Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: click.giftload

  1. #11
    Junior Member
    Join Date
    Apr 2011
    Posts
    12

    Default

    Hello, Thank you the quick reply, I did as you said and ran that scan. I already have Malwarebytes' Anti-Malware on my computer, I updated and did a quick scan, here are the logs you asked for.

    ComboFix 11-04-04.01 - Wut 04/04/2011 22:09:31.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2738 [GMT -5:00]
    Running from: c:\documents and settings\Wut\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Wut\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-03 19:06 . 2011-04-03 19:06 -------- d-----w- c:\documents and settings\Wut\Application Data\wargaming.net
    2011-04-03 18:57 . 2011-04-03 18:57 -------- d-----w- C:\Games
    2011-04-01 00:14 . 2011-04-01 00:14 -------- d-----w- c:\program files\iPod
    2011-04-01 00:14 . 2011-04-01 00:15 -------- d-----w- c:\program files\iTunes
    2011-04-01 00:09 . 2011-04-01 00:09 -------- d-----w- c:\program files\Bonjour
    2011-03-30 18:56 . 2011-03-30 18:56 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc18.tmp
    2011-03-30 04:07 . 2011-03-30 04:07 -------- d-----w- c:\documents and settings\Name
    2011-03-30 00:22 . 2011-03-30 00:22 -------- d-----w- c:\documents and settings\Wut\.thumbnails
    2011-03-30 00:21 . 2011-03-30 00:22 -------- d-----w- c:\documents and settings\Wut\.gimp-2.6
    2011-03-30 00:21 . 2011-03-30 00:21 -------- d-----w- c:\documents and settings\Wut\.gegl-0.0
    2011-03-29 21:59 . 2009-03-18 22:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2011-03-29 21:59 . 2011-03-29 21:59 -------- d-----w- c:\program files\LogMeIn Hamachi
    2011-03-28 21:24 . 2011-03-28 21:24 -------- d-----w- c:\documents and settings\JDAWG\Local Settings\Application Data\ATI
    2011-03-28 21:24 . 2011-03-28 21:24 -------- d-----w- c:\documents and settings\JDAWG\Application Data\ATI
    2011-03-28 21:24 . 2011-03-28 21:24 -------- d-----w- c:\documents and settings\JDAWG\Local Settings\Application Data\LogMeIn Hamachi
    2011-03-28 07:26 . 2011-03-28 07:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2011-03-27 07:17 . 2011-04-04 23:04 -------- d-----w- c:\documents and settings\Wut\Tracing
    2011-03-26 23:04 . 2011-03-26 23:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-03-26 22:25 . 2011-03-26 22:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-03-25 20:20 . 2011-04-02 00:08 -------- d-----w- C:\Minecraft
    2011-03-25 20:10 . 2011-03-25 20:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-24 02:21 . 2011-03-19 23:27 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
    2011-03-24 02:21 . 2011-03-19 23:27 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
    2011-03-24 02:21 . 2011-03-19 23:27 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
    2011-03-24 02:21 . 2011-03-19 23:27 492504 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
    2011-03-24 02:21 . 2011-03-19 23:27 1018328 ----a-w- c:\program files\Mozilla Firefox\js3250.dll
    2011-03-19 03:34 . 2011-03-22 10:12 -------- d-----w- c:\documents and settings\Wut\Application Data\.minecraft
    2011-03-14 12:17 . 2011-03-14 12:17 -------- d-----w- c:\program files\Common Files\Java
    2011-03-14 12:17 . 2011-03-14 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2011-03-14 12:17 . 2011-03-14 12:17 -------- d-----w- c:\program files\McAfee Security Scan
    2011-03-12 03:53 . 2011-04-05 03:13 -------- d-----w- c:\documents and settings\Wut\Local Settings\Application Data\LogMeIn Hamachi
    2011-03-12 03:53 . 2011-04-04 23:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
    2011-03-11 00:06 . 2011-03-11 00:06 -------- d-----w- c:\documents and settings\Wut\Local Settings\Application Data\ATI
    2011-03-11 00:06 . 2011-03-11 00:06 -------- d-----w- c:\documents and settings\Wut\Application Data\ATI
    2011-03-11 00:06 . 2011-03-11 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
    2011-03-10 23:59 . 2011-03-10 23:59 -------- d-----w- C:\ATI
    2011-03-10 23:12 . 2011-03-11 00:04 -------- d-----w- c:\program files\ATI Technologies
    2011-03-10 23:12 . 2011-03-10 23:12 -------- d-----w- C:\AMD
    2011-03-06 05:56 . 2011-03-17 05:16 -------- d-----w- c:\documents and settings\Wut\world
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-25 20:09 . 2010-06-17 00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-25 20:09 . 2010-05-28 19:05 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2009-04-16 17:38 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-30 06:01 . 2009-11-14 05:33 219128 -c--a-w- c:\windows\system32\PnkBstrB.xtr
    2011-01-30 06:01 . 2009-11-14 05:31 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-01-30 05:58 . 2009-11-14 05:31 138592 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-01-27 11:57 . 2009-04-16 17:38 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:42 . 2008-04-14 12:00 439808 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-19 23:47 . 2011-02-19 22:36 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
    2011-01-07 14:09 . 2008-05-27 17:29 290048 ----a-w- c:\windows\system32\atmfd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-04 18085888]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    c:\documents and settings\asdasd\Start Menu\Programs\Startup\
    KETV NewsWatch 7 Instant Alert.lnk - c:\program files\KETV NewsWatch 7 Instant Alert\liveonline_3749389.exe [2010-9-1 458752]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\source sdk base\\hl2.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Documents and Settings\\JDAWG\\Local Settings\\Apps\\2.0\\5J46AAC4.3TC\\KPYW8TN6.M89\\gwab..tion_978e0ac48d518eb4_0001.0026_6a5a2d1791a3e63a\\Gwabs.Deploy.exe"=
    "c:\\Program Files\\Black Isle\\BGII - SoA\\BGMain.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\ijjigame\\PLauncher.exe"=
    "c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
    "c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
    "c:\\Documents and Settings\\JDAWG\\Application Data\\RayV\\Viewer\\RayV.dll"=
    "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\insurgency\\hl2.exe"=
    "c:\\Program Files\\Steam\\steam.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_13140.bin"=
    "c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_12900.bin"=
    "c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_4000.bin"=
    "c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_590.bin"=
    "c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_500.bin"=
    "c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_440.bin"=
    "c:\\Program Files\\Steam\\appcache\\stats\\UserGameStats_33010020_400.bin"=
    "c:\\Program Files\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "c:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\source sdk base 2007\\hl2.exe"=
    "c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=
    "c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
    "c:\\Documents and Settings\\JDAWG\\My Documents\\Downloads\\StarCraft_2_Beta_enUS (2).exe"=
    "c:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\zombie panic! source\\hl2.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\StarCraft II Beta\\Versions\\Base15976\\SC2.exe"=
    "c:\\Program Files\\StarCraft II Beta\\Versions\\Base16036\\SC2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\sourcesdk\\bin\\SDKLauncher.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
    "c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\synergy\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\beat hazard demo\\BeatHazardDemo.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\counter-strike source\\hl2.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\scfan7\\eternal-silence\\hl2.exe"=
    "c:\\Program Files\\OGPlanet\\Zone4\\Zone4_NA.exe"=
    "c:\\Nexon\\Combat Arms\\Engine.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\bin\\SDKLauncher.exe"=
    "c:\\Program Files\\Steam\\steamapps\\neohart\\team fortress 2\\hl2.exe"=
    "c:\\Documents and Settings\\Wut\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "57570:TCP"= 57570:TCP:Pando Media Booster
    "57570:UDP"= 57570:UDP:Pando Media Booster
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/19/2009 5:58 AM 721904]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2010 2:05 PM 135336]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/19/2011 5:36 PM 22504]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/28/2011 3:41 PM 1242504]
    S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [7/21/2010 9:59 PM 266240]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/16/2009 3:15 PM 1684736]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [9/3/2010 1:45 AM 227232]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
    S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
    .
    .
    ------- Supplementary Scan -------
    .
    FF - ProfilePath - c:\documents and settings\Wut\Application Data\Mozilla\Firefox\Profiles\znpdqnqv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.joystiq.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-04 22:13
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(852)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(2224)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-04-04 22:14:39
    ComboFix-quarantined-files.txt 2011-04-05 03:14
    ComboFix2.txt 2011-04-05 00:31
    .
    Pre-Run: 89,212,981,248 bytes free
    Post-Run: 89,195,134,976 bytes free
    .
    - - End Of File - - 79EBBED9F581D95B8B924AB339C3628D


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6272

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/4/2011 10:18:26 PM
    mbam-log-2011-04-04 (22-18-26).txt

    Scan type: Quick scan
    Objects scanned: 193145
    Time elapsed: 1 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  2. #12
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi Neohart,


    Your logs look ok. How's the machine working/behaving?


    Please do the following:


    Step 1 | Please download CCleaner (freeware)

    • Run the installer.
    • Once installed, run CCleaner click the Windows [tab]
    • The following should be selected by default, if not, please select:

    • Next: click Options (in the left panel) and click the Advanced button.
    • Uncheck: "Only delete files in Windows Temp folders older than 24 hours."
    • Go back to Cleaner (in the left panel) and click the Run Cleaner button (bottom right). Then exit CCleaner.



    Step 2 | Let's perform an ESET Online Scan

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on: (Selecting Uninstall application on close if you so wish)
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  3. #13
    Junior Member
    Join Date
    Apr 2011
    Posts
    12

    Default

    The computer is running alot better then it has been lately, no more redirecting from google, no more random tabs opened when online

    Did both of the things you asked and the scanner found 2 results, Here is the log.

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=237a1a26a9145f428928f17d340e7169
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-04-05 05:01:28
    # local_time=2011-04-05 12:01:28 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1797 16775141 100 93 771693 37564285 112462 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=184703
    # found=2
    # cleaned=0
    # scan_time=5190
    C:\Documents and Settings\asdasd\Application Data\Mozilla\Firefox\Profiles\iixp04bw.default\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\GamersFirst\War Rock\System\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=237a1a26a9145f428928f17d340e7169
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-04-06 02:26:00
    # local_time=2011-04-05 09:26:00 (-0600, Central Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1797 16775125 100 93 840078 37632670 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=365222
    # found=2
    # cleaned=0
    # scan_time=13878
    C:\Documents and Settings\asdasd\Application Data\Mozilla\Firefox\Profiles\iixp04bw.default\prefs.js Win32/Agent.RQD.Gen trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\GamersFirst\War Rock\System\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I

  4. #14
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi Neohart,


    Glad to hear that


    We are almost done.

    Do you recognize this file/game?

    C:\Program Files\GamersFirst\War Rock\System\WarRock.exe

    ESET is detecting a threat in that executable.


    Please go to the following site to scan a file: http://wepawet.iseclab.org

    • Click on Browse, and upload the following file for analysis:

      C:\Documents and Settings\asdasd\Application Data\Mozilla\Firefox\Profiles\iixp04bw.default\prefs.js

    • Then click Submit for analysis. Allow the file to be scanned, and when finished please copy and paste the link to the results page.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  5. #15
    Junior Member
    Join Date
    Apr 2011
    Posts
    12

    Default

    Ya and i removed that game/file from my computer, here is the report from that website

    Analysis report for file 7039a380f920b248f17fc2d3abae0575
    Sample Overview
    File prefs.js
    MD5 7039a380f920b248f17fc2d3abae0575
    Analysis Started 2011-04-05 21:03:32
    Report Generated 2011-04-05 21:03:38
    Jsand version 1.3.2
    Detection results
    Detector Result
    Jsand 1.3.2 benign
    Exploits
    No exploits were identified.
    Deobfuscation results
    Evals
    No evals.
    Writes
    No writes.
    Network Activity
    Requests
    URL
    file://prefs.js
    ActiveX controls
    No objects/controls.
    Shellcode and Malware

    No shellcode was identified.

    No additional malware was retrieved.

  6. #16
    Junior Member
    Join Date
    Apr 2011
    Posts
    12

    Default

    I ran spybot today and noticed the click.giftload was back on the computer

  7. #17
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi Neohart,


    If you remove that entry with Spybot, does it appear again?


    Please run DDS and post a new log. Don't include attach.txt
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  8. #18
    Junior Member
    Join Date
    Apr 2011
    Posts
    12

    Default

    This time no it did not, Here is the DDS,

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Wut at 13:29:39.03 on Fri 04/08/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2572 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CSHelper.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Wut\My Documents\Downloads\dds(2).scr
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\wut\applic~1\mozilla\firefox\profiles\znpdqnqv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.joystiq.com/
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\windows\system32\npOGPPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-28 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-28 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-28 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-28 61960]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-2-19 22504]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-7-21 266240]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-3-28 1242504]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-16 1684736]
    S3 cpuz132;cpuz132;\??\c:\docume~1\jdawg\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\jdawg\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
    S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-04-05 03:29:16 -------- d-----w- c:\program files\CCleaner
    2011-04-05 03:08:38 -------- d-----w- C:\ComboFix
    2011-04-05 00:16:47 -------- d-sha-r- C:\cmdcons
    2011-04-05 00:10:32 98816 ----a-w- c:\windows\sed.exe
    2011-04-05 00:10:32 89088 ----a-w- c:\windows\MBR.exe
    2011-04-05 00:10:32 256512 ----a-w- c:\windows\PEV.exe
    2011-04-05 00:10:32 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-03 19:06:17 -------- d-----w- c:\docume~1\wut\applic~1\wargaming.net
    2011-04-03 18:57:15 -------- d-----w- C:\Games
    2011-04-01 00:14:52 -------- d-----w- c:\program files\iPod
    2011-04-01 00:14:50 -------- d-----w- c:\program files\iTunes
    2011-04-01 00:09:41 -------- d-----w- c:\program files\Bonjour
    2011-03-30 18:56:32 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc18.tmp
    2011-03-30 00:22:20 -------- d-----w- c:\documents and settings\wut\.thumbnails
    2011-03-30 00:21:42 -------- d-----w- c:\documents and settings\wut\.gimp-2.6
    2011-03-30 00:21:38 -------- d-----w- c:\documents and settings\wut\.gegl-0.0
    2011-03-29 21:59:57 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2011-03-29 21:59:53 -------- d-----w- c:\program files\LogMeIn Hamachi
    2011-03-27 07:17:55 -------- d-----w- c:\documents and settings\wut\Tracing
    2011-03-25 20:20:46 -------- d-----w- C:\Minecraft
    2011-03-25 20:10:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-24 02:21:22 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
    2011-03-24 02:21:22 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
    2011-03-24 02:21:22 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2011-03-24 02:21:21 492504 ----a-w- c:\program files\mozilla firefox\sqlite3.dll
    2011-03-24 02:21:21 1018328 ----a-w- c:\program files\mozilla firefox\js3250.dll
    2011-03-19 03:34:18 -------- d-----w- c:\docume~1\wut\applic~1\.minecraft
    2011-03-14 12:17:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
    2011-03-14 12:17:13 -------- d-----w- c:\program files\McAfee Security Scan
    2011-03-12 03:53:35 -------- d-----w- c:\docume~1\wut\locals~1\applic~1\LogMeIn Hamachi
    2011-03-11 00:06:42 -------- d-----w- c:\docume~1\wut\locals~1\applic~1\ATI
    2011-03-10 23:59:38 -------- d-----w- C:\ATI
    2011-03-10 23:12:52 -------- d-----w- c:\program files\ATI Technologies
    2011-03-10 23:12:41 -------- d-----w- C:\AMD
    .
    ==================== Find3M ====================
    .
    2011-03-25 20:09:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-11 00:04:35 0 ----a-w- c:\windows\ativpsrm.bin
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-30 06:01:39 219128 -c--a-w- c:\windows\system32\PnkBstrB.xtr
    2011-01-30 06:01:39 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-26 23:05:56 17252352 ----a-w- c:\windows\system32\atioglxx.dll
    2011-01-26 23:01:00 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-01-26 23:00:54 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-01-26 22:59:36 4636672 ----a-w- c:\windows\system32\aticaldd.dll
    2011-01-26 22:52:46 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-01-26 22:51:42 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-01-26 22:42:00 4029824 ----a-w- c:\windows\system32\ati3duag.dll
    2011-01-26 22:41:32 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-01-26 22:35:04 1112576 ----a-w- c:\windows\system32\ativvamv.dll
    2011-01-26 22:32:12 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-01-26 22:31:58 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-01-26 22:31:50 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-01-26 22:31:42 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-01-26 22:31:28 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-01-26 22:30:08 638976 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-01-26 22:28:44 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-01-26 22:27:50 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-01-26 22:27:06 2673280 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-01-26 22:23:50 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-01-26 22:21:32 196608 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-01-26 22:21:30 483328 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-01-26 22:21:08 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-01-26 22:15:12 847872 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-01-26 22:12:58 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-01-26 22:12:58 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-01-21 14:42:25 439808 ----a-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 13:29:48.40 ===============

  9. #19
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi Neohart,


    Please go to the following site to scan some files: Virus Total

    • Click on Browse, and upload the following files for analysis:

      • c:\windows\system32\npOGPPlugin.dll
        c:\windows\ativpsrm.bin
        c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

    • Then click Submit. Allow the files to be scanned, and then please copy and paste the results here for me to see.
    • If it says already scanned -- click "reanalyze now"
    • Please post the results in your next reply.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  10. #20
    Junior Member
    Join Date
    Apr 2011
    Posts
    12

    Default

    Hello, Thank you for replying here is the scans.

    File name:
    npOGPPlugin.dll
    Submission date:
    2011-04-09 21:05:15 (UTC)
    Current status:
    queued (#15) queued (#15) analysing finished
    Result:
    0/ 41 (0.0%)

    c:\windows\ativpsrm.bin I could not get it to scan, does not look like there is a file?

    File name:
    npNxGameUS.dll
    Submission date:
    2011-04-09 21:11:00 (UTC)
    Current status:
    queued (#4) queued analysing finished
    Result:
    0/ 42 (0.0%)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •