Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Win32.TDSS.rtk

  1. #11
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      File::
      d:\windows\system32\UACtmjsjvcdas.dll
      d:\windows\system32\drivers\UACxmcpqkkroc.sys
      
      Folder::
      d:\program files\eMule
      d:\program files\LimeWire
      d:\program files\uTorrent
      d:\documents and settings\Administrator\Application Data\uTorrent
      
      Registry::
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "?Torrent"=-
      
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "SpybotDeletingD4312"=-
      "SpybotDeletingD2453"=-
      "SpybotDeletingD6868"=-
      "SpybotDeletingD6022"=-
      "SpybotDeletingD8544"=-
      "SpybotDeletingD5021"=-
      "SpybotDeletingD3578"=-
      "SpybotDeletingD1113"=-
      "SpybotDeletingD8134"=-
      "SpybotDeletingD7183"=-
      "SpybotDeletingB9485"=-
      "SpybotDeletingB5806"=-
      "SpybotDeletingB9083"=-
      "SpybotDeletingB7376"=-
      "SpybotDeletingB1510"=-
      "SpybotDeletingB2578"=-
      "SpybotDeletingB5007"=-
      "SpybotDeletingB1619"=-
      "SpybotDeletingB92"=-
      "SpybotDeletingB8795"=-
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Last edited by Shaba; 2009-08-11 at 21:44.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  2. #12
    Junior Member
    Join Date
    Aug 2009
    Posts
    14

    Default

    here it is

    ComboFix 09-08-10.06 - Administrator 11/08/2009 14:51.2.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3070.2482 [GMT -4:00]
    Running from: d:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: d:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    FILE ::
    "d:\windows\system32\drivers\UACxmcpqkkroc.sys"
    "d:\windows\system32\UACtmjsjvcdas.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    d:\documents and settings\Administrator\Application Data\uTorrent
    d:\documents and settings\Administrator\Application Data\uTorrent\- Mindless Self Indulgence -.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\(?????)[080425][Nitro+]Chaos;HEAd ??????? (Alpha??? iso+rr3).rar.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\?????.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[050812][Lights]FATAL-FAKE[Doujin].rar.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[C73] [TouhouProject] [Hatsune Miku Visual Novel] - ??????????????.rar.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[Code Geass R2][13][1920x1080][x264_AAC].mkv.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[DB]_Naruto_Movie_3_[C688AE50].avi.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[DTFS] Gaki no Tsukai - No Reaction! Pie Hell! (17.11.2002).avi.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[JimBond007@HongFire.com] Fate Hollow Ataraxia HCG V2.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[JimBond007] FATAL FAKE 1.13 & CRUCIS FATAL+FAKE 1.11.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[PC] FATAL-FAKE [Doujin] [dopeman].torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\[Voice Synth] VOCALOID 2 CV???? 01 ???? (iso+SA&VSTi Crack).torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Avatar - Book 1 - Water.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Boom Boom Satellites - Exposed [2007].torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\br.1.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\br.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\CG Music - CHAOS;HEAD.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Dane Cook - Retaliation - 2005 - 2CD - Melcy.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\dht.dat
    d:\documents and settings\Administrator\Application Data\uTorrent\dht.dat.old
    d:\documents and settings\Administrator\Application Data\uTorrent\doujinpack.1.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\doujinpack.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Elfen_Lied_-_01-13.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Evangelion_1.11_You_Are_(Not)_Alone_(2009)_[720p,BluRay,x264,DTS-ES]_-_THORA.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Fate-stay Night.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Full Metal Panic Fumoffu and Specials.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Hatsune Miku Project Diva [JAP][PSP][WwW.GamesTorrents.CoM].torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Hatsune_Miku_-_Project_Diva_JPN_PSP-NRP.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Heroes - Season 1 - DVD-rip.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\I've Sound Collection KOTOKO.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Jinn.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Kara no Kyoukai ~the Garden of sinners~ 1st Chapter OST + ED Single.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Linkin Park - Minutes to Midnight.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Linkin Park.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Mahou Shoujo Lyrical Nanoha OP+ED+SS1~3.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Mahou_Sensei_Negima -First Term-.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Packages.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Persona 3 Soundtracks.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Persona 4 Original Soundtrack (072308)(Shoji Meguro)[VBR MP3].rar.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\resume.dat
    d:\documents and settings\Administrator\Application Data\uTorrent\resume.dat.old
    d:\documents and settings\Administrator\Application Data\uTorrent\rss.dat
    d:\documents and settings\Administrator\Application Data\uTorrent\rss.dat.old
    d:\documents and settings\Administrator\Application Data\uTorrent\Russell Peters Red White & Brown_DVDrip_XviD-Ekolb.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Russell Peters.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\settings.dat
    d:\documents and settings\Administrator\Application Data\uTorrent\settings.dat.old
    d:\documents and settings\Administrator\Application Data\uTorrent\Shin Megami Tensei - Persona 3 Japanese Artbook.rar.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\Suzumiya Haruhi Light Novels Volumes 1-8(English).zip.torrent
    d:\documents and settings\Administrator\Application Data\uTorrent\utorrent.lng
    d:\documents and settings\Administrator\Application Data\uTorrent\zero2.torrent
    d:\program files\eMule
    d:\program files\eMule\config\cancelled.met
    d:\program files\eMule\config\clients.met
    d:\program files\eMule\config\emfriends.met
    d:\program files\eMule\config\known.met
    d:\program files\eMule\config\known2_64.met
    d:\program files\eMule\config\preferences.ini
    d:\program files\eMule\config\server_met.old
    d:\program files\eMule\config\statistics.ini
    d:\program files\LimeWire
    d:\program files\LimeWire\hs_err_pid1800.log
    d:\program files\LimeWire\hs_err_pid2132.log
    d:\program files\LimeWire\hs_err_pid2560.log
    d:\program files\LimeWire\hs_err_pid2852.log
    d:\program files\LimeWire\hs_err_pid4052.log
    d:\program files\LimeWire\hs_err_pid4064.log
    d:\program files\uTorrent
    d:\program files\uTorrent\490-utorrent.50d9.dmp
    d:\program files\uTorrent\490-utorrent.6237.dmp
    d:\program files\uTorrent\490-utorrent.a927.dmp
    d:\program files\uTorrent\490-utorrent.c0df.dmp
    d:\program files\uTorrent\490-utorrent.d950.dmp
    d:\program files\uTorrent\8179-utorrent.b94c.dmp
    d:\windows\Downloaded Program Files\ijjiPreNotify2.exe
    d:\windows\system32\drivers\UACxmcpqkkroc.sys
    d:\windows\system32\UACtmjsjvcdas.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
    .

    2009-08-09 17:10 . 2009-08-09 17:10 -------- d-----w- d:\program files\Trend Micro
    2009-08-08 18:23 . 2009-08-08 18:23 -------- d-sh--w- d:\windows\system32\config\systemprofile\IETldCache
    2009-07-28 18:43 . 2009-07-28 18:43 -------- d-sh--w- d:\documents and settings\Administrator\IECompatCache
    2009-07-18 21:21 . 2008-09-04 18:17 447752 ----a-r- d:\windows\system32\vp6vfw.dll
    2009-07-18 21:21 . 2009-07-18 21:21 10134 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    2009-07-18 21:21 . 2009-07-18 21:21 -------- d-----w- d:\program files\Microsoft WSE
    2009-07-16 23:02 . 2009-07-16 23:13 -------- d-----w- d:\program files\Common Files\DivX Shared
    2009-07-16 21:14 . 2009-07-16 21:23 -------- d-----w- d:\windows\SxsCaPendDel
    2009-07-16 18:39 . 2009-07-16 18:39 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
    2009-07-16 11:46 . 2009-07-16 11:46 -------- d-----w- d:\documents and settings\Administrator\Application Data\Red Kawa
    2009-07-15 10:12 . 2009-07-15 10:12 -------- d-----w- d:\program files\Regensoft
    2009-07-15 10:05 . 2009-07-15 10:12 -------- d-----w- d:\program files\Common Files\Common Share
    2009-07-15 10:05 . 2008-12-18 17:38 1700352 ----a-w- d:\windows\system32\gdiplus.dll
    2009-07-14 04:06 . 2009-07-14 04:06 1914000 ----a-w- d:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
    2009-07-14 04:05 . 2009-07-15 03:46 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
    2009-07-14 04:05 . 2009-07-15 03:46 -------- d-----w- d:\program files\NOS
    2009-07-13 22:45 . 2009-07-13 22:45 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE
    2009-07-13 03:11 . 2009-07-13 03:11 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
    2009-07-13 02:35 . 2009-06-02 10:12 102912 -c----w- d:\windows\system32\dllcache\iecompat.dll
    2009-07-13 02:35 . 2009-07-13 02:35 -------- d-----w- d:\windows\ie8updates
    2009-07-13 02:34 . 2009-07-03 17:09 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
    2009-07-13 02:34 . 2009-07-03 17:09 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
    2009-07-13 02:32 . 2009-07-13 02:34 -------- dc-h--w- d:\windows\ie8

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-11 01:27 . 2007-03-08 16:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater
    2009-08-08 21:46 . 2007-01-31 02:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-08 21:36 . 2007-01-31 02:14 -------- d-----w- d:\program files\Spybot - Search & Destroy
    2009-08-08 18:22 . 2009-08-08 18:22 1234810 ----a-w- d:\windows\system32\xa.tmp
    2009-08-03 23:04 . 2007-10-30 03:16 -------- d-----w- d:\documents and settings\Administrator\Application Data\mIRC
    2009-08-03 23:04 . 2007-10-30 03:16 -------- d-----w- d:\program files\mIRC
    2009-07-30 15:39 . 2009-01-18 03:39 335752 ----a-w- d:\windows\system32\drivers\avgldx86.sys
    2009-07-18 21:17 . 2007-02-05 01:06 -------- d--h--w- d:\program files\InstallShield Installation Information
    2009-07-16 23:03 . 2007-03-07 00:57 -------- d-----w- d:\program files\DivX
    2009-07-16 21:24 . 2007-01-31 04:28 50864 ----a-w- d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-07-06 20:11 . 2007-02-14 23:35 -------- d-----w- d:\program files\PeerGuardian2
    2009-07-03 17:09 . 2004-01-08 20:23 915456 ----a-w- d:\windows\system32\wininet.dll
    2009-07-01 17:40 . 2009-07-01 17:40 -------- d-----w- d:\documents and settings\Administrator\Application Data\SPORE
    2009-06-28 00:40 . 2009-06-28 00:38 -------- d-----w- d:\documents and settings\Administrator\Application Data\Bioshock
    2009-06-28 00:38 . 2009-06-28 00:38 -------- d--h--r- d:\documents and settings\Administrator\Application Data\SecuROM
    2009-06-27 04:56 . 2008-12-30 21:53 -------- d-----w- d:\program files\EVGA Precision
    2009-06-26 15:25 . 2009-01-31 06:17 11952 ----a-w- d:\windows\system32\avgrsstx.dll
    2009-06-26 15:25 . 2009-01-18 03:39 27784 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
    2009-06-18 01:59 . 2007-04-14 14:23 -------- d-----w- d:\documents and settings\Administrator\Application Data\Xfire
    2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
    2009-06-16 00:08 . 2007-06-19 02:41 -------- d-----w- d:\program files\Windows Live
    2009-06-16 00:08 . 2008-03-03 12:13 -------- d-----w- d:\documents and settings\All Users\Application Data\WLInstaller
    2009-06-15 23:55 . 2008-03-03 12:13 -------- dcsh--w- d:\program files\Common Files\WindowsLiveInstaller
    2009-06-15 23:30 . 2009-06-15 23:30 3584 ----a-r- d:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2009-06-15 23:30 . 2009-06-15 23:30 -------- d-----w- d:\program files\Windows Installer Clean Up
    2009-06-15 23:30 . 2009-06-15 23:30 -------- d-----w- d:\program files\MSECACHE
    2009-06-15 22:36 . 2009-06-15 22:36 -------- d-----w- d:\program files\Common Files\Windows Live
    2009-06-03 19:09 . 2009-06-03 19:09 1291264 ----a-w- d:\windows\system32\quartz.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
    2008-03-27 10:50 . 2008-03-27 10:48 24 --sh--w- d:\windows\S2241CE70.tmp
    2007-05-06 23:50 . 2007-05-06 23:50 1486293 --sha-w- d:\windows\system32\doayssmn.tmp
    2007-05-11 02:39 . 2007-05-11 02:39 1463412 --sha-w- d:\windows\system32\ysuxtgeh.tmp
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-11_18.15.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-08-11 18:56 . 2009-08-11 18:56 16384 d:\windows\Temp\Perflib_Perfdata_9a0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 68856]
    "Rainlendar2"="d:\program files\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264]
    "RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-03-19 630784]
    "DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
    "AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
    "NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
    "MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="d:\windows\system32\igfxtray.exe" [2004-11-02 155648]
    "HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2004-11-02 126976]
    "Lexmark X74-X75"="d:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
    "SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
    "IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="d:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
    "NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-03 36352]
    "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-08 1036288]
    "Ai Nap"="d:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-04-11 1421824]
    "CPU Power Monitor"="d:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
    "ASUS Energy Saving"="d:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
    "Cpu Level Up help"="d:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
    "AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
    "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
    "NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
    "AlcxMonitor"="ALCXMNTR.EXE" - d:\windows\ALCXMNTR.EXE [2004-09-07 57344]
    "LTMSG"="LTMSG.exe" - d:\windows\ltmsg.exe [2003-07-14 40960]
    "nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-09 1657376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    d:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    Rainmeter.lnk - d:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]

    d:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-29 692224]
    Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    WinZip Quick Pick.lnk - d:\program files\WinZip\WZQKPICK.EXE [2008-2-12 394856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    2008-12-30 03:40 184320 ----a-w- d:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-06-26 15:25 11952 ----a-w- d:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=d:\windows\system32\wbsys.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\D:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Alliance background mode.lnk]
    path=d:\documents and settings\Administrator\Start Menu\Programs\Startup\Alliance background mode.lnk
    backup=d:\windows\pss\Alliance background mode.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Messenger\\msmsgs.exe"=
    "d:\\Program Files\\MSN Messenger\\msrr.exe"=
    "d:\\Program Files\\Xfire\\xfire.exe"=
    "d:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"=
    "d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "d:\\WINDOWS\\system32\\javaw.exe"=
    "d:\\Program Files\\mIRC\\mirc.exe"=
    "d:\\Program Files\\UT2004\\System\\UT2004.exe"=
    "d:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "d:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "d:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "f:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "f:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
    "f:\\Program Files\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "f:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "f:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "f:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
    "d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\StubInstaller.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:*:Disabled:DCOM

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [17/01/2009 11:39 PM 335752]
    R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [31/01/2009 2:17 AM 298776]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 paldrv;paldrv;d:\windows\system32\pal_drv.sys [01/03/2007 7:16 PM 10951]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;d:\windows\system32\drivers\libusb0.sys [22/06/2009 1:09 PM 33792]
    S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;d:\windows\system32\drivers\dualshock3.sys [22/06/2009 1:14 PM 11392]
    S3 cpuz132;cpuz132;d:\windows\system32\drivers\cpuz132_x32.sys [27/06/2009 8:57 PM 12672]
    S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?]
    S3 XDva009;XDva009;\??\d:\windows\system32\XDva009.sys --> d:\windows\system32\XDva009.sys [?]
    S3 XDva269;XDva269;\??\d:\windows\system32\XDva269.sys --> d:\windows\system32\XDva269.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-30 d:\windows\Tasks\AppleSoftwareUpdate.job
    - d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 17:15]

    2009-08-11 d:\windows\Tasks\Google Software Updater.job
    - d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-08 02:41]

    2009-08-11 d:\windows\Tasks\WGASetup.job
    - d:\windows\system32\KB905474\wgasetup.exe [2009-04-12 02:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://sympatico.msn.ca/
    IE: &Winamp Search - d:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    LSP: %SYSTEMROOT%\system32\nvappfilter.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fl08il4n.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - component: d:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fl08il4n.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
    FF - component: d:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-11 14:56
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
    "ImagePath"="d:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1993962763-1275210071-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,fb,43,c7,bd,aa,08,40,bc,1d,91,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,fb,43,c7,bd,aa,08,40,bc,1d,91,\

    [HKEY_USERS\S-1-5-21-1993962763-1275210071-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:06,09,fa,c6,10,bc,64,42,b9,fd,7f,89,6d,2b,e5,4f,99,b3,75,d8,41,e0,98,
    e4,37,32,16,c3,57,b6,41,89,a2,79,08,c9,51,c7,53,08,b2,fe,4c,20,8f,d5,1c,27,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(676)
    d:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
    d:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC

    - - - - - - - > 'lsass.exe'(732)
    d:\windows\system32\nvappfilter.dll

    - - - - - - - > 'explorer.exe'(380)
    d:\windows\system32\WININET.dll
    d:\program files\RocketDock\RocketDock.dll
    d:\program files\Logitech\SetPoint\lgscroll.dll
    d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    d:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
    d:\windows\system32\ieframe.dll
    d:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
    d:\windows\system32\webcheck.dll
    d:\windows\system32\WPDShServiceObj.dll
    d:\windows\system32\PortableDeviceTypes.dll
    d:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    d:\windows\system32\LEXBCES.EXE
    d:\windows\system32\LEXPPS.EXE
    d:\windows\system32\rundll32.exe
    d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    d:\program files\ASUS\AASP\1.00.61\aaCenter.exe
    d:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    d:\windows\system32\libusbd-nt.exe
    f:\program files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
    d:\program files\AVG\AVG8\avgrsx.exe
    d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
    d:\windows\system32\nvsvc32.exe
    d:\windows\system32\PnkBstrA.exe
    d:\windows\system32\PnkBstrB.exe
    d:\spm\spmdib.exe
    d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    d:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    d:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    d:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
    d:\program files\Canon\CAL\CALMAIN.exe
    d:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-08-11 15:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-11 19:04
    ComboFix2.txt 2009-08-11 18:19

    Pre-Run: 7,061,434,368 bytes free
    Post-Run: 7,001,505,792 bytes free

    Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
    1105 --- E O F --- 2009-08-09 11:06

  3. #13
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
    Note: You - will - need to use Internet Explorer for this scan!
    1. Check the box next to "YES, I accept the Terms of Use."
    2. Click "Start"
    3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
      Once installed, the scanner will be initialized.
    4. Click "Start". Make sure that the options:
      • Remove found threats is UNCHECKED
      • Scan unwanted applications is CHECKED
    5. Click "Scan"
    6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
    7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
    8. Copy and paste the contents of log.txt in your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  4. #14
    Junior Member
    Join Date
    Aug 2009
    Posts
    14

    Default

    Hello Shaba, sorry about taking so long.

    i completed two scans, one with the option "scan archives" selected, and the other without it checked. here is the complete log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=6
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=f5ab4e0cc67396468ca5e36d48b28b8f
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-08-12 04:13:29
    # local_time=2009-08-12 12:13:29 (-0500, Eastern Daylight Time)
    # country="Canada"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1026 37 83 100 10820691718750
    # scanned=214839
    # found=24
    # cleaned=0
    # scan_time=4191
    C:\Ignore Me\WINDOWS\cdocmf.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Ignore Me\WINDOWS\cdocmf.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Ignore Me\WINDOWS\cdocmf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Ignore Me\WINDOWS\system32\cfhkj.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Program Files\OverFlow\School Days\PACKS\SCRIPT.GPK.106 probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\aitmatoa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\danfwlqp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\daqmqhgl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\nmllm.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.tmp2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\yybeg.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145684.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145685.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145686.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145688.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145689.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\WINDOWS\$NtServicePackUninstall$\allayer.dll Win32/Agent.PWN trojan 00000000000000000000000000000000 I
    D:\WINDOWS\AppPatch\AlLayer.dll Win32/Agent.PWN trojan 00000000000000000000000000000000 I
    D:\WINDOWS\system32\doayssmn.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\WINDOWS\system32\ysuxtgeh.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
    esets_scanner_update returned -1 esets_gle=53251
    # version=6
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.5889
    # api_version=3.0.2
    # EOSSerial=f5ab4e0cc67396468ca5e36d48b28b8f
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-08-12 08:10:17
    # local_time=2009-08-12 04:10:17 (-0500, Eastern Daylight Time)
    # country="Canada"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1026 37 83 100 10962768750000
    # scanned=214889
    # found=25
    # cleaned=0
    # scan_time=14103
    C:\Ignore Me\WINDOWS\cdocmf.bak1 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Ignore Me\WINDOWS\cdocmf.bak2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Ignore Me\WINDOWS\cdocmf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Ignore Me\WINDOWS\system32\cfhkj.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    C:\Ricardo\Anime\Games\[HentaiShare] Sexy Beach 3\Applocale.msi Win32/Agent.PWN trojan 00000000000000000000000000000000 I
    D:\Program Files\OverFlow\School Days\PACKS\SCRIPT.GPK.106 probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\aitmatoa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\danfwlqp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\daqmqhgl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\nmllm.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\rqtss.tmp2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\Qoobox\Quarantine\D\WINDOWS\system32\yybeg.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145684.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145685.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145686.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145688.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\System Volume Information\_restore{032ECEAC-8F68-414B-9DD3-A01A9A5F8A3B}\RP934\A0145689.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\WINDOWS\$NtServicePackUninstall$\allayer.dll Win32/Agent.PWN trojan 00000000000000000000000000000000 I
    D:\WINDOWS\AppPatch\AlLayer.dll Win32/Agent.PWN trojan 00000000000000000000000000000000 I
    D:\WINDOWS\system32\doayssmn.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    D:\WINDOWS\system32\ysuxtgeh.tmp Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
    F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I

  5. #15
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Do you recognize this folder?

    C:\Ignore Me
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #16
    Junior Member
    Join Date
    Aug 2009
    Posts
    14

    Default

    yes, i recognize that folder.

    i believe that's where my old installation of windows was. i couldn't remove it for some reason (it kept saying it was being used)
    i've had that folder ever since i formatted my pc, so i doubt that it's part of the problem

  7. #17
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Not folder itself but some files inside that folder are.

    Please click this link-->Jotti

    Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

    D:\WINDOWS\$NtServicePackUninstall$\allayer.dll
    D:\WINDOWS\AppPatch\AlLayer.dll
    D:\WINDOWS\system32\doayssmn.tmp
    D:\WINDOWS\system32\ysuxtgeh.tmp
    F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll


    Repeat steps for all files on the list.

    Please post back the results of the scan in your next post.

    If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #18
    Junior Member
    Join Date
    Aug 2009
    Posts
    14

    Default

    D:\WINDOWS\$NtServicePackUninstall$\allayer.dll
    neither of the scanners found anything

    D:\WINDOWS\AppPatch\AlLayer.dll
    neither fo the scanners found anything

    D:\WINDOWS\system32\doayssmn.tmp

    F-secure found Trojan:INI/Vundo.gen!F
    NOD32 found Win32/Adware.Virtumonde.NEO~datafile
    in virustotal
    trendmicro found Mal_VundoG

    D:\WINDOWS\system32\ysuxtgeh.tmp
    In Jotti
    F-Secure found Trojan:INI/Vundo.gen!F
    NOD32 found Win32/Adware.Virtumonde.NEO~datafile
    in virustotal
    TrendMicro found Mal_VundoG

    F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll
    in Jotti
    SOPHOS found Sus/ComPack-C
    A-Squared found Trojan-Dropper.Agent!IK
    avast found Win32:Trojan-gen {Other}
    Avira Antivir found TR/Agent.BXA
    Ikarus found Trojan-Dropper.Agent
    in Virustotal
    Gdata found Win32:Trojan-gen {Other}
    Avast found Win32:Trojan-gen {Other}
    McAfee + artemis found Suspect-29!F82C3EC9EB73
    A squared found Trojan-Dropper.Agent!IK
    Antivir found TR/Agent.BXA
    ikarus found Trojan-Dropper.Agent
    mcafee gw edition found Trojan.Agent.BXA
    Nod32 found probably a variant of Win32/Agent
    prevx found Medium Risk Malware
    SOPHOS found Sus/ComPack-C
    TheHacker found W32/Behav-Heuristic-064

  9. #19
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Do you recognize this?

    F:\Program Files\Granado Espada\release\XTrap\XTrapVa.dll
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #20
    Junior Member
    Join Date
    Aug 2009
    Posts
    14

    Default

    i don't think so. i don't recall a folder or file named like that. i am not sure if it's needed for the game or not. however, i don't really care about the game, so if i need to delete it/uninstall the game, i will.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •