[Not curable - Sality] Win32/heur virus

By xander123
Oct 31, 2010
Topic Status:
Not open for further replies.
  1. i got problem on MBAM after checking the update an start MBAM nothing will happen...here are the other logs as requested..


    DDS (Ver_10-10-31.01) - NTFSx86
    Run by user at 8:04:15.40 on Mon 11/01/2010
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1401 [GMT 8:00]


    ============== Running Processes ===============

    C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
    C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\JayDen Files\Tales Of Pirates Files\NEW PRIVATE TOP\Window Hide Tool\Window Hide Tool\Window Hide Tool.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\slmdmsr.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\DOCUME~1\user\LOCALS~1\Temp\winjuen.exe
    C:\Program Files\AVG\AVG9\avgui.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\user\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.facebook.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.winamp.com/getwinamp/
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: GigagetIEHelper Class: {111caa23-6f4f-42ac-8555-b48c1d87bbab} - c:\windows\system32\gigagetbho_v10.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Window Hide Tool] e:\jayden files\tales of pirates files\new private top\window hide tool\window hide tool\Window Hide Tool.exe
    mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
    mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: &Download All by Gigaget - c:\program files\giganology\gigaget\getallurl.htm
    IE: &Download by Gigaget - c:\program files\giganology\gigaget\geturl.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: {829FE81C-F70E-48EA-BFFF-F1CB4F00095D} = 8.8.8.8,8.8.4.4
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\th14q682.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-11 52872]
    R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2004-5-14 93440]
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-2-24 173328]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-20 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-20 29584]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-20 243024]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-11 308136]
    R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-4-3 8960]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-4-3 845184]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-1-18 24635]
    S3 amsint32;amsint32;\??\c:\windows\system32\drivers\knosk.sys --> c:\windows\system32\drivers\knosk.sys [?]
    S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-4-3 11264]
    S3 LLRING0;LLRING0;\??\c:\program files\fortressmu\fmu s4 v3\fortress 3d\muguard\llck1.sys --> c:\program files\fortressmu\fmu s4 v3\fortress 3d\muguard\llck1.sys [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-4-3 16640]

    =============== Created Last 30 ================

    2010-10-31 23:43:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-31 23:43:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-31 23:43:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-31 23:36:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-31 11:21:27 762368 ----a-w- c:\windows\system32\drivers\rhkeemvsw.sys
    2010-10-31 06:40:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
    2010-10-31 06:40:02 -------- d-----w- c:\program files\STOPzilla!
    2010-10-31 06:40:02 -------- d-----w- c:\program files\common files\iS3
    2010-10-31 06:40:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
    2010-10-24 10:46:21 -------- d-----w- c:\windows\system32\NtmsData

    ==================== Find3M ====================

    2010-08-11 01:56:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3160813AS rev.CC2F -> \Device\Ide\IdePort0

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A559ECC]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x862cd879; SUB DWORD [EBP-0x4], 0x862cd135; PUSH EDI; CALL 0xffffffffffffdf2c; }
    1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A648AB8]
    3 CLASSPNP[0xBA90905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\00000071[0x8A69AF18]
    5 ACPI[0xBA756620] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8A6AF2F8]
    [0x8A555270] -> IRP_MJ_CREATE -> 0x8A559ECC
    error: Read The system cannot find the file specified.
    kernel: MBR read successfully
    detected hooks:
    \Device\Ide\IdeDeviceP2T1L0-5 -> \??\IDE#DiskST3160813AS_____________________________CC2F____#5&2932390f&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    \Driver\atapi DriverStartIo -> 0x8A559AF1
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 8:05:34.46 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-31.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/3/2009 2:33:07 PM
    System Uptime: 11/1/2010 7:39:23 AM (1 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5KPL-AM
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2799/266mhz
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2800/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 59 GiB total, 8.846 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 90 GiB total, 2.974 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP124: 8/11/2010 9:02:51 AM - Removed Microsoft Visual C++ 2005 Redistributable
    RP125: 8/11/2010 9:03:19 AM - Installed AVG 9.0
    RP126: 8/11/2010 9:37:02 AM - Avg8 Update
    RP127: 8/11/2010 9:56:27 AM - Avg Update
    RP128: 8/11/2010 10:02:40 AM - AVG license update
    RP129: 10/31/2010 1:10:53 PM - Installed Platform
    RP130: 10/31/2010 1:50:24 PM - Restore Operation
    RP131: 10/31/2010 1:54:52 PM - Restore Operation
    RP132: 10/31/2010 1:58:36 PM - Restore Operation
    RP133: 10/31/2010 2:02:06 PM - Restore Operation
    RP134: 10/31/2010 2:05:02 PM - Restore Operation
    RP135: 10/31/2010 2:39:57 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP136: 10/31/2010 7:52:45 PM - Restore Operation
    RP137: 10/31/2010 7:56:59 PM - Restore Operation

    ==== Installed Programs ======================

    µTorrent
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.1
    Adobe Stock Photos 1.0
    ASUSUpdate
    AVG 9.0
    Cheat Engine 5.5
    CSS FULL DZ [Oct 15 2007] v18.1
    Diagnostics Utility
    DirectX for Managed Code Update (Summer 2004)
    Eusing Free Registry Cleaner
    FMU S4 V3
    GameHouse Games Collection: Academy of Magic
    GameHouse Games Collection: Adventure Inlay
    GameHouse Games Collection: Adventure Inlay - Safari Edition
    GameHouse Games Collection: Air Strike 3D
    GameHouse Games Collection: Alien Sky
    GameHouse Games Collection: Aloha Solitaire
    GameHouse Games Collection: Aloha TriPeaks
    GameHouse Games Collection: Ancient Tri-Jong
    GameHouse Games Collection: Ancient Tripeaks
    GameHouse Games Collection: Astrobatics
    GameHouse Games Collection: Atlantis
    GameHouse Games Collection: Atomaders
    GameHouse Games Collection: Bejeweled 2
    GameHouse Games Collection: Bewitched
    GameHouse Games Collection: Big Kahuna Reef
    GameHouse Games Collection: Boggle Supreme
    GameHouse Games Collection: Bounce Out Blitz
    GameHouse Games Collection: Casino Island To Go
    GameHouse Games Collection: Chainz
    GameHouse Games Collection: Chainz 2 - Relinked
    GameHouse Games Collection: Charm Solitaire
    GameHouse Games Collection: Charm Tale
    GameHouse Games Collection: Chicktionary
    GameHouse Games Collection: Chuzzle Deluxe
    GameHouse Games Collection: Collapse! Crunch
    GameHouse Games Collection: Combo Chaos!
    GameHouse Games Collection: Crystal Path
    GameHouse Games Collection: Cubis Gold 2
    GameHouse Games Collection: Digby's Donuts
    GameHouse Games Collection: Diner Dash
    GameHouse Games Collection: Feeding Frenzy
    GameHouse Games Collection: Fiber Twig
    GameHouse Games Collection: Five Card Deluxe
    GameHouse Games Collection: Flip Words
    GameHouse Games Collection: Flying Leo
    GameHouse Games Collection: Fortune Tiles Gold
    GameHouse Games Collection: Fresco Wizard
    GameHouse Games Collection: GameHouse Sudoku
    GameHouse Games Collection: Gearz
    GameHouse Games Collection: Granny in Paradise
    GameHouse Games Collection: Gutterball
    GameHouse Games Collection: Gutterball 2
    GameHouse Games Collection: Hamsterball
    GameHouse Games Collection: Hello!
    GameHouse Games Collection: Holiday Express
    GameHouse Games Collection: Iggle Pop!
    GameHouse Games Collection: Incadia
    GameHouse Games Collection: Incredible Ink
    GameHouse Games Collection: Insaniquarium Deluxe
    GameHouse Games Collection: Inspector Parker
    GameHouse Games Collection: Invadazoid
    GameHouse Games Collection: Jewel Quest
    GameHouse Games Collection: Lemonade Tycoon
    GameHouse Games Collection: Luxor
    GameHouse Games Collection: Mad Caps
    GameHouse Games Collection: Magic Ball
    GameHouse Games Collection: Magic Ball 2
    GameHouse Games Collection: Magic Ball 2 - New Worlds
    GameHouse Games Collection: Magic Inlay
    GameHouse Games Collection: Magic Vines
    GameHouse Games Collection: Mah Jong Adventures
    GameHouse Games Collection: Mah Jong Medley
    GameHouse Games Collection: Mah Jong Quest
    GameHouse Games Collection: Mahjong Towers Eternity
    GameHouse Games Collection: Maui Wowee
    GameHouse Games Collection: Phlinx To Go
    GameHouse Games Collection: Pin High Country Club Golf
    GameHouse Games Collection: Pizza Frenzy
    GameHouse Games Collection: Platypus
    GameHouse Games Collection: Poker Superstars
    GameHouse Games Collection: Puzzle Express
    GameHouse Games Collection: Puzzle Inlay
    GameHouse Games Collection: Puzzle Solitaire
    GameHouse Games Collection: QBz
    GameHouse Games Collection: Reader's Digest Super Word Power
    GameHouse Games Collection: Ricochet
    GameHouse Games Collection: Ricochet Lost Worlds
    GameHouse Games Collection: Ricochet Lost Worlds - Recharged
    GameHouse Games Collection: Roller Rush
    GameHouse Games Collection: Saints & Sinners Bingo
    GameHouse Games Collection: SCRABBLE
    GameHouse Games Collection: Shape Shifter
    GameHouse Games Collection: Slingo Deluxe
    GameHouse Games Collection: Spelvin
    GameHouse Games Collection: Splash
    GameHouse Games Collection: Spring Sprang Sprung
    GameHouse Games Collection: Super 5-Line Slots
    GameHouse Games Collection: Super Blackjack!
    GameHouse Games Collection: Super Bounce Out!
    GameHouse Games Collection: Super Candy Cruncher
    GameHouse Games Collection: Super Collapse!
    GameHouse Games Collection: Super Collapse! II
    GameHouse Games Collection: Super Collapse! II Platinum
    GameHouse Games Collection: Super Fruit Frolic
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
    GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
    GameHouse Games Collection: Super Gem Drop
    GameHouse Games Collection: Super Glinx!
    GameHouse Games Collection: Super Letter Linker
    GameHouse Games Collection: Super Mah Jong Solitaire
    GameHouse Games Collection: Super Nisqually
    GameHouse Games Collection: Super PileUp!
    GameHouse Games Collection: Super Pool
    GameHouse Games Collection: Super Pop & Drop!
    GameHouse Games Collection: Super Rumble Cube
    GameHouse Games Collection: Super SpongeBob Collapse!
    GameHouse Games Collection: Super TextTwist
    GameHouse Games Collection: Super WHATword
    GameHouse Games Collection: Super Wild Wild Words
    GameHouse Games Collection: Tap a Jam
    GameHouse Games Collection: Ten Pin Championship Bowling Pro
    GameHouse Games Collection: Tennis Titans
    GameHouse Games Collection: Tradewinds 2
    GameHouse Games Collection: Trivia Machine
    GameHouse Games Collection: Tropical Swaps
    GameHouse Games Collection: Tumblebugs
    GameHouse Games Collection: Turtle Bay
    GameHouse Games Collection: Twistingo
    GameHouse Games Collection: Ultimate Dominoes
    GameHouse Games Collection: Varmintz Deluxe
    GameHouse Games Collection: Walls of Jericho, The
    GameHouse Games Collection: Wheel of Fortune
    GameHouse Games Collection: Word Jolt
    GameHouse Games Collection: Word Slinger
    GameHouse Games Collection: WordJong To Go
    GameHouse Games Collection: Zuma Deluxe
    GameHouse Super Games AIO®
    Garena 2010
    Gigaget
    Google Chrome
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Windows XP (KB921411)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Java Auto Updater
    Java(TM) 6 Update 20
    Learning Essentials for Microsoft Office
    LightScribe System Software 1.14.17.1
    LimeWire 5.1.2
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft DirectX 9.0 SDK Update (Summer 2004)
    Microsoft Math
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2008 Management Objects
    Microsoft Student 2007 for Learning Essentials
    Microsoft Student with Encarta Premium 2008
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Mozilla Firefox (3.0.4)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    MYGAME Launcher(Remove Only)
    Nero 7 Essentials
    neroxml
    NVIDIA Drivers
    NVIDIA PhysX v8.10.13
    OPERATION7 1.2.0
    PC Probe II
    Platform
    PowerDVD
    PowerISO
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Smart Link 56K Voice Modem
    SQL Server System CLR Types
    STOPzilla
    Try Corel Snapfire muvee autoProducer add on
    Update for Windows XP (KB898461)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    USB Disk Security 5.0.0.35
    VIA Platform Device Manager
    Warcraft III: All Products
    WebFldrs XP
    Winamp (remove only)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    11/26/2010 7:17:27 PM, error: irevents [8205] -
    11/1/2010 7:26:36 AM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
    11/1/2010 7:26:34 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The SmartLinkService service terminated unexpectedly. It has done this 1 time(s).
    11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
    11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
    11/1/2010 7:12:04 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 002354C006AD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    10/31/2010 7:21:33 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
    10/31/2010 2:09:53 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
    10/31/2010 1:18:27 PM, error: Service Control Manager [7000] - The amsint32 service failed to start due to the following error: Access is denied.
    10/30/2010 12:08:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'www.timezone.com.ph,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/30/2010 11:58:35 AM, error: Service Control Manager [7034] - The mysql service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 11:58:35 AM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
    10/30/2010 11:58:22 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    10/30/2010 11:58:22 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

    ==== End Of File ===========================

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit quick scan 2010-11-01 08:02:28
    Windows 5.1.2600 Service Pack 2
    Running: tpkd4j7y.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\uwdyqpog.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A559AF1
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A559AF1
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A559AF1
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A559AF1
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-10 8A559AF1
    Device \FileSystem\Ntfs \Ntfs 8A698C20

    AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Ip 899559F0
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp 899559F0
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp 899559F0
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp 899559F0

    Device \Device\Ide\IdeDeviceP2T1L0-5 -> \??\IDE#DiskST3160813AS_____________________________CC2F____#5&2932390f&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [BOOT] rhkeemvsw <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----

    Attached Files:

  2. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    the virus keeps attacking my program files T_T...need help asap...
  3. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    Welcome aboard [​IMG]

    1. Uninstall Stopzilla.

    2. Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  4. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    the uninstall thingy for stopzilla could not be found because it was removed due to a virus..


    BTW thanks for the welcome!

    Attached Files:

  5. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    I forgot with your first post, but please observe forum rules: http://www.techspot.com/vb/topic154928.html

    2010/11/01 09:02:20.0265 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
    2010/11/01 09:02:20.0265 ================================================================================
    2010/11/01 09:02:20.0265 SystemInfo:
    2010/11/01 09:02:20.0265
    2010/11/01 09:02:20.0265 OS Version: 5.1.2600 ServicePack: 2.0
    2010/11/01 09:02:20.0265 Product type: Workstation
    2010/11/01 09:02:20.0265 ComputerName: WINXPSP2
    2010/11/01 09:02:20.0265 UserName: user
    2010/11/01 09:02:20.0265 Windows directory: C:\WINDOWS
    2010/11/01 09:02:20.0265 System windows directory: C:\WINDOWS
    2010/11/01 09:02:20.0265 Processor architecture: Intel x86
    2010/11/01 09:02:20.0265 Number of processors: 2
    2010/11/01 09:02:20.0265 Page size: 0x1000
    2010/11/01 09:02:20.0265 Boot type: Normal boot
    2010/11/01 09:02:20.0265 ================================================================================
    2010/11/01 09:02:20.0750 Initialize success
    2010/11/01 09:02:34.0546 ================================================================================
    2010/11/01 09:02:34.0546 Scan started
    2010/11/01 09:02:34.0546 Mode: Manual;
    2010/11/01 09:02:34.0546 ================================================================================
    2010/11/01 09:02:35.0125 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/01 09:02:36.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/11/01 09:02:37.0156 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/01 09:02:37.0328 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/01 09:02:37.0640 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
    2010/11/01 09:02:37.0781 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/01 09:02:37.0937 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/01 09:02:38.0125 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/01 09:02:38.0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/01 09:02:38.0500 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
    2010/11/01 09:02:38.0593 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2010/11/01 09:02:38.0640 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
    2010/11/01 09:02:38.0718 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
    2010/11/01 09:02:38.0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/01 09:02:38.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/01 09:02:39.0312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/01 09:02:39.0500 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/01 09:02:39.0640 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/01 09:02:39.0906 DeepFrz (093ba89b26d4f2ac664bf98711852b62) C:\WINDOWS\system32\drivers\DeepFrz.sys
    2010/11/01 09:02:39.0921 DeepFrz - detected Unsigned file (1)
    2010/11/01 09:02:40.0015 Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys
    2010/11/01 09:02:40.0062 Diag69xp - detected Unsigned file (1)
    2010/11/01 09:02:40.0312 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/01 09:02:40.0906 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/01 09:02:41.0406 dmio (81462e8446e83aeb7360def221c7ee1b) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/01 09:02:41.0406 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 81462e8446e83aeb7360def221c7ee1b, Fake md5: f5e7b358a732d09f4bcf2824b88b9e28
    2010/11/01 09:02:41.0406 dmio - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/11/01 09:02:41.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/01 09:02:42.0015 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/01 09:02:42.0468 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/01 09:02:42.0796 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/01 09:02:43.0187 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/11/01 09:02:43.0578 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/01 09:02:43.0890 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/11/01 09:02:44.0203 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/11/01 09:02:44.0578 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/01 09:02:45.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/01 09:02:45.0687 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/01 09:02:46.0046 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
    2010/11/01 09:02:46.0218 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/11/01 09:02:46.0640 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/01 09:02:47.0328 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/01 09:02:47.0656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/01 09:02:48.0046 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys
    2010/11/01 09:02:48.0281 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys
    2010/11/01 09:02:48.0406 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys
    2010/11/01 09:02:48.0609 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys
    2010/11/01 09:02:49.0000 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/01 09:02:49.0359 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/11/01 09:02:49.0671 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/01 09:02:50.0046 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/01 09:02:50.0406 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/01 09:02:50.0718 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/01 09:02:51.0031 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/01 09:02:51.0375 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
    2010/11/01 09:02:51.0609 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/01 09:02:52.0093 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/01 09:02:52.0312 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/01 09:02:52.0546 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/01 09:02:52.0718 LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys
    2010/11/01 09:02:53.0046 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/01 09:02:53.0203 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/01 09:02:53.0375 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/11/01 09:02:53.0578 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
    2010/11/01 09:02:53.0765 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/01 09:02:53.0921 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/01 09:02:54.0109 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/01 09:02:54.0296 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/01 09:02:54.0500 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/01 09:02:54.0625 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/01 09:02:54.0765 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/01 09:02:54.0921 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/01 09:02:55.0093 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/01 09:02:55.0375 Mtlmnt5 (8cc4ab0f1fdb5fc7f58779dab0b1d22e) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys
    2010/11/01 09:02:55.0406 Mtlmnt5 - detected Unsigned file (1)
    2010/11/01 09:02:55.0640 Mtlstrm (195c5a0b44240dbb999f267ecfd3fab2) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys
    2010/11/01 09:02:55.0718 Mtlstrm - detected Unsigned file (1)
    2010/11/01 09:02:55.0906 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2010/11/01 09:02:56.0062 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/01 09:02:56.0437 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/01 09:02:56.0640 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/01 09:02:56.0781 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/01 09:02:56.0968 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/01 09:02:57.0171 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/01 09:02:57.0453 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/01 09:02:57.0671 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/01 09:02:57.0859 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/01 09:02:58.0015 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/01 09:02:58.0218 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/01 09:02:58.0453 nv (61bf339927f7a02c395f89fd8ad7ccfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/11/01 09:02:58.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/01 09:02:59.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/01 09:02:59.0437 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/11/01 09:02:59.0593 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/01 09:02:59.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/01 09:02:59.0875 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/01 09:03:00.0078 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/01 09:03:00.0312 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/11/01 09:03:00.0546 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/01 09:03:00.0718 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/01 09:03:00.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/01 09:03:00.0984 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    2010/11/01 09:03:01.0000 PxHelp20 - detected Unsigned file (1)
    2010/11/01 09:03:01.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/01 09:03:01.0328 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/01 09:03:01.0531 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/01 09:03:01.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/01 09:03:01.0828 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/01 09:03:02.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/01 09:03:02.0171 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/01 09:03:02.0343 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/01 09:03:02.0656 RecAgent (5df1543b5258af20deddbb32808470c5) C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys
    2010/11/01 09:03:02.0687 RecAgent - detected Unsigned file (1)
    2010/11/01 09:03:02.0859 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/01 09:03:02.0937 Suspicious service (NoAccess): rhkeemvsw
    2010/11/01 09:03:03.0015 rhkeemvsw (03cc0784819845e72eac38a9c66f7e65) C:\WINDOWS\system32\drivers\rhkeemvsw.sys
    2010/11/01 09:03:03.0015 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\rhkeemvsw.sys. md5: 03cc0784819845e72eac38a9c66f7e65
    2010/11/01 09:03:03.0015 rhkeemvsw - detected Locked service (1)
    2010/11/01 09:03:03.0125 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/11/01 09:03:03.0296 RTLVLAN (b9ca69921379ea2931c4450fe975bce7) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
    2010/11/01 09:03:03.0500 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\WINDOWS\system32\drivers\SCDEmu.sys
    2010/11/01 09:03:03.0531 SCDEmu - detected Unsigned file (1)
    2010/11/01 09:03:03.0609 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/01 09:03:03.0734 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/01 09:03:03.0906 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/01 09:03:04.0062 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/01 09:03:04.0359 Slntamr (696ae679eca1868fdafa148fc56ac8b1) C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys
    2010/11/01 09:03:04.0406 Slntamr - detected Unsigned file (1)
    2010/11/01 09:03:04.0593 SlNtHal (7f5f9b53bea4238aa18ba05382ec7629) C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys
    2010/11/01 09:03:04.0625 SlNtHal - detected Unsigned file (1)
    2010/11/01 09:03:04.0734 SlWdmSup (58f389daea07a855f7f38dd0d66e20c2) C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys
    2010/11/01 09:03:04.0734 SlWdmSup - detected Unsigned file (1)
    2010/11/01 09:03:04.0859 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/01 09:03:05.0046 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/01 09:03:05.0234 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/01 09:03:05.0546 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/01 09:03:05.0718 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/01 09:03:05.0906 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/01 09:03:06.0062 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
    2010/11/01 09:03:06.0171 szkgfs (333175a9d6129315650ac743459dd176) C:\WINDOWS\system32\drivers\szkgfs.sys
    2010/11/01 09:03:06.0312 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/01 09:03:06.0531 Tcpip6 (00586ed87ab564b03870a2a3dcc84b55) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2010/11/01 09:03:06.0640 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/01 09:03:06.0812 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/01 09:03:07.0015 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/01 09:03:07.0281 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2010/11/01 09:03:07.0437 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/01 09:03:07.0671 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/01 09:03:07.0828 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/01 09:03:07.0984 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/01 09:03:08.0171 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/01 09:03:08.0359 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/01 09:03:08.0531 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/01 09:03:08.0703 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/01 09:03:08.0859 VIAHdAudAddService (51b24990850076f659d1d1daefbed6f1) C:\WINDOWS\system32\drivers\viahduaa.sys
    2010/11/01 09:03:09.0046 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/01 09:03:09.0218 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/01 09:03:09.0406 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/01 09:03:09.0593 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
    2010/11/01 09:03:09.0750 ================================================================================
    2010/11/01 09:03:09.0750 Scan finished
    2010/11/01 09:03:09.0750 ================================================================================
    2010/11/01 09:03:09.0859 Detected object count: 12
    2010/11/01 09:04:41.0156 Unsigned file(DeepFrz) - User select action: Skip
    2010/11/01 09:04:41.0156 Unsigned file(Diag69xp) - User select action: Skip
    2010/11/01 09:04:41.0265 dmio (81462e8446e83aeb7360def221c7ee1b) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/01 09:04:41.0265 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 81462e8446e83aeb7360def221c7ee1b, Fake md5: f5e7b358a732d09f4bcf2824b88b9e28
    2010/11/01 09:04:41.0546 Backup copy found, using it..
    2010/11/01 09:04:41.0562 C:\WINDOWS\system32\drivers\dmio.sys - will be cured after reboot
    2010/11/01 09:04:41.0562 Rootkit.Win32.TDSS.tdl3(dmio) - User select action: Cure
    2010/11/01 09:04:41.0562 Unsigned file(Mtlmnt5) - User select action: Skip
    2010/11/01 09:04:41.0562 Unsigned file(Mtlstrm) - User select action: Skip
    2010/11/01 09:04:41.0562 Unsigned file(PxHelp20) - User select action: Skip
    2010/11/01 09:04:41.0562 Unsigned file(RecAgent) - User select action: Skip
    2010/11/01 09:04:41.0562 Locked service(rhkeemvsw) - User select action: Skip
    2010/11/01 09:04:41.0578 Unsigned file(SCDEmu) - User select action: Skip
    2010/11/01 09:04:41.0578 Unsigned file(Slntamr) - User select action: Skip
    2010/11/01 09:04:41.0578 Unsigned file(SlNtHal) - User select action: Skip
    2010/11/01 09:04:41.0578 Unsigned file(SlWdmSup) - User select action: Skip
    2010/11/01 09:05:07.0609 Deinitialize success

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 128):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E2000 \WINDOWS\system32\hal.dll
    0xBADA8000 \WINDOWS\system32\KDCOM.DLL
    0xBACB8000 \WINDOWS\system32\BOOTVID.dll
    0xBA8A8000 szkg.sys
    0xBA77E000 szkgfs.sys
    0xBA76C000 klmdb.sys
    0xBA73E000 ACPI.sys
    0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xBA72D000 pci.sys
    0xBA8C8000 isapnp.sys
    0xBA66F000 rhkeemvsw.sys
    0xBAE70000 pciide.sys
    0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA8D8000 MountMgr.sys
    0xBA650000 ftdisk.sys
    0xBADAC000 dmload.sys
    0xBA62A000 tskDA.tmp
    0xBAB30000 PartMgr.sys
    0xBA8E8000 VolSnap.sys
    0xBA612000 atapi.sys
    0xBA8F8000 disk.sys
    0xBA908000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xBA5F3000 fltMgr.sys
    0xBA5E1000 sr.sys
    0xBAB38000 PxHelp20.sys
    0xBA5CA000 KSecDD.sys
    0xBA53D000 Ntfs.sys
    0xBA510000 NDIS.sys
    0xBACBC000 RecAgent.sys
    0xBA4F5000 Mup.sys
    0xBA4DE000 DeepFrz.sys
    0xBA918000 avgrkx86.sys
    0xBAD9C000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0xBAAE8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB97C7000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB97B3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB978E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB9772000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xBAC10000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB974F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBAC18000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xBAC20000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB973B000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBADE8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0xBAAF8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBAC28000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBAC30000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBAB08000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBADA4000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBAB18000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA8B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB9E3E000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9718000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBAC38000 \SystemRoot\system32\drivers\InCDPass.sys
    0xB9E2E000 \SystemRoot\system32\drivers\InCDRm.sys
    0xBAE9E000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB9E1E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA4B2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9701000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB9E0E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB9DFE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBAC40000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB96F0000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB9DEE000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBAC48000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBAC50000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB96BF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB9DDE000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBADEA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB9663000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA496000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB9DCE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB744C000 \SystemRoot\system32\drivers\viahduaa.sys
    0xB742A000 \SystemRoot\system32\drivers\portcls.sys
    0xB9DAE000 \SystemRoot\system32\drivers\drmk.sys
    0xB72D6000 \SystemRoot\system32\drivers\monfilt.sys
    0xBA988000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBADF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBAC58000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xBADF4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBAEA7000 \SystemRoot\System32\Drivers\Null.SYS
    0xBADF6000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBAC68000 \SystemRoot\System32\drivers\vga.sys
    0xBADF8000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBADFA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBAD80000 \SystemRoot\System32\Drivers\InCDrec.SYS
    0xB6CAF000 \SystemRoot\system32\drivers\InCDFs.sys
    0xBAC70000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBAC78000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBAD84000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB6C9C000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB6C44000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB6BE4000 \SystemRoot\system32\DRIVERS\tcpip6.sys
    0xBA9A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB6BAA000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xB6B82000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB6B60000 \SystemRoot\System32\drivers\afd.sys
    0xBA9B8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA9C8000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0xB6A6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB69D5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA9D8000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBAC88000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xB69A1000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xBAE20000 \SystemRoot\system32\drivers\AsIO.sys
    0xBAA28000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB6989000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBAE2C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB6A9C000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBAB80000 \SystemRoot\System32\watchdog.sys
    0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
    0xBAE8A000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF9D5000 \SystemRoot\System32\nv4_disp.dll
    0xBFFB3000 \SystemRoot\System32\ATMFD.DLL
    0xB662D000 \SystemRoot\system32\DRIVERS\LANPkt.sys
    0xB6615000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB61FC000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB65E9000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB5FD0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBADE4000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB5DAC000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBAE1C000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
    0xB5B81000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB5841000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xB5517000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 43):
    0 System Idle Process
    4 System
    820 C:\WINDOWS\system32\smss.exe
    872 csrss.exe
    896 C:\WINDOWS\system32\winlogon.exe
    940 C:\WINDOWS\system32\services.exe
    952 C:\WINDOWS\system32\lsass.exe
    1112 C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
    1156 C:\WINDOWS\system32\svchost.exe
    1212 C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    1304 svchost.exe
    1432 C:\WINDOWS\system32\svchost.exe
    1488 C:\Program Files\AVG\AVG9\avgchsvx.exe
    1496 C:\Program Files\AVG\AVG9\avgrsx.exe
    1616 svchost.exe
    1640 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    1780 svchost.exe
    340 C:\WINDOWS\explorer.exe
    376 C:\WINDOWS\system32\spoolsv.exe
    524 C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
    864 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    1084 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    1176 C:\Program Files\Java\jre6\bin\jqs.exe
    1340 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1544 C:\WINDOWS\system32\nvsvc32.exe
    1588 C:\WINDOWS\system32\PSIService.exe
    1744 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2024 C:\WINDOWS\system32\slmdmsr.exe
    2148 C:\WINDOWS\system32\svchost.exe
    2176 wdfmgr.exe
    2296 C:\Program Files\AVG\AVG9\avgam.exe
    2336 C:\Program Files\AVG\AVG9\avgnsx.exe
    2888 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
    2896 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    2908 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3112 C:\WINDOWS\system32\ctfmon.exe
    2248 C:\Program Files\AVG\AVG9\avgui.exe
    3584 C:\WINDOWS\system32\wuauclt.exe
    1936 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    1980 C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3512 C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3344 C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3948 C:\Documents and Settings\user\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000e`a609c000 (NTFS)

    PhysicalDrive0 Model Number: ST3160813AS, Rev: CC2F

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  6. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    See, if MBAM will run now.
  7. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    oh..im so sorry for that sir..and thanks for editing..
  8. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    i can open it now..and its scanning..but i found some pop ups something like error disk i cant remember what it was written i just click continue and still scanning now..
  9. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    Don't worry about any errors for now, but always let me know.
    Did you update MBAM prior to running it?
  10. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    Yes Sir! i have updated it before scanning.

    here is the result. and still AVG detecting viruses



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5009

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    11/1/2010 9:30:51 AM
    mbam-log-2010-11-01 (09-30-51).txt

    Scan type: Quick scan
    Objects scanned: 137311
    Time elapsed: 4 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\end (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  11. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    This doesn't look good:
    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - explorer.exe located @ C:\Windows
    - userinit.exe and svchost.exe located @ C:\Windows\System32
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  12. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    this is what i get in sending explorer.exe

    Bad Gateway

    The proxy server received an invalid response from an upstream server.
  13. Broni

    Broni Malware Annihilator Posts: 46,334   +252

  14. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    the two rest files seems to be ok..and no infections..

    File name: svchost.exe
    Submission date: 2010-11-01 02:00:14 (UTC)
    Current status: finished
    Result: 0/ 43 (0.0%)
    VT Community

    goodware
    Safety score: 100.0%
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2010.11.01.00 2010.10.31 -
    AntiVir 7.10.13.75 2010.10.31 -
    Antiy-AVL 2.0.3.7 2010.11.01 -
    Authentium 5.2.0.5 2010.11.01 -
    Avast 4.8.1351.0 2010.10.31 -
    Avast5 5.0.594.0 2010.10.31 -
    AVG 9.0.0.851 2010.10.31 -
    BitDefender 7.2 2010.11.01 -
    CAT-QuickHeal 11.00 2010.10.26 -
    ClamAV 0.96.2.0-git 2010.10.31 -
    Comodo 6577 2010.11.01 -
    DrWeb 5.0.2.03300 2010.11.01 -
    Emsisoft 5.0.0.50 2010.11.01 -
    eSafe 7.0.17.0 2010.10.31 -
    eTrust-Vet None 2010.10.29 -
    F-Prot 4.6.2.117 2010.10.31 -
    F-Secure 9.0.16160.0 2010.11.01 -
    Fortinet 4.2.249.0 2010.10.31 -
    GData 21 2010.11.01 -
    Ikarus T3.1.1.90.0 2010.11.01 -
    Jiangmin 13.0.900 2010.10.31 -
    K7AntiVirus 9.67.2865 2010.10.29 -
    Kaspersky 7.0.0.125 2010.11.01 -
    McAfee 5.400.0.1158 2010.11.01 -
    McAfee-GW-Edition 2010.1C 2010.10.31 -
    Microsoft 1.6301 2010.10.31 -
    NOD32 5580 2010.10.31 -
    Norman 6.06.10 2010.10.31 -
    nProtect 2010-10-31.01 2010.10.31 -
    Panda 10.0.2.7 2010.10.31 -
    PCTools 7.0.3.5 2010.11.01 -
    Prevx 3.0 2010.11.01 -
    Rising 22.71.03.02 2010.10.29 -
    Sophos 4.59.0 2010.11.01 -
    Sunbelt 7182 2010.11.01 -
    SUPERAntiSpyware 4.40.0.1006 2010.11.01 -
    Symantec 20101.2.0.161 2010.11.01 -
    TheHacker 6.7.0.1.074 2010.10.31 -
    TrendMicro 9.120.0.1004 2010.10.31 -
    TrendMicro-HouseCall 9.120.0.1004 2010.11.01 -
    VBA32 3.12.14.1 2010.10.29 -
    ViRobot 2010.10.30.4121 2010.10.31 -
    VirusBuster 12.70.14.0 2010.10.31 -



    File name: userinit.exe
    Submission date: 2010-11-01 01:58:30 (UTC)
    Current status: finished
    Result: 0/ 41 (0.0%)
    VT Community

    goodware
    Safety score: 100.0%
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2010.11.01.00 2010.10.31 -
    AntiVir 7.10.13.75 2010.10.31 -
    Antiy-AVL 2.0.3.7 2010.11.01 -
    Authentium 5.2.0.5 2010.11.01 -
    Avast 4.8.1351.0 2010.10.31 -
    Avast5 5.0.594.0 2010.10.31 -
    AVG 9.0.0.851 2010.10.31 -
    BitDefender 7.2 2010.11.01 -
    CAT-QuickHeal 11.00 2010.10.26 -
    ClamAV 0.96.2.0-git 2010.10.31 -
    Comodo 6577 2010.11.01 -
    Emsisoft 5.0.0.50 2010.11.01 -
    eSafe 7.0.17.0 2010.10.31 -
    eTrust-Vet 36.1.7943 2010.10.29 -
    F-Prot 4.6.2.117 2010.10.31 -
    F-Secure 9.0.16160.0 2010.11.01 -
    Fortinet 4.2.249.0 2010.10.31 -
    GData 21 2010.11.01 -
    Ikarus T3.1.1.90.0 2010.11.01 -
    Jiangmin 13.0.900 2010.10.31 -
    K7AntiVirus 9.67.2865 2010.10.29 -
    Kaspersky 7.0.0.125 2010.11.01 -
    McAfee 5.400.0.1158 2010.11.01 -
    McAfee-GW-Edition 2010.1C 2010.10.31 -
    Microsoft 1.6301 2010.10.31 -
    NOD32 5580 2010.10.31 -
    Norman 6.06.10 2010.10.31 -
    nProtect 2010-10-31.01 2010.10.31 -
    Panda 10.0.2.7 2010.10.31 -
    PCTools 7.0.3.5 2010.11.01 -
    Prevx 3.0 2010.11.01 -
    Rising 22.71.03.02 2010.10.29 -
    Sophos 4.59.0 2010.11.01 -
    Sunbelt 7182 2010.11.01 -
    SUPERAntiSpyware 4.40.0.1006 2010.11.01 -
    TheHacker 6.7.0.1.074 2010.10.31 -
    TrendMicro 9.120.0.1004 2010.10.31 -
    TrendMicro-HouseCall 9.120.0.1004 2010.11.01 -
    VBA32 3.12.14.1 2010.10.29 -
    ViRobot 2010.10.30.4121 2010.10.31 -
    VirusBuster 12.70.14.0 2010.10.31 -
    Additional informationShow all
    MD5 : 39b1ffb03c2296323832acbae50d2aff
    SHA1 : e5aedcbe25a97c89101f1f3860ff846e94d70445
    SHA256: 5b5d71718108e132d10bafb0c217f469a1e3cc13f79ff8d9cbe3bf4918aff7b7
    ssdeep: 384:DNkhB/JD1CzaxzOV6s9cKmdPGFQ273eLXVBYkkjuv1hkNLdbaLa4CwUJuUCSF4WL:gJDUax
    gu5YEVBxkjuv7wbaLa4PU4b7
    File size : 24576 bytes
    First seen: 2007-11-20 00:54:56
    Last seen : 2010-11-01 01:58:30
    TrID:
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    sigcheck:
    publisher....: Microsoft Corporation
    copyright....: (c) Microsoft Corporation. All rights reserved.
    product......: Microsoft_ Windows_ Operating System
    description..: Userinit Logon Application
    original name: USERINIT.EXE
    internal name: userinit
    file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x50E5
    timedatestamp....: 0x41107B78 (Wed Aug 04 06:00:24 2004)
    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x4DB8, 0x4E00, 6.01, 16aee663ed180007a0bf5bf24b845096
    .data, 0x6000, 0x14C, 0x200, 1.86, cbb599f9267bf53209039d14a3574eb1
    .rsrc, 0x7000, 0xB60, 0xC00, 3.27, b388ab1541ccd9727979fb26a23f72e1

    [[ 7 import(s) ]]
    USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
    ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
    CRYPT32.dll: CryptProtectData
    WINSPOOL.DRV: SpoolerInit
    ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString
    msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv
    KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 19968
    CompanyName: Microsoft Corporation
    EntryPoint: 0x50e5
    FileDescription: Userinit Logon Application
    FileFlagsMask: 0x003f
    FileOS: Windows NT 32-bit
    FileSize: 24 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    FileVersionNumber: 5.1.2600.2180
    ImageVersion: 5.1
    InitializedDataSize: 3584
    InternalName: userinit
    LanguageCode: English (U.S.)
    LegalCopyright: Microsoft Corporation. All rights reserved.
    LinkerVersion: 7.1
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 5.1
    ObjectFileType: Executable application
    OriginalFilename: USERINIT.EXE
    PEType: PE32
    ProductName: Microsoft Windows Operating System
    ProductVersion: 5.1.2600.2180
    ProductVersionNumber: 5.1.2600.2180
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2004:08:04 08:00:24+02:00
    UninitializedDataSize: 0
  15. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    the two files "userinit.exe and svhost.exe" seems to be no problem..i cant post the whole scan because its too long..
  16. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    File name: svchost.exe
    Submission date: 2010-11-01 02:00:14 (UTC)
    Current status: finished
    Result: 0/ 43 (0.0%)


    File name: userinit.exe
    Submission date: 2010-11-01 01:58:30 (UTC)
    Current status: finished
    Result: 0/ 41 (0.0%)
  17. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    Did you try explorer.exe at Jotti?
  18. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    Filename: explorer.exe
    Status:
    Scan finished. 0 out of 19 scanners reported malware.
    Scan taken on: Mon 1 Nov 2010 03:09:01 (CET) Permalink

    found nothing...it seems AVG protected it? ...
  19. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    this is how AVG detected all the viruses and they are all in virus vault:


    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe";"";"11/1/2010, 8:22:40 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\crashreporter.exe";"";"11/1/2010, 8:33:54 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpcshell.exe";"";"11/1/2010, 8:34:48 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe";"";"11/1/2010, 8:34:48 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpidl.exe";"";"11/1/2010, 8:34:48 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe";"";"11/1/2010, 8:34:48 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpt_link.exe";"";"11/1/2010, 8:34:48 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xulrunner.exe";"";"11/1/2010, 8:34:48 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe";"";"11/1/2010, 8:34:48 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Desktop\TFC.exe";"";"11/1/2010, 7:38:11 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe";"";"11/1/2010, 8:48:34 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleUpdate.exe";"";"11/1/2010, 8:48:34 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe";"";"10/31/2010, 1:19:18 PM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\bsbv.exe";"";"11/1/2010, 8:20:20 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\btea.exe";"";"10/31/2010, 5:20:47 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\cykdp.exe";"";"11/1/2010, 8:56:25 AM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\emuh.exe";"";"10/31/2010, 2:21:03 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\gdbmv.exe";"";"11/1/2010, 7:45:02 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\gwum.exe";"";"10/31/2010, 2:22:21 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\iyxmpb.exe";"";"10/31/2010, 2:10:26 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\jibyo.exe";"";"10/31/2010, 2:52:46 PM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\kiill.exe";"";"10/31/2010, 2:52:45 PM"
    "Infection";"Virus identified Worm/Generic.BQZQ";"c:\Documents and Settings\user\Local Settings\Temp\kvgg.exe";"";"10/31/2010, 1:21:56 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\ntkei.exe";"";"11/1/2010, 9:10:09 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\odtqeu.exe";"";"11/1/2010, 8:56:39 AM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\pdeyrv.exe";"";"10/31/2010, 2:27:14 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\phkm.exe";"";"11/1/2010, 7:43:41 AM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\qipfge.exe";"";"11/1/2010, 9:37:04 AM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\qrdxsx.exe";"";"10/31/2010, 2:36:14 PM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\qrvlw.exe";"";"10/31/2010, 2:37:26 PM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\qtvk.exe";"";"10/31/2010, 2:10:10 PM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\rscl.exe";"";"10/31/2010, 2:37:30 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\somx.exe";"";"10/31/2010, 1:28:30 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\tmht.exe";"";"10/31/2010, 5:17:58 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\uobuiv.exe";"";"10/31/2010, 2:22:30 PM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\vxwc.exe";"";"11/1/2010, 8:56:41 AM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winakix.exe";"";"10/31/2010, 2:09:04 PM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winbhopmq.exe";"";"10/31/2010, 2:26:54 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winbvhqlo.exe";"";"11/1/2010, 8:21:22 AM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\windnhh.exe";"";"10/31/2010, 5:21:05 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\wineunca.exe";"";"11/1/2010, 8:20:04 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\wingxlmxw.exe";"";"11/1/2010, 9:10:24 AM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winhxqxis.exe";"";"11/1/2010, 9:11:27 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winiuyop.exe";"";"11/1/2010, 7:43:59 AM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winjwfbp.exe";"";"11/1/2010, 9:37:27 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winkbahf.exe";"";"10/31/2010, 2:52:45 PM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winknmb.exe";"";"10/31/2010, 5:20:54 PM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winlhty.exe";"";"10/31/2010, 2:22:11 PM"
    "Infection";"Trojan horse PSW.Agent.AHSI";"c:\Documents and Settings\user\Local Settings\Temp\winnpejyx.exe";"";"10/31/2010, 1:21:59 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winnude.exe";"";"10/31/2010, 2:25:53 PM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winpevrn.exe";"";"11/1/2010, 9:10:27 AM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winqcjos.exe";"";"11/1/2010, 7:34:02 AM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winqmcoj.exe";"";"10/31/2010, 2:52:45 PM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winqwxyy.exe";"";"10/31/2010, 2:10:18 PM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winriwyg.exe";"";"10/31/2010, 2:22:11 PM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winrkbgks.exe";"";"10/31/2010, 2:26:53 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winsciial.exe";"";"10/31/2010, 2:37:39 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winsrkmyt.exe";"";"10/31/2010, 2:52:46 PM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winuyiujn.exe";"";"11/1/2010, 8:20:23 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winwhok.exe";"";"10/31/2010, 2:10:09 PM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winwonydr.exe";"";"11/1/2010, 9:37:22 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winwryc.exe";"";"10/31/2010, 2:37:21 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winwskbf.exe";"";"11/1/2010, 9:38:27 AM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winxvncr.exe";"";"10/31/2010, 5:20:48 PM"
    "Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winyqmcn.exe";"";"11/1/2010, 8:57:40 AM"
    "Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\wslib.exe";"";"10/31/2010, 2:27:14 PM"
    "Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\xbxi.exe";"";"11/1/2010, 7:44:02 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\My Documents\Downloads\dds.scr";"";"11/1/2010, 9:09:35 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\My Documents\Downloads\STOPzilla_Setup.exe";"";"10/31/2010, 2:53:05 PM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\My Documents\Downloads\TFC (1).exe";"";"11/1/2010, 9:15:52 AM"
    "Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\My Documents\Downloads\TFC.exe";"";"11/1/2010, 9:15:49 AM"
    "Infection";"Virus found Win32/Heur";"c:\Games\Alien Shooter\AlienShooter.exe";"";"11/1/2010, 8:58:07 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe";"";"10/31/2010, 1:19:15 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\AVG\AVG9\avgscanx.exe";"";"10/31/2010, 7:03:35 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\AVG\AVG9\avgsrmax.exe";"";"11/1/2010, 9:38:11 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\AVG\AVG9\fixcfg.exe";"";"11/1/2010, 9:38:11 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Cheat Engine\unins000.exe";"";"10/31/2010, 7:42:37 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe";"";"10/31/2010, 7:41:21 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe";"";"10/31/2010, 1:25:40 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe";"";"10/31/2010, 1:19:15 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe";"";"11/1/2010, 7:41:18 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NeroUpgrade.exe";"";"11/1/2010, 7:09:57 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe";"";"10/31/2010, 2:49:41 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe";"";"10/31/2010, 7:42:00 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe";"";"10/31/2010, 1:26:31 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\iS3\Anti-Spyware\IS3Updater.exe";"";"10/31/2010, 3:13:31 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Java\Java Update\jusched.exe";"";"10/31/2010, 2:49:21 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\CyberLink\PowerDVD\Language\Language.exe";"";"10/31/2010, 1:25:39 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\CyberLink\PowerDVD\PDVDServ.exe";"";"10/31/2010, 2:49:21 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe";"";"10/31/2010, 2:07:19 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\e-Games\OPERATION7\uninst.exe";"";"10/31/2010, 7:42:52 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Eusing Free Registry Cleaner\UNWISE.EXE";"";"10/31/2010, 7:42:38 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\FortressMU\FMU S4 V3\fortress 3d\muplayer.exe";"";"11/1/2010, 7:41:17 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse Games Collection\unwise.exe";"";"10/31/2010, 7:42:11 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Airstrike\AirStrike3D.exe";"";"11/1/2010, 7:41:16 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\AlienSky\AlienSky.exe";"";"10/31/2010, 7:40:51 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Atomaders\Atomaders.exe";"";"10/31/2010, 7:40:49 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\BounceOutBlitz\BounceOutBlitz.exe";"";"10/31/2010, 7:40:54 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Candy\cruncher.exe";"";"10/31/2010, 7:40:59 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Chainz\chainz.exe";"";"10/31/2010, 7:41:21 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe";"";"10/31/2010, 7:41:21 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\ComboChaos\ComboChaos.exe";"";"10/31/2010, 7:41:24 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe";"";"10/31/2010, 7:41:30 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\FruitFrolic\Bricks.exe";"";"10/31/2010, 7:41:36 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Hello\Hello!.exe";"";"10/31/2010, 7:41:51 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\JewelQuest\JewelQuest.exe";"";"10/31/2010, 7:41:58 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\LetterLinker\LLinker.exe";"";"10/31/2010, 7:42:13 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\MadCaps\madcaps.exe";"";"10/31/2010, 7:42:14 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\MagicBall\MagicBall.exe";"";"10/31/2010, 7:42:14 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\ShapeShifter\Shape.exe";"";"10/31/2010, 7:42:38 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Slingo\Slingo.exe";"";"10/31/2010, 7:42:38 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Solitaire3\ghsol3.exe";"";"10/31/2010, 7:42:51 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\SpongeBobCollapse\SBCollapse.exe";"";"10/31/2010, 7:42:53 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\TextTwist\TextTwist.exe";"";"10/31/2010, 7:42:55 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\WordJolt\WordJolt.exe";"";"10/31/2010, 7:43:07 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Garena\uninst.exe";"";"10/31/2010, 7:42:38 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe";"";"10/31/2010, 7:41:47 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe";"";"10/31/2010, 2:49:41 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe";"";"11/1/2010, 7:41:16 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\InstallShield Installation Information\{88253B77-33C9-4A9D-9E4C-4579E39D9158}\setup.exe";"";"10/31/2010, 7:42:54 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe";"";"10/31/2010, 7:43:07 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe";"";"11/1/2010, 7:41:15 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Java\jre6\bin\javaw.exe";"";"10/31/2010, 7:03:43 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\LimeWire\uninstall.exe";"";"10/31/2010, 7:42:39 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe";"";"11/1/2010, 8:33:32 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe";"";"11/1/2010, 8:25:19 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Malwarebytes' Anti-Malware\unins000.exe";"";"11/1/2010, 7:45:22 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Malwarebytes' Anti-Malware\unins000.exe";"";"11/1/2010, 8:25:15 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Samples\SampleBrowser\SampleBrowser.exe";"";"10/31/2010, 7:43:13 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\D3DSpy.exe";"";"10/31/2010, 7:43:13 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\dmotest.exe";"";"11/1/2010, 7:09:50 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\DXCapsViewer.exe";"";"10/31/2010, 7:43:18 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\DXErr.exe";"";"10/31/2010, 7:43:19 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\DxTex.exe";"";"10/31/2010, 7:43:23 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\fedit.exe";"";"11/1/2010, 7:09:51 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\graphedt.exe";"";"11/1/2010, 7:09:52 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\ProfileEnum.exe";"";"11/1/2010, 7:09:53 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe";"";"10/31/2010, 7:41:52 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME Launcher\0001\00000000.exe";"";"10/31/2010, 1:26:39 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME Launcher\Reviser.exe";"";"10/31/2010, 1:21:18 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME Launcher\Starter.exe";"";"10/31/2010, 1:26:39 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME\Special Force\dflauncher.exe";"";"10/31/2010, 1:20:06 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME\Special Force\DFPatcher.exe";"";"10/31/2010, 1:47:09 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\PowerISO\PWRISOVM.EXE";"";"10/31/2010, 2:49:21 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\STOPzilla!\STOPzilla.exe";"";"11/1/2010, 7:20:01 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\STOPzilla!\SZBlkLst.exe";"";"10/31/2010, 6:46:21 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\STOPzilla!\SZInit.Exe";"";"10/31/2010, 6:46:20 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\STOPzilla!\SZOptions.exe";"";"11/1/2010, 7:12:03 AM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\USB Disk Security\USBGuard.exe";"";"10/31/2010, 2:49:21 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\Warcraft III\World Editor.exe";"";"10/31/2010, 1:52:24 PM"
    "Infection";"Virus found Win32/Heur";"c:\Program Files\WinRAR\WinRAR.exe";"";"10/31/2010, 1:47:09 PM"
  20. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  21. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    ok im doing it now..and i found something not good..i tried opening internet explorer..and seems to be bugged..it just shows the browser and never stops load..
  22. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    Let's see what Eset will show...
  23. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    okay..70% downloaded..
  24. xander123

    xander123 Newcomer, in training Topic Starter Posts: 23

    the scanner found something..its called:

    win32/Sality.NBA virus and 36 infected files so far, 10% scan progress.
  25. Broni

    Broni Malware Annihilator Posts: 46,334   +252

    I'm afraid I have very bad news.

    You are infected with a polymorphic file infector (Sality). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
    *.exe
    *.scr
    *.htm
    *.html
    *.xml
    *.zip
    *.rar
    *.doc
    *.jpg
    *.pdf

    Backup all your documents and important items only.
    DO NOT backup any files mentioned above.

    I suggest you do the following immediately:

    * Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    * From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    * DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

    For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

    To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

    Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

    To find out more information about how you may have got infected in the first place, you can read this article.

    I am sorry I cannot give any better news.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.