Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles

Featured Deal: This Free Course Lets You Achieve Digital Transformation for Your Company

Photo

possible infection - attempt to access invalid address

Started by jackmcn , Aug 24 2009 01:46 PM

  • This topic is locked This topic is locked
2 replies to this topic

#1 jackmcn

jackmcn

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:12:13 PM

Posted 24 August 2009 - 01:46 PM

Hello,
I was confronted today with this nasty message while trying to access a program I have been using regularly: attempt to access invalid address. I'm not sure what this means or why it has suddenly started. I am generally very good about keeping my computer clean, but have been forced in the last week to do an extensive amount of surfing...perhaps I picked up a nasty along the way.

I have followed all of your instructions and am attaching the following files for your review: dds.txt, attach.txt, ark.txt, hijackthis scan

Thanks for any help...
Jack


DDS (Ver_09-07-30.01) - NTFSx86
Run by Laughing Lemon at 19:59:00.29 on 24.08.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1382 [GMT 2:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\DOCUME~1\LAUGHI~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Laughing Lemon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.netvibes.com/#Home
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\laughing lemon\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] "c:\program files\dell\media experience\DMXLauncher.exe"
mRun: [CTSysVol] "c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe" /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
IE: {9239E4EC-C9A6-11D2-A844-00C04F68D538}
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: localhost
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\WINDOW

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\laughi~1\applic~1\mozilla\firefox\profiles\8kwa7gym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#Home
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\laughing lemon\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-8-22 18816]
R1 SSHDRV66;SSHDRV66;c:\windows\system32\drivers\SSHDRV66.sys [2006-5-3 123904]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-9-4 82696]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-12-9 13088]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104456]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys --> c:\windows\system32\drivers\AmeAtmPc.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 AtmElan;ATM Emulated LAN;c:\windows\system32\drivers\atmlane.sys [2008-7-14 55936]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\drivers\atmlane.sys [2008-7-14 55936]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\92.tmp --> c:\windows\system32\92.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\plcmpr5.sys --> c:\windows\system32\PLCMPR5.SYS [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-4-28 15576]
S3 X;X;c:\docume~1\laughi~1\locals~1\temp\x.exe --> c:\docume~1\laughi~1\locals~1\temp\X.exe [?]

=============== Created Last 30 ================

2009-08-24 19:25 <DIR> --d----- c:\program files\Trend Micro
2009-08-22 18:21 18,816 -------- c:\windows\system32\SAVRKBootTasks.sys
2009-08-13 06:58 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-13 06:50 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 06:49 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-05 11:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-02 16:26 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-08-02 16:26 <DIR> --d----- c:\program files\MSECACHE
2009-08-02 11:40 <DIR> --dsh--- c:\documents and settings\laughing lemon\IECompatCache
2009-08-02 11:36 <DIR> --d----- C:\Entertainment
2009-08-02 11:36 <DIR> --d----- C:\ch reference
2009-08-02 11:36 <DIR> --d----- C:\jack
2009-08-02 11:36 <DIR> --d----- C:\food wine info
2009-08-02 11:35 <DIR> --d----- C:\facebook
2009-08-02 11:35 <DIR> --d----- C:\Business
2009-08-02 11:35 <DIR> --d----- C:\search
2009-08-02 11:35 <DIR> --d----- C:\newsgroups
2009-07-31 12:04 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2009-07-31 12:04 <DIR> --d----- c:\windows\Logs

==================== Find3M ====================

2009-08-24 18:45 81,984 a------- c:\windows\system32\bdod.bin
2009-08-21 17:51 104,456 a------- c:\windows\system32\drivers\bdfndisf.sys
2009-08-05 11:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-02 16:52 118,676 a---h--- c:\windows\system32\mlfcache.dat
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 15:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 20:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 20:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 15:42 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 19:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 19:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 19:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 19:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 19:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 19:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 19:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 19:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 19:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 19:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 19:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 19:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 13:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 09:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-25 10:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 10:17 729,600 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 10:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 10:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 10:17 168,448 a------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 10:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 10:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 10:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 10:17 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 10:17 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 10:17 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 10:17 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 13:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 13:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 13:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 13:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 13:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 13:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 13:48 91,776 a------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 13:35 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 16:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 16:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 16:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 13:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 13:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 13:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 13:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 16:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 16:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 08:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 08:32 132,096 a------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-05 09:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 21:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 21:24 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2007-01-08 14:23 251 a------- c:\program files\wt3d.ini
2006-05-11 20:22 460 a------- c:\program files\INSTALL.LOG
2006-04-28 18:21 138 a------- c:\program files\Original Copy of INSTALL.LOG
2009-01-30 20:51 56 ---shr-- c:\windows\system32\21F4E7AD43.sys
2009-01-30 20:51 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:00:44.82 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:13 PM

Posted 05 September 2009 - 10:43 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:13 PM

Posted 10 September 2009 - 06:20 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·