Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Stolen.Data and Malware.Trace, unable to remove


  • This topic is locked This topic is locked
7 replies to this topic

#1 robert77

robert77

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 06 May 2011 - 06:21 PM

Yesterday when I clicked on what appeared to be a harmless image in Google image search (of a giant caterpillar), my browser was redirected to a bogus antivirus website. It was resized & locked, I was hit with ominous dialogue windows, etc. A Malwarebytes scan revealed infection with Stolen.Data and Malware.Trace that so far repopulate after removal.

I'm assuming it was the above incident that installed them, but it's possible they were present beforehand (my most recent scan was maybe a week ago).

Ran Defogger & DDS, but for some reason GMER only wants to scan Services, Registry, & Files - all other checkboxes are grayed out. Is this a result of the infection or just some setting I'm missing? Either way I've held off on the GMER scan until it can be done correctly.

DDS log follows and Attach.txt is, well, attached. Any help would be much appreciated!

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Robert at 16:03:09.69 on Fri 05/06/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.3057 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\runservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Robert\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [CCleaner.exe] C:\Users\Robert\AppData\Roaming\IzYngQyBVxDQNvJiiKSfHa\IzYngQyBVxDQNvJiiKSfHa\0.0.0.0\CCleaner.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\excg55sm.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-11 55280]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-8 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-6-28 20968]
R2 LicCtrlService;LicCtrl Service;C:\Windows\runservice.exe [2011-1-12 16384]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-24 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-9 9258496]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-8 300544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-10 346144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-6-10 38456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-6-10 1276928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-15 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-15 136176]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-15 1255736]
.
=============== Created Last 30 ================
.
2011-05-06 20:49:55 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-06 08:40:41 98816 ----a-w- C:\Windows\sed.exe
2011-05-06 08:40:41 89088 ----a-w- C:\Windows\MBR.exe
2011-05-06 08:40:41 256512 ----a-w- C:\Windows\PEV.exe
2011-05-06 08:40:41 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-06 07:54:40 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{9DD37267-ED58-460F-93E0-6578B86E705E}\mpengine.dll
2011-05-03 02:26:06 -------- d-----w- C:\Users\Robert\AppData\Roaming\svBuilder
2011-05-03 02:26:05 -------- d-----w- C:\Program Files (x86)\svBuilder
2011-04-30 22:59:59 -------- d-----w- C:\Users\Robert\AppData\Roaming\IzYngQyBVxDQNvJiiKSfHa
2011-04-30 17:01:08 -------- d-----w- C:\PROGRA~3\ALM
2011-04-30 01:12:16 -------- d-----w- C:\Calypso stuff
2011-04-30 00:01:09 -------- d-----w- C:\Calypso
2011-04-29 22:53:05 -------- d-----w- C:\Program Files\Defraggler
2011-04-27 16:19:04 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 16:19:04 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 16:19:03 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 16:19:03 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 05:07:04 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-04-27 05:03:18 -------- d-----w- C:\Windows\System32\SPReview
2011-04-27 05:02:55 -------- d-----w- C:\Windows\System32\EventProviders
2011-04-27 05:00:59 689152 ----a-w- C:\Windows\System32\FXSSVC.exe
2011-04-27 04:59:59 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-04-27 04:59:59 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-04-27 04:59:13 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-04-27 04:59:13 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-04-27 04:59:13 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-04-27 04:59:11 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-04-27 04:59:10 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-04-27 04:59:01 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-04-27 04:59:01 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-04-27 04:50:17 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-04-27 04:50:17 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-04-27 04:50:17 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-04-27 04:50:17 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-04-25 03:33:35 -------- d-----w- C:\Users\Robert\AppData\Local\AMD
2011-04-25 03:32:59 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-04-25 03:32:48 -------- d-----w- C:\PROGRA~3\AMD
2011-04-25 03:32:45 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2011-04-25 03:32:43 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-04-25 00:10:48 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-04-25 00:10:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-04-24 23:29:07 -------- d-----w- C:\Program Files (x86)\Dragon Age
2011-04-14 10:39:02 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 10:39:02 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-04-13 19:56:21 -------- d-----w- C:\_data
2011-04-12 01:38:00 -------- d-----w- C:\Video
2011-04-12 01:33:54 -------- d-----w- C:\Program Files (x86)\Haali
2011-04-08 08:03:21 -------- d-----w- C:\Users\Robert\AppData\Roaming\AVS4YOU
2011-04-08 08:03:03 10833920 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2011-04-08 08:03:02 10915840 ----a-w- C:\Windows\SysWow64\libmfxhw32.dll
2011-04-08 08:02:59 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2011-04-08 08:02:45 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-04-08 08:02:45 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2011-04-08 08:02:45 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2011-04-08 08:02:45 -------- d-----w- C:\PROGRA~3\AVS4YOU
.
==================== Find3M ====================
.
2011-05-06 23:01:50 1913 --sha-w- C:\Windows\SysWow64\mmf.sys
2011-04-27 05:13:17 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-04-27 05:13:17 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-22 02:56:26 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-03-22 02:56:22 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-03-22 02:56:10 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-03-22 02:56:06 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-03-22 02:55:58 16115712 ----a-w- C:\Windows\System32\amdocl64.dll
2011-03-22 02:55:46 12385792 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-09 09:22:42 9258496 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-03-09 05:41:52 22518272 ----a-w- C:\Windows\System32\atio6axx.dll
2011-03-09 05:19:22 17397248 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-03-09 04:57:04 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-03-09 04:56:54 679424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-03-09 04:55:52 795136 ----a-w- C:\Windows\System32\aticfx64.dll
2011-03-09 04:53:44 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-03-09 04:53:34 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-03-09 04:53:04 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-03-09 04:52:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-03-09 04:51:48 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-03-09 04:51:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-03-09 04:51:34 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-03-09 04:51:28 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-03-09 04:51:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-03-09 04:51:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-03-09 04:48:46 4277760 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-03-09 04:40:22 5044224 ----a-w- C:\Windows\System32\atidxx64.dll
2011-03-09 04:34:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-03-09 04:34:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-03-09 04:34:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-03-09 04:34:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-03-09 04:34:12 7025152 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-03-09 04:32:32 5618688 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-03-09 04:30:30 4294656 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-03-09 04:24:48 5438976 ----a-w- C:\Windows\System32\atiumd64.dll
2011-03-09 04:18:16 360448 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-03-09 04:18:10 258048 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-03-09 04:18:00 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-03-09 04:17:56 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-03-09 04:17:56 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-03-09 04:17:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-03-09 04:17:48 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-03-09 04:17:42 300544 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-03-09 04:17:04 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-03-09 04:17:00 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-03-09 04:16:54 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-03-09 04:16:48 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-03-09 04:16:14 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-03-09 04:11:06 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-03-09 03:42:40 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-03-09 03:42:06 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-03-09 03:41:52 3239936 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-03-09 03:34:12 3471872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-03-09 03:18:58 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-03-09 03:18:52 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-19 00:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-19 00:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 16:03:47.19 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 14 May 2011 - 08:39 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 robert77

robert77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 14 May 2011 - 11:07 PM

Thanks for the reply m0le! I am indeed here.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 15 May 2011 - 07:58 AM

You have appeared to have used Combofix..

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


If you still have the program can you retrieve the quarantine log.

Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 robert77

robert77
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:44 AM

Posted 15 May 2011 - 02:44 PM

Contents of ComboFix-quarantined-files.txt:

2011-05-06 08:50:01 . 2011-05-06 08:50:01 688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Photo-Objects 50,000 Premium Image Collection.reg.dat
2011-05-06 08:50:00 . 2011-05-06 08:50:00 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2011-05-06 08:49:46 . 2011-05-06 08:49:46 79 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat
2011-05-06 08:45:28 . 2011-05-06 08:45:28 3,961 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-05-06 08:40:38 . 2011-05-06 08:40:38 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-05-06 08:29:50 . 2011-05-06 08:46:25 32 ----a-w- C:\Qoobox\Quarantine\C\Users\Robert\AppData\Roaming\data.dat.vir
2011-04-30 22:59:58 . 2011-04-30 22:59:58 446,464 ----a-w- C:\Qoobox\Quarantine\C\Users\Robert\AppData\Roaming\datacorecr.exe.vir
2007-11-07 16:44:20 . 2007-11-07 16:44:20 855,040 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 15 May 2011 - 08:16 PM

Can you run OTL, a scanner like DDS

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 19 May 2011 - 06:38 PM

Hi,

I have not had a reply from you for 4 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:44 AM

Posted 20 May 2011 - 07:15 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users