Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PSW GENERIC 7 AYUC


  • Please log in to reply
2 replies to this topic

#1 b1gb0y112

b1gb0y112

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 07 January 2010 - 10:30 AM

Hi,


I have had the same problem.
I am in the middle of running the scans suggested by AustrAlien. :thumbsup:
It has seemed to find problems and succesfully resolved them.

I will upload the logs, after the scans have finished to help with any investigations. Hope this will help?!?


Many Thanks.

Rich.

BC AdBot (Login to Remove)

 


#2 b1gb0y112

b1gb0y112
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:53 PM

Posted 07 January 2010 - 12:36 PM

Scans have now completed... Please find below scan logs, hope this helps?!!?

1st Scan

Malwarebytes' Anti-Malware 1.43
Database version: 3507
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/01/2010 14:16:14
mbam-log-2010-01-07 (14-16-00).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 207615
Time elapsed: 1 hour(s), 3 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1\A0000040.exe (Application.MediaPass) -> No action taken.
C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1\A0000529.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1\A0000530.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1\A0000566.exe (Trojan.PWS) -> No action taken.
C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1\A0000567.exe (Spyware.Passwords) -> No action taken.
C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1\A0000569.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1\A0003693.exe (Application.MediaPass) -> No action taken.
C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1\A0003707.exe (Rogue.Installer) -> No action taken.
D:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP2\A0003727.exe (Trojan.Downloader) -> No action taken.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com


Generated 01/05/2010 at 10:45 PM

Application Version : 4.32.1000

Core Rules Database Version : 4447
Trace Rules Database Version: 2269

Scan type : Complete Scan
Total Scan Time : 03:34:45

Memory items scanned : 215
Memory threats detected : 0
Registry items scanned : 4936
Registry threats detected : 23
File items scanned : 88238
File threats detected : 16

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES\ECOBAR\TBHELPER.DLL

Adware.Tracking Cookie
C:\Documents and Settings\123\Cookies\123@advertising[1].txt
C:\Documents and Settings\123\Cookies\123@www.clash-media[2].txt
C:\Documents and Settings\123\Cookies\123@collective-media[1].txt
C:\Documents and Settings\123\Cookies\123@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\123\Cookies\123@trafficmp[1].txt
C:\Documents and Settings\123\Cookies\123@fastclick[1].txt
C:\Documents and Settings\123\Cookies\123@ads.bleepingcomputer[1].txt
C:\Documents and Settings\123\Cookies\123@atdmt[1].txt
C:\Documents and Settings\123\Cookies\123@doubleclick[1].txt
C:\Documents and Settings\123\Cookies\123@ads.gmodules[1].txt
C:\Documents and Settings\123\Cookies\123@msnportal.112.2o7[1].txt
C:\Documents and Settings\123\Cookies\123@chitika[1].txt
C:\Documents and Settings\123\Cookies\123@ad.yieldmanager[1].txt
C:\Documents and Settings\123\Cookies\123@revsci[1].txt

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Trojan.Agent/Gen-FSG
D:\RICH HD\PROGRAMS\CLONE\KEYGEN.EXE


Player.exe;C:\Program Files\Snowplayer;Probably DLOADER.Trojan;Incurable.Moved.;
A0000576.dll;C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1;Trojan.Fakealert.4524;Invalid path to file ;
A0000576.dll;C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1;Trojan.Fakealert.4524;Deleted.;
A0003711.exe;C:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP1;Modification of Win32.HLLM.Generic.349;Moved.;
Reboot.exe;C:\WINDOWS;Tool.Reboot;Incurable.Moved.;
FlexiSign_Patch.exe\Program\app.exe;D:\RICH HD\Work\FlexiSign\1\Flexi 8.5 Pro\Flexisign.Fixes (Crack)\Fix 2\FlexiSign_Patch.exe;Trojan.Packed.650;;
FlexiSign_Patch.exe;D:\RICH HD\Work\FlexiSign\1\Flexi 8.5 Pro\Flexisign.Fixes (Crack)\Fix 2;Archive contains infected objects;Moved.;
A0003754.exe\Program\app.exe;D:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP2\A0003754.exe;Trojan.Packed.650;;
A0003754.exe;D:\System Volume Information\_restore{03500A9A-CD3F-410C-82D3-40AAE2F717C5}\RP2;Archive contains infected objects;Moved.;


14:23:22:687 4004 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
14:23:22:687 4004 ================================================================================
14:23:22:687 4004 SystemInfo:

