-
Hello, Thank you the quick reply, I did as you said and ran that scan. I already have Malwarebytes' Anti-Malware on my computer, I updated and did a quick scan, here are the logs you asked for.
ComboFix 11-04-04.01 - Wut 04/04/2011 22:09:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2738 [GMT -5:00]
Running from: c:\documents and settings\Wut\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Wut\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-03 19:06 . 2011-04-03 19:06 -------- d-----w- c:\documents and settings\Wut\Application Data\wargaming.net
2011-04-03 18:57 . 2011-04-03 18:57 -------- d-----w- C:\Games
2011-04-01 00:14 . 2011-04-01 00:14 -------- d-----w- c:\program files\iPod
2011-04-01 00:14 . 2011-04-01 00:15 -------- d-----w- c:\program files\iTunes
2011-04-01 00:09 . 2011-04-01 00:09 -------- d-----w- c:\program files\Bonjour
2011-03-30 18:56 . 2011-03-30 18:56 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc18.tmp
2011-03-30 04:07 . 2011-03-30 04:07 -------- d-----w- c:\documents and settings\Name
2011-03-30 00:22 . 2011-03-30 00:22 -------- d-----w- c:\documents and settings\Wut\.thumbnails
2011-03-30 00:21 . 2011-03-30 00:22 -------- d-----w- c:\documents and settings\Wut\.gimp-2.6
2011-03-30 00:21 . 2011-03-30 00:21 -------- d-----w- c:\documents and settings\Wut\.gegl-0.0
2011-03-29 21:59 . 2009-03-18 22:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2011-03-29 21:59 . 2011-03-29 21:59 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-03-28 21:24 . 2011-03-28 21:24 -------- d-----w- c:\documents and settings\JDAWG\Local Settings\Application Data\ATI
2011-03-28 21:24 . 2011-03-28 21:24 -------- d-----w- c:\documents and settings\JDAWG\Application Data\ATI
2011-03-28 21:24 . 2011-03-28 21:24 -------- d-----w- c:\documents and settings\JDAWG\Local Settings\Application Data\LogMeIn Hamachi
2011-03-28 07:26 . 2011-03-28 07:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-03-27 07:17 . 2011-04-04 23:04 -------- d-----w- c:\documents and settings\Wut\Tracing
2011-03-26 23:04 . 2011-03-26 23:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-26 22:25 . 2011-03-26 22:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-25 20:20 . 2011-04-02 00:08 -------- d-----w- C:\Minecraft
2011-03-25 20:10 . 2011-03-25 20:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-24 02:21 . 2011-03-19 23:27 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-03-24 02:21 . 2011-03-19 23:27 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-03-24 02:21 . 2011-03-19 23:27 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-03-24 02:21 . 2011-03-19 23:27 492504 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-03-24 02:21 . 2011-03-19 23:27 1018328 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
2011-03-19 03:34 . 2011-03-22 10:12 -------- d-----w- c:\documents and settings\Wut\Application Data\.minecraft
2011-03-14 12:17 . 2011-03-14 12:17 -------- d-----w- c:\program files\Common Files\Java
2011-03-14 12:17 . 2011-03-14 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-03-14 12:17 . 2011-03-14 12:17 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-12 03:53 . 2011-04-05 03:13 -------- d-----w- c:\documents and settings\Wut\Local Settings\Application Data\LogMeIn Hamachi
2011-03-12 03:53 . 2011-04-04 23:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2011-03-11 00:06 . 2011-03-11 00:06 -------- d-----w- c:\documents and settings\Wut\Local Settings\Application Data\ATI
2011-03-11 00:06 . 2011-03-11 00:06 -------- d-----w- c:\documents and settings\Wut\Application Data\ATI
2011-03-11 00:06 . 2011-03-11 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2011-03-10 23:59 . 2011-03-10 23:59 -------- d-----w- C:\ATI
2011-03-10 23:12 . 2011-03-11 00:04 -------- d-----w- c:\program files\ATI Technologies
2011-03-10 23:12 . 2011-03-10 23:12 -------- d-----w- C:\AMD
2011-03-06 05:56 . 2011-03-17 05:16 -------- d-----w- c:\documents and settings\Wut\world
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 20:09 . 2010-06-17 00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-25 20:09 . 2010-05-28 19:05 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-04-16 17:38 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 06:01 . 2009-11-14 05:33 219128 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-30 06:01 . 2009-11-14 05:31 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-30 05:58 . 2009-11-14 05:31 138592 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-27 11:57 . 2009-04-16 17:38 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:42 . 2008-04-14 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-19 23:47 . 2011-02-19 22:36 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-01-07 14:09 . 2008-05-27 17:29 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-04 18085888]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\documents and settings\asdasd\Start Menu\Programs\Startup\
KETV NewsWatch 7 Instant Alert.lnk - c:\program files\KETV NewsWatch 7 Instant Alert\liveonline_3749389.exe [2010-9-1 458752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\source sdk base\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\JDAWG\\Local Settings\\Apps\\2.0\\5J46AAC4.3TC\\KPYW8TN6.M89\\gwab..tion_978e0ac48d518eb4_0001.0026_6a5a2d1791a3e63a\\Gwabs.Deploy.exe"=
"c:\\Program Files\\Black Isle\\BGII - SoA\\BGMain.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\ijjigame\\PLauncher.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Documents and Settings\\JDAWG\\Application Data\\RayV\\Viewer\\RayV.dll"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_13140.bin"=
"c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_12900.bin"=
"c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_4000.bin"=
"c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_590.bin"=
"c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_500.bin"=
"c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_440.bin"=
"c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_400.bin"=
"c:\\Program Files\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Documents and Settings\\JDAWG\\My Documents\\Downloads\\StarCraft_2_Beta_enUS (2).exe"=
"c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base15976\\SC2.exe"=
"c:\\Program Files\\StarCraft II Beta\\Versions\\Base16036\\SC2.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\sourcesdk\\bin\\SDKLauncher.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\beat hazard demo\\BeatHazardDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Steam\\steamapps\\scfan7\\eternal-silence\\hl2.exe"=
"c:\\Program Files\\OGPlanet\\Zone4\\Zone4_NA.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\neohart\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\Wut\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"57570:TCP"= 57570:TCP:Pando Media Booster
"57570:UDP"= 57570:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/19/2009 5:58 AM 721904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2010 2:05 PM 135336]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/19/2011 5:36 PM 22504]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/28/2011 3:41 PM 1242504]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [7/21/2010 9:59 PM 266240]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/16/2009 3:15 PM 1684736]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [9/3/2010 1:45 AM 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Wut\Application Data\Mozilla\Firefox\Profiles\znpdqnqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.joystiq.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-04 22:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-04 22:14:39
ComboFix-quarantined-files.txt 2011-04-05 03:14
ComboFix2.txt 2011-04-05 00:31
.
Pre-Run: 89,212,981,248 bytes free
Post-Run: 89,195,134,976 bytes free
.
- - End Of File - - 79EBBED9F581D95B8B924AB339C3628D
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6272
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/4/2011 10:18:26 PM
mbam-log-2011-04-04 (22-18-26).txt
Scan type: Quick scan
Objects scanned: 193145
Time elapsed: 1 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Hi Neohart,
Your logs look ok. How's the machine working/behaving?
Please do the following:
Step 1 | Please download CCleaner (freeware)
- Run the installer.
- Once installed, run CCleaner click the Windows [tab]
- The following should be selected by default, if not, please select:
- Next: click Options (in the left panel) and click the Advanced button.
- Uncheck: "Only delete files in Windows Temp folders older than 24 hours."
- Go back to Cleaner (in the left panel) and click the Run Cleaner button (bottom right). Then exit CCleaner.
Step 2 | Let's perform an ESET Online Scan
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go here then click on: http://i280.photobucket.com/albums/k...bum2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/k...bum2/EOLS2.gif
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on: http://i280.photobucket.com/albums/k...bum2/EOLS3.gif
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic.
- Now click on: http://i280.photobucket.com/albums/k...bum2/EOLS4.gif (Selecting Uninstall application on close if you so wish)
-
The computer is running alot better then it has been lately, no more redirecting from google, no more random tabs opened when online
Did both of the things you asked and the scanner found 2 results, Here is the log.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=237a1a26a9145f428928f17d340e7169
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-05 05:01:28
# local_time=2011-04-05 12:01:28 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 771693 37564285 112462 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=184703
# found=2
# cleaned=0
# scan_time=5190
C:\Documents and Settings\asdasd\Application Data\Mozilla\Firefox\Profiles\iixp04bw.default\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GamersFirst\War Rock\System\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=237a1a26a9145f428928f17d340e7169
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-06 02:26:00
# local_time=2011-04-05 09:26:00 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775125 100 93 840078 37632670 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=365222
# found=2
# cleaned=0
# scan_time=13878
C:\Documents and Settings\asdasd\Application Data\Mozilla\Firefox\Profiles\iixp04bw.default\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\GamersFirst\War Rock\System\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
-
Hi Neohart,
Glad to hear that :bigthumb:
We are almost done.
Do you recognize this file/game?
C:\Program Files\GamersFirst\War Rock\System\WarRock.exe
ESET is detecting a threat in that executable.
Please go to the following site to scan a file: http://wepawet.iseclab.org
- Click on Browse, and upload the following file for analysis:
C:\Documents and Settings\asdasd\Application Data\Mozilla\Firefox\Profiles\iixp04bw.default\prefs.js
- Then click Submit for analysis. Allow the file to be scanned, and when finished please copy and paste the link to the results page.
-
Ya and i removed that game/file from my computer, here is the report from that website
Analysis report for file 7039a380f920b248f17fc2d3abae0575
Sample Overview
File prefs.js
MD5 7039a380f920b248f17fc2d3abae0575
Analysis Started 2011-04-05 21:03:32
Report Generated 2011-04-05 21:03:38
Jsand version 1.3.2
Detection results
Detector Result
Jsand 1.3.2 benign
Exploits
No exploits were identified.
Deobfuscation results
Evals
No evals.
Writes
No writes.
Network Activity
Requests
URL
file://prefs.js
ActiveX controls
No objects/controls.
Shellcode and Malware
No shellcode was identified.
No additional malware was retrieved.
-
I ran spybot today and noticed the click.giftload was back on the computer
-
Hi Neohart,
If you remove that entry with Spybot, does it appear again?
Please run DDS and post a new log. Don't include attach.txt
-
This time no it did not, Here is the DDS,
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Wut at 13:29:39.03 on Fri 04/08/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2572 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Wut\My Documents\Downloads\dds(2).scr
.
============== Pseudo HJT Report ===============
.
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\wut\applic~1\mozilla\firefox\profiles\znpdqnqv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.joystiq.com/
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-28 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-28 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-28 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-28 61960]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-2-19 22504]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-7-21 266240]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-3-28 1242504]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-16 1684736]
S3 cpuz132;cpuz132;\??\c:\docume~1\jdawg\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\jdawg\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
.
=============== Created Last 30 ================
.
