Jump to content


Photo

Ad-Aware unable to remove/quarantine threats


  • Please log in to reply
No replies to this topic

#1 hulagu

hulagu

    Member

  • Members
  • PipPip
  • 13 posts

Posted 20 November 2008 - 05:54 AM

I ran Ad-Aware 2008 earlier this week and it was unable to delete/quarantine some of the threats identified. When the scan was finished, here's roughly what it told me:
Redirected Hostfile Entry category: Miscellaneous TAI: 4
Hosts file entry IP Address: 127.0.0.1
Host name: {THEREALSEARCH.COM, GREG-SEARCH.COM, APPROVEDLINKS.COM, VSE-MOE.BIZ, AIFIND.INFO, FIND4U.NET, I-LOOKUP.COM, IE-SEARCH.COM, ITSEASY.US}

Any ideas? Below are my ComboFix and HijackThis logs. (Also, after I ran ComboFix, an Internet Explorer icon popped up on my Desktop, which is strange, because I have deleted IE and replaced it with Firefox.)

ComboFix 08-07-31.06 - Keegan 2008-11-19 22:02:05.5 - NTFSx86
Running from: C:\Documents and Settings\Keegan\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-16 22:14 . 2008-11-16 22:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-02 12:09 . 2004-08-04 01:56 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2008-11-02 12:09 . 2004-08-04 01:56 343,040 --a--c--- C:\WINDOWS\system32\dllcache\mspaint.exe
2008-11-02 12:09 . 2003-03-31 05:00 114,688 --a--c--- C:\WINDOWS\system32\dllcache\calc.exe
2008-11-02 12:09 . 2003-03-31 05:00 114,688 --a------ C:\WINDOWS\system32\calc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-11-17 04:14 --------- d-----w C:\Program Files\Lavasoft
2008-09-24 03:57 --------- d-----w C:\Program Files\Paint.NET
2008-09-20 03:33 --------- d-----w C:\Documents and Settings\Keegan\Application Data\SolidWorks
2006-10-09 12:22 36,272 ----a-w C:\Documents and Settings\Keegan\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-08-02_ 0.55.43.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-12 05:22:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB944338-v2$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\updspapi.dll
+ 2004-08-04 07:56:46 417,792 -c----w C:\WINDOWS\$NtUninstallKB944338-v2$\vbscript.dll
+ 2004-08-04 07:56:43 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll
+ 2005-07-26 04:39:45 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll
+ 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe
+ 2004-08-04 07:56:42 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2005-06-29 01:46:00 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\updspapi.dll
+ 2008-09-24 03:57:46 102,400 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\431343df6d45ea5d4a10cc26fadae79e\DdsFileType.ni.dll
+ 2008-09-24 03:57:47 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\58dd669935b698a80a7209e111a01021\ICSharpCode.SharpZipLib.ni.dll
+ 2008-09-24 03:57:38 114,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\f45ea7a3fe72ea840b39c3b3104f6767\Interop.WIA.ni.dll
+ 2008-09-24 03:57:36 253,952 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\04ebaac245683d357d7e72dbc72be55d\PaintDotNet.Base.ni.dll
+ 2008-09-24 03:57:44 1,953,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\dc62a33b30bbd42638be7d581be45066\PaintDotNet.Core.ni.dll
+ 2008-09-24 03:57:45 770,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\e01033bcf151c468a3a4c3064034f8d2\PaintDotNet.Data.ni.dll
+ 2008-09-24 03:57:49 753,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\53732619844d19010fc56289b4ae27d0\PaintDotNet.Effects.ni.dll
+ 2008-09-24 03:57:39 348,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\de11cbcc2627cb8453fd35c811962eb6\PaintDotNet.Resources.ni.dll
+ 2008-09-24 03:57:38 23,040 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\178acbd94b5303ee55af6efccbd0514e\PaintDotNet.StylusReader.ni.dll
+ 2008-09-24 03:57:37 643,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\b2e88cd257cd1c20ecf5b7bbd241fef7\PaintDotNet.SystemLayer.ni.dll
+ 2008-09-24 03:57:54 2,195,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet\79297328391619d816b1de5daa13d3a9\PaintDotNet.ni.exe
+ 2008-09-24 03:57:34 2,756,608 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-09-24 03:57:35 339,968 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-09-24 03:57:55 29,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\6c6aa7239ee8063a58c9130960253d27\WiaProxy32.ni.exe
- 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-09-24 03:57:20 77,610 ----a-r C:\WINDOWS\Installer\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}\_6FEFF9B68218417F98F549.exe
- 2000-08-31 13:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 14:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2007-07-31 00:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-19 03:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2007-07-31 00:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 03:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
- 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-01 14:30:33 331,776 -c----w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-07-31 00:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 03:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-31 00:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 03:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 03:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-31 00:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 03:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-31 00:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 03:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-31 00:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 03:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-04-29 16:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-29 16:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
+ 2008-04-29 16:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-16 16:58:04 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-08-12 02:28:52 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2008-07-31 02:11:59 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-11-08 13:38:50 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-31 02:11:59 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-11-08 13:38:50 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-19 03:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 03:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-06-19 03:43:16 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll
- 2007-07-31 00:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-07-19 03:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-07-31 00:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-19 03:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-07-31 00:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-19 03:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-07-31 00:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-19 03:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-07-31 00:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-07-19 03:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-07-31 00:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-07-19 03:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-07-31 00:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-07-19 03:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-11-18 01:21:32 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat
+ 2008-07-29 10:23:06 59,904 ----a-w C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_bdb5a47a\vcomp90.dll
+ 2008-07-29 13:05:08 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_8babbe9a\vcomp90.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 12:49 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44 32881]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 13:12 176128]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-10-18 04:05 590848]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 04:16 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\POWERPNT.EXE"=
"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Service
"67:UDP"= 67:UDP:DHCP Discovery Service


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d69f7f62-a0d8-11db-92b4-0007e96523c7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Keegan\Application Data\Mozilla\Firefox\Profiles\t8cbcmh8.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_04\bin\NPOJI610.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 22:04:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Completion time: 2008-11-19 22:10:45
ComboFix-quarantined-files.txt 2008-11-20 04:10:42
ComboFix2.txt 2008-08-02 05:56:34
ComboFix3.txt 2008-07-31 03:36:13

Pre-Run: 59,354,931,200 bytes free
Post-Run: 59,370,958,848 bytes free

284 --- E O F --- 2008-09-16 01:30:22


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:15 PM, on 11/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Keegan\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe

--
End of file - 6162 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users