Pop-ups, Ad-Aware, Failure

**KamikazeKarrot** · 11-28-2009, 04:14 PM

Windows Malicious Software Removal removed a Backdoor program.

I ran a Full Scan on MBAM, but it got shut down almost immediately. I ran a Quick Scan instead, and it picked up four of the little *******s without getting stopped. Once they were gone, my computer's speed picked right back up. I then ran a full scan but found nothing.

ComboFix still doesn't get past the scanning screen, but I'll try your file extension trick.

MBAM Quick Scan

Malwarebytes' Anti-Malware 1.41
Database version: 3251
Windows 5.1.2600 Service Pack 3

11/28/2009 12:54:16 PM
mbam-log-2009-11-28 (12-54-16).txt

Scan type: Quick Scan
Objects scanned: 115233
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\rdolib.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscert.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

MBAM Full Scan

Malwarebytes' Anti-Malware 1.41
Database version: 3251
Windows 5.1.2600 Service Pack 3

11/28/2009 3:01:03 PM
mbam-log-2009-11-28 (15-01-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 185144
Time elapsed: 2 hour(s), 2 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**KamikazeKarrot** · 11-28-2009, 07:40 PM

ComboFix did the same thing as before even with the changed file extensions.

**jholland1964** · 11-28-2009, 11:55 PM

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
-- If you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then save the log to where you can easily find it and post it for us.

***Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.

Post back with the log.

**KamikazeKarrot** · 11-29-2009, 10:52 AM

GMER

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-29 10:50:46
Windows 5.1.2600 Service Pack 3
Running: mm0613cw.exe; Driver: C:\DOCUME~1\Garrett\LOCALS~1\Temp\afliykoc.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe[732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\IBM\Messages By IBM\ibmmessages.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\IBMTOOLS\UTILS\ibmprc.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\IBMTOOLS\UTILS\ibmprc.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\IBMTOOLS\UTILS\ibmprc.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\IBMTOOLS\UTILS\ibmprc.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\rundll32.exe[3020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\rundll32.exe[3020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\rundll32.exe[3020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\rundll32.exe[3020] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BC2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BC2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BC2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BC2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FA2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FA2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FA2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FA2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe[3388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe[3388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe[3388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe[3388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE[3908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE[3908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE[3908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE[3908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\atapi \Device\Ide\IdePort0 [F74ABB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F74ABB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [F74ABB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F74ABB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \FileSystem\Fastfat \Fat AFFDAD20
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

**jholland1964** · 11-29-2009, 11:57 AM

Go to http://virusscan.jotti.org/en and upload this file for scanning. Report back what the various scans say.

C:\WINDOWS\system32\drivers\atapi.sys

**KamikazeKarrot** · 11-30-2009, 09:51 AM

Originally Posted by jholland1964

Go to http://virusscan.jotti.org/en and upload this file for scanning. Report back what the various scans say.

C:\WINDOWS\system32\drivers\atapi.sys

None of the scanners indicated malware.

**KamikazeKarrot** · 11-30-2009, 03:43 PM

I update and run MBAM occasionally just to see if any of the updates help with my problem, so expect to keep seeing logs from it in between your advice.

I ran a Full Scan, but MBAM got shut off by the malware. It does this as soon as MBAM scans mbam.dll. I ran a Quick Scan instead (like when this happened before), and picked up something.

Quick Scan

Malwarebytes' Anti-Malware 1.41
Database version: 3261
Windows 5.1.2600 Service Pack 3

11/30/2009 10:39:05 AM
mbam-log-2009-11-30 (10-39-05).txt

Scan type: Quick Scan
Objects scanned: 95682
Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

Unfortunately, when I restarted, the computer started doing things very slowly again. I've had a Full Scan running for a few hours, and it still has tens of thousands of things to scan yet.

Thread: Pop-ups, Ad-Aware, Failure

Thread Tools

Display

Hybrid View

Thread Information

Users Browsing this Thread

Posting Permissions