No HIJACKTHIS log yet will do tomorrow

by Lisaponcho - 11/26/12 7:57 PM

In Reply to: Send me your HIJACKTHIS log file. by R. Proffitt Moderator

These are the other logs from Grif"s list.

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/26/2012 08:10:36 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Lucien\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (PID: 5064) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Lucien\Desktop\rkill\rkill-11-26-2012-08-10-52.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/26/2012 08:11:04 PM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)


Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.25.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Lucien :: LUCIEN-PC [administrator]

Protection: Enabled

11/26/2012 8:13:55 PM
mbam-log-2012-11-26 (20-13-55).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401427
Time elapsed: 56 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2012 at 10:10 PM

Application Version : 5.6.1014

Core Rules Database Version : 9642
Trace Rules Database Version: 7454

Scan type : Complete Scan
Total Scan Time : 00:51:02

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 760
Memory threats detected : 0
Registry items scanned : 77677
Registry threats detected : 0
File items scanned : 56553
File threats detected : 53

Adware.Tracking Cookie
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\Q53DJ0PE.txt [ /apmebf.com ]
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\GNKCFQ8S.txt [ /c1.atdmt.com ]
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\CKK0J2PI.txt [ /insightexpressai.com ]
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\QVK9ADX8.txt [ /atdmt.com ]
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\6YW92S3L.txt [ /doubleclick.net ]
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\O0GBJVHO.txt [ /winzip.122.2o7.net ]
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\HVA9X2WP.txt [ /mediaplex.com ]
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\35PSHRNZ.txt [ /interclick.com ]
C:\Users\Lucien\AppData\Roaming\Microsoft\Windows\Cookies\5LGP0HKW.txt [ /a1.interclick.com ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\LUOPNZLP.txt [ Cookie:lisa@doubleclick.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\MTPC4RJ5.txt [ Cookie:lisa@winzip.122.2o7.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1AG5NVNW.txt [ Cookie:lisa@c.atdmt.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\647MWYKA.txt [ Cookie:lisa@imrworldwide.com/cgi-bin ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\M0NH2L39.txt [ Cookie:lisa@mediaplex.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EOBDSRXI.txt [ Cookie:lisa@atdmt.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHS7B499.txt [ Cookie:lisa@serving-sys.com/ ]
C:\USERS\LISA\Cookies\LUOPNZLP.txt [ Cookie:lisa@doubleclick.net/ ]
C:\USERS\LISA\Cookies\MTPC4RJ5.txt [ Cookie:lisa@winzip.122.2o7.net/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GOQPJXU7.txt [ Cookie:lucien@apmebf.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PFE7CX29.txt [ Cookie:lucien@tribalfusion.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FO8MFWJE.txt [ Cookie:lucien@invitemedia.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\00YBXMI6.txt [ Cookie:lucien@c1.atdmt.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\76M8ZO5W.txt [ Cookie:lucien@amazon-adsystem.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6Y0NJV5A.txt [ Cookie:lucien@www.googleadservices.com/pagead/conversion/1010380645/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X3O2FQWQ.txt [ Cookie:lucien@revsci.net/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RGT81H0K.txt [ Cookie:lucien@atdmt.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ST4QFXIN.txt [ Cookie:lucien@collective-media.net/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FJ35OSW2.txt [ Cookie:lucien@doubleclick.net/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6W7PJOLJ.txt [ Cookie:lucien@findthebest.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\23AYFKVB.txt [ Cookie:lucien@c.atdmt.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3QNZ5VBP.txt [ Cookie:lucien@imrworldwide.com/cgi-bin ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HMA0ZWYL.txt [ Cookie:lucien@microsoftsto.112.2o7.net/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\501TTE44.txt [ Cookie:lucien@ad.yieldmanager.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V5JEL1AY.txt [ Cookie:lucien@mediaplex.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6M0B4GOW.txt [ Cookie:lucien@ru4.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SIDWJ1AA.txt [ Cookie:lucien@interclick.com/ ]
C:\USERS\LUCIEN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DT9N68S.txt [ Cookie:lucien@statcounter.com/ ]
C:\USERS\LUCIEN\Cookies\Q53DJ0PE.txt [ Cookie:lucien@apmebf.com/ ]
C:\USERS\LUCIEN\Cookies\GNKCFQ8S.txt [ Cookie:lucien@c1.atdmt.com/ ]
C:\USERS\LUCIEN\Cookies\CKK0J2PI.txt [ Cookie:lucien@insightexpressai.com/ ]
C:\USERS\LUCIEN\Cookies\QVK9ADX8.txt [ Cookie:lucien@atdmt.com/ ]
C:\USERS\LUCIEN\Cookies\6YW92S3L.txt [ Cookie:lucien@doubleclick.net/ ]
C:\USERS\LUCIEN\Cookies\O0GBJVHO.txt [ Cookie:lucien@winzip.122.2o7.net/ ]
C:\USERS\LUCIEN\Cookies\HVA9X2WP.txt [ Cookie:lucien@mediaplex.com/ ]
C:\USERS\LUCIEN\Cookies\35PSHRNZ.txt [ Cookie:lucien@interclick.com/ ]
static.discoverymedia.com [ C:\USERS\LUCIEN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W5Z52NFK ]
cdn.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5AUW288 ]
cdn2.baronsmedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5AUW288 ]
ds.serving-sys.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5AUW288 ]
ec.atdmt.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5AUW288 ]
media4.onsugar.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5AUW288 ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5AUW288 ]
videocdn.pgoamedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\J5AUW288 ]