Hi, I really need help with this trojan that i just got today. I’m not really sure what to write here but here are the logs i think. Thank you heaps in advance!!!
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.03.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TP :: TP-PC [administrator]
Protection: Enabled
9/3/2012 10:03:24 PM
mbam-log-2012-09-03 (22-03-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196279
Time elapsed: 2 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\TP\AppData\Roaming\mlcave.dll (Spyware.Password) → Delete on reboot.
Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) → Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\TP\AppData\Roaming\mlcave.dll (Spyware.Password) → Delete on reboot.
(end)
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 22:26:05
22:26:05.343 OS Version: Windows x64 6.1.7601 Service Pack 1
22:26:05.343 Number of processors: 2 586 0x1706
22:26:05.344 ComputerName: TP-PC UserName: TP
22:26:06.707 Initialize success
22:26:08.174 AVAST engine defs: 12090300
22:26:14.604 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
22:26:14.607 Disk 0 Vendor: WDC_WD1600AAJS-60B4A0 02.03A02 Size: 152627MB BusType: 3
22:26:14.623 Disk 0 MBR read successfully
22:26:14.626 Disk 0 MBR scan
22:26:14.630 Disk 0 Windows 7 default MBR code
22:26:14.639 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:26:14.652 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 142271 MB offset 206848
22:26:14.683 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10244 MB offset 291579750
22:26:14.726 Disk 0 scanning C:\Windows\system32\drivers
22:26:25.619 Service scanning
22:26:40.417 Modules scanning
22:26:40.424 Disk 0 trace - called modules:
22:26:40.439 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:26:40.463 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800279f060]
22:26:40.472 3 CLASSPNP.SYS[fffff880019b243f] → nt!IofCallDriver → [0xfffffa80023b7810]
22:26:40.497 5 ACPI.sys[fffff88000fae7a1] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80023c9680]
22:26:40.963 AVAST engine scan C:\Windows
22:26:42.796 AVAST engine scan C:\Windows\system32
22:28:24.235 AVAST engine scan C:\Windows\system32\drivers
22:28:34.545 AVAST engine scan C:\Users\TP
22:30:46.316 AVAST engine scan C:\ProgramData
22:31:02.832 Scan finished successfully
22:31:24.678 Disk 0 MBR has been saved successfully to “C:\Users\TP\Desktop\MBR.dat”
22:31:24.682 The log file has been saved successfully to “C:\Users\TP\Desktop\aswMBR.txt”