[Mudz]

Hi all fellow experts,

I would like to request help from any of you to help to remove some malwares. I do not have extensive knowledge about malwares so i could not really pinpoint the exact malwares that my computer has been infected but i can provide some symptoms that i am currently facing.

One of them is 10 to 20 seconds hang during gaming.

The others are:

1) unable to boot in safe mode,
2) web browser auto closes whenever i try to access Dr.Web antivirus software's website,
3) unable to install Avira antivirus since the installer auto closes halfway,
4) sometimes when i open the web browser(google chrome), another web browser(Internet Explorer) will automatically open and redirect me to some unknown websites,
5) and lastly, this error often occurs:



I have tried to follow the Malware and Spyware Cleaning Guide, but the malwares always regenerate, so i am requesting your help. Anyway, here are the logs:

1) Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4867

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18/10/2010 15:44:59
mbam-log-2010-10-18 (15-44-59).txt

Scan type: Quick scan
Objects scanned: 131639
Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
C:\Documents and Settings\Synz\Local Settings\Temp\winjdwcqb.exe (Backdoor.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Synz\Local Settings\Temp\winqnok.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Synz\Local Settings\Temp\winjdwcqb.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synz\Local Settings\Temp\winqnok.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synz\Application Data\lbisov.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synz\Local Settings\Temp\winollt.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synz\Local Settings\Temp\winwpga.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Synz\Local Settings\Temp\winxrcfu.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

2) I have tried to download free antivirus application such as avira, but the installer always auto closes whenever i try to install so i skipped this step.

3) Rebooted after scanning with Malwarebytes' Anti-Malware and deleted the malwares. However, I found out that the malwares are still there after scanning the second time. Task manager also shows some of the unknown malwares currently running on my computer.

4) GMER Rootkit Scanner:

GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-18 16:04:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Synz\LOCALS~1\Temp\pglyapod.sys


---- Kernel code sections - GMER 1.0.15 ----

? votfhji.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9AB8900]
.text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xBA1A8280, 0x7B1C, 0xE8000020]
? C:\WINDOWS\system32\drivers\kornuj.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECFC
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED6D
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE9B
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1948] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

---- EOF - GMER 1.0.15 ----

5) OTL

OTL.Txt:

OTL logfile created on: 18/10/2010 16:12:59 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Synz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 1.33 Gb Free Space | 13.57% Space Free | Partition Type: NTFS
Drive D: | 66.55 Gb Total Space | 2.23 Gb Free Space | 3.35% Space Free | Partition Type: NTFS
Drive F: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADDICTEDZ | User Name: Synz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/18 16:05:00 | 000,635,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Synz\Desktop\OTL.exe
PRC - [2010/05/04 12:07:22 | 000,564,520 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 20:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2004/07/01 18:23:32 | 000,129,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/18 16:05:00 | 000,635,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Synz\Desktop\OTL.exe
MOD - [2008/04/14 20:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/23 04:37:00 | 003,440,232 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/04 12:07:22 | 000,564,520 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva359.sys -- (XDva359)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Garena2\Garena\plugins\UI\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\kornuj.sys -- (aic32p)
DRV - [2010/10/18 13:04:07 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Synz\Local Settings\Temp\WQZ1C.tmp -- (GarenaPEngine)
DRV - [2010/07/01 20:28:42 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2008/04/14 06:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/04/14 06:04:32 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/01 14:49:00 | 000,626,977 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2086743
IE - HKCU\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook


O1 HOSTS File: ([2008/04/14 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BitTorrent] D:\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe File not found
O4 - Startup: C:\Documents and Settings\Synz\Start Menu\Programs\Startup\PPS.lnk = C:\Program Files\PPStream\PPStream.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe File not found
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Synz\Application Data\ygmdrm.exe) - C:\Documents and Settings\Synz\Application Data\ygmdrm.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Synz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Synz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/26 09:04:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 14:20:22 | 000,000,090 | RH-- | M] () - C:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/10/18 14:20:22 | 000,000,090 | RH-- | M] () - D:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/12 16:27:00 | 000,000,029 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/08/12 16:29:00 | 005,593,618 | R--- | M] () - F:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{cd62924a-75ce-11df-852a-0023cdb2b8c5}\Shell - "" = AutoRun
O33 - MountPoints2\{cd62924a-75ce-11df-852a-0023cdb2b8c5}\Shell\Auto\command - "" = G:\Recycled.scr -- File not found
O33 - MountPoints2\{cd62924a-75ce-11df-852a-0023cdb2b8c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8694582-7d28-11df-8531-0023cdb2b8c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e8694582-7d28-11df-8531-0023cdb2b8c5}\Shell\AutoRun\command - "" = G:\SHORTI\\kolonija.exe -- File not found
O33 - MountPoints2\{e8694582-7d28-11df-8531-0023cdb2b8c5}\Shell\explore\command - "" = G:\SHORTI\\\kolonija.exe -- File not found
O33 - MountPoints2\{e8694582-7d28-11df-8531-0023cdb2b8c5}\Shell\open\command - "" = G:\SHORTI\\\kolonija.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/18 16:04:55 | 000,635,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Synz\Desktop\OTL.exe
[2010/10/18 15:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/18 15:17:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/18 15:10:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/18 15:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/15 00:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Local Settings\Application Data\Help
[2010/10/15 00:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Application Data\Help
[2010/10/11 23:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2010/10/09 01:01:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/09 00:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/09 00:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/09 00:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/09 00:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Application Data\Sun
[2010/10/08 14:15:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Synz\Application Data\.#
[2010/10/08 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/10/04 03:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Application Data\BitTorrent
[2010/09/11 14:55:18 | 000,000,000 | ---D | C] -- C:\GM Simple
[2010/09/09 00:50:12 | 000,000,000 | ---D | C] -- C:\Garena
[2010/09/08 16:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/09/06 23:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/09/06 23:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/09/06 23:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/08/23 04:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Desktop\Final Assignment
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/18 16:09:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/18 16:09:31 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/18 16:05:00 | 000,635,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Synz\Desktop\OTL.exe
[2010/10/18 16:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/18 15:32:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/18 15:10:21 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\NTREGOPT.lnk
[2010/10/18 15:10:21 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\ERUNT.lnk
[2010/10/18 15:09:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-117609710-682003330-1003UA.job
[2010/10/18 14:20:22 | 000,000,090 | RH-- | M] () -- C:\AutoRun.inf
[2010/10/18 13:13:53 | 000,001,913 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2010/10/18 13:13:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2010/10/18 13:11:58 | 000,001,287 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2010/10/18 13:11:56 | 000,001,252 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2010/10/18 13:11:51 | 000,000,060 | ---- | M] () -- C:\WINDOWS\MediaList.ini