2011-04-05 03:29:16 -------- d-----w- c:\program files\CCleaner
2011-04-05 03:08:38 -------- d-----w- C:\ComboFix
2011-04-05 00:16:47 -------- d-sha-r- C:\cmdcons
2011-04-05 00:10:32 98816 ----a-w- c:\windows\sed.exe
2011-04-05 00:10:32 89088 ----a-w- c:\windows\MBR.exe
2011-04-05 00:10:32 256512 ----a-w- c:\windows\PEV.exe
2011-04-05 00:10:32 161792 ----a-w- c:\windows\SWREG.exe
2011-04-03 19:06:17 -------- d-----w- c:\docume~1\wut\applic~1\wargaming.net
2011-04-03 18:57:15 -------- d-----w- C:\Games
2011-04-01 00:14:52 -------- d-----w- c:\program files\iPod
2011-04-01 00:14:50 -------- d-----w- c:\program files\iTunes
2011-04-01 00:09:41 -------- d-----w- c:\program files\Bonjour
2011-03-30 18:56:32 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc18.tmp
2011-03-30 00:22:20 -------- d-----w- c:\documents and settings\wut\.thumbnails
2011-03-30 00:21:42 -------- d-----w- c:\documents and settings\wut\.gimp-2.6
2011-03-30 00:21:38 -------- d-----w- c:\documents and settings\wut\.gegl-0.0
2011-03-29 21:59:57 26176 ---ha-w- c:\windows\system32\hamachi.sys
2011-03-29 21:59:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-03-27 07:17:55 -------- d-----w- c:\documents and settings\wut\Tracing
2011-03-25 20:20:46 -------- d-----w- C:\Minecraft
2011-03-25 20:10:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-24 02:21:22 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-03-24 02:21:22 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-03-24 02:21:22 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-03-24 02:21:21 492504 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
2011-03-24 02:21:21 1018328 ----a-w- c:\program files\mozilla firefox\js3250.dll
2011-03-19 03:34:18 -------- d-----w- c:\docume~1\wut\applic~1\.minecraft
2011-03-14 12:17:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2011-03-14 12:17:13 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-12 03:53:35 -------- d-----w- c:\docume~1\wut\locals~1\applic~1\LogMeIn Hamachi
2011-03-11 00:06:42 -------- d-----w- c:\docume~1\wut\locals~1\applic~1\ATI
2011-03-10 23:59:38 -------- d-----w- C:\ATI
2011-03-10 23:12:52 -------- d-----w- c:\program files\ATI Technologies
2011-03-10 23:12:41 -------- d-----w- C:\AMD
.
==================== Find3M ====================
.
2011-03-25 20:09:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-11 00:04:35 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 06:01:39 219128 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-30 06:01:39 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-26 23:05:56 17252352 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 23:01:00 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 23:00:54 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 22:59:36 4636672 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 22:52:46 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:51:42 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-01-26 22:42:00 4029824 ----a-w- c:\windows\system32\ati3duag.dll
2011-01-26 22:41:32 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-01-26 22:35:04 1112576 ----a-w- c:\windows\system32\ativvamv.dll
2011-01-26 22:32:12 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 22:31:58 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 22:31:50 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-01-26 22:31:42 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 22:31:28 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-01-26 22:30:08 638976 ----a-w- c:\windows\system32\ati2evxx.exe
2011-01-26 22:28:44 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-01-26 22:27:50 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 22:27:06 2673280 ----a-w- c:\windows\system32\ativvaxx.dll
2011-01-26 22:23:50 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-01-26 22:21:32 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 22:21:30 483328 ----a-w- c:\windows\system32\atiok3x2.dll
2011-01-26 22:21:08 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-01-26 22:15:12 847872 ----a-w- c:\windows\system32\ati2cqag.dll
2011-01-26 22:12:58 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 22:12:58 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-21 14:42:25 439808 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 13:29:48.40 ===============
-
Hi Neohart,
Please go to the following site to scan some files: Virus Total
- Click on Browse, and upload the following files for analysis:
- c:\windows\system32\npOGPPlugin.dll
c:\windows\ativpsrm.bin
c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
- Then click Submit. Allow the files to be scanned, and then please copy and paste the results here for me to see.
- If it says already scanned -- click "reanalyze now"
- Please post the results in your next reply.
-
Hello, Thank you for replying here is the scans.
File name:
npOGPPlugin.dll
Submission date:
2011-04-09 21:05:15 (UTC)
Current status:
queued (#15) queued (#15) analysing finished
Result:
0/ 41 (0.0%)
c:\windows\ativpsrm.bin I could not get it to scan, does not look like there is a file?
File name:
npNxGameUS.dll
Submission date:
2011-04-09 21:11:00 (UTC)
Current status:
queued (#4) queued analysing finished
Result:
0/ 42 (0.0%)