[Not curable - Sality] Win32/heur virus

Status
Not open for further replies.
X

xander123

Posts: 23   +0
I got problem on MBAM after checking the update an start MBAM nothing will happen...here are the other logs as requested..


DDS (Ver_10-10-31.01) - NTFSx86
Run by user at 8:04:15.40 on Mon 11/01/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1401 [GMT 8:00]


============== Running Processes ===============

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
E:\JayDen Files\Tales Of Pirates Files\NEW PRIVATE TOP\Window Hide Tool\Window Hide Tool\Window Hide Tool.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\user\LOCALS~1\Temp\winjuen.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.winamp.com/getwinamp/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: GigagetIEHelper Class: {111caa23-6f4f-42ac-8555-b48c1d87bbab} - c:\windows\system32\gigagetbho_v10.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Window Hide Tool] e:\jayden files\tales of pirates files\new private top\window hide tool\window hide tool\Window Hide Tool.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Download All by Gigaget - c:\program files\giganology\gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\giganology\gigaget\geturl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {829FE81C-F70E-48EA-BFFF-F1CB4F00095D} = 8.8.8.8,8.8.4.4
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\th14q682.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-11 52872]
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2004-5-14 93440]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-2-24 173328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-20 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-20 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-20 243024]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-11 308136]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-4-3 8960]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-4-3 845184]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-1-18 24635]
S3 amsint32;amsint32;\??\c:\windows\system32\drivers\knosk.sys --> c:\windows\system32\drivers\knosk.sys [?]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-4-3 11264]
S3 LLRING0;LLRING0;\??\c:\program files\fortressmu\fmu s4 v3\fortress 3d\muguard\llck1.sys --> c:\program files\fortressmu\fmu s4 v3\fortress 3d\muguard\llck1.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-4-3 16640]

=============== Created Last 30 ================

2010-10-31 23:43:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 23:43:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 23:43:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-31 23:36:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 11:21:27 762368 ----a-w- c:\windows\system32\drivers\rhkeemvsw.sys
2010-10-31 06:40:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-10-31 06:40:02 -------- d-----w- c:\program files\STOPzilla!
2010-10-31 06:40:02 -------- d-----w- c:\program files\common files\iS3
2010-10-31 06:40:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-10-24 10:46:21 -------- d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2010-08-11 01:56:21 12536 ----a-w- c:\windows\system32\avgrsstx.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160813AS rev.CC2F -> \Device\Ide\IdePort0

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A559ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x862cd879; SUB DWORD [EBP-0x4], 0x862cd135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A648AB8]
3 CLASSPNP[0xBA90905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\00000071[0x8A69AF18]
5 ACPI[0xBA756620] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8A6AF2F8]
[0x8A555270] -> IRP_MJ_CREATE -> 0x8A559ECC
error: Read The system cannot find the file specified.
kernel: MBR read successfully
detected hooks:
\Device\Ide\IdeDeviceP2T1L0-5 -> \??\IDE#DiskST3160813AS_____________________________CC2F____#5&2932390f&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\atapi DriverStartIo -> 0x8A559AF1
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 8:05:34.46 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-31.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2009 2:33:07 PM
System Uptime: 11/1/2010 7:39:23 AM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-AM
Processor: Intel Pentium III Xeon processor | Socket 775 | 2799/266mhz
Processor: Intel Pentium III Xeon processor | Socket 775 | 2800/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 8.846 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 90 GiB total, 2.974 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP124: 8/11/2010 9:02:51 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP125: 8/11/2010 9:03:19 AM - Installed AVG 9.0
RP126: 8/11/2010 9:37:02 AM - Avg8 Update
RP127: 8/11/2010 9:56:27 AM - Avg Update
RP128: 8/11/2010 10:02:40 AM - AVG license update
RP129: 10/31/2010 1:10:53 PM - Installed Platform
RP130: 10/31/2010 1:50:24 PM - Restore Operation
RP131: 10/31/2010 1:54:52 PM - Restore Operation
RP132: 10/31/2010 1:58:36 PM - Restore Operation
RP133: 10/31/2010 2:02:06 PM - Restore Operation
RP134: 10/31/2010 2:05:02 PM - Restore Operation
RP135: 10/31/2010 2:39:57 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP136: 10/31/2010 7:52:45 PM - Restore Operation
RP137: 10/31/2010 7:56:59 PM - Restore Operation

==== Installed Programs ======================

µTorrent
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.1
Adobe Stock Photos 1.0
ASUSUpdate
AVG 9.0
Cheat Engine 5.5
CSS FULL DZ [Oct 15 2007] v18.1
Diagnostics Utility
DirectX for Managed Code Update (Summer 2004)
Eusing Free Registry Cleaner
FMU S4 V3
GameHouse Games Collection: Academy of Magic
GameHouse Games Collection: Adventure Inlay
GameHouse Games Collection: Adventure Inlay - Safari Edition
GameHouse Games Collection: Air Strike 3D
GameHouse Games Collection: Alien Sky
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Ancient Tri-Jong
GameHouse Games Collection: Ancient Tripeaks
GameHouse Games Collection: Astrobatics
GameHouse Games Collection: Atlantis
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Bewitched
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Cubis Gold 2
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Gutterball 2
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Adventures
GameHouse Games Collection: Mah Jong Medley
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Platypus
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Reader's Digest Super Word Power
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Mah Jong Solitaire
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Super Wild Wild Words
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
GameHouse Games Collection: Tumblebugs
GameHouse Games Collection: Turtle Bay
GameHouse Games Collection: Twistingo
GameHouse Games Collection: Ultimate Dominoes
GameHouse Games Collection: Varmintz Deluxe
GameHouse Games Collection: Walls of Jericho, The
GameHouse Games Collection: Wheel of Fortune
GameHouse Games Collection: Word Jolt
GameHouse Games Collection: Word Slinger
GameHouse Games Collection: WordJong To Go
GameHouse Games Collection: Zuma Deluxe
GameHouse Super Games AIO®
Garena 2010
Gigaget
Google Chrome
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Java Auto Updater
Java(TM) 6 Update 20
Learning Essentials for Microsoft Office
LightScribe System Software 1.14.17.1
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft DirectX 9.0 SDK Update (Summer 2004)
Microsoft Math
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008 Management Objects
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2008
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MYGAME Launcher(Remove Only)
Nero 7 Essentials
neroxml
NVIDIA Drivers
NVIDIA PhysX v8.10.13
OPERATION7 1.2.0
PC Probe II
Platform
PowerDVD
PowerISO
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Smart Link 56K Voice Modem
SQL Server System CLR Types
STOPzilla
Try Corel Snapfire muvee autoProducer add on
Update for Windows XP (KB898461)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Disk Security 5.0.0.35
VIA Platform Device Manager
Warcraft III: All Products
WebFldrs XP
Winamp (remove only)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/26/2010 7:17:27 PM, error: irevents [8205] -
11/1/2010 7:26:36 AM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 7:26:34 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The SmartLinkService service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 7:26:33 AM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 7:12:04 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 002354C006AD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/31/2010 7:21:33 PM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: A device attached to the system is not functioning.
10/31/2010 2:09:53 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
10/31/2010 1:18:27 PM, error: Service Control Manager [7000] - The amsint32 service failed to start due to the following error: Access is denied.
10/30/2010 12:08:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'www.timezone.com.ph,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/30/2010 11:58:35 AM, error: Service Control Manager [7034] - The mysql service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 11:58:35 AM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
10/30/2010 11:58:22 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/30/2010 11:58:22 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-11-01 08:02:28
Windows 5.1.2600 Service Pack 2
Running: tpkd4j7y.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\uwdyqpog.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A559AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A559AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A559AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A559AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-10 8A559AF1
Device \FileSystem\Ntfs \Ntfs 8A698C20

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip 899559F0
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp 899559F0
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp 899559F0
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp 899559F0

Device \Device\Ide\IdeDeviceP2T1L0-5 -> \??\IDE#DiskST3160813AS_____________________________CC2F____#5&2932390f&0&0.1.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] rhkeemvsw <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
 

Attachments

  • Attach.txt
    15 KB · Views: 2
  • DDS.txt
    12.1 KB · Views: 2
  • gmer.log
    4.1 KB · Views: 1
Welcome aboard
yahooo.gif


1. Uninstall Stopzilla.

2. Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
The uninstall thingy for stopzilla could not be found because it was removed due to a virus..


BTW thanks for the welcome!
 

Attachments

  • MBRCheck_11.01.10_09.09.50.txt
    8.7 KB · Views: 2
  • TDSSKiller.2.4.5.1_01.11.2010_09.02.20_log.txt
    40.8 KB · Views: 2
I forgot with your first post, but please observe forum rules: https://www.techspot.com/vb/topic154928.html

2010/11/01 09:02:20.0265 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/01 09:02:20.0265 ================================================================================
2010/11/01 09:02:20.0265 SystemInfo:
2010/11/01 09:02:20.0265
2010/11/01 09:02:20.0265 OS Version: 5.1.2600 ServicePack: 2.0
2010/11/01 09:02:20.0265 Product type: Workstation
2010/11/01 09:02:20.0265 ComputerName: WINXPSP2
2010/11/01 09:02:20.0265 UserName: user
2010/11/01 09:02:20.0265 Windows directory: C:\WINDOWS
2010/11/01 09:02:20.0265 System windows directory: C:\WINDOWS
2010/11/01 09:02:20.0265 Processor architecture: Intel x86
2010/11/01 09:02:20.0265 Number of processors: 2
2010/11/01 09:02:20.0265 Page size: 0x1000
2010/11/01 09:02:20.0265 Boot type: Normal boot
2010/11/01 09:02:20.0265 ================================================================================
2010/11/01 09:02:20.0750 Initialize success
2010/11/01 09:02:34.0546 ================================================================================
2010/11/01 09:02:34.0546 Scan started
2010/11/01 09:02:34.0546 Mode: Manual;
2010/11/01 09:02:34.0546 ================================================================================
2010/11/01 09:02:35.0125 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/01 09:02:36.0796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/01 09:02:37.0156 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/11/01 09:02:37.0328 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/11/01 09:02:37.0640 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2010/11/01 09:02:37.0781 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/01 09:02:37.0937 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/01 09:02:38.0125 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/01 09:02:38.0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/01 09:02:38.0500 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/11/01 09:02:38.0593 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/11/01 09:02:38.0640 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/11/01 09:02:38.0718 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/11/01 09:02:38.0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/01 09:02:38.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/01 09:02:39.0312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/01 09:02:39.0500 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/01 09:02:39.0640 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/01 09:02:39.0906 DeepFrz (093ba89b26d4f2ac664bf98711852b62) C:\WINDOWS\system32\drivers\DeepFrz.sys
2010/11/01 09:02:39.0921 DeepFrz - detected Unsigned file (1)
2010/11/01 09:02:40.0015 Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys
2010/11/01 09:02:40.0062 Diag69xp - detected Unsigned file (1)
2010/11/01 09:02:40.0312 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/01 09:02:40.0906 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/01 09:02:41.0406 dmio (81462e8446e83aeb7360def221c7ee1b) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/01 09:02:41.0406 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 81462e8446e83aeb7360def221c7ee1b, Fake md5: f5e7b358a732d09f4bcf2824b88b9e28
2010/11/01 09:02:41.0406 dmio - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/01 09:02:41.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/01 09:02:42.0015 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/01 09:02:42.0468 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/01 09:02:42.0796 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/01 09:02:43.0187 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/01 09:02:43.0578 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/01 09:02:43.0890 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/01 09:02:44.0203 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/01 09:02:44.0578 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/01 09:02:45.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/01 09:02:45.0687 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/01 09:02:46.0046 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/11/01 09:02:46.0218 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/01 09:02:46.0640 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/01 09:02:47.0328 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/01 09:02:47.0656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/01 09:02:48.0046 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys
2010/11/01 09:02:48.0281 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys
2010/11/01 09:02:48.0406 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/11/01 09:02:48.0609 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys
2010/11/01 09:02:49.0000 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/01 09:02:49.0359 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/01 09:02:49.0671 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/01 09:02:50.0046 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/01 09:02:50.0406 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/01 09:02:50.0718 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/01 09:02:51.0031 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/01 09:02:51.0375 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
2010/11/01 09:02:51.0609 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/01 09:02:52.0093 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/01 09:02:52.0312 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/01 09:02:52.0546 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/01 09:02:52.0718 LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys
2010/11/01 09:02:53.0046 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/01 09:02:53.0203 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/01 09:02:53.0375 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/01 09:02:53.0578 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2010/11/01 09:02:53.0765 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/01 09:02:53.0921 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/01 09:02:54.0109 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/01 09:02:54.0296 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/01 09:02:54.0500 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/01 09:02:54.0625 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/01 09:02:54.0765 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/01 09:02:54.0921 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/01 09:02:55.0093 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/01 09:02:55.0375 Mtlmnt5 (8cc4ab0f1fdb5fc7f58779dab0b1d22e) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys
2010/11/01 09:02:55.0406 Mtlmnt5 - detected Unsigned file (1)
2010/11/01 09:02:55.0640 Mtlstrm (195c5a0b44240dbb999f267ecfd3fab2) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys
2010/11/01 09:02:55.0718 Mtlstrm - detected Unsigned file (1)
2010/11/01 09:02:55.0906 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/11/01 09:02:56.0062 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/01 09:02:56.0437 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/01 09:02:56.0640 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/01 09:02:56.0781 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/01 09:02:56.0968 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/01 09:02:57.0171 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/01 09:02:57.0453 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/01 09:02:57.0671 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/01 09:02:57.0859 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/01 09:02:58.0015 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/01 09:02:58.0218 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/01 09:02:58.0453 nv (61bf339927f7a02c395f89fd8ad7ccfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/01 09:02:58.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/01 09:02:59.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/01 09:02:59.0437 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/01 09:02:59.0593 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/01 09:02:59.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/01 09:02:59.0875 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/01 09:03:00.0078 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/01 09:03:00.0312 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/01 09:03:00.0546 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/01 09:03:00.0718 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/01 09:03:00.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/01 09:03:00.0984 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/11/01 09:03:01.0000 PxHelp20 - detected Unsigned file (1)
2010/11/01 09:03:01.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/01 09:03:01.0328 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/01 09:03:01.0531 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/01 09:03:01.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/01 09:03:01.0828 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/01 09:03:02.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/01 09:03:02.0171 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/01 09:03:02.0343 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/01 09:03:02.0656 RecAgent (5df1543b5258af20deddbb32808470c5) C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys
2010/11/01 09:03:02.0687 RecAgent - detected Unsigned file (1)
2010/11/01 09:03:02.0859 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/01 09:03:02.0937 Suspicious service (NoAccess): rhkeemvsw
2010/11/01 09:03:03.0015 rhkeemvsw (03cc0784819845e72eac38a9c66f7e65) C:\WINDOWS\system32\drivers\rhkeemvsw.sys
2010/11/01 09:03:03.0015 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\rhkeemvsw.sys. md5: 03cc0784819845e72eac38a9c66f7e65
2010/11/01 09:03:03.0015 rhkeemvsw - detected Locked service (1)
2010/11/01 09:03:03.0125 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/11/01 09:03:03.0296 RTLVLAN (b9ca69921379ea2931c4450fe975bce7) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
2010/11/01 09:03:03.0500 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/11/01 09:03:03.0531 SCDEmu - detected Unsigned file (1)
2010/11/01 09:03:03.0609 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/01 09:03:03.0734 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/01 09:03:03.0906 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/01 09:03:04.0062 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/01 09:03:04.0359 Slntamr (696ae679eca1868fdafa148fc56ac8b1) C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys
2010/11/01 09:03:04.0406 Slntamr - detected Unsigned file (1)
2010/11/01 09:03:04.0593 SlNtHal (7f5f9b53bea4238aa18ba05382ec7629) C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys
2010/11/01 09:03:04.0625 SlNtHal - detected Unsigned file (1)
2010/11/01 09:03:04.0734 SlWdmSup (58f389daea07a855f7f38dd0d66e20c2) C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys
2010/11/01 09:03:04.0734 SlWdmSup - detected Unsigned file (1)
2010/11/01 09:03:04.0859 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/01 09:03:05.0046 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/01 09:03:05.0234 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/01 09:03:05.0546 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/01 09:03:05.0718 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/01 09:03:05.0906 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/01 09:03:06.0062 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
2010/11/01 09:03:06.0171 szkgfs (333175a9d6129315650ac743459dd176) C:\WINDOWS\system32\drivers\szkgfs.sys
2010/11/01 09:03:06.0312 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/01 09:03:06.0531 Tcpip6 (00586ed87ab564b03870a2a3dcc84b55) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/11/01 09:03:06.0640 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/01 09:03:06.0812 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/01 09:03:07.0015 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/01 09:03:07.0281 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/11/01 09:03:07.0437 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/01 09:03:07.0671 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/01 09:03:07.0828 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/01 09:03:07.0984 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/01 09:03:08.0171 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/01 09:03:08.0359 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/01 09:03:08.0531 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/01 09:03:08.0703 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/11/01 09:03:08.0859 VIAHdAudAddService (51b24990850076f659d1d1daefbed6f1) C:\WINDOWS\system32\drivers\viahduaa.sys
2010/11/01 09:03:09.0046 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/01 09:03:09.0218 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/01 09:03:09.0406 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/01 09:03:09.0593 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2010/11/01 09:03:09.0750 ================================================================================
2010/11/01 09:03:09.0750 Scan finished
2010/11/01 09:03:09.0750 ================================================================================
2010/11/01 09:03:09.0859 Detected object count: 12
2010/11/01 09:04:41.0156 Unsigned file(DeepFrz) - User select action: Skip
2010/11/01 09:04:41.0156 Unsigned file(Diag69xp) - User select action: Skip
2010/11/01 09:04:41.0265 dmio (81462e8446e83aeb7360def221c7ee1b) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/01 09:04:41.0265 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 81462e8446e83aeb7360def221c7ee1b, Fake md5: f5e7b358a732d09f4bcf2824b88b9e28
2010/11/01 09:04:41.0546 Backup copy found, using it..
2010/11/01 09:04:41.0562 C:\WINDOWS\system32\drivers\dmio.sys - will be cured after reboot
2010/11/01 09:04:41.0562 Rootkit.Win32.TDSS.tdl3(dmio) - User select action: Cure
2010/11/01 09:04:41.0562 Unsigned file(Mtlmnt5) - User select action: Skip
2010/11/01 09:04:41.0562 Unsigned file(Mtlstrm) - User select action: Skip
2010/11/01 09:04:41.0562 Unsigned file(PxHelp20) - User select action: Skip
2010/11/01 09:04:41.0562 Unsigned file(RecAgent) - User select action: Skip
2010/11/01 09:04:41.0562 Locked service(rhkeemvsw) - User select action: Skip
2010/11/01 09:04:41.0578 Unsigned file(SCDEmu) - User select action: Skip
2010/11/01 09:04:41.0578 Unsigned file(Slntamr) - User select action: Skip
2010/11/01 09:04:41.0578 Unsigned file(SlNtHal) - User select action: Skip
2010/11/01 09:04:41.0578 Unsigned file(SlWdmSup) - User select action: Skip
2010/11/01 09:05:07.0609 Deinitialize success

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA8A8000 szkg.sys
0xBA77E000 szkgfs.sys
0xBA76C000 klmdb.sys
0xBA73E000 ACPI.sys
0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA72D000 pci.sys
0xBA8C8000 isapnp.sys
0xBA66F000 rhkeemvsw.sys
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA8D8000 MountMgr.sys
0xBA650000 ftdisk.sys
0xBADAC000 dmload.sys
0xBA62A000 tskDA.tmp
0xBAB30000 PartMgr.sys
0xBA8E8000 VolSnap.sys
0xBA612000 atapi.sys
0xBA8F8000 disk.sys
0xBA908000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA5F3000 fltMgr.sys
0xBA5E1000 sr.sys
0xBAB38000 PxHelp20.sys
0xBA5CA000 KSecDD.sys
0xBA53D000 Ntfs.sys
0xBA510000 NDIS.sys
0xBACBC000 RecAgent.sys
0xBA4F5000 Mup.sys
0xBA4DE000 DeepFrz.sys
0xBA918000 avgrkx86.sys
0xBAD9C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBAAE8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB97C7000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB97B3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB978E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9772000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBAC10000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB974F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBAC18000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBAC20000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB973B000 \SystemRoot\system32\DRIVERS\parport.sys
0xBADE8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBAAF8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBAC28000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBAC30000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBAB08000 \SystemRoot\system32\DRIVERS\serial.sys
0xBADA4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBAB18000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA8B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9E3E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9718000 \SystemRoot\system32\DRIVERS\ks.sys
0xBAC38000 \SystemRoot\system32\drivers\InCDPass.sys
0xB9E2E000 \SystemRoot\system32\drivers\InCDRm.sys
0xBAE9E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB9E1E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA4B2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9701000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9E0E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9DFE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBAC40000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB96F0000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9DEE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBAC48000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAC50000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB96BF000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9DDE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBADEA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9663000 \SystemRoot\system32\DRIVERS\update.sys
0xBA496000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9DCE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB744C000 \SystemRoot\system32\drivers\viahduaa.sys
0xB742A000 \SystemRoot\system32\drivers\portcls.sys
0xB9DAE000 \SystemRoot\system32\drivers\drmk.sys
0xB72D6000 \SystemRoot\system32\drivers\monfilt.sys
0xBA988000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBADF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBAC58000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBADF4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAEA7000 \SystemRoot\System32\Drivers\Null.SYS
0xBADF6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBAC68000 \SystemRoot\System32\drivers\vga.sys
0xBADF8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBADFA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBAD80000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB6CAF000 \SystemRoot\system32\drivers\InCDFs.sys
0xBAC70000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAC78000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBAD84000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6C9C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6C44000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6BE4000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xBA9A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB6BAA000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB6B82000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6B60000 \SystemRoot\System32\drivers\afd.sys
0xBA9B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA9C8000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB6A6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB69D5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBAC88000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB69A1000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBAE20000 \SystemRoot\system32\drivers\AsIO.sys
0xBAA28000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6989000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBAE2C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6A9C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBAB80000 \SystemRoot\System32\watchdog.sys
0xBF9C3000 \SystemRoot\System32\drivers\dxg.sys
0xBAE8A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D5000 \SystemRoot\System32\nv4_disp.dll
0xBFFB3000 \SystemRoot\System32\ATMFD.DLL
0xB662D000 \SystemRoot\system32\DRIVERS\LANPkt.sys
0xB6615000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB61FC000 \SystemRoot\system32\drivers\wdmaud.sys
0xB65E9000 \SystemRoot\system32\drivers\sysaudio.sys
0xB5FD0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBADE4000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB5DAC000 \SystemRoot\system32\DRIVERS\srv.sys
0xBAE1C000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xB5B81000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB5841000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB5517000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
820 C:\WINDOWS\system32\smss.exe
872 csrss.exe
896 C:\WINDOWS\system32\winlogon.exe
940 C:\WINDOWS\system32\services.exe
952 C:\WINDOWS\system32\lsass.exe
1112 C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
1156 C:\WINDOWS\system32\svchost.exe
1212 C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
1304 svchost.exe
1432 C:\WINDOWS\system32\svchost.exe
1488 C:\Program Files\AVG\AVG9\avgchsvx.exe
1496 C:\Program Files\AVG\AVG9\avgrsx.exe
1616 svchost.exe
1640 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1780 svchost.exe
340 C:\WINDOWS\explorer.exe
376 C:\WINDOWS\system32\spoolsv.exe
524 C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
864 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1084 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
1176 C:\Program Files\Java\jre6\bin\jqs.exe
1340 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1544 C:\WINDOWS\system32\nvsvc32.exe
1588 C:\WINDOWS\system32\PSIService.exe
1744 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2024 C:\WINDOWS\system32\slmdmsr.exe
2148 C:\WINDOWS\system32\svchost.exe
2176 wdfmgr.exe
2296 C:\Program Files\AVG\AVG9\avgam.exe
2336 C:\Program Files\AVG\AVG9\avgnsx.exe
2888 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
2896 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
2908 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3112 C:\WINDOWS\system32\ctfmon.exe
2248 C:\Program Files\AVG\AVG9\avgui.exe
3584 C:\WINDOWS\system32\wuauclt.exe
1936 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1980 C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3512 C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3344 C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3948 C:\Documents and Settings\user\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000e`a609c000 (NTFS)

