Infected

View previous topic View next topic Go down

Infected

Post by foldbak on Thu 08 Jul 2010, 1:19 pm

Hello,
I was searching the web when I clicked on a link and up popped a site that said "congratulations you have been selected" at which time I closed the browser. I guess I was selected to receive a virus. A windows balloon popped up in my task bar warning me that my firewall was disabled. I tried to activate my firewall but received an error message saying "unable to activate". I immediately ran Malwarebites with no results. I tried to access windows update and my browser was blocked. I ran AVG free and Spybot with no results.

I DL'ed RemoveITpro and found several infected files and removed them. I didn't note the infections. One I did note as RemoveIT couldn't and I was directed to remove it manually which I did. The file name was (sys32.npqmp071505000010).

I found it and deleted it and rebooted. Everything seemed to be back to normal for a short time but the symptoms soon returned.

Systems:
Firewall disabled, Windows website unaccessible, web search redirects, applications unresponsive.

I've ran all of my detection software again with no results. Please help, I really don't want to nor have the time to back up, format and reinstall.

Thanks in advance.


foldbak

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2009-07-08
Operating System : XP

View user profile

Back to top Go down

Re: Infected

Post by DragonMaster Jay on Thu 08 Jul 2010, 1:21 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.


Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

scan results

Post by foldbak on Thu 08 Jul 2010, 11:29 pm

GMER 1.0.15.15281 - [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-08 05:04:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\kwldraod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\DRIVERS\imapi.sys entry point in ".rsrc" section [0xBA221314]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xAC7B8000, 0x1C5DC8, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[168] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[168] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[168] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!GetWindowLongW 7E4188A6 5 Bytes JMP 6301DF36 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!GetWindowLongA 7E41945D 5 Bytes JMP 6301DEB2 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 6301DFBA C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 6305D107 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!GetWindowRect 7E4290B4 5 Bytes JMP 6301E794 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 6301E57F C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!MoveWindow 7E42B29E 1 Byte [E9]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!MoveWindow 7E42B29E 5 Bytes JMP 6301E374 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 6305D08D C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 6301DDD6 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 6301DE44 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] USER32.dll!GetWindowPlacement 7E4303C7 5 Bytes JMP 6301E161 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\WINDOWS\System32\svchost.exe[2304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[2304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[2304] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[2304] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 013D000A
.text C:\WINDOWS\System32\svchost.exe[2304] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0097000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [6302A00E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ExitThread] [63029FCD] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63029F41] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63029ED8] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6302A0A6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63029ED8] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63029F41] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6302A0A6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [6302A00E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63029ED8] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63029F41] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6302A0A6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6302A0A6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63029ED8] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] [63029FCD] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [6302A00E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [6305CDA4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6302A0A6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63029ED8] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63029F41] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [6302A00E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [63029F6B] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [6305CD20] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [630588B0] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [6302A162] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [048B1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [6302A19F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowLongW] [048B15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [048B1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305CDA4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63029F6B] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63029F41] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [6302A00E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ExitThread] [63029FCD] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63029ED8] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302A0A6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [048B1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [048B1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [048B15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowLongW] [048B15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6305CD20] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [6302A059] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [6302A081] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [048B1530] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [048B1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [6302A162] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [6302A19F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [048B14A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [630588B0] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [630576B3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [63029F41] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [6302A00E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6302A0A6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [63029ED8] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DefWindowProcA] [048B1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [048B1530] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!GetWindowLongA] [048B15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExW] [6302A19F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!DeleteObject] [6305CDA4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63029ED8] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63029F41] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [6302A0A6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [6302A00E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [63029F6B] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [6302A081] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [6302A19F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] [048B1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowLongW] [048B1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowLongW] [048B15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DeferWindowPos] [048B14A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColor] [6305CD20] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] [048B1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColorBrush] [6305CDD7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!FillRect] [63029D39] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301ED15] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenu] [6302A059] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CallWindowProcW] [630588B0] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetScrollInfo] [048B1750] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1020] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetWindowLongA] [048B15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\nvatabus \Device\Harddisk0\DR0 89BD6EC5

---- Threads - GMER 1.0.15 ----

Thread System [4:2820] 9650B27C

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\imapi.sys suspicious modification
File C:\WINDOWS\system32\drivers\nvatabus.sys suspicious modification

---- EOF - GMER 1.0.15 ----

foldbak

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2009-07-08
Operating System : XP

View user profile

Back to top Go down

Re: Infected

Post by DragonMaster Jay on Fri 09 Jul 2010, 7:24 am

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    killall::

    Snapshot::

    SysRst::

    TDL::
    C:\WINDOWS\system32\DRIVERS\imapi.sys
    C:\WINDOWS\system32\drivers\nvatabus.sys

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.




NOTE:
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Infected

Post by foldbak on Fri 09 Jul 2010, 2:20 pm

You guys are great!! Resolved!! Thank you!!

foldbak

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2009-07-08
Operating System : XP

View user profile

Back to top Go down

Re: Infected

Post by DragonMaster Jay on Fri 09 Jul 2010, 2:23 pm

Most of the time, when you have originally detected the malware issue, it means the computer is infected by malware of some sort. Antivirus scanners may not show a sign of the malware still being there, which could be a sign of a rootkit.

Whenever rootkit scanners, and antivirus software scan for the rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

So, the idea is, is when you post to a forum that you need help removing malware, it is best to stay with the helper, to ensure your computer is clean. However, it is up to you to continue or not.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Infected

Post by foldbak on Fri 09 Jul 2010, 11:29 pm

Is there anything else I need to do?

foldbak

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2009-07-08
Operating System : XP

View user profile

Back to top Go down

Re: Infected

Post by DragonMaster Jay on Sat 10 Jul 2010, 7:39 am

Just do a few scans to make sure your computer is clean.

I like to make sure those I help, have completely clean computers.

1. Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

[You must be registered and logged in to see this link.]

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


5. Post the following in your next reply:
  • MBAM log
  • SAS log
  • ESET log

And, please tell me how your computer is doing.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Infected

Post by foldbak on Mon 12 Jul 2010, 1:02 am

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2010 9:32:01 AM
mbam-log-2010-07-10 (09-32-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 190623
Time elapsed: 46 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 07/10/2010 at 07:05 AM

Application Version : 4.40.1002

Core Rules Database Version : 5180
Trace Rules Database Version: 2992

Scan type : Quick Scan
Total Scan Time : 00:06:41

Memory items scanned : 641
Memory threats detected : 0
Registry items scanned : 1683
Registry threats detected : 4
File items scanned : 5395
File threats detected : 22

Rogue.AntivirusSoft
HKU\.DEFAULT\Software\avsoft
HKU\S-1-5-18\Software\avsoft

Malware.Trace
HKU\.DEFAULT\SOFTWARE\AVSUITE
HKU\S-1-5-18\SOFTWARE\AVSUITE

Adware.Tracking Cookie
.statcounter.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
[You must be registered and logged in to see this link.] [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mhtqcrjc.default\cookies.sqlite ]

Trojan.Agent/Gen-OnlineGames
C:\DOCUMENTS AND SETTINGS\TONY\DESKTOP\BLACKBERRY\JL_CMDER V1.9.0.EXE

------------------------------------------------

I'll run and post ESET today

foldbak

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2009-07-08
Operating System : XP

View user profile

Back to top Go down

Re: Infected

Post by DragonMaster Jay on Mon 12 Jul 2010, 3:45 pm

Ok. Post that log when you have it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Infected

Post by Sponsored content Today at 12:44 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum