-
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:
File::
d:\windows\system32\UACtmjsjvcdas.dll
d:\windows\system32\drivers\UACxmcpqkkroc.sys
Folder::
d:\program files\eMule
d:\program files\LimeWire
d:\program files\uTorrent
d:\documents and settings\Administrator\Application Data\uTorrent
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"?Torrent"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4312"=-
"SpybotDeletingD2453"=-
"SpybotDeletingD6868"=-
"SpybotDeletingD6022"=-
"SpybotDeletingD8544"=-
"SpybotDeletingD5021"=-
"SpybotDeletingD3578"=-
"SpybotDeletingD1113"=-
"SpybotDeletingD8134"=-
"SpybotDeletingD7183"=-
"SpybotDeletingB9485"=-
"SpybotDeletingB5806"=-
"SpybotDeletingB9083"=-
"SpybotDeletingB7376"=-
"SpybotDeletingB1510"=-
"SpybotDeletingB2578"=-
"SpybotDeletingB5007"=-
"SpybotDeletingB1619"=-
"SpybotDeletingB92"=-
"SpybotDeletingB8795"=-
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
-
here it is
ComboFix 09-08-10.06 - Administrator 11/08/2009 14:51.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3070.2482 [GMT -4:00]
Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"d:\windows\system32\drivers\UACxmcpqkkroc.sys"
"d:\windows\system32\UACtmjsjvcdas.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Administrator\Application Data\uTorrent
d:\documents and settings\Administrator\Application Data\uTorrent\- Mindless Self Indulgence -.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\(?????)[080425][Nitro+]Chaos;HEAd ??????? (Alpha??? iso+rr3).rar.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\?????.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[050812][Lights]FATAL-FAKE[Doujin].rar.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[C73] [TouhouProject] [Hatsune Miku Visual Novel] - ??????????????.rar.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[Code Geass R2][13][1920x1080][x264_AAC].mkv.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[DB]_Naruto_Movie_3_[C688AE50].avi.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[DTFS] Gaki no Tsukai - No Reaction! Pie Hell! (17.11.2002).avi.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[JimBond007@HongFire.com] Fate Hollow Ataraxia HCG V2.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[JimBond007] FATAL FAKE 1.13 & CRUCIS FATAL+FAKE 1.11.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[PC] FATAL-FAKE [Doujin] [dopeman].torrent
d:\documents and settings\Administrator\Application Data\uTorrent\[Voice Synth] VOCALOID 2 CV???? 01 ???? (iso+SA&VSTi Crack).torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Avatar - Book 1 - Water.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Boom Boom Satellites - Exposed [2007].torrent
d:\documents and settings\Administrator\Application Data\uTorrent\br.1.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\br.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\CG Music - CHAOS;HEAD.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Dane Cook - Retaliation - 2005 - 2CD - Melcy.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\dht.dat
d:\documents and settings\Administrator\Application Data\uTorrent\dht.dat.old
d:\documents and settings\Administrator\Application Data\uTorrent\doujinpack.1.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\doujinpack.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Elfen_Lied_-_01-13.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Evangelion_1.11_You_Are_(Not)_Alone_(2009)_[720p,BluRay,x264,DTS-ES]_-_THORA.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Fate-stay Night.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Full Metal Panic Fumoffu and Specials.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Hatsune Miku Project Diva [JAP][PSP][WwW.GamesTorrents.CoM].torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Hatsune_Miku_-_Project_Diva_JPN_PSP-NRP.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Heroes - Season 1 - DVD-rip.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\I've Sound Collection KOTOKO.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Jinn.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Kara no Kyoukai ~the Garden of sinners~ 1st Chapter OST + ED Single.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Linkin Park - Minutes to Midnight.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Linkin Park.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Mahou Shoujo Lyrical Nanoha OP+ED+SS1~3.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Mahou_Sensei_Negima -First Term-.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Packages.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Persona 3 Soundtracks.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Persona 4 Original Soundtrack (072308)(Shoji Meguro)[VBR MP3].rar.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\resume.dat
d:\documents and settings\Administrator\Application Data\uTorrent\resume.dat.old
d:\documents and settings\Administrator\Application Data\uTorrent\rss.dat
d:\documents and settings\Administrator\Application Data\uTorrent\rss.dat.old
d:\documents and settings\Administrator\Application Data\uTorrent\Russell Peters Red White & Brown_DVDrip_XviD-Ekolb.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Russell Peters.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\settings.dat
d:\documents and settings\Administrator\Application Data\uTorrent\settings.dat.old
d:\documents and settings\Administrator\Application Data\uTorrent\Shin Megami Tensei - Persona 3 Japanese Artbook.rar.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\Suzumiya Haruhi Light Novels Volumes 1-8(English).zip.torrent
d:\documents and settings\Administrator\Application Data\uTorrent\utorrent.lng
d:\documents and settings\Administrator\Application Data\uTorrent\zero2.torrent
d:\program files\eMule
d:\program files\eMule\config\cancelled.met
d:\program files\eMule\config\clients.met
d:\program files\eMule\config\emfriends.met
d:\program files\eMule\config\known.met
d:\program files\eMule\config\known2_64.met
d:\program files\eMule\config\preferences.ini
d:\program files\eMule\config\server_met.old
d:\program files\eMule\config\statistics.ini
d:\program files\LimeWire
d:\program files\LimeWire\hs_err_pid1800.log
d:\program files\LimeWire\hs_err_pid2132.log
d:\program files\LimeWire\hs_err_pid2560.log
d:\program files\LimeWire\hs_err_pid2852.log
d:\program files\LimeWire\hs_err_pid4052.log
d:\program files\LimeWire\hs_err_pid4064.log
d:\program files\uTorrent
d:\program files\uTorrent\490-utorrent.50d9.dmp
d:\program files\uTorrent\490-utorrent.6237.dmp
d:\program files\uTorrent\490-utorrent.a927.dmp
d:\program files\uTorrent\490-utorrent.c0df.dmp
d:\program files\uTorrent\490-utorrent.d950.dmp
d:\program files\uTorrent\8179-utorrent.b94c.dmp
d:\windows\Downloaded Program Files\ijjiPreNotify2.exe
d:\windows\system32\drivers\UACxmcpqkkroc.sys
d:\windows\system32\UACtmjsjvcdas.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.
2009-08-09 17:10 . 2009-08-09 17:10 -------- d-----w- d:\program files\Trend Micro
2009-08-08 18:23 . 2009-08-08 18:23 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache
2009-07-28 18:43 . 2009-07-28 18:43 -------- d-sh--w- d:\documents and settings\Administrator\IECompatCache
2009-07-18 21:21 . 2008-09-04 18:17 447752 ----a-r- d:\windows\system32\vp6vfw.dll
2009-07-18 21:21 . 2009-07-18 21:21 10134 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-18 21:21 . 2009-07-18 21:21 -------- d-----w- d:\program files\Microsoft WSE
2009-07-16 23:02 . 2009-07-16 23:13 -------- d-----w- d:\program files\Common Files\DivX Shared
2009-07-16 21:14 . 2009-07-16 21:23 -------- d-----w- d:\windows\SxsCaPendDel
2009-07-16 18:39 . 2009-07-16 18:39 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
2009-07-16 11:46 . 2009-07-16 11:46 -------- d-----w- d:\documents and settings\Administrator\Application Data\Red Kawa
2009-07-15 10:12 . 2009-07-15 10:12 -------- d-----w- d:\program files\Regensoft
2009-07-15 10:05 . 2009-07-15 10:12 -------- d-----w- d:\program files\Common Files\Common Share
2009-07-15 10:05 . 2008-12-18 17:38 1700352 ----a-w- d:\windows\system32\gdiplus.dll
2009-07-14 04:06 . 2009-07-14 04:06 1914000 ----a-w- d:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-07-14 04:05 . 2009-07-15 03:46 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
2009-07-14 04:05 . 2009-07-15 03:46 -------- d-----w- d:\program files\NOS
2009-07-13 22:45 . 2009-07-13 22:45 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE
2009-07-13 03:11 . 2009-07-13 03:11 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
2009-07-13 02:35 . 2009-06-02 10:12 102912 -c----w- d:\windows\system32\dllcache\iecompat.dll
2009-07-13 02:35 . 2009-07-13 02:35 -------- d-----w- d:\windows\ie8updates
2009-07-13 02:34 . 2009-07-03 17:09 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2009-07-13 02:34 . 2009-07-03 17:09 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2009-07-13 02:32 . 2009-07-13 02:34 -------- dc-h--w- d:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 01:27 . 2007-03-08 16:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater
2009-08-08 21:46 . 2007-01-31 02:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 21:36 . 2007-01-31 02:14 -------- d-----w- d:\program files\Spybot - Search & Destroy
2009-08-08 18:22 . 2009-08-08 18:22 1234810 ----a-w- d:\windows\system32\xa.tmp
2009-08-03 23:04 . 2007-10-30 03:16 -------- d-----w- d:\documents and settings\Administrator\Application Data\mIRC
2009-08-03 23:04 . 2007-10-30 03:16 -------- d-----w- d:\program files\mIRC
2009-07-30 15:39 . 2009-01-18 03:39 335752 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2009-07-18 21:17 . 2007-02-05 01:06 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-16 23:03 . 2007-03-07 00:57 -------- d-----w- d:\program files\DivX
2009-07-16 21:24 . 2007-01-31 04:28 50864 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-06 20:11 . 2007-02-14 23:35 -------- d-----w- d:\program files\PeerGuardian2
2009-07-03 17:09 . 2004-01-08 20:23 915456 ----a-w- d:\windows\system32\wininet.dll
2009-07-01 17:40 . 2009-07-01 17:40 -------- d-----w- d:\documents and settings\Administrator\Application Data\SPORE
2009-06-28 00:40 . 2009-06-28 00:38 -------- d-----w- d:\documents and settings\Administrator\Application Data\Bioshock
2009-06-28 00:38 . 2009-06-28 00:38 -------- d--h--r- d:\documents and settings\Administrator\Application Data\SecuROM
2009-06-27 04:56 . 2008-12-30 21:53 -------- d-----w- d:\program files\EVGA Precision
2009-06-26 15:25 . 2009-01-31 06:17 11952 ----a-w- d:\windows\system32\avgrsstx.dll
2009-06-26 15:25 . 2009-01-18 03:39 27784 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2009-06-18 01:59 . 2007-04-14 14:23 -------- d-----w- d:\documents and settings\Administrator\Application Data\Xfire
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-06-16 00:08 . 2007-06-19 02:41 -------- d-----w- d:\program files\Windows Live
2009-06-16 00:08 . 2008-03-03 12:13 -------- d-----w- d:\documents and settings\All Users\Application Data\WLInstaller
2009-06-15 23:55 . 2008-03-03 12:13 -------- dcsh--w- d:\program files\Common Files\WindowsLiveInstaller
2009-06-15 23:30 . 2009-06-15 23:30 3584 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-06-15 23:30 . 2009-06-15 23:30 -------- d-----w- d:\program files\Windows Installer Clean Up
2009-06-15 23:30 . 2009-06-15 23:30 -------- d-----w- d:\program files\MSECACHE
2009-06-15 22:36 . 2009-06-15 22:36 -------- d-----w- d:\program files\Common Files\Windows Live
2009-06-03 19:09 . 2009-06-03 19:09 1291264 ----a-w- d:\windows\system32\quartz.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
2008-03-27 10:50 . 2008-03-27 10:48 24 --sh--w- d:\windows\S2241CE70.tmp
2007-05-06 23:50 . 2007-05-06 23:50 1486293 --sha-w- d:\windows\system32\doayssmn.tmp
2007-05-11 02:39 . 2007-05-11 02:39 1463412 --sha-w- d:\windows\system32\ysuxtgeh.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-08-11_18.15.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-11 18:56 . 2009-08-11 18:56 16384 d:\windows\Temp\Perflib_Perfdata_9a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 68856]
"Rainlendar2"="d:\program files\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-03-19 630784]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"Lexmark X74-X75"="d:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="d:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-08 1036288]
"Ai Nap"="d:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-04-11 1421824]
"CPU Power Monitor"="d:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"ASUS Energy Saving"="d:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"Cpu Level Up help"="d:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"AlcxMonitor"="ALCXMNTR.EXE" - d:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"LTMSG"="LTMSG.exe" - d:\windows\ltmsg.exe [2003-07-14 40960]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-09 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
d:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Rainmeter.lnk - d:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-29 692224]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - d:\program files\WinZip\WZQKPICK.EXE [2008-2-12 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-12-30 03:40 184320 ----a-w- d:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 15:25 11952 ----a-w- d:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Alliance background mode.lnk]
path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\Alliance background mode.lnk
backup=d:\windows\pss\Alliance background mode.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\MSN Messenger\\msrr.exe"=
"d:\\Program Files\\Xfire\\xfire.exe"=
"d:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\WINDOWS\\system32\\javaw.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\UT2004\\System\\UT2004.exe"=
"d:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"f:\\Program Files\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"f:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"f:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"f:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\StubInstaller.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*:Disabled:DCOM
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [17/01/2009 11:39 PM 335752]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [31/01/2009 2:17 AM 298776]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 paldrv;paldrv;d:\windows\system32\pal_drv.sys [01/03/2007 7:16 PM 10951]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;d:\windows\system32\drivers\libusb0.sys [22/06/2009 1:09 PM 33792]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;d:\windows\system32\drivers\dualshock3.sys [22/06/2009 1:14 PM 11392]
S3 cpuz132;cpuz132;d:\windows\system32\drivers\cpuz132_x32.sys [27/06/2009 8:57 PM 12672]
S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
S3 XDva009;XDva009;\??\d:\windows\system32\XDva009.sys --> d:\windows\system32\XDva009.sys [?]
S3 XDva269;XDva269;\??\d:\windows\system32\XDva269.sys --> d:\windows\system32\XDva269.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 17:15]
2009-08-11 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-08 02:41]
2009-08-11 d:\windows\Tasks\WGASetup.job
- d:\windows\system32\KB905474\wgasetup.exe [2009-04-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/
IE: &Winamp Search - d:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fl08il4n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - component: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fl08il4n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: d:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 14:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-1275210071-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,fb,43,c7,bd,aa,08,40,bc,1d,91,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,fb,43,c7,bd,aa,08,40,bc,1d,91,\
[HKEY_USERS\S-1-5-21-1993962763-1275210071-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,09,fa,c6,10,bc,64,42,b9,fd,7f,89,6d,2b,e5,4f,99,b3,75,d8,41,e0,98,
e4,37,32,16,c3,57,b6,41,89,a2,79,08,c9,51,c7,53,08,b2,fe,4c,20,8f,d5,1c,27,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
d:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
d:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
- - - - - - - > 'lsass.exe'(732)
d:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(380)
d:\windows\system32\WININET.dll
d:\program files\RocketDock\RocketDock.dll
d:\program files\Logitech\SetPoint\lgscroll.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
d:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
d:\windows\system32\ieframe.dll
d:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\LEXBCES.EXE
d:\windows\system32\LEXPPS.EXE
d:\windows\system32\rundll32.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\ASUS\AASP\1.00.61\aaCenter.exe
d:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
d:\windows\system32\libusbd-nt.exe
f:\program files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
d:\program files\AVG\AVG8\avgrsx.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\PnkBstrA.exe
d:\windows\system32\PnkBstrB.exe
d:\spm\spmdib.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
d:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
d:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
d:\program files\Canon\CAL\CALMAIN.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-11 15:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-11 19:04
ComboFix2.txt 2009-08-11 18:19
Pre-Run: 7,061,434,368 bytes free
Post-Run: 7,001,505,792 bytes free
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
1105 --- E O F --- 2009-08-09 11:06
-
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
- Check the box next to "YES, I accept the Terms of Use."
- Click "Start"
- Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized. - Click "Start". Make sure that the options:
- Remove found threats is UNCHECKED
- Scan unwanted applications is CHECKED
- Click "Scan"
- Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
- Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste the contents of log.txt in your next reply.
-
Hello Shaba, sorry about taking so long.
i completed two scans, one with the option "scan archives" selected, and the other without it checked. here is the complete log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=f5ab4e0cc67396468ca5e36d48b28b8f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-12 04:13:29
# local_time=2009-08-12 12:13:29 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 100 10820691718750
# scanned=214839
# found=24
# cleaned=0
# scan_time=4191
C:\Ignore Me\WINDOWS\cdocmf.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Ignore Me\WINDOWS\cdocmf.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Ignore Me\WINDOWS\cdocmf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Ignore Me\WINDOWS\system32\cfhkj.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Program Files\OverFlow\School Days\PACKS\SCRIPT.GPK.106 probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\aitmatoa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\danfwlqp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\daqmqhgl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\nmllm.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.tmp2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\yybeg.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145684.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145685.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145686.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145688.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145689.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\WINDOWS\$NtServicePackUninstall$\allayer.dll Win32/Agent.PWN trojan 00000000000000000000000000000000 I
D:\WINDOWS\AppPatch\AlLayer.dll Win32/Agent.PWN trojan 00000000000000000000000000000000 I
D:\WINDOWS\system32\doayssmn.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\WINDOWS\system32\ysuxtgeh.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=f5ab4e0cc67396468ca5e36d48b28b8f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-12 08:10:17
# local_time=2009-08-12 04:10:17 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 100 10962768750000
# scanned=214889
# found=25
# cleaned=0
# scan_time=14103
C:\Ignore Me\WINDOWS\cdocmf.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Ignore Me\WINDOWS\cdocmf.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Ignore Me\WINDOWS\cdocmf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Ignore Me\WINDOWS\system32\cfhkj.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Ricardo\Anime\Games\[HentaiShare] Sexy Beach 3\Applocale.msi Win32/Agent.PWN trojan 00000000000000000000000000000000 I
D:\Program Files\OverFlow\School Days\PACKS\SCRIPT.GPK.106 probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\aitmatoa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\danfwlqp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\daqmqhgl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\nmllm.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.tmp2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\Qoobox\Quarantine\D\WINDOWS\system32\yybeg.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145684.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145685.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145686.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145688.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145689.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\WINDOWS\$NtServicePackUninstall$\allayer.dll Win32/Agent.PWN trojan 00000000000000000000000000000000 I
D:\WINDOWS\AppPatch\AlLayer.dll Win32/Agent.PWN trojan 00000000000000000000000000000000 I
D:\WINDOWS\system32\doayssmn.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
D:\WINDOWS\system32\ysuxtgeh.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
-
Do you recognize this folder?
C:\Ignore Me
-
yes, i recognize that folder.
i believe that's where my old installation of windows was. i couldn't remove it for some reason (it kept saying it was being used)
i've had that folder ever since i formatted my pc, so i doubt that it's part of the problem
-
Not folder itself but some files inside that folder are.
Please click this link-->Jotti
Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
D:\WINDOWS\$NtServicePackUninstall$\allayer.dll
D:\WINDOWS\AppPatch\AlLayer.dll
D:\WINDOWS\system32\doayssmn.tmp
D:\WINDOWS\system32\ysuxtgeh.tmp
F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll
Repeat steps for all files on the list.
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
-
D:\WINDOWS\$NtServicePackUninstall$\allayer.dll
neither of the scanners found anything
D:\WINDOWS\AppPatch\AlLayer.dll
neither fo the scanners found anything
D:\WINDOWS\system32\doayssmn.tmp
F-secure found Trojan:INI/Vundo.gen!F
NOD32 found Win32/Adware.Virtumonde.NEO~datafile
in virustotal
trendmicro found Mal_VundoG
D:\WINDOWS\system32\ysuxtgeh.tmp
In Jotti
F-Secure found Trojan:INI/Vundo.gen!F
NOD32 found Win32/Adware.Virtumonde.NEO~datafile
in virustotal
TrendMicro found Mal_VundoG
F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll
in Jotti
SOPHOS found Sus/ComPack-C
A-Squared found Trojan-Dropper.Agent!IK
avast found Win32:Trojan-gen {Other}
Avira Antivir found TR/Agent.BXA
Ikarus found Trojan-Dropper.Agent
in Virustotal
Gdata found Win32:Trojan-gen {Other}
Avast found Win32:Trojan-gen {Other}
McAfee + artemis found Suspect-29!F82C3EC9EB73
A squared found Trojan-Dropper.Agent!IK
Antivir found TR/Agent.BXA
ikarus found Trojan-Dropper.Agent
mcafee gw edition found Trojan.Agent.BXA
Nod32 found probably a variant of Win32/Agent
prevx found Medium Risk Malware
SOPHOS found Sus/ComPack-C
TheHacker found W32/Behav-Heuristic-064
-
Do you recognize this?
F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll
-
i don't think so. i don't recall a folder or file named like that. i am not sure if it's needed for the game or not. however, i don't really care about the game, so if i need to delete it/uninstall the game, i will.