PhysicalDrive0 Model Number: ST3160813AS, Rev: CC2F

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
i can open it now..and its scanning..but i found some pop ups something like error disk i cant remember what it was written i just click continue and still scanning now..
 
Don't worry about any errors for now, but always let me know.
Did you update MBAM prior to running it?
 
Yes Sir! i have updated it before scanning.

here is the result. and still AVG detecting viruses



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5009

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

11/1/2010 9:30:51 AM
mbam-log-2010-11-01 (09-30-51).txt

Scan type: Quick scan
Objects scanned: 137311
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\end (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
This doesn't look good:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality)
Click to expand...

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
this is what i get in sending explorer.exe

Bad Gateway

The proxy server received an invalid response from an upstream server.
 
the two rest files seems to be ok..and no infections..

File name: svchost.exe
Submission date: 2010-11-01 02:00:14 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)
VT Community

goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.01.00 2010.10.31 -
AntiVir 7.10.13.75 2010.10.31 -
Antiy-AVL 2.0.3.7 2010.11.01 -
Authentium 5.2.0.5 2010.11.01 -
Avast 4.8.1351.0 2010.10.31 -
Avast5 5.0.594.0 2010.10.31 -
AVG 9.0.0.851 2010.10.31 -
BitDefender 7.2 2010.11.01 -
CAT-QuickHeal 11.00 2010.10.26 -
ClamAV 0.96.2.0-git 2010.10.31 -
Comodo 6577 2010.11.01 -
DrWeb 5.0.2.03300 2010.11.01 -
Emsisoft 5.0.0.50 2010.11.01 -
eSafe 7.0.17.0 2010.10.31 -
eTrust-Vet None 2010.10.29 -
F-Prot 4.6.2.117 2010.10.31 -
F-Secure 9.0.16160.0 2010.11.01 -
Fortinet 4.2.249.0 2010.10.31 -
GData 21 2010.11.01 -
Ikarus T3.1.1.90.0 2010.11.01 -
Jiangmin 13.0.900 2010.10.31 -
K7AntiVirus 9.67.2865 2010.10.29 -
Kaspersky 7.0.0.125 2010.11.01 -
McAfee 5.400.0.1158 2010.11.01 -
McAfee-GW-Edition 2010.1C 2010.10.31 -
Microsoft 1.6301 2010.10.31 -
NOD32 5580 2010.10.31 -
Norman 6.06.10 2010.10.31 -
nProtect 2010-10-31.01 2010.10.31 -
Panda 10.0.2.7 2010.10.31 -
PCTools 7.0.3.5 2010.11.01 -
Prevx 3.0 2010.11.01 -
Rising 22.71.03.02 2010.10.29 -
Sophos 4.59.0 2010.11.01 -
Sunbelt 7182 2010.11.01 -
SUPERAntiSpyware 4.40.0.1006 2010.11.01 -
Symantec 20101.2.0.161 2010.11.01 -
TheHacker 6.7.0.1.074 2010.10.31 -
TrendMicro 9.120.0.1004 2010.10.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.01 -
VBA32 3.12.14.1 2010.10.29 -
ViRobot 2010.10.30.4121 2010.10.31 -
VirusBuster 12.70.14.0 2010.10.31 -



File name: userinit.exe
Submission date: 2010-11-01 01:58:30 (UTC)
Current status: finished
Result: 0/ 41 (0.0%)
VT Community

goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.01.00 2010.10.31 -
AntiVir 7.10.13.75 2010.10.31 -
Antiy-AVL 2.0.3.7 2010.11.01 -
Authentium 5.2.0.5 2010.11.01 -
Avast 4.8.1351.0 2010.10.31 -
Avast5 5.0.594.0 2010.10.31 -
AVG 9.0.0.851 2010.10.31 -
BitDefender 7.2 2010.11.01 -
CAT-QuickHeal 11.00 2010.10.26 -
ClamAV 0.96.2.0-git 2010.10.31 -
Comodo 6577 2010.11.01 -
Emsisoft 5.0.0.50 2010.11.01 -
eSafe 7.0.17.0 2010.10.31 -
eTrust-Vet 36.1.7943 2010.10.29 -
F-Prot 4.6.2.117 2010.10.31 -
F-Secure 9.0.16160.0 2010.11.01 -
Fortinet 4.2.249.0 2010.10.31 -
GData 21 2010.11.01 -
Ikarus T3.1.1.90.0 2010.11.01 -
Jiangmin 13.0.900 2010.10.31 -
K7AntiVirus 9.67.2865 2010.10.29 -
Kaspersky 7.0.0.125 2010.11.01 -
McAfee 5.400.0.1158 2010.11.01 -
McAfee-GW-Edition 2010.1C 2010.10.31 -
Microsoft 1.6301 2010.10.31 -
NOD32 5580 2010.10.31 -
Norman 6.06.10 2010.10.31 -
nProtect 2010-10-31.01 2010.10.31 -
Panda 10.0.2.7 2010.10.31 -
PCTools 7.0.3.5 2010.11.01 -
Prevx 3.0 2010.11.01 -
Rising 22.71.03.02 2010.10.29 -
Sophos 4.59.0 2010.11.01 -
Sunbelt 7182 2010.11.01 -
SUPERAntiSpyware 4.40.0.1006 2010.11.01 -
TheHacker 6.7.0.1.074 2010.10.31 -
TrendMicro 9.120.0.1004 2010.10.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.01 -
VBA32 3.12.14.1 2010.10.29 -
ViRobot 2010.10.30.4121 2010.10.31 -
VirusBuster 12.70.14.0 2010.10.31 -
Additional informationShow all
MD5 : 39b1ffb03c2296323832acbae50d2aff
SHA1 : e5aedcbe25a97c89101f1f3860ff846e94d70445
SHA256: 5b5d71718108e132d10bafb0c217f469a1e3cc13f79ff8d9cbe3bf4918aff7b7
ssdeep: 384:DNkhB/JD1CzaxzOV6s9cKmdPGFQ273eLXVBYkkjuv1hkNLdbaLa4CwUJuUCSF4WL:gJDUax
gu5YEVBxkjuv7wbaLa4PU4b7
File size : 24576 bytes
First seen: 2007-11-20 00:54:56
Last seen : 2010-11-01 01:58:30
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Userinit Logon Application
original name: USERINIT.EXE
internal name: userinit
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x50E5
timedatestamp....: 0x41107B78 (Wed Aug 04 06:00:24 2004)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x4DB8, 0x4E00, 6.01, 16aee663ed180007a0bf5bf24b845096
.data, 0x6000, 0x14C, 0x200, 1.86, cbb599f9267bf53209039d14a3574eb1
.rsrc, 0x7000, 0xB60, 0xC00, 3.27, b388ab1541ccd9727979fb26a23f72e1

[[ 7 import(s) ]]
USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
CRYPT32.dll: CryptProtectData
WINSPOOL.DRV: SpoolerInit
ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString
msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv
KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 19968
CompanyName: Microsoft Corporation
EntryPoint: 0x50e5
FileDescription: Userinit Logon Application
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 24 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
FileVersionNumber: 5.1.2600.2180
ImageVersion: 5.1
InitializedDataSize: 3584
InternalName: userinit
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: USERINIT.EXE
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 5.1.2600.2180
ProductVersionNumber: 5.1.2600.2180
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2004:08:04 08:00:24+02:00
UninitializedDataSize: 0
 
the two files "userinit.exe and svhost.exe" seems to be no problem..i cant post the whole scan because its too long..
 
File name: svchost.exe
Submission date: 2010-11-01 02:00:14 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)


File name: userinit.exe
Submission date: 2010-11-01 01:58:30 (UTC)
Current status: finished
Result: 0/ 41 (0.0%)
 
Filename: explorer.exe
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 1 Nov 2010 03:09:01 (CET) Permalink

found nothing...it seems AVG protected it? ...
 
this is how AVG detected all the viruses and they are all in virus vault:


"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe";"";"11/1/2010, 8:22:40 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\crashreporter.exe";"";"11/1/2010, 8:33:54 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpcshell.exe";"";"11/1/2010, 8:34:48 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe";"";"11/1/2010, 8:34:48 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpidl.exe";"";"11/1/2010, 8:34:48 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe";"";"11/1/2010, 8:34:48 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xpt_link.exe";"";"11/1/2010, 8:34:48 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xulrunner.exe";"";"11/1/2010, 8:34:48 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe";"";"11/1/2010, 8:34:48 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Desktop\TFC.exe";"";"11/1/2010, 7:38:11 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe";"";"11/1/2010, 8:48:34 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleUpdate.exe";"";"11/1/2010, 8:48:34 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe";"";"10/31/2010, 1:19:18 PM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\bsbv.exe";"";"11/1/2010, 8:20:20 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\btea.exe";"";"10/31/2010, 5:20:47 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\cykdp.exe";"";"11/1/2010, 8:56:25 AM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\emuh.exe";"";"10/31/2010, 2:21:03 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\gdbmv.exe";"";"11/1/2010, 7:45:02 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\gwum.exe";"";"10/31/2010, 2:22:21 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\iyxmpb.exe";"";"10/31/2010, 2:10:26 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\jibyo.exe";"";"10/31/2010, 2:52:46 PM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\kiill.exe";"";"10/31/2010, 2:52:45 PM"
"Infection";"Virus identified Worm/Generic.BQZQ";"c:\Documents and Settings\user\Local Settings\Temp\kvgg.exe";"";"10/31/2010, 1:21:56 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\ntkei.exe";"";"11/1/2010, 9:10:09 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\odtqeu.exe";"";"11/1/2010, 8:56:39 AM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\pdeyrv.exe";"";"10/31/2010, 2:27:14 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\phkm.exe";"";"11/1/2010, 7:43:41 AM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\qipfge.exe";"";"11/1/2010, 9:37:04 AM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\qrdxsx.exe";"";"10/31/2010, 2:36:14 PM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\qrvlw.exe";"";"10/31/2010, 2:37:26 PM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\qtvk.exe";"";"10/31/2010, 2:10:10 PM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\rscl.exe";"";"10/31/2010, 2:37:30 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\somx.exe";"";"10/31/2010, 1:28:30 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\tmht.exe";"";"10/31/2010, 5:17:58 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\uobuiv.exe";"";"10/31/2010, 2:22:30 PM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\vxwc.exe";"";"11/1/2010, 8:56:41 AM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winakix.exe";"";"10/31/2010, 2:09:04 PM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winbhopmq.exe";"";"10/31/2010, 2:26:54 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winbvhqlo.exe";"";"11/1/2010, 8:21:22 AM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\windnhh.exe";"";"10/31/2010, 5:21:05 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\wineunca.exe";"";"11/1/2010, 8:20:04 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\wingxlmxw.exe";"";"11/1/2010, 9:10:24 AM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winhxqxis.exe";"";"11/1/2010, 9:11:27 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winiuyop.exe";"";"11/1/2010, 7:43:59 AM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winjwfbp.exe";"";"11/1/2010, 9:37:27 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winkbahf.exe";"";"10/31/2010, 2:52:45 PM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winknmb.exe";"";"10/31/2010, 5:20:54 PM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winlhty.exe";"";"10/31/2010, 2:22:11 PM"
"Infection";"Trojan horse PSW.Agent.AHSI";"c:\Documents and Settings\user\Local Settings\Temp\winnpejyx.exe";"";"10/31/2010, 1:21:59 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winnude.exe";"";"10/31/2010, 2:25:53 PM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winpevrn.exe";"";"11/1/2010, 9:10:27 AM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winqcjos.exe";"";"11/1/2010, 7:34:02 AM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winqmcoj.exe";"";"10/31/2010, 2:52:45 PM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winqwxyy.exe";"";"10/31/2010, 2:10:18 PM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winriwyg.exe";"";"10/31/2010, 2:22:11 PM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winrkbgks.exe";"";"10/31/2010, 2:26:53 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winsciial.exe";"";"10/31/2010, 2:37:39 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winsrkmyt.exe";"";"10/31/2010, 2:52:46 PM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winuyiujn.exe";"";"11/1/2010, 8:20:23 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winwhok.exe";"";"10/31/2010, 2:10:09 PM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winwonydr.exe";"";"11/1/2010, 9:37:22 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\winwryc.exe";"";"10/31/2010, 2:37:21 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winwskbf.exe";"";"11/1/2010, 9:38:27 AM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\winxvncr.exe";"";"10/31/2010, 5:20:48 PM"
"Infection";"Trojan horse Generic19.BQDS";"c:\Documents and Settings\user\Local Settings\Temp\winyqmcn.exe";"";"11/1/2010, 8:57:40 AM"
"Infection";"Trojan horse BackDoor.Generic13.NXR";"c:\Documents and Settings\user\Local Settings\Temp\wslib.exe";"";"10/31/2010, 2:27:14 PM"
"Infection";"Trojan horse PSW.Agent.AIAY";"c:\Documents and Settings\user\Local Settings\Temp\xbxi.exe";"";"11/1/2010, 7:44:02 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\My Documents\Downloads\dds.scr";"";"11/1/2010, 9:09:35 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\My Documents\Downloads\STOPzilla_Setup.exe";"";"10/31/2010, 2:53:05 PM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\My Documents\Downloads\TFC (1).exe";"";"11/1/2010, 9:15:52 AM"
"Infection";"Virus found Win32/Heur";"c:\Documents and Settings\user\My Documents\Downloads\TFC.exe";"";"11/1/2010, 9:15:49 AM"
"Infection";"Virus found Win32/Heur";"c:\Games\Alien Shooter\AlienShooter.exe";"";"11/1/2010, 8:58:07 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe";"";"10/31/2010, 1:19:15 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\AVG\AVG9\avgscanx.exe";"";"10/31/2010, 7:03:35 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\AVG\AVG9\avgsrmax.exe";"";"11/1/2010, 9:38:11 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\AVG\AVG9\fixcfg.exe";"";"11/1/2010, 9:38:11 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Cheat Engine\unins000.exe";"";"10/31/2010, 7:42:37 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe";"";"10/31/2010, 7:41:21 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe";"";"10/31/2010, 1:25:40 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe";"";"10/31/2010, 1:19:15 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe";"";"11/1/2010, 7:41:18 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NeroUpgrade.exe";"";"11/1/2010, 7:09:57 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe";"";"10/31/2010, 2:49:41 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe";"";"10/31/2010, 7:42:00 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe";"";"10/31/2010, 1:26:31 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\iS3\Anti-Spyware\IS3Updater.exe";"";"10/31/2010, 3:13:31 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Common Files\Java\Java Update\jusched.exe";"";"10/31/2010, 2:49:21 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\CyberLink\PowerDVD\Language\Language.exe";"";"10/31/2010, 1:25:39 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\CyberLink\PowerDVD\PDVDServ.exe";"";"10/31/2010, 2:49:21 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe";"";"10/31/2010, 2:07:19 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\e-Games\OPERATION7\uninst.exe";"";"10/31/2010, 7:42:52 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Eusing Free Registry Cleaner\UNWISE.EXE";"";"10/31/2010, 7:42:38 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\FortressMU\FMU S4 V3\fortress 3d\muplayer.exe";"";"11/1/2010, 7:41:17 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse Games Collection\unwise.exe";"";"10/31/2010, 7:42:11 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Airstrike\AirStrike3D.exe";"";"11/1/2010, 7:41:16 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\AlienSky\AlienSky.exe";"";"10/31/2010, 7:40:51 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Atomaders\Atomaders.exe";"";"10/31/2010, 7:40:49 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\BounceOutBlitz\BounceOutBlitz.exe";"";"10/31/2010, 7:40:54 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Candy\cruncher.exe";"";"10/31/2010, 7:40:59 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Chainz\chainz.exe";"";"10/31/2010, 7:41:21 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe";"";"10/31/2010, 7:41:21 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\ComboChaos\ComboChaos.exe";"";"10/31/2010, 7:41:24 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe";"";"10/31/2010, 7:41:30 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\FruitFrolic\Bricks.exe";"";"10/31/2010, 7:41:36 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Hello\Hello!.exe";"";"10/31/2010, 7:41:51 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\JewelQuest\JewelQuest.exe";"";"10/31/2010, 7:41:58 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\LetterLinker\LLinker.exe";"";"10/31/2010, 7:42:13 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\MadCaps\madcaps.exe";"";"10/31/2010, 7:42:14 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\MagicBall\MagicBall.exe";"";"10/31/2010, 7:42:14 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\ShapeShifter\Shape.exe";"";"10/31/2010, 7:42:38 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Slingo\Slingo.exe";"";"10/31/2010, 7:42:38 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\Solitaire3\ghsol3.exe";"";"10/31/2010, 7:42:51 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\SpongeBobCollapse\SBCollapse.exe";"";"10/31/2010, 7:42:53 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\TextTwist\TextTwist.exe";"";"10/31/2010, 7:42:55 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\GameHouse\WordJolt\WordJolt.exe";"";"10/31/2010, 7:43:07 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Garena\uninst.exe";"";"10/31/2010, 7:42:38 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe";"";"10/31/2010, 7:41:47 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe";"";"10/31/2010, 2:49:41 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe";"";"11/1/2010, 7:41:16 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\InstallShield Installation Information\{88253B77-33C9-4A9D-9E4C-4579E39D9158}\setup.exe";"";"10/31/2010, 7:42:54 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe";"";"10/31/2010, 7:43:07 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe";"";"11/1/2010, 7:41:15 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Java\jre6\bin\javaw.exe";"";"10/31/2010, 7:03:43 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\LimeWire\uninstall.exe";"";"10/31/2010, 7:42:39 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe";"";"11/1/2010, 8:33:32 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe";"";"11/1/2010, 8:25:19 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Malwarebytes' Anti-Malware\unins000.exe";"";"11/1/2010, 7:45:22 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Malwarebytes' Anti-Malware\unins000.exe";"";"11/1/2010, 8:25:15 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Samples\SampleBrowser\SampleBrowser.exe";"";"10/31/2010, 7:43:13 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\D3DSpy.exe";"";"10/31/2010, 7:43:13 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\dmotest.exe";"";"11/1/2010, 7:09:50 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\DXCapsViewer.exe";"";"10/31/2010, 7:43:18 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\DXErr.exe";"";"10/31/2010, 7:43:19 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\DxTex.exe";"";"10/31/2010, 7:43:23 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\fedit.exe";"";"11/1/2010, 7:09:51 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\graphedt.exe";"";"11/1/2010, 7:09:52 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft DirectX 9.0 SDK (Summer 2004)\Utilities\ProfileEnum.exe";"";"11/1/2010, 7:09:53 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe";"";"10/31/2010, 7:41:52 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME Launcher\0001\00000000.exe";"";"10/31/2010, 1:26:39 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME Launcher\Reviser.exe";"";"10/31/2010, 1:21:18 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME Launcher\Starter.exe";"";"10/31/2010, 1:26:39 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME\Special Force\dflauncher.exe";"";"10/31/2010, 1:20:06 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\MYGAME\Special Force\DFPatcher.exe";"";"10/31/2010, 1:47:09 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\PowerISO\PWRISOVM.EXE";"";"10/31/2010, 2:49:21 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\STOPzilla!\STOPzilla.exe";"";"11/1/2010, 7:20:01 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\STOPzilla!\SZBlkLst.exe";"";"10/31/2010, 6:46:21 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\STOPzilla!\SZInit.Exe";"";"10/31/2010, 6:46:20 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\STOPzilla!\SZOptions.exe";"";"11/1/2010, 7:12:03 AM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\USB Disk Security\USBGuard.exe";"";"10/31/2010, 2:49:21 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\Warcraft III\World Editor.exe";"";"10/31/2010, 1:52:24 PM"
"Infection";"Virus found Win32/Heur";"c:\Program Files\WinRAR\WinRAR.exe";"";"10/31/2010, 1:47:09 PM"
 
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
ok im doing it now..and i found something not good..i tried opening internet explorer..and seems to be bugged..it just shows the browser and never stops load..
 
the scanner found something..its called:

win32/Sality.NBA virus and 36 infected files so far, 10% scan progress.
 
I'm afraid I have very bad news.

You are infected with a polymorphic file infector (Sality). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
*.pdf

Backup all your documents and important items only.
DO NOT backup any files mentioned above.

I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
783
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back