[2010/10/17 18:09:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-117609710-682003330-1003Core.job
[2010/10/13 13:46:29 | 000,266,752 | RHS- | M] () -- C:\Documents and Settings\Synz\Application Data\ygmdrm.exe
[2010/10/08 15:40:05 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rappelz.lnk
[2010/10/05 21:02:31 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\Garena.lnk
[2010/10/04 03:11:52 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/10/04 03:11:52 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/09/24 15:04:07 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\Google Chrome.lnk
[2010/09/24 15:04:07 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/22 06:45:05 | 000,022,483 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\Executive.docx
[2010/09/19 21:23:12 | 000,125,826 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\cute-wallpaper-forever-friends-003.jpg
[2010/09/19 21:22:44 | 000,224,345 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\easter_wallpaper_61.jpg
[2010/09/09 00:00:52 | 003,932,214 | ---- | M] () -- C:\fwefwef.bmp
[2010/09/06 23:55:13 | 000,002,130 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero BurnLite 10.lnk
[2010/08/24 00:16:21 | 000,010,572 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\conquering fear.docx
[2010/08/07 15:27:48 | 000,262,310 | ---- | M] () -- C:\PER PERMOHONAN PEMBIAYAAN PTPTN.zip
[2010/07/30 23:00:56 | 000,012,700 | ---- | M] () -- C:\grudge.jpg
[2010/07/30 22:41:29 | 000,012,814 | ---- | M] () -- C:\lolz.jpg
[2010/07/30 22:40:27 | 000,019,538 | ---- | M] () -- C:\ggz.jpg
[2010/07/30 03:25:49 | 003,932,214 | ---- | M] () -- C:\gg.bmp
[2010/07/28 21:23:49 | 003,932,214 | ---- | M] () -- C:\haha.bmp
[2010/07/23 23:43:59 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/23 23:17:48 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Synz\Start Menu\Programs\Startup\PPS.lnk
[2010/07/23 23:17:48 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\PPStream.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/18 15:10:21 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\NTREGOPT.lnk
[2010/10/18 15:10:21 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\ERUNT.lnk
[2010/10/18 14:20:22 | 000,000,090 | RH-- | C] () -- C:\AutoRun.inf
[2010/10/13 13:46:35 | 000,266,752 | RHS- | C] () -- C:\Documents and Settings\Synz\Application Data\ygmdrm.exe
[2010/10/08 15:40:05 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rappelz.lnk
[2010/10/04 03:11:52 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/10/04 03:11:52 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/09/19 21:23:12 | 000,125,826 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\cute-wallpaper-forever-friends-003.jpg
[2010/09/19 21:22:44 | 000,224,345 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\easter_wallpaper_61.jpg
[2010/09/11 19:07:03 | 000,022,483 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\Executive.docx
[2010/09/09 00:00:52 | 003,932,214 | ---- | C] () -- C:\fwefwef.bmp
[2010/09/06 23:55:13 | 000,002,130 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero BurnLite 10.lnk
[2010/09/06 23:51:30 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/24 00:03:04 | 000,010,572 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\conquering fear.docx
[2010/08/21 00:40:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/08/07 15:27:45 | 000,262,310 | ---- | C] () -- C:\PER PERMOHONAN PEMBIAYAAN PTPTN.zip
[2010/07/30 23:00:56 | 000,012,700 | ---- | C] () -- C:\grudge.jpg
[2010/07/30 22:41:28 | 000,012,814 | ---- | C] () -- C:\lolz.jpg
[2010/07/30 22:40:27 | 000,019,538 | ---- | C] () -- C:\ggz.jpg
[2010/07/30 03:25:49 | 003,932,214 | ---- | C] () -- C:\gg.bmp
[2010/07/28 21:23:49 | 003,932,214 | ---- | C] () -- C:\haha.bmp
[2010/07/23 23:17:54 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/07/23 23:17:48 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\Synz\Start Menu\Programs\Startup\PPS.lnk
[2010/07/23 23:17:48 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\PPStream.lnk
[2010/07/23 23:12:16 | 000,001,287 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2010/07/23 23:12:16 | 000,001,252 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/07/23 23:12:15 | 000,001,913 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/07/22 21:19:18 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\Garena.lnk
[2010/07/01 20:28:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/05/26 12:20:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/26 11:49:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/05/26 11:48:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/05/26 11:48:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

========== LOP Check ==========

[2010/05/29 04:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/10/11 23:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2010/10/08 15:42:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Synz\Application Data\.#
[2010/10/18 16:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Synz\Application Data\BitTorrent
[2010/10/18 16:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/26 09:04:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/18 14:20:22 | 000,000,090 | RH-- | M] () -- C:\AutoRun.inf
[2010/05/26 05:47:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/26 09:04:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/09 00:00:52 | 003,932,214 | ---- | M] () -- C:\fwefwef.bmp
[2010/07/30 03:25:49 | 003,932,214 | ---- | M] () -- C:\gg.bmp
[2010/07/30 22:40:27 | 000,019,538 | ---- | M] () -- C:\ggz.jpg
[2010/07/30 23:00:56 | 000,012,700 | ---- | M] () -- C:\grudge.jpg
[2010/07/28 21:23:49 | 003,932,214 | ---- | M] () -- C:\haha.bmp
[2010/10/18 16:09:31 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/17 21:21:51 | 000,325,574 | ---- | M] () -- C:\hotel.bmp
[2010/05/26 09:04:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/30 22:41:29 | 000,012,814 | ---- | M] () -- C:\lolz.jpg
[2010/05/26 09:04:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 20:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/18 16:09:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/08/07 15:27:48 | 000,262,310 | ---- | M] () -- C:\PER PERMOHONAN PEMBIAYAAN PTPTN.zip

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/05/26 12:18:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/26 12:18:34 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/26 12:18:34 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Edited by Mudz, 18 October 2010 - 03:16 AM.

[Advertisements]

Extras.Txt:

This log is too long so i am going to attach the log instead.

 Extras.Txt   891.21KB   472 downloads


Last but not least, thank you in advance for your help, cheers!

[Mudz]

Extras.Txt:

This log is too long so i am going to attach the log instead.

 Extras.Txt   891.21KB   472 downloads


Last but not least, thank you in advance for your help, cheers!

[Mudz]

Since it has been few days and no one replied my thread, i have tried a few solutions:

1) renamed avira antivirus and successfully installed it. Scan log:




Avira AntiVir Personal
Report file date: 21 October 2010 14:42

Scanning for 2956911 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Synz
Computer name : ADDICTEDZ

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 05:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 05:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 11:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 16:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 02:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 12:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 10:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 09:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 04:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 06:12:45
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 06:12:59
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 06:13:26
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 06:13:45
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 06:13:45
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 06:13:46
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 06:13:46
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 06:13:46
VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 06:13:47
VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 06:13:47
VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 06:13:48
VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 06:13:49
VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 06:13:50
VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 06:13:50
VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 06:13:51
VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 06:13:52
VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 06:13:52
VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 06:13:53
VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 06:13:54
VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 06:13:54
VBASE025.VDF : 7.10.12.238 137728 Bytes 10/18/2010 06:13:55
VBASE026.VDF : 7.10.12.254 129536 Bytes 10/20/2010 06:13:56
VBASE027.VDF : 7.10.12.255 2048 Bytes 10/20/2010 06:13:56
VBASE028.VDF : 7.10.13.0 2048 Bytes 10/20/2010 06:13:56
VBASE029.VDF : 7.10.13.1 2048 Bytes 10/20/2010 06:13:56
VBASE030.VDF : 7.10.13.2 2048 Bytes 10/20/2010 06:13:57
VBASE031.VDF : 7.10.13.10 61440 Bytes 10/21/2010 06:13:57
Engineversion : 8.2.4.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/21/2010 06:14:15
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/21/2010 06:14:14
AESCN.DLL : 8.1.6.1 127347 Bytes 10/21/2010 06:14:12
AESBX.DLL : 8.1.3.1 254324 Bytes 10/21/2010 06:14:15
AERDL.DLL : 8.1.9.2 635252 Bytes 10/21/2010 06:14:12
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/21/2010 06:14:10
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/21/2010 06:14:08
AEHEUR.DLL : 8.1.2.36 2974072 Bytes 10/21/2010 06:14:08
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/21/2010 06:14:01
AEGEN.DLL : 8.1.3.23 401779 Bytes 10/21/2010 06:14:01
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/21/2010 06:14:00
AECORE.DLL : 8.1.17.0 196982 Bytes 10/21/2010 06:13:59
AEBB.DLL : 8.1.1.0 53618 Bytes 10/21/2010 06:13:59
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 05:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 05:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 09:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 05:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 05:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 05:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 02:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 05:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 08:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 07:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 06:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 07:14:29

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, A:, E:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 21 October 2010 14:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\Program Files\Common Files\Java\Java Update\jusched.exe>
[DