Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Virus - Unknown


  • This topic is locked This topic is locked
2 replies to this topic

#1 dysonbyson

dysonbyson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 19 July 2009 - 08:33 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by Stephan at 21:21:03.00 on Sun 07/19/2009
Internet Explorer: 7.0.6001.18000

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.vigrxplus.com/clicks/clickthrough.html?a=adx
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: CPV: {15421b84-3488-49a7-ad18-cbf84a3efaf6} - c:\program files\wwshow\WWShow.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MJCore class: {d88e1558-7c2d-407a-953a-c044f5607cea} - c:\program files\jcore\Jcore2.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HControlUser] "c:\program files\atk hotkey\HcontrolUser.exe"
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRun: [pridl] "c:\windows\system32\config\systemprofile\appdata\roaming\pridl\pridl.exe" 61A847B5BBF72811329B385672FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
dRun: [A00F9A68077.exe] c:\windows\temp\_A00F9A68077.exe
dRun: [cft] c:\windows\system32\config\systemprofile\appdata\roaming\cft\cft.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\stephan\appdata\roaming\mozilla\firefox\profiles\bsus8qyr.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-19 21:18 <DIR> --d----- c:\program files\CCleaner
2009-07-19 20:49 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-19 20:39 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-07-19 20:39 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-19 20:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-19 20:39 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-19 20:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-19 20:39 <DIR> --d----- c:\programdata\avg8
2009-07-19 20:39 <DIR> --d----- c:\program files\AVG
2009-07-19 20:39 <DIR> --d----- c:\progra~2\avg8
2009-07-19 20:32 <DIR> --d----- c:\users\stephan\Anti Viruses
2009-07-19 19:54 <DIR> --d----- c:\program files\WWShow
2009-07-19 19:49 <DIR> --d----- c:\program files\Jcore
2009-07-18 18:31 138,464 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-18 18:31 22,328 a------- c:\users\stephan\appdata\roaming\PnkBstrK.sys
2009-07-18 18:31 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-07-18 18:31 682,280 a------- c:\windows\system32\pbsvc.exe
2009-07-18 18:31 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-07-18 18:08 <DIR> --d----- c:\program files\Activision
2009-07-17 23:48 <DIR> --d----- c:\program files\Essentials Codec Pack
2009-07-17 20:11 <DIR> --d----- c:\program files\Prototype
2009-07-17 20:01 <DIR> --d----- c:\program files\common files\Blizzard Entertainment.temp
2009-07-17 19:30 <DIR> --d----- c:\programdata\WindowsSearch
2009-07-16 12:00 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-07-16 08:18 <DIR> --d----- c:\program files\Bethesda Softworks
2009-07-16 08:15 <DIR> --d----- c:\windows\system32\xlive
2009-07-16 00:08 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-07-15 23:43 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-07-15 23:43 <DIR> --d----- c:\windows\system32\directx
2009-07-15 19:09 <DIR> --d----- c:\users\stephan\appdata\roaming\Red Alert 3
2009-07-12 22:49 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-12 22:25 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-07-12 22:25 467,984 a------- c:\windows\system32\d3dx10_38.dll
2009-07-12 22:25 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-07-12 22:25 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-07-12 22:25 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2009-07-12 22:25 444,776 a------- c:\windows\system32\d3dx10_35.dll
2009-07-12 22:23 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-07-12 22:23 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-07-12 22:23 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-12 22:23 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-12 16:46 <DIR> --d----- c:\program files\Hollywood Tycoon
2009-07-12 14:54 <DIR> --d----- c:\users\stephan\Bluetooth Software
2009-07-12 14:50 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-07-12 14:50 55,264 a------- c:\windows\system32\drivers\fssfltr.sys
2009-07-12 14:49 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-07-12 14:49 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-07-12 14:47 <DIR> --d----- c:\program files\Microsoft
2009-07-12 14:47 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-12 14:46 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-12 14:44 <DIR> --d----- c:\programdata\Adobe
2009-07-12 14:43 65,536 a------- c:\windows\system32\acovcnt.exe
2009-07-12 14:43 <DIR> --d----- c:\users\Stephan
2009-07-12 14:42 <DIR> --dsh--- c:\programdata\Documents
2009-07-12 14:42 <DIR> --dsh--- C:\Documents and Settings
2009-07-12 14:14 <DIR> --d----- c:\users\stephan\Games
2009-07-12 12:44 <DIR> --d----- c:\windows\pss
2009-07-12 11:28 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-12 11:28 <DIR> --d----- c:\users\stephan\appdata\roaming\DAEMON Tools Lite
2009-07-12 11:22 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-12 11:22 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-12 11:22 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-12 11:22 51,712 a------- c:\windows\system32\wuapp.exe
2009-07-12 05:44 <DIR> --d----- c:\users\stephan\appdata\roaming\GrabPro
2009-07-12 05:44 <DIR> --d----- C:\downloads
2009-07-12 05:44 <DIR> --d----- c:\program files\Orbitdownloader
2009-07-12 04:29 <DIR> --d----- c:\programdata\LightScribe
2009-07-12 04:29 <DIR> --d----- c:\progra~2\LightScribe
2009-07-12 03:50 <DIR> --d----- c:\programdata\Blizzard
2009-07-12 03:50 <DIR> --d----- c:\progra~2\Blizzard
2009-07-12 03:35 32,061 a------- c:\programdata\nvModes.dat
2009-07-12 03:35 32,061 a------- c:\progra~2\nvModes.dat
2009-07-12 03:23 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-12 03:23 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-12 03:23 <DIR> --d----- c:\program files\iPod
2009-07-12 03:23 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 03:23 <DIR> --d----- c:\program files\iTunes
2009-07-12 03:23 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 03:22 <DIR> --d----- c:\program files\Bonjour
2009-07-12 03:22 <DIR> --d----- c:\programdata\Apple Computer
2009-07-12 03:21 <DIR> --d----- c:\programdata\Apple
2009-07-12 03:20 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-12 03:16 56,680 a------- c:\windows\system32\rpcnet.exe
2009-07-12 03:16 56,680 a------- c:\windows\system32\rpcnet.dll
2009-07-12 02:56 24 a------- c:\windows\ATKPF.ini

==================== Find3M ====================

2009-07-19 20:34 667,686 a------- c:\windows\system32\perfh00C.dat
2009-07-19 20:34 336,828 a------- c:\windows\system32\prfh0404.dat
2009-07-19 20:34 326,026 a------- c:\windows\system32\prfh0804.dat
2009-07-19 20:34 123,076 a------- c:\windows\system32\perfc00C.dat
2009-07-19 20:34 101,188 a------- c:\windows\system32\prfc0404.dat
2009-07-19 20:34 101,182 a------- c:\windows\system32\prfc0804.dat
2009-07-19 20:28 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-07-12 17:41 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-07-12 03:22 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-12 03:22 86,016 a------- c:\windows\inf\infstor.dat
2009-07-12 03:22 51,200 a------- c:\windows\inf\infpub.dat
2009-06-11 22:32 0 a------- c:\windows\system32\drivers\1043_ASUSTeK_F50SV.alu
2009-06-11 22:16 33,136 a------- c:\windows\ASScrPro.exe
2009-06-11 22:16 4,814,371 a------- c:\windows\ASUS Camera ScreenSaver.exe
2009-06-11 22:16 520,192 a------- c:\windows\system32\Asus_Camera_ScreenSaver.scr
2009-06-11 22:16 281,144 a------- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2009-06-11 22:16 47,672 a------- c:\windows\AsScrProlog.exe
2009-06-11 22:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-06-11 21:51 319,456 a------- c:\windows\DIFxAPI.dll
2009-06-11 21:50 335,872 a------- c:\windows\HideWin.exe
2009-06-11 21:47 827,392 a------- c:\windows\system32\wininet.dll
2009-06-11 21:47 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-11 21:47 47,104 a------- c:\windows\system32\ieUnatt.exe
2009-06-11 21:46 376,832 a------- c:\windows\system32\winhttp.dll
2009-06-11 21:46 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-06-11 21:46 72,704 a------- c:\windows\system32\secur32.dll
2009-06-11 21:46 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-06-11 21:46 24,064 a------- c:\windows\system32\amxread.dll
2009-06-11 21:46 13,824 a------- c:\windows\system32\apilogen.dll
2009-06-11 21:44 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-11 21:42 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-11 21:42 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-11 21:41 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-06-11 21:40 2,868,736 a------- c:\windows\system32\mf.dll
2009-06-11 21:40 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-06-11 21:40 94,720 a------- c:\windows\system32\logagent.exe
2009-06-11 21:40 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-11 21:40 2,048 a------- c:\windows\system32\tzres.dll
2009-06-11 21:39 296,960 a------- c:\windows\system32\gdi32.dll
2009-06-11 21:39 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-06-11 21:39 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-06-11 21:39 347,648 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-06-11 21:38 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-06-11 21:38 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-11 21:38 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2009-06-11 21:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-06-11 21:38 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2009-06-11 21:38 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-06-11 21:38 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-06-11 21:36 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-06-11 21:35 2,927,104 a------- c:\windows\explorer.exe
2009-06-11 21:35 1,645,568 a------- c:\windows\system32\connect.dll
2009-06-11 21:34 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-11 21:34 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-06-11 21:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-06-11 21:33 443,392 a------- c:\windows\system32\win32spl.dll
2009-06-11 21:30 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-06-11 21:29 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-06-11 21:29 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-06-11 21:29 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-06-11 21:29 45,056 a------- c:\windows\system32\dataclen.dll
