[deb306]

1st Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2007 at 11:09 AM

Application Version : 3.7.1018

Core Rules Database Version : 3233
Trace Rules Database Version: 1244

Scan type : Complete Scan
Total Scan Time : 00:58:40

Memory items scanned : 182
Memory threats detected : 0
Registry items scanned : 2725
Registry threats detected : 0
File items scanned : 21544
File threats detected : 1

Trace.Known Threat Sources
c:\WINDOWS\Temporary Internet Files\Content.IE5\01234567\download[1].htm


2nd LOG

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2007 at 10:06 AM

Application Version : 3.7.1018

Core Rules Database Version : 3233
Trace Rules Database Version: 1244

Scan type : Quick Scan
Total Scan Time : 00:17:10

Memory items scanned : 182
Memory threats detected : 0
Registry items scanned : 129
Registry threats detected : 0
File items scanned : 5350
File threats detected : 42

Adware.Tracking Cookie
C:\WINDOWS\Cookies\default@1072701528[2].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\default@realmedia[2].txt
C:\WINDOWS\Cookies\default@1072556060[1].txt
C:\WINDOWS\Cookies\default@adbrite[2].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\default@1071712319[1].txt
C:\WINDOWS\Cookies\default@43836137[2].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\default@zedo[2].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\default@findwhat[1].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\default@tribalfusion[1].txt
C:\WINDOWS\Cookies\default@2o7[2].txt
C:\WINDOWS\Cookies\default@mediaplex[2].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\default@atdmt[2].txt
C:\WINDOWS\Cookies\default@clickbank[1].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\default@serving-sys[1].txt
C:\WINDOWS\Cookies\default@revsci[2].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\default@optimost[1].txt
C:\WINDOWS\Cookies\default@overture[1].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\default@partner2profit[1].txt
C:\WINDOWS\Cookies\default@fastclick[1].txt
C:\WINDOWS\Cookies\default@1070847646[1].txt
C:\WINDOWS\Cookies\default@apmebf[2].txt
C:\WINDOWS\Cookies\[email protected][2].txt
C:\WINDOWS\Cookies\default@burstnet[1].txt
C:\WINDOWS\Cookies\default@casalemedia[1].txt
C:\WINDOWS\Cookies\default@questionmarket[2].txt
C:\WINDOWS\Cookies\default@interclick[2].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\[email protected][1].txt
C:\WINDOWS\Cookies\default@advertising[1].txt
C:\WINDOWS\Cookies\default@revenue[1].txt
C:\WINDOWS\Cookies\default@doubleclick[2].txt
C:\WINDOWS\Cookies\default@hitbox[2].txt


HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:24:22 AM, on 5/8/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\GEEK SQUAD\GEEK SQUAD 24 HOUR COMPUTER SUPPORT\GEEK SQUAD 24 HOUR COMPUTER SUPPORT.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...e...mer&LC=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...bar&LC=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c...rch&LC=0409

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...bar&LC=0409

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presar...c...rch&LC=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presar...c...bar&LC=0409

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe

04- HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe

O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe

O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe

O4 - HKLM\..\Run: [CountrySelection] pctptt.exe

O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKCU\..\Run: [GeekSquad24HourComputerSupport] C:\Program Files\Geek Squad\Geek Squad 24 Hour Computer Support\Geek Squad 24 Hour Computer Support.exe -runapp -checkmin

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&LC=0409 (file missing)

O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...c...c00&LC=0409 (file missing)

O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} -http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=altavista&c=3c00&LC=0409 (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL

Thank you 4 your help !!!

[Advertisements]

I know it’s frustrating waiting for help, but please abide by the rules of the forum and only post one topic, do not duplicate or bump your post. You already have a live topic in malware here:

http://www.geekstogo...s...st&p=959590

If, after 3 days, you have not received a reply, post a link to the original in the Waiting Room.

If you wish to add to your original post, please use the EDIT function.

Please remember that ALL members of staff here at Geeks To Go are volunteers with their own families and lives making demands upon their time. They give as much time as they can spare, but it will never be enough to satisfy everyone.

Thanks for your co-operation.

This topic is now closed.

[Crustyoldbloke]

I know it’s frustrating waiting for help, but please abide by the rules of the forum and only post one topic, do not duplicate or bump your post. You already have a live topic in malware here:

http://www.geekstogo...s...st&p=959590

If, after 3 days, you have not received a reply, post a link to the original in the Waiting Room.

If you wish to add to your original post, please use the EDIT function.

Please remember that ALL members of staff here at Geeks To Go are volunteers with their own families and lives making demands upon their time. They give as much time as they can spare, but it will never be enough to satisfy everyone.

Thanks for your co-operation.

This topic is now closed.