Hello, if anyone could lend me a hand that would be wonderful =)
I started up my computer today and I noticed antivira antivirus found two types of viruses.
One was tr/Crypt.Xpack.Gen2
and another was tr/Crypt.Xpack.Gen

They were infected in .exe (in this case the .exe for skype and a game known as vindictus.)

I tried scanning with antivira, malwarebytes, and spybot S&D and nothing pops up for a virus. Even antivira does not find it when it was the one that found it!

I restarted my computer and it came back. I then went into safemode and did a full scan to find nothing again.
However when I booted up my computer again, antivira did not find anything...
I am not too sure if the virus is still there, so I hope someone could check and see if it is really gone.

I have a HJT report included incase needed.
Thank you =D


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Yui-Nyan at 18:50:42.94 on Fri 12/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6062 [GMT -8:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Yui-Nyan\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Yui-Nyan\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Yui-Nyan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Yui-Nyan\AppData\Roaming\Mozilla\Firefox\Profiles\8zxeziwm.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z006&form=ZGAADF&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Yui-Nyan\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -

============= SERVICES / DRIVERS ===============

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-5-23 20520]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-5-23 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-5-23 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-5-23 83120]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-5-23 219360]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-23 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2010-10-29 20352]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-11-18 155752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-23 295424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]

=============== Created Last 30 ================

2010-12-18 02:40:50 -------- d-----w- C:\Users\Yui-Nyan\AppData\Local\Adobe
2010-12-18 01:40:43 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-18 01:20:15 98816 ----a-w- C:\Windows\sed.exe
2010-12-18 01:20:15 89088 ----a-w- C:\Windows\MBR.exe
2010-12-18 01:20:15 256512 ----a-w- C:\Windows\PEV.exe
2010-12-18 01:20:15 161792 ----a-w- C:\Windows\SWREG.exe
2010-12-17 13:56:17 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{41B02875-65EC-4F68-AF3C-41E0EDECBAB0}\mpengine.dll
2010-12-14 19:21:44 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-12-14 19:20:50 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-12-14 19:20:47 395776 ----a-w- C:\Windows\System32\webio.dll
2010-12-14 19:20:47 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-12-14 19:20:43 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-14 19:20:42 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2010-12-14 19:20:41 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2010-12-14 19:20:38 112000 ----a-w- C:\Windows\System32\consent.exe
2010-12-03 21:03:11 -------- d-----w- C:\Users\Yui-Nyan\AppData\Roaming\Moyea
2010-12-03 21:03:08 606208 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2010-12-03 21:03:07 -------- d-----w- C:\Program Files\Moyea
2010-12-03 10:03:41 -------- d-----w- C:\Users\Yui-Nyan\AppData\Local\assembly
2010-12-03 10:03:26 -------- d-----w- C:\Program Files (x86)\NCSoft
2010-12-03 10:02:34 -------- d-----w- C:\Users\Yui-Nyan\AppData\Roaming\GetRightToGo
2010-11-28 12:25:39 -------- d-----w- C:\Users\Yui-Nyan\AppData\Roaming\NVIDIA
2010-11-28 11:33:32 -------- d-----w- C:\Program Files (x86)\2K Games
2010-11-23 18:29:41 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 18:29:41 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-22 00:41:59 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-11-22 00:40:53 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2010-11-22 00:40:53 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2010-11-21 23:26:33 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2010-11-19 06:00:50 -------- d-----w- C:\Program Files (x86)\Garena

==================== Find3M ====================

2010-11-30 01:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-26 11:31:17 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-11 12:28:00 1421312 ----a-w- C:\Windows\SysWow64\EverQuest.exe
2010-11-11 12:28:00 1421312 ------w- C:\Windows\SysWow64\TestEverQuest.exe
2010-11-11 12:27:58 249856 ------w- C:\Windows\SysWow64\installerconfig.exe
2010-11-11 12:27:57 217088 ------w- C:\Windows\SysWow64\Win32Bitmap.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 21:13:54 5901416 ----a-w- C:\Windows\System32\nvcpl.dll
2010-10-16 21:13:34 989800 ----a-w- C:\Windows\System32\nvvsvc.exe
2010-10-16 21:13:34 2590824 ----a-w- C:\Windows\System32\nvsvc64.dll
2010-10-16 21:13:34 116328 ----a-w- C:\Windows\System32\nvmctray.dll
2010-10-08 18:03:38 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-10-08 18:03:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-09-23 07:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2006-05-02 23:00:00 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-20 23:00:00 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-15 23:00:00 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll

============= FINISH: 18:51:45.48 ===============

[B]HijackThis


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:54:01 PM, on 12/17/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Users\Yui-Nyan\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe
C:\Users\Yui-Nyan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z006&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Yui-Nyan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10320 bytes



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-05-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2010-12-14 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-12-14 Includes\Spyware.sbi (*)
2010-12-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-02 Includes\Trojans.sbi (*)
2010-12-16 Includes\TrojansC-02.sbi (*)
2010-12-16 Includes\TrojansC-03.sbi (*)
2010-12-16 Includes\TrojansC-04.sbi (*)
2010-12-16 Includes\TrojansC-05.sbi (*)
2010-12-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay but we get busy most times. Nothing jumping out at me on your logs.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Hi,

Unless it said no threats found, I need to see the log.

You can find it here
C:\Program Files\EsetOnlineScanner\log.txt



Then run this scanner


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

hmm that is weird.
C:\Program Files (x86)\ESET\ESET Online Scanner
is the place I to and when I open the log it only shows this
"
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
"

Am I doing something wrong? When I did the scan it found 3 threats

Here is a scan of Malware
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5395

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/25/2010 3:08:20 PM
mbam-log-2010-12-25 (15-08-20).txt

Scan type: Quick scan
Objects scanned: 153778
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malware did not seem to find anything , but
When I rebooted my computer Avira popped up with this

Virus or unwanted program 'TR/Crypt.ZPACK.Gen2 [trojan]'
detected in file 'C:\Nexon\Vindictus\en-US\Vindictus.exe.
Action performed: Deny access

Lets check that file.

You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)


Please go to: VirusTotal (http://www.virustotal.com/en/indexf.html)http://i204.photobucket.com/albums/bb106/Juliet702/virustotal2-SWI.png

Click the Browse button and search for the following file:
C:\Nexon\Vindictus\en-US\Vindictus.exe <--This file
Click Open
Then click Send File
Please be patient while the file is scanned.
Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

The link you posted for virustotal says not found =x

VirusTotal (http://www.virustotal.com/)

File name:
Vindictus.exe
Submission date:
2010-12-26 01:29:53 (UTC)
Current status:
queued queued analysing finished
Result:
3/ 42 (7.1%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.26.00 2010.12.25 -
AntiVir 7.11.0.177 2010.12.25 -
Antiy-AVL 2.0.3.7 2010.12.26 -
Avast 4.8.1351.0 2010.12.25 -
Avast5 5.0.677.0 2010.12.25 -
AVG 9.0.0.851 2010.12.25 -
BitDefender 7.2 2010.12.26 -
CAT-QuickHeal 11.00 2010.12.25 -
ClamAV 0.96.4.0 2010.12.26 PUA.Packed.Themida-2
Command 5.2.11.5 2010.12.25 -
Comodo 7188 2010.12.25 Heur.Pck.Themida
DrWeb 5.0.2.03300 2010.12.26 -
eSafe 7.0.17.0 2010.12.22 -
eTrust-Vet 36.1.8060 2010.12.24 -
F-Prot 4.6.2.117 2010.12.25 -
F-Secure 9.0.16160.0 2010.12.26 -
Fortinet 4.2.254.0 2010.12.25 -
GData 21 2010.12.26 -
Ikarus T3.1.1.90.0 2010.12.25 -
Jiangmin 13.0.900 2010.12.25 -
K7AntiVirus 9.74.3335 2010.12.24 -
Kaspersky 7.0.0.125 2010.12.26 -
McAfee 5.400.0.1158 2010.12.26 -
McAfee-GW-Edition 2010.1C 2010.12.25 -
Microsoft 1.6402 2010.12.25 -
NOD32 5732 2010.12.25 -
Norman 6.06.12 2010.12.24 -
nProtect 2010-12-25.01 2010.12.25 -
Panda 10.0.2.7 2010.12.25 -
PCTools 7.0.3.5 2010.12.26 -
Prevx 3.0 2010.12.26 -
Rising 22.79.04.00 2010.12.25 -
Sophos 4.60.0 2010.12.25 -
SUPERAntiSpyware 4.40.0.1006 2010.12.25 -
Symantec 20101.3.0.103 2010.12.26 -
TheHacker 6.7.0.1.105 2010.12.25 W32/Behav-Heuristic-064
TrendMicro 9.120.0.1004 2010.12.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.26 -
VBA32 3.12.14.2 2010.12.24 -
VIPRE 7826 2010.12.26 -
ViRobot 2010.12.25.4220 2010.12.25 -
VirusBuster 13.6.112.0 2010.12.25 -
Additional information
Show all
MD5 : 6c7be802fe6d49a070be07357d5f0a21
SHA1 : 93d66e0c0a4747bffa33a4a099aa6e709c56d383
SHA256: 55f408cba1020d661aae32b8a76f293361d5abd94bdbd429a84e899788765d78
ssdeep: 24576:CA9dn8FSpPakssGXVVJLPTR7C4dYri2bEk8GeTRGY31/R8:Ccn8SpcjXLJVKWk85Rr1R8
File size : 1340888 bytes
First seen: 2010-08-19 19:13:09
Last seen : 2010-12-26 01:29:53
TrID:
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: NEXON Corp.
copyright....: NEXON Corp. Copyright (C) 2010
product......: Vindictus
description..: Vindictus Launcher
original name: Vindictus.exe
internal name: launcher
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: NEXON Corporation
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 6:20 AM 8/16/2010
verified.....: -
packers (F-Prot): Themida
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x12B014
timedatestamp....: 0x4C68CA80 (Mon Aug 16 05:20:00 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
, 0x1000, 0x105000, 0x4B200, 7.98, 984f6cb8f9e4f247259fca728c1f206e
.rsrc, 0x106000, 0x23B08, 0x23C00, 3.87, b6334a4c89fe5e396f07d3b1d3a2a39a
.idata , 0x12A000, 0x1000, 0x200, 1.38, c2600789bbc8e86a4035f6949256835f
Themida , 0x12B000, 0x1E1000, 0xD5E00, 7.92, 1aae85c786ab131bea575a82c46c8c20

[[ 2 import(s) ]]
KERNEL32.dll: CreateFileA, lstrcpy
COMCTL32.dll: InitCommonControls
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 862208
CompanyName: NEXON Corp.
EntryPoint: 0x12b014
FileDescription: Vindictus Launcher
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 1309 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1, 0, 0, 1
FileVersionNumber: 1.0.0.1
ImageVersion: 0.0
InitializedDataSize: 374784
InternalName: launcher
LanguageCode: English (U.S.)
LegalCopyright: NEXON Corp. Copyright (C) 2010
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
ObjectFileType: Executable application
OriginalFilename: Vindictus.exe
PEType: PE32
ProductName: Vindictus
ProductVersion: 1, 0, 0, 1
ProductVersionNumber: 1.0.0.1
Subsystem: Windows GUI
SubsystemVersion: 5.0
TimeStamp: 2010:08:16 07:20:00+02:00
UninitializedDataSize: 0

How odd, Antivira was able to see it...

