Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Search Search
Search for:
Tech Support Guy > > >

Am I infected? Scanners wont pick up anything!

(New)
(!)

TheUnlikelyHero's Avatar
TheUnlikelyHero TheUnlikelyHero is offline
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Jun 2010
18-Jun-2010, 03:44 PM #1
Am I infected? Scanners wont pick up anything!
Greetings Tech Support Guys. This is my first post here on this forum so hopefully Im doing things right, if not please let me know. Thank you in advance for any help you may be able to offer regarding my problem. I will be as responsive as possible to any further questions your team may have about my issue and setup.

The problem I am having is with computer performance. She has always ran smooth for me but in the last month old gal here has been running much slower than normal and performance has not been at its peak. When browsing online, gaming (online and offline) or just using standard applications without internet access there is a sense of slowness in overall functionality and often times screen and mouse will exhibit choppy and sluggish behavior. Im still puzzled as to whether or not this is a hardware issue or if Im just infected with something that I cant find. Aside from lack of performance the only other odd thing is Comodo Firewall periodically picks up UpdateTask.exe and blocks it because its an unidentified program. I googled this task and it looks like it may have been from an Ask Toolbar. However, I do not have Ask Toolbar installed. In addition, when I attempt to locate the .exe using Search including hidden files in Explorer and it returns no search results.

Computer Specs:
Dell Inc. Inspiron 1545 (Laptop)
Windows Vista Home Basic Service Pack 2 (build 6002)
2.00 gigahertz Intel Core2 Duo
3544 Megabytes Usable Installed Memory
250.02 Gigabytes Usable Hard Drive Capacity
125.66 Gigabytes Hard Drive Free Space
Mobile Intel(R) 4 Series Express Chipset Family [Display adapter] (2x)

***What Ive done so far***

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2010 at 06:05 AM

Application Version : 4.38.1004

Core Rules Database Version : 5042
Trace Rules Database Version: 2854

Scan type : Complete Scan
Total Scan Time : 01:38:36

Memory items scanned : 586
Memory threats detected : 0
Registry items scanned : 6678
Registry threats detected : 0
File items scanned : 27755
File threats detected : 6

Adware.Tracking Cookie
C:\Users\ghost\AppData\Roaming\Microsoft\Windows\Cookies\ghost@atdmt[2].txt

Adware.Flash Tracking Cookie
C:\Users\ghost\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NV5H6FNX\CONVOAD.TECHNORATIMEDIA.COM
C:\Users\ghost\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NV5H6FNX\IA.MEDIA-IMDB.COM
C:\Users\ghost\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NV5H6FNX\MEDIA1.BREAK.COM
C:\Users\ghost\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NV5H6FNX\CRACKLE.COM
C:\Users\ghost\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NV5H6FNX\WWW.NAIADSYSTEMS.COM




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4211

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/18/2010 11:59:34 AM
mbam-log-2010-06-18 (11-59-34).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 261169
Time elapsed: 2 hour(s), 37 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\RegGenie\RegGenieOnUninstall.exe (Spyware.Passwords) -> Quarantined and deleted successfully.


Panda Online Security Scan
;************************************************************************** *************************************************************************** ******************************
ANALYSIS: 2010-06-18 12:05:05
PROTECTIONS: 3
MALWARE: 1
SUSPECTS: 1
;************************************************************************** *************************************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;========================================================================== =========================================================================== ==============================
COMODO Defense+ Yes Yes
Windows Defender No No
SUPERAntiSpyware 4, 38, 0, 1004 Yes Yes
;========================================================================== =========================================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;========================================================================== =========================================================================== ==============================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\ghost\appdata\roaming\microsoft\windows\cookies\ghost@atdmt[2].txt
;========================================================================== =========================================================================== ==============================
SUSPECTS
Sent Location
;========================================================================== =========================================================================== ==============================
No c:\users\ghost\downloads\otl.exe ***otl.exe is an Old Timer application that I downloaded from another help forum board.***
;========================================================================== =========================================================================== ==============================
VULNERABILITIES
Id Severity Description
;========================================================================== =========================================================================== ==============================
;========================================================================== =========================================================================== ==============================

As you can see the scans only picked up a few Tracking Cookies. (All scanners were updated including definitions before used)

I updated my BIOS and used MemTest to check for memory errors but availed to nothing.

Here is my HiJackThis log and attached to this thread is a screen shot of Avast Anti Virus scan and log for GMER rootkit scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:21 PM, on 6/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A7D9764-74A3-4C2C-9FAE-05E313D4ECBE}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FD3A8A4-A95A-4D1E-BC00-53390240B264}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\aestsrv.e xe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_0145da1d\STacSV.ex e
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7041 bytes


Hopefully I provided enough information to at least get a head start on what might be the problem. Looking forward to working with you.

Cheers

Avast screen shot
http://forums.techguy.org/attachment...1&d=1276897496
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
TheUnlikelyHero's Avatar
TheUnlikelyHero TheUnlikelyHero is offline
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Jun 2010
21-Jun-2010, 03:17 PM #2
Bump
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Computer starts, then shuts off, wont start up again motox603 Hardware 9 17-Jul-2009 11:20 PM
Weird "Run As" box keeps popping up - am I infected with a virus/malware? pcmama Virus & Other Malware Removal 1 03-Jan-2009 04:33 AM
Advent 7109B wont power up jason34 Hardware 3 19-Nov-2008 06:30 PM
My Computer Wont Start up lee1219 Hardware 1 24-Sep-2008 07:47 PM
Safe Mode Wont Start Up Katarael Windows XP 5 28-Aug-2008 06:22 PM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2