s24trans.sys (not found)

1R SAVRT - C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys

1R SAVRTPEL - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys

0R sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS

3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys

1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys

3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS

3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys

3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys

3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20070405.002\SymIDSCo.sys

3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys

3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys

1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys

3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys

3R tifm21 - C:\WINDOWS\system32\drivers\tifm21.sys

3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys

3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys

3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys

3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys

3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS

0R viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS

3S w22n51 (Intel® PRO/Wireless 2200 Adapter Driver) - C:\WINDOWS\system32\drivers\w22n51.sys

3R w29n51 (Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP) - C:\WINDOWS\system32\drivers\w29n51.sys

3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found)

3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys

3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

2R ccProxy (Symantec Network Proxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"

2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"

2R DefWatch (Symantec AntiVirus Definition Watcher) - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"

3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"

3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

2R ISSVC (IS Service) - "C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe"

3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"

2R PrismXL - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

3S SavRoam - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"

2R SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"

2R SPBBCSvc (Symantec SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"

2R Symantec AntiVirus - "C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"

2R SymSecurePort (Symantec SecurePort) - "C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2005-10-24 16:07:16 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job<ISPSIG~1.JOB>

 

 

-- Files created between 2007-03-08 and 2007-04-08 -----------------------------

 

2007-04-08 03:21:06 0 d-------- C:\Documents and Settings\Administrator.YOUR-49C8C8412E\Application Data\Lavasoft

2007-03-23 19:10:29 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>

2007-03-23 19:10:28 0 d-------- C:\Program Files\QuickTime Alternative<QUICKT~2>

2007-03-21 00:22:53 0 d-------- C:\Program Files\AVIcodec

2007-03-18 22:51:18 0 d-------- C:\Program Files\piPOol

2007-03-18 22:49:43 0 d-------- C:\Program Files\illiminable<ILLIMI~1>

2007-03-18 00:22:45 60944 --a------ C:\WINDOWS\DASShp.dll

2007-03-18 00:22:45 0 d-------- C:\Program Files\Microsoft Reader<MIBD3F~1>

2007-03-10 08:41:51 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-04-08 05:27:45 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>

2007-04-08 05:11:38 0 d-------- C:\Program Files\Trillian

2007-04-08 03:13:36 40 --a------ C:\WINDOWS\system32\profile.dat

2007-04-08 03:12:50 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent

2007-04-06 05:54:54 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>

2007-04-05 18:15:12 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>

2007-03-23 19:10:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1>

2007-03-23 19:08:55 0 d-------- C:\Program Files\QuickTime<QUICKT~1>

2007-03-18 00:22:45 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>

2007-03-08 10:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll

2007-03-08 10:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-03-08 10:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll

2007-03-08 08:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys

2007-02-24 03:40:44 0 d-------- C:\Program Files\Java

2007-02-08 20:03:59 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM

2007-02-08 19:52:44 0 d-------- C:\Program Files\DIFX

2007-01-30 15:06:18 151048 --a------ C:\WINDOWS\DASAct.dll

2007-01-30 14:52:50 28755 --a------ C:\WINDOWS\UDHID.dll

2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

2007-01-12 10:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

2007-01-12 10:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>

2007-01-12 10:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll

2007-01-12 10:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll

2007-01-08 20:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

2007-01-08 20:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

2007-01-08 20:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

2007-01-08 20:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

2007-01-08 20:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

2007-01-08 20:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll

2007-01-08 20:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2007-01-08 20:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

2007-01-08 20:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

2007-01-08 20:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

2007-01-08 20:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

2007-01-08 19:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

2007-01-08 19:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

 

 

-- Registry Dump ---------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""

"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\VPTray.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="apdproxy"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"inimapping"="0"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

WudfServiceGroup REG_MULTI_SZ WUDFSvc\

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7db3d91-8771-11d9-afea-806d6172696f}]

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c60fae0c-2a97-11db-83ef-00032524ce11}]

Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

 

 

-- End of ComboScan: finished at 2007-04-08 at 06:22:17 ------------------------

 

 

 

ComboScan v20070306.20 run by Owner on 2007-04-08 at 06:19:53

Supplementary logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

 

CPU 0: Intel® Pentium® M processor 1.60GHz

Percentage of Memory in Use: 31%

Physical Memory (total/avail): 1502.42 MiB / 1022.41 MiB

Pagefile Memory (total/avail): 3607.87 MiB / 3272.83 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1990.37 MiB

 

C: is Fixed (NTFS) - 51.64 GiB total, 8.69 GiB free.

D: is Fixed (FAT32) - 4.24 GiB total, 1.67 GiB free.

E: is CDROM (CDFS)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

 

FirstRunDisabled is set.

AntiVirusDisableNotify is set.

FirewallDisableNotify is set.

UpdatesDisableNotify is set.

 

FW: Symantec Client Firewall v8.7.4.79 (Symantec Corporation)

AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Owner\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=YOUR-49C8C8412E

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Owner

LOGONSERVER=\\YOUR-49C8C8412E

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\SSH Communications Security\SSH Secure Shell

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0d06

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp

TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp

USERDOMAIN=YOUR-49C8C8412E

USERNAME=Owner

USERPROFILE=C:\Documents and Settings\Owner

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Owner (admin)

Administrator.YOUR-49C8C8412E (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q

Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}

Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}

Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}

Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}

Auctioneer AddOns --> C:\Program Files\World of Warcraft\Auctioneer Uninstaller.exe

AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe"

BitTornado 0.3.7 --> C:\Program Files\BitTornado\uninst.exe

CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"

DefilerPak 1.20 (Remove Only) --> "C:\Program Files\DefilerPak\UnDefile.exe"

FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"

Fraps --> "C:\Fraps\uninstall.exe"

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"

Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"

Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582

J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}

J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}

Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe

LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120

Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM

Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

Mozilla Firefox (1.5.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.11 (en-US)"

Mozilla Thunderbird (1.0.7) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en)"

Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL

Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe

Opera --> C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

QuickTime Alternative 1.78 --> "C:\Program Files\QuickTime Alternative\unins000.exe"

RadLight APE DirectShow filter (remove only) --> "C:\WINDOWS\system32\RadLightAPEUninstall.exe"

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

SoftK56 Data Fax Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_2030161F\HXFSETUP.EXE -U -Iask20305.inf

SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"

Symantec Client Security --> MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{425ECED4-23ED-4E05-A88A-B59700DAF2AD}

Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall

Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat

Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}

Windows Driver Package - Intel (NETw3x32) net (11/15/2006 10.5.1.75) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.EXE /u C:\WINDOWS\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\netw39x5.inf

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

WMPTagSupportExtender --> MsiExec.exe /I{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}

World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

 

 

-- End of ComboScan: finished at 2007-04-08 at 06:22:17 ------------------------

Share this post


Link to post
Share on other sites

Here's my log for that scan.

 

GMER 1.0.12.12244 - http://www.gmer.net

Rootkit scan 2007-04-18 08:55:23

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.12 ----

 

SSDT 89B27650 ZwAlertResumeThread

SSDT 89B0B008 ZwAlertThread

SSDT 8A5F9008 ZwAllocateVirtualMemory

SSDT 89B49078 ZwConnectPort

SSDT 89AFF160 ZwCreateMutant

SSDT 89BE4CA0 ZwCreateThread

SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey

SSDT 89B12D28 ZwFreeVirtualMemory

SSDT 89BB4148 ZwImpersonateAnonymousToken

SSDT 89B199E8 ZwImpersonateThread

SSDT 89B48A88 ZwMapViewOfSection

SSDT 89B01070 ZwOpenEvent

SSDT 89B0BD80 ZwOpenProcessToken

SSDT 89B0DC88 ZwOpenThreadToken

SSDT 89B0DDC8 ZwQueryValueKey

SSDT 89B12CF0 ZwResumeThread

SSDT 89B15420 ZwSetContextThread

SSDT 89B20FD0 ZwSetInformationProcess

SSDT 89B0B250 ZwSetInformationThread

SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey

SSDT 89B7DAC0 ZwSuspendProcess

SSDT 89B2E6A0 ZwSuspendThread

SSDT 89B0BDB8 ZwTerminateProcess

SSDT 89B0B288 ZwTerminateThread

SSDT 89B2E7A8 ZwUnmapViewOfSection

SSDT 8A5FB0F0 ZwWriteVirtualMemory

 

---- Kernel code sections - GMER 1.0.12 ----

 

? C:\WINDOWS\system32\DRIVERS\update.sys

 

---- EOF - GMER 1.0.12 ----

Share this post


Link to post
Share on other sites
Sign in to follow this