Online games can sometimes be dangerous. Why dont you uninstall this program and then reinstall it . Scan again and see if it still finds anything wrong

Did you want me to scan it with Virustotal?

File name:
Vindictus.exe
Submission date:
2010-12-26 06:28:48 (UTC)
Current status:
queued queued analysing finished
Result:
3/ 43 (7.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.26.00 2010.12.25 -
AntiVir 7.11.0.177 2010.12.25 -
Antiy-AVL 2.0.3.7 2010.12.26 -
Avast 4.8.1351.0 2010.12.25 -
Avast5 5.0.677.0 2010.12.25 -
AVG 9.0.0.851 2010.12.26 -
BitDefender 7.2 2010.12.26 -
CAT-QuickHeal 11.00 2010.12.25 -
ClamAV 0.96.4.0 2010.12.26 PUA.Packed.Themida-2
Command 5.2.11.5 2010.12.26 -
Comodo 7188 2010.12.25 Heur.Pck.Themida
DrWeb 5.0.2.03300 2010.12.26 -
Emsisoft 5.1.0.1 2010.12.26 -
eSafe 7.0.17.0 2010.12.22 -
eTrust-Vet 36.1.8060 2010.12.24 -
F-Prot 4.6.2.117 2010.12.25 -
F-Secure 9.0.16160.0 2010.12.26 -
Fortinet 4.2.254.0 2010.12.25 -
GData 21 2010.12.26 -
Ikarus T3.1.1.90.0 2010.12.26 -
Jiangmin 13.0.900 2010.12.26 -
K7AntiVirus 9.74.3335 2010.12.24 -
Kaspersky 7.0.0.125 2010.12.26 -
McAfee 5.400.0.1158 2010.12.26 -
McAfee-GW-Edition 2010.1C 2010.12.25 -
Microsoft 1.6402 2010.12.26 -
NOD32 5732 2010.12.25 -
Norman 6.06.12 2010.12.24 -
nProtect 2010-12-26.01 2010.12.26 -
Panda 10.0.2.7 2010.12.25 -
PCTools 7.0.3.5 2010.12.26 -
Prevx 3.0 2010.12.26 -
Rising 22.79.05.01 2010.12.26 -
Sophos 4.60.0 2010.12.26 -
SUPERAntiSpyware 4.40.0.1006 2010.12.25 -
Symantec 20101.3.0.103 2010.12.26 -
TheHacker 6.7.0.1.105 2010.12.25 W32/Behav-Heuristic-064
TrendMicro 9.120.0.1004 2010.12.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.26 -
VBA32 3.12.14.2 2010.12.24 -
VIPRE 7828 2010.12.26 -
ViRobot 2010.12.25.4220 2010.12.25 -
VirusBuster 13.6.112.0 2010.12.25 -
Additional information
Show all
MD5 : 6c7be802fe6d49a070be07357d5f0a21
SHA1 : 93d66e0c0a4747bffa33a4a099aa6e709c56d383
SHA256: 55f408cba1020d661aae32b8a76f293361d5abd94bdbd429a84e899788765d78
ssdeep: 24576:CA9dn8FSpPakssGXVVJLPTR7C4dYri2bEk8GeTRGY31/R8:Ccn8SpcjXLJVKWk85Rr1R8
File size : 1340888 bytes
First seen: 2010-08-19 19:13:09
Last seen : 2010-12-26 06:28:48
TrID:
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: NEXON Corp.
copyright....: NEXON Corp. Copyright (C) 2010
product......: Vindictus
description..: Vindictus Launcher
original name: Vindictus.exe
internal name: launcher
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: NEXON Corporation
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 6:20 AM 8/16/2010
verified.....: -
packers (F-Prot): Themida
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x12B014
timedatestamp....: 0x4C68CA80 (Mon Aug 16 05:20:00 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
, 0x1000, 0x105000, 0x4B200, 7.98, 984f6cb8f9e4f247259fca728c1f206e
.rsrc, 0x106000, 0x23B08, 0x23C00, 3.87, b6334a4c89fe5e396f07d3b1d3a2a39a
.idata , 0x12A000, 0x1000, 0x200, 1.38, c2600789bbc8e86a4035f6949256835f
Themida , 0x12B000, 0x1E1000, 0xD5E00, 7.92, 1aae85c786ab131bea575a82c46c8c20

[[ 2 import(s) ]]
KERNEL32.dll: CreateFileA, lstrcpy
COMCTL32.dll: InitCommonControls
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 862208
CompanyName: NEXON Corp.
EntryPoint: 0x12b014
FileDescription: Vindictus Launcher
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 1309 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1, 0, 0, 1
FileVersionNumber: 1.0.0.1
ImageVersion: 0.0
InitializedDataSize: 374784
InternalName: launcher
LanguageCode: English (U.S.)
LegalCopyright: NEXON Corp. Copyright (C) 2010
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
ObjectFileType: Executable application
OriginalFilename: Vindictus.exe
PEType: PE32
ProductName: Vindictus
ProductVersion: 1, 0, 0, 1
ProductVersionNumber: 1.0.0.1
Subsystem: Windows GUI
SubsystemVersion: 5.0
TimeStamp: 2010:08:16 07:20:00+02:00
UninitializedDataSize: 0

Its odd though, I have had Vindictus installed for a couple of months, and it only recently with antivira saying it had a trojan

Well, it may have picked up a bad file along the way, I would uninstall it and then download and install it fresh.

Hows it going ?

Hmm, I was giving it a few days and so far nothing has popped up.
I plan to do a few scans with Spybot and avira to double-check.
I hope that was the last of it =)

You can try this other scanner and see if it picks anything up

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply .

hmm the tr/Crypt.Xpack.Gen2 came back.
I am starting the scan now, but when i just turned on my computer just now avira alert popped up saying it found it on the vindictus.exe again.
Starting the scan from Kasperky now will have a log up asap >_<;

vindictus.exe appears to be some sort of online game

yes it is, and the Skype.exe (the exe infected by tr/Crypt.Xpack.Gen) is an online phone service somewhere along those lines.
I hope that is not bad?

hmm I cannot seem to do the scan.
I always get this

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.



Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]

I have a stable connection. Is there something that must be done?
-

Lets try ESET, Kaspersky has been a bit finicky lately

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

I did the scan however when I opened the log all that appears is

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


Here is the scan results that I took from the end scan

Scanned Files : 341792
Infected Files : 0
Cleaned Files: 0
Total Scan Time : 02:10:34
Scan Status : Finished

Looks good, how are things running now ?

Hmm, things are working fine for now
I am a little worried about how that tr/Crypt.Xpack.Gen2 came back after I did a fresh install and such.
I should probably look for a better antivirus?


Also, Thank you for helping me with this problem ken545 =)
I would have had a lot of trouble if you had not helped!

But yes, the scan I did before with ESET and all it gave was

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

I remember it caught a virus in the actual Vindictus Setup, I guess it was not infected this time o_o;

What scan is picking up tr/Crypt.Xpack.Gen2 , can you post the log that you ran that found it so we can see where it is ?

This is from Avira antivira

Guard: Malware Found
Date/Time: 1/2/2011, 8:46:50 PM
Type: Detection

Virus or unwanted program 'TR/Crypt.ZPACK.Gen2 [trojan]'
detected in file 'C:\Nexon\Vindictus\en-US\Vindictus.exe.
Action performed: Deny access

It hasn't reported again so far, but whenever this would pop up I would choose Remove.
It doesn't appear in the Quarantine or anything for some reason...

Online game sites can sometimes be a bit dangerous, that file looks like it may be infected. What I would do if it pops up again is to uninstall that program and then download and reinstall it.

Okay, Thank you for the help ken545 =)

Your very welcome

Take Care,
Ken :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.