2009-06-11 21:29 36,864 a------- c:\windows\system32\cdd.dll
2009-06-11 21:27 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-06-11 21:26 738,304 a------- c:\windows\system32\inetcomm.dll
2009-06-11 21:26 269,312 a------- c:\windows\system32\es.dll
2009-06-11 21:24 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-06-11 21:24 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-06-11 21:24 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-06-11 21:23 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-06-11 21:23 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-11 21:23 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-06-11 21:23 15,360 a------- c:\windows\system32\pacerprf.dll
2009-06-11 21:23 430,080 a------- c:\windows\system32\vbscript.dll
2009-06-11 21:23 180,224 a------- c:\windows\system32\scrobj.dll
2009-06-11 21:23 176,128 a------- c:\windows\system32\wscript.exe
2009-06-11 21:23 172,032 a------- c:\windows\system32\scrrun.dll
2009-06-11 21:23 155,648 a------- c:\windows\system32\cscript.exe
2009-06-11 21:23 90,112 a------- c:\windows\system32\wshext.dll
2009-06-11 21:22 885,248 a------- c:\windows\system32\RacEngn.dll
2009-06-11 21:22 1,314,816 a------- c:\windows\system32\quartz.dll
2009-06-11 21:21 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-06-11 21:20 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-06-11 21:20 1,695,744 a------- c:\windows\system32\gameux.dll
2009-06-11 21:18 988,216 a------- c:\windows\system32\winload.exe
2009-06-11 21:18 927,288 a------- c:\windows\system32\winresume.exe
2009-06-11 21:18 378,368 a------- c:\windows\system32\srcore.dll
2009-06-11 21:18 338,944 a------- c:\windows\system32\rstrui.exe
2009-06-11 21:18 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-06-11 21:18 40,960 a------- c:\windows\system32\srclient.dll
2009-06-11 21:18 19,000 a------- c:\windows\system32\kd1394.dll
2009-06-11 21:18 14,848 a------- c:\windows\system32\srdelayed.exe
2009-06-11 21:18 6,656 a------- c:\windows\system32\kbd106n.dll
2009-06-11 21:18 615,992 a------- c:\windows\system32\ci.dll
2009-06-11 21:17 529,464 a------- c:\windows\system32\drivers\ndis.sys
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2008-07-01 22:28 61,440 a------- c:\program files\common files\CPInstallAction.dll
2008-05-22 12:35 51,962 a------- c:\program files\common files\banner.jpg
2008-04-14 00:39 116,540 a------- c:\windows\inf\perflib\0404\perfi.dat
2008-04-14 00:39:42 A------- 116,540 c:\windows\inf\perflib\0404\perfh.dat

============= FINISH: 21:24:43.90 ===============


I opened an executable file that I really probably shouldn't have. Since that time (I noticed that when I opened the file the expected result did not occur and instead a cmd prompt window flashed across my screen) occasionally while I'm on websites that have never had popup ads before, will spring up one. My homepage had been changed after I opened the file to a male enhancement page.

Prototype and Pro Evolution Soccer will open but Vista will force me to close them when they stop working after 10-20 seconds with this error:

Problem signature:
Problem Event Name: APPCRASH
Application Name: pes2009.exe
Application Version: 1.0.0.0
Application Timestamp: 48b91ef2
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4791a7a6
Exception Code: c0000005
Exception Offset: 0004d855
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160

Fallout 3 though, will freeze entirely upon the opening of the menu and requires me to open the task manager and kill it's process.

I haven't had a problem with anything else so far, the laptop has been restarted since the original problem file was opened.

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:08 AM

Posted 30 July 2009 - 11:09 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:08 AM

Posted 03 August 2009 - 06:29 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users