|
-
April 27th, 2008, 11:40 AM
#11
After running Malwarebyte I was able to run Superantispyware, so I did that too, here's the latest HJT log and the Superantispyware log:
Superantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/27/2008 at 10:25 AM
Application Version : 4.0.1154
Core Rules Database Version : 3448
Trace Rules Database Version: 1440
Scan type : Complete Scan
Total Scan Time : 00:54:00
Memory items scanned : 484
Memory threats detected : 1
Registry items scanned : 5489
Registry threats detected : 6
File items scanned : 54287
File threats detected : 42
Adware.ClickSpring
C:\DOCUME~1\QURJA1\MYDOCU~1\CROSOF~1\TRACERT.EXE
C:\DOCUME~1\QURJA1\MYDOCU~1\CROSOF~1\TRACERT.EXE
[Utrn] C:\DOCUME~1\QURJA1\MYDOCU~1\CROSOF~1\TRACERT.EXE
C:\DOCUMENTS AND SETTINGS\QURJA1\MY DOCUMENTS\CROSOF~1\TRACERT.EXE
Transponder Variant BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
Adware.2020Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}
Adware.Second Thought
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}
Adware.Tracking Cookie
C:\Documents and Settings\qurja1\Cookies\[email protected][1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@kontera[2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@1070847646[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@rambler[1].txt
C:\Documents and Settings\qurja1\Cookies\[email protected][2].txt
C:\Documents and Settings\qurja1\Cookies\[email protected][1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@fastclick[3].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@advertising[1].txt
C:\Documents and Settings\qurja1\Cookies\[email protected][2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@tribalfusion[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@atdmt[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@list[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@revsci[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@tacoda[2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@zedo[2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@questionmarket[2].txt
C:\Documents and Settings\qurja1\Cookies\[email protected][2].txt
C:\Documents and Settings\qurja1\Cookies\[email protected][2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@cgi-bin[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@yadro[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@adrevolver[2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@realmedia[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@doubleclick[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@insightexpressai[1].txt
C:\Documents and Settings\qurja1\Cookies\[email protected][1].txt
C:\Documents and Settings\qurja1\Cookies\[email protected][1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@apmebf[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@burstnet[2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@mediaplex[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@adserver[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@tns-counter[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@adbrite[1].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@adbrite[2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@adbrite[3].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@adbrite[4].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@collective-media[2].txt
C:\Documents and Settings\qurja1\Cookies\qurja1@fastclick[1].txt
Adware.Vundo-Variant/H
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7319FA81-3903-4F9B-80E2-DA0241D5FDA2}\RP414\A0243737.DLL
Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7319FA81-3903-4F9B-80E2-DA0241D5FDA2}\RP418\A0253167.EXE
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:15 AM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RCSERV.EXE
C:\Program Files\Webroot\Enterprise\Spy Sweeper\commagent.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\spysweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SSU.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\qurja1\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Graco Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5DF4E179-1574-41FA-95BC-5DB5797509CA} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {E6BE4D59-51BA-4E3C-86EC-BB858BD5B0DC} - C:\WINDOWS\system32\wvUnLBSK.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [lcfep] "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
O4 - HKLM\..\Run: [SwdisUsrPCN.PC7835] "C:\PROGRA~1\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "C:\Program Files\Tivoli\swdis\1\wdusrpcn.env"
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SpySweeperEnterprise] "C:\Program Files\Webroot\Enterprise\Spy Sweeper\\SpySweeperUI.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [advap32] C:\WINDOWS\TEMP\3323.tmp/r
O4 - HKLM\..\RunOnce: [SpybotDeletingA2964] command /c del "C:\WINDOWS\stcloader.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9082] cmd /c del "C:\WINDOWS\stcloader.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [Utrn] "C:\DOCUME~1\qurja1\MYDOCU~1\CROSOF~1\tracert.exe" -vt yazb
O4 - HKCU\..\RunOnce: [SpybotDeletingB73] command /c del "C:\WINDOWS\stcloader.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5154] cmd /c del "C:\WINDOWS\stcloader.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: iPassConnect.lnk = C:\Program Files\iPass\iPassConnect\IPassConnectGUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://graco
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} (JInitiator 1.3.1.23) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msp.graco.com
O17 - HKLM\Software\..\Telephony: DomainName = msp.graco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msp.graco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = msp.graco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = msp.graco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = msp.graco.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = msp.graco.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = msp.graco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = msp.graco.com
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\SsoWindows.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Secure Services Client - Cisco Systems - c:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Tivoli Remote Control Service (TME10RC) - TIVOLI Systems - C:\WINDOWS\RCSERV.EXE
O23 - Service: Webroot CommAgent Service (WebrootCommAgentService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\commagent.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\spysweeper.exe
--
End of file - 11114 bytes
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
