|
|
#1
11th Aug 2009, 07:19
|
|||
|
|||
|
SUPERAntiSpyware Scan Log
http://www.superantispyware.com Generated 08/11/2009 at 02:32 PM Application Version : 4.27.1002 Core Rules Database Version : 4046 Trace Rules Database Version: 1986 Scan type : Complete Scan Total Scan Time : 01:47:22 Memory items scanned : 556 Memory threats detected : 0 Registry items scanned : 4839 Registry threats detected : 0 File items scanned : 61742 File threats detected : 52 Adware.Tracking Cookie C:\Documents and Settings\default\Cookies\default@ads.chaptereight[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@e-2dj6wdkignd5kco.stats.esomniture[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@e-2dj6wfkyggazabp.stats.esomniture[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@e-2dj6wfkyuoajifp.stats.esomniture[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@e-2dj6wgl4qmazkkp.stats.esomniture[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@e-2dj6wjkocidpglp.stats.esomniture[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@e-2dj6wjlislcpegp.stats.esomniture[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@eas.apm.emediate[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@ehg-autotrader.hitbox[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@ehg-bskyb.hitbox[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@ehg-dig.hitbox[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@ehg-iwantoneofthose.hitbox[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@ehg-moneyexpert.hitbox[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@ehg-myspaceinc.hitbox[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@ehg-reed.hitbox[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@ehg-rodale.hitbox[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@freecodesource.advert serve[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@freecodesource.advert serve[3].txt C:\Documents and Settings\Kathy\Cookies\kathy@hairfinder[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@indextools[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@insightexpressai[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@interclick[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@interclick[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@kontera[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@lotsofads.smilingtraf fic[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@lstat.youku[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@mediametrics.mpsa[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@onetruemedia[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@pacificpoker[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@partners.tattomedia[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@partypoker[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@precisionclick[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@reduxads.valuead[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@server.lon.liveperson[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@socialmedia[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@stat.youku[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@track.adform[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@try.starware[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@usenext[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@videoegg.adbureau[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@virginmedia[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.blogtoplist[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.burstbeacon[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.clash-media[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.googleadservices[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.googleadservices[3].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.googleadservices[4].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.googleadservices[5].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.googleadservices[7].txt C:\Documents and Settings\Kathy\Cookies\kathy@www.virginmedia[2].txt C:\Documents and Settings\Kathy\Cookies\kathy@xiti[1].txt C:\Documents and Settings\Kathy\Cookies\kathy@zbox.zanox[1].txt MALWAREBYTES' Malwarebytes' Anti-Malware 1.40 Database version: 2586 Windows 5.1.2600 Service Pack 3 11/08/2009 14:57:13 mbam-log-2009-08-11 (14-57-13).txt Scan type: Quick Scan Objects scanned: 96680 Time elapsed: 13 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HIJACK Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:33, on 11/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5286 bytes |
|
#2
11th Aug 2009, 07:35
|
|||
|
|||
|
This doesn't appear to be a malware issue but we can take a closer look.
Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
 Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. If needed, this animation will guide you through the process.
__________________
 |
|
#3
12th Aug 2009, 04:41
|
|||
|
|||
|
I've tried doing this multiple times but each time I try it'll get to a certain point of downloading updates and then stop saying error, key has expired or something along those lines. It's different each time. Would it help if Iactually downloaded the program?
|
|
#4
12th Aug 2009, 07:43
|
|||
|
|||
|
Quote:
 Let's try another scanner. Please scan your computer with Panda ActiveScan * Once you are on the Panda site click the Scan your PC now button. * A new window will open...click the Scan Now button. * If it wants to install an ActiveX component allow it. * It will start downloading the files it requires for the scan. (Note: It may take a couple of minutes) * You may get a warning from Internet Explorer that Panda is ready to install, please allow it. * The scan will begin. Please be patient as it can take an hour or more to complete. * When the scan completes, if anything malicious is detected, click the Export to: button (looks like a little Notepad). * Save the ActiveScan.txt to a convenient location like your desktop. * Note: You do not need to select any of the Disinfect options. We will remove any threats manually. * Post the contents of the ActiveScan report in your next reply.
__________________
|
