AntiSpyware Programs wont run.

kenmany · 12-20-2007, 08:18 PM

I have AdAware and Super AnitSpyware and cannot get them to run. When I click on them the main screen comes up but then immediatley closes. I am running XP PRO and would really like to get this taken care of. Here is my Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 2:17:52 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Administrator\Desktop\MISC STUFF\New Folder\HoTTProxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe
O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160571125103
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = linksys
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = linksys
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = linksys
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program Files\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

Thanking you in advance!

Punk · 12-20-2007, 08:31 PM

Hello,

Download and Run ComboFix

Download this file from either of the two below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sect...s/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post in your next reply:

The combofix log
A fresh Hijackthis log

kenmany · 12-20-2007, 08:48 PM

ComboFix 07-12-19.2 - Administrator 2007-12-20 14:42:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.587 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx

.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.

2007-12-19 15:00 . 2007-12-19 15:00 <DIR> d-------- C:\VundoFix Backups
2007-12-18 10:03 . 2007-12-18 10:03 688 --a------ C:\WINDOWS\system32\acadstk.dmp
2007-12-17 16:45 . 2007-12-17 16:45 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2007-12-10 14:11 . 2007-12-10 14:11 <DIR> d-------- C:\Program Files\MSECache
2007-11-27 08:51 . 2007-11-27 08:51 <DIR> d-------- C:\Program Files\SnadBoy's Revelation v2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-20 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-19 20:42 45,136 ----a-w C:\WINDOWS\system32\drivers\CBUSB.sys
2007-12-19 20:42 43,520 ----a-w C:\WINDOWS\system32\CBNDLL.DLL
2007-12-19 20:42 376,832 ----a-w C:\WINDOWS\system32\MPIWIN32.DLL
2007-12-19 20:42 --------- d-----w C:\Program Files\SprinkCAD N1
2007-12-19 19:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-19 19:38 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-17 21:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-17 21:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-03 13:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-11-29 20:38 --------- d-----w C:\Program Files\DivX
2007-11-26 18:53 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\Move Networks
2007-11-15 15:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-14 20:53 --------- d-----w C:\Program Files\TycoFP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 20:35 --------- d-----w C:\Program Files\Google
2007-10-31 15:00 266,240 ------w C:\WINDOWS\Setup1.exe
2007-10-31 14:59 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 20:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-29 19:40 --------- d-----w C:\Program Files\Common Files\TerraGame Shared
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 15:47 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared
2007-10-25 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2007-10-25 15:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DassaultSystemes
2007-10-25 15:46 --------- d-----w C:\Program Files\Common Files\eDrawings2008
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-16 22:00 197 ----a-w C:\test.exe
2007-10-16 21:41 197 ----a-w C:\dfs.exe
2007-10-04 04:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-04-20 17:48 96,824 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-04-03 14:41 87,608 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2007-04-03 14:41 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2006-04-04 18:29 80 --sh--r C:\WINDOWS\system32\24774CC22C.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-19_15.40.47.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-19 19:54:23 37,376 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustCall64.dll
+ 2007-12-19 20:44:12 37,376 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustCall64.dll
- 2007-12-19 19:54:23 22,262 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCall.dll
+ 2007-12-19 20:44:11 22,262 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCall.dll
- 2007-12-19 19:54:23 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCalla.dll
+ 2007-12-19 20:44:11 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCalla.dll
- 2007-12-19 19:54:24 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCalla1.dll
+ 2007-12-19 20:44:12 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCalla1.dll
- 2007-02-13 19:57:24 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\Aoem_icon.exe
+ 2007-12-19 20:42:40 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\Aoem_icon.exe
- 2007-02-13 19:57:24 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\ARPPRODUCTICON.exe
+ 2007-12-19 20:42:42 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\ARPPRODUCTICON.exe
- 2007-02-13 19:57:24 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\NewIcon.exe
+ 2007-12-19 20:42:41 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\NewIcon.exe
- 2007-02-13 19:57:24 94,208 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\NewShortcut1.731AD5E9_7B10_4663_A3A9 _5F0638AD3535.exe
+ 2007-12-19 20:42:41 94,208 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\NewShortcut1.731AD5E9_7B10_4663_A3A9 _5F0638AD3535.exe
+ 2007-11-14 20:53:42 45,136 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\CBUSB.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Au toCAD Digital Signatures Icon Overlay Handler]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\MS SOverlay]
@={b75ab0c8-03d5-4592-9821-a48d54d66b14}

[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2003-02-14 01:31 136352 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2007-10-24 07:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-27 09:02]
"Windows LSSS Service"="C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe" [2007-08-16 21:47]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-10-24 07:29]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxBackSchedule]
2005-10-06 09:22 172032 --a------ C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssSort]
2005-07-15 13:29 1335296 --a------ C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2005-10-06 08:22 57344 --a------ C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-07-06 15:42 1318912 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

R3 CBUSB;MARX CryptoTech LP;C:\WINDOWS\system32\drivers\CBUSB.sys [2007-12-19 15:42]
S2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe []
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys []
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys []
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\DNINDIS5.SYS [2003-07-24 12:10]
S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImir r.sys []
S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\ MovRVDrv32.sys [2007-10-09 12:52]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\dr ivers\SndTDriverV32.sys [2007-10-09 17:04]
S4 Ntlwdevrdr;Ntlwdevrdr;C:\WINDOWS\system32\drivers\ fsvga.sys [2003-07-16 11:21]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c6b1cbbb-a263-11da-a01d-ed0b2e2db6d5}]
\Shell\AutoRun\command - E:\EasyRecoveryPro_v6.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 19:25:22 C:\WINDOWS\Tasks\HoTTProxy.job"
- C:\Documents and Settings\Administrator\Desktop\MISC STUFF\New Folder\HoTTProxy.exe
"2007-12-14 05:01:23 C:\WINDOWS\Tasks\Weekly Backup.job"
- C:\WINDOWS\system32\ntbackup.exe
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 14:45:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-20 14:47:03
C:\ComboFix2.txt ... 2007-12-19 15:42
.
2007-12-13 08:03:26 --- E O F ---

kenmany · 12-20-2007, 08:49 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:49:11 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Administrator\Desktop\MISC STUFF\New Folder\HoTTProxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe
O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160571125103
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = linksys
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = linksys
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = linksys
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program Files\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

Punk · 12-20-2007, 09:15 PM

Hey,

Run Hijackthis, click on Do a Scan.
Once it is done put a checkmark next to:

O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe

Click on Fix, and post a fresh HJT after it has been fixed.

kenmany · 12-20-2007, 09:25 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:25:25 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Administrator\Desktop\MISC STUFF\New Folder\HoTTProxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe
O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160571125103
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = linksys
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = linksys
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = linksys
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program Files\DynDNS Updater\DynDNS.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

kenmany · 12-21-2007, 05:27 PM

Anyone have an idea as to why my adware/spyware programs still not working? Thanking you in Advance....

KPE

Punk · 12-21-2007, 05:53 PM

hello, I'm searching some information on those lines:

Quote:

O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe

Svchost is suppose to run in system 32 folder. I'll get back to you when I have more info.
Webbenji

12-20-2007, 08:18 PM	#1 (permalink)
kenmany New Member Join Date: Sep 2006 Posts: 17	AntiSpyware Programs wont run. I have AdAware and Super AnitSpyware and cannot get them to run. When I click on them the main screen comes up but then immediatley closes. I am running XP PRO and would really like to get this taken care of. Here is my Hijack log: Logfile of HijackThis v1.99.1 Scan saved at 2:17:52 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Administrator\Desktop\MISC STUFF\New Folder\HoTTProxy.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160571125103 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = linksys O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = linksys O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = linksys O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program Files\DynDNS Updater\DynDNS.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe Thanking you in advance!

12-20-2007, 08:31 PM	#2 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 5,058	Hello, Download and Run ComboFix Download this file from either of the two below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sect...s/ComboFix.exe Then double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Please post in your next reply: The combofix log A fresh Hijackthis log __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

12-20-2007, 09:15 PM	#5 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 5,058	Hey, Run Hijackthis, click on Do a Scan. Once it is done put a checkmark next to: O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe Click on Fix, and post a fresh HJT after it has been fixed. __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How to eradicate this?	Mayboy	Computer Security	12	12-02-2006 09:39 PM
hijack thread	g4m3rof1337	Computer Security	2	10-18-2006 03:03 PM
I have a problem- Adware help me " Your computer is infected"	davidp423	Computer Security	6	01-16-2006 12:37 AM
Trojan Installer logfile	TheChef	Computer Security	2	08-06-2005 10:56 PM
Computer	dmsee	Desktop Computers	9	12-26-2004 09:20 AM

12-20-2007, 08:48 PM	#3 (permalink)
kenmany New Member Join Date: Sep 2006 Posts: 17	ComboFix 07-12-19.2 - Administrator 2007-12-20 14:42:34.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.587 [GMT -5:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx . ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))) . 2007-12-19 15:00 . 2007-12-19 15:00 <DIR> d-------- C:\VundoFix Backups 2007-12-18 10:03 . 2007-12-18 10:03 688 --a------ C:\WINDOWS\system32\acadstk.dmp 2007-12-17 16:45 . 2007-12-17 16:45 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2007-12-10 14:11 . 2007-12-10 14:11 <DIR> d-------- C:\Program Files\MSECache 2007-11-27 08:51 . 2007-11-27 08:51 <DIR> d-------- C:\Program Files\SnadBoy's Revelation v2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2007-12-20 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-12-19 20:42 45,136 ----a-w C:\WINDOWS\system32\drivers\CBUSB.sys 2007-12-19 20:42 43,520 ----a-w C:\WINDOWS\system32\CBNDLL.DLL 2007-12-19 20:42 376,832 ----a-w C:\WINDOWS\system32\MPIWIN32.DLL 2007-12-19 20:42 --------- d-----w C:\Program Files\SprinkCAD N1 2007-12-19 19:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7 2007-12-19 19:38 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-12-17 21:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-17 21:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-12-03 13:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2007-11-29 20:38 --------- d-----w C:\Program Files\DivX 2007-11-26 18:53 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\Move Networks 2007-11-15 15:46 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-14 20:53 --------- d-----w C:\Program Files\TycoFP 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-09 20:35 --------- d-----w C:\Program Files\Google 2007-10-31 15:00 266,240 ------w C:\WINDOWS\Setup1.exe 2007-10-31 14:59 --------- d-----w C:\Program Files\Common Files\Download Manager 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 20:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-29 19:40 --------- d-----w C:\Program Files\Common Files\TerraGame Shared 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 15:47 --------- d-----w C:\Program Files\Common Files\SolidWorks Shared 2007-10-25 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\DassaultSystemes 2007-10-25 15:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DassaultSystemes 2007-10-25 15:46 --------- d-----w C:\Program Files\Common Files\eDrawings2008 2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-10-20 00:56 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-10-20 00:56 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-10-16 22:00 197 ----a-w C:\test.exe 2007-10-16 21:41 197 ----a-w C:\dfs.exe 2007-10-04 04:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-04-20 17:48 96,824 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT 2007-04-03 14:41 87,608 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe 2007-04-03 14:41 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys 2006-04-04 18:29 80 --sh--r C:\WINDOWS\system32\24774CC22C.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-19_15.40.47.95 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-19 19:54:23 37,376 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustCall64.dll + 2007-12-19 20:44:12 37,376 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustCall64.dll - 2007-12-19 19:54:23 22,262 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCall.dll + 2007-12-19 20:44:11 22,262 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCall.dll - 2007-12-19 19:54:23 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCalla.dll + 2007-12-19 20:44:11 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCalla.dll - 2007-12-19 19:54:24 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCalla1.dll + 2007-12-19 20:44:12 73,728 ----a-w C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\Wi seCustomCalla1.dll - 2007-02-13 19:57:24 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\Aoem_icon.exe + 2007-12-19 20:42:40 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\Aoem_icon.exe - 2007-02-13 19:57:24 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\ARPPRODUCTICON.exe + 2007-12-19 20:42:42 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\ARPPRODUCTICON.exe - 2007-02-13 19:57:24 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\NewIcon.exe + 2007-12-19 20:42:41 21,630 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\NewIcon.exe - 2007-02-13 19:57:24 94,208 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\NewShortcut1.731AD5E9_7B10_4663_A3A9 _5F0638AD3535.exe + 2007-12-19 20:42:41 94,208 ----a-r C:\WINDOWS\Installer\{59E9C5B2-8275-4E9F-958C-853D0AFF57A6}\NewShortcut1.731AD5E9_7B10_4663_A3A9 _5F0638AD3535.exe + 2007-11-14 20:53:42 45,136 ----a-w C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\CBUSB.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Au toCAD Digital Signatures Icon Overlay Handler] @={36A21736-36C2-4C11-8ACB-D4136F2B57BD} [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\MS SOverlay] @={b75ab0c8-03d5-4592-9821-a48d54d66b14} [HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}] 2003-02-14 01:31 136352 --a------ C:\WINDOWS\system32\AcSignIcon.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2007-10-24 07:29] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-27 09:02] "Windows LSSS Service"="C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe" [2007-08-16 21:47] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-10-24 07:29] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxBackSchedule] 2005-10-06 09:22 172032 --a------ C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssSort] 2005-07-15 13:29 1335296 --a------ C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] 2005-10-06 08:22 57344 --a------ C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2007-07-06 15:42 1318912 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe R3 CBUSB;MARX CryptoTech LP;C:\WINDOWS\system32\drivers\CBUSB.sys [2007-12-19 15:42] S2 DynDNS_Updater_Service;DynDNS Updater Service;C:\Program Files\DynDNS Updater\DynDNS.exe [] S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [] S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\DNINDIS5.SYS [2003-07-24 12:10] S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImir r.sys [] S3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\ MovRVDrv32.sys [2007-10-09 12:52] S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\dr ivers\SndTDriverV32.sys [2007-10-09 17:04] S4 Ntlwdevrdr;Ntlwdevrdr;C:\WINDOWS\system32\drivers\ fsvga.sys [2003-07-16 11:21] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c6b1cbbb-a263-11da-a01d-ed0b2e2db6d5}] \Shell\AutoRun\command - E:\EasyRecoveryPro_v6.exe . Contents of the 'Scheduled Tasks' folder "2007-12-20 19:25:22 C:\WINDOWS\Tasks\HoTTProxy.job" - C:\Documents and Settings\Administrator\Desktop\MISC STUFF\New Folder\HoTTProxy.exe "2007-12-14 05:01:23 C:\WINDOWS\Tasks\Weekly Backup.job" - C:\WINDOWS\system32\ntbackup.exe . ************************************************ ******************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 14:45:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2007-12-20 14:47:03 C:\ComboFix2.txt ... 2007-12-19 15:42 . 2007-12-13 08:03:26 --- E O F ---

12-20-2007, 08:49 PM	#4 (permalink)
kenmany New Member Join Date: Sep 2006 Posts: 17	Logfile of HijackThis v1.99.1 Scan saved at 2:49:11 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Administrator\Desktop\MISC STUFF\New Folder\HoTTProxy.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160571125103 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = linksys O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = linksys O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = linksys O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program Files\DynDNS Updater\DynDNS.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

12-20-2007, 09:25 PM	#6 (permalink)
kenmany New Member Join Date: Sep 2006 Posts: 17	Logfile of HijackThis v1.99.1 Scan saved at 3:25:25 PM, on 12/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Administrator\Desktop\MISC STUFF\New Folder\HoTTProxy.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows LSSS Service] C:\Program Files\Common Files\Microsoft Shared\DAO\KENNETH\svchost.exe O8 - Extra context menu item: &Save Video As... - res://C:\Program Files\videodetect\videodetect.dll/201 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll O9 - Extra 'Tools' menuitem: Video Detect - {0028E570-E86D-4ceb-A108-76158C18DEF3} - C:\Program Files\videodetect\videodetect.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160571125103 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://qbp.webex.com/client/v_intuit/ra/ieatgpc.cab O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = linksys O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = linksys O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = linksys O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Unknown owner - C:\Program Files\DynDNS Updater\DynDNS.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

12-21-2007, 05:27 PM	#7 (permalink)
kenmany New Member Join Date: Sep 2006 Posts: 17	Anyone have an idea as to why my adware/spyware programs still not working? Thanking you in Advance.... KPE