14:23:22:687 4004 OS Version: 5.1.2600 ServicePack: 3.0
14:23:22:687 4004 Product type: Workstation
14:23:22:687 4004 ComputerName: THE-COMPUTER
14:23:22:687 4004 UserName: 123
14:23:22:687 4004 Windows directory: C:\WINDOWS
14:23:22:687 4004 Processor architecture: Intel x86
14:23:22:687 4004 Number of processors: 1
14:23:22:687 4004 Page size: 0x1000
14:23:22:687 4004 Boot type: Normal boot
14:23:22:687 4004 ================================================================================
14:23:22:687 4004 ForceUnloadDriver: NtUnloadDriver error 2
14:23:22:703 4004 ForceUnloadDriver: NtUnloadDriver error 2
14:23:22:703 4004 ForceUnloadDriver: NtUnloadDriver error 2
14:23:22:703 4004 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
14:23:22:703 4004 main: Driver KLMD successfully dropped
14:23:22:718 4004 main: Driver KLMD successfully loaded
14:23:22:718 4004
Scanning Registry ...
14:23:22:718 4004 ScanServices: Searching service UACd.sys
14:23:22:718 4004 ScanServices: Open/Create key error 2
14:23:22:718 4004 ScanServices: Searching service TDSSserv.sys
14:23:22:718 4004 ScanServices: Open/Create key error 2
14:23:22:718 4004 ScanServices: Searching service gaopdxserv.sys
14:23:22:718 4004 ScanServices: Open/Create key error 2
14:23:22:718 4004 ScanServices: Searching service gxvxcserv.sys
14:23:22:718 4004 ScanServices: Open/Create key error 2
14:23:22:718 4004 ScanServices: Searching service MSIVXserv.sys
14:23:22:718 4004 ScanServices: Open/Create key error 2
14:23:22:718 4004 UnhookRegistry: Kernel module file name: C:\windows\system32\ntoskrnl.exe, base addr: 804D7000
14:23:22:718 4004 UnhookRegistry: Kernel local addr: A40000
14:23:22:718 4004 UnhookRegistry: KeServiceDescriptorTable addr: AC3220
14:23:22:734 4004 UnhookRegistry: KiServiceTable addr: A4B6A8
14:23:22:734 4004 UnhookRegistry: NtEnumerateKey service number (local): 47
14:23:22:734 4004 UnhookRegistry: NtEnumerateKey local addr: ADC5A4
14:23:22:734 4004 KLMD_OpenDevice: Trying to open KLMD device
14:23:22:734 4004 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
14:23:22:734 4004 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0x804DCC49[0x4]
14:23:22:734 4004 UnhookRegistry: NtEnumerateKey service number (kernel): 47
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0x804E27C4[0x4]
14:23:22:734 4004 UnhookRegistry: NtEnumerateKey real addr: 805735A4
14:23:22:734 4004 UnhookRegistry: NtEnumerateKey calc addr: 805735A4
14:23:22:734 4004 UnhookRegistry: No SDT hooks found on NtEnumerateKey
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0x805735A4[0xA]
14:23:22:734 4004 UnhookRegistry: No splicing found on NtEnumerateKey
14:23:22:734 4004
Scanning Kernel memory ...
14:23:22:734 4004 KLMD_OpenDevice: Trying to open KLMD device
14:23:22:734 4004 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
14:23:22:734 4004 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:23:22:734 4004 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A390140
14:23:22:734 4004 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
14:23:22:734 4004 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A3C5C68
14:23:22:734 4004 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3C5C68
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0x8A3C5C68[0x38]
14:23:22:734 4004 DetectCureTDL3: DRIVER_OBJECT addr: 8A390140
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0x8A390140[0xA8]
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0xE18381A8[0x208]
14:23:22:734 4004 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:23:22:734 4004 DetectCureTDL3: IrpHandler (0) addr: F763DBB0
14:23:22:734 4004 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (2) addr: F763DBB0
14:23:22:734 4004 DetectCureTDL3: IrpHandler (3) addr: F7637D1F
14:23:22:734 4004 DetectCureTDL3: IrpHandler (4) addr: F7637D1F
14:23:22:734 4004 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (9) addr: F76382E2
14:23:22:734 4004 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (14) addr: F76383BB
14:23:22:734 4004 DetectCureTDL3: IrpHandler (15) addr: F763BF28
14:23:22:734 4004 DetectCureTDL3: IrpHandler (16) addr: F76382E2
14:23:22:734 4004 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (22) addr: F7639C82
14:23:22:734 4004 DetectCureTDL3: IrpHandler (23) addr: F763E99E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:23:22:734 4004 KLMD_ReadMem: DeviceIoControl error 1
14:23:22:734 4004 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:23:22:734 4004 TDL3_FileDetect: Processing driver: Disk
14:23:22:734 4004 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:23:22:734 4004 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:23:22:734 4004 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:23:22:734 4004 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A4579D0
14:23:22:734 4004 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A4579D0
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0x8A4579D0[0x38]
14:23:22:734 4004 DetectCureTDL3: DRIVER_OBJECT addr: 8A390140
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0x8A390140[0xA8]
14:23:22:734 4004 KLMD_ReadMem: Trying to ReadMemory 0xE18381A8[0x208]
14:23:22:734 4004 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:23:22:734 4004 DetectCureTDL3: IrpHandler (0) addr: F763DBB0
14:23:22:734 4004 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
14:23:22:734 4004 DetectCureTDL3: IrpHandler (2) addr: F763DBB0
14:23:22:734 4004 DetectCureTDL3: IrpHandler (3) addr: F7637D1F
14:23:22:734 4004 DetectCureTDL3: IrpHandler (4) addr: F7637D1F
14:23:22:750 4004 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (9) addr: F76382E2
14:23:22:750 4004 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (14) addr: F76383BB
14:23:22:750 4004 DetectCureTDL3: IrpHandler (15) addr: F763BF28
14:23:22:750 4004 DetectCureTDL3: IrpHandler (16) addr: F76382E2
14:23:22:750 4004 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (22) addr: F7639C82
14:23:22:750 4004 DetectCureTDL3: IrpHandler (23) addr: F763E99E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
14:23:22:750 4004 KLMD_ReadMem: DeviceIoControl error 1
14:23:22:750 4004 TDL3_StartIoHookDetect: Unable to get StartIo handler code
14:23:22:750 4004 TDL3_FileDetect: Processing driver: Disk
14:23:22:750 4004 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
14:23:22:750 4004 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
14:23:22:750 4004 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
14:23:22:750 4004 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A3C6AB8
14:23:22:750 4004 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3C6AB8
14:23:22:750 4004 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A4A69E8
14:23:22:750 4004 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A4A69E8
14:23:22:750 4004 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A3ACB00
14:23:22:750 4004 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3ACB00
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0x8A3ACB00[0x38]
14:23:22:750 4004 DetectCureTDL3: DRIVER_OBJECT addr: 8A4C2170
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0x8A4C2170[0xA8]
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0xE1020E48[0x208]
14:23:22:750 4004 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:23:22:750 4004 DetectCureTDL3: IrpHandler (0) addr: F74CA6F2
14:23:22:750 4004 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (2) addr: F74CA6F2
14:23:22:750 4004 DetectCureTDL3: IrpHandler (3) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (4) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (14) addr: F74CA712
14:23:22:750 4004 DetectCureTDL3: IrpHandler (15) addr: F74C6852
14:23:22:750 4004 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (22) addr: F74CA73C
14:23:22:750 4004 DetectCureTDL3: IrpHandler (23) addr: F74D1336
14:23:22:750 4004 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0xF74C7864[0x400]
14:23:22:750 4004 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
14:23:22:750 4004 TDL3_FileDetect: Processing driver: atapi
14:23:22:750 4004 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
14:23:22:750 4004 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
14:23:22:750 4004 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
14:23:22:750 4004 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A20BAB8
14:23:22:750 4004 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A20BAB8
14:23:22:750 4004 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A3C7F18
14:23:22:750 4004 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3C7F18
14:23:22:750 4004 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A50D940
14:23:22:750 4004 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A50D940
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0x8A50D940[0x38]
14:23:22:750 4004 DetectCureTDL3: DRIVER_OBJECT addr: 8A4C2170
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0x8A4C2170[0xA8]
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0xE1020E48[0x208]
14:23:22:750 4004 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:23:22:750 4004 DetectCureTDL3: IrpHandler (0) addr: F74CA6F2
14:23:22:750 4004 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (2) addr: F74CA6F2
14:23:22:750 4004 DetectCureTDL3: IrpHandler (3) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (4) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (9) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (14) addr: F74CA712
14:23:22:750 4004 DetectCureTDL3: IrpHandler (15) addr: F74C6852
14:23:22:750 4004 DetectCureTDL3: IrpHandler (16) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (22) addr: F74CA73C
14:23:22:750 4004 DetectCureTDL3: IrpHandler (23) addr: F74D1336
14:23:22:750 4004 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
14:23:22:750 4004 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
14:23:22:750 4004 KLMD_ReadMem: Trying to ReadMemory 0xF74C7864[0x400]
14:23:22:750 4004 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 316, 0
14:23:22:750 4004 TDL3_FileDetect: Processing driver: atapi
14:23:22:750 4004 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk
14:23:22:750 4004 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
14:23:22:750 4004 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys
14:23:22:750 4004
Completed

Results:
14:23:22:750 4004 Infected objects in memory: 0
14:23:22:750 4004 Cured objects in memory: 0
14:23:22:765 4004 Infected objects on disk: 0
14:23:22:765 4004 Objects on disk cured on reboot: 0
14:23:22:765 4004 Objects on disk deleted on reboot: 0
14:23:22:765 4004 Registry nodes deleted on reboot: 0
14:23:22:765 4004


2nd Scan

Malwarebytes' Anti-Malware 1.43
Database version: 3507
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/01/2010 17:16:38
mbam-log-2010-01-07 (17-16-38).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 207756
Time elapsed: 58 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 AM

Posted 07 January 2010 - 03:49 PM

Split to individual topic to avoid confusion.

Please run this online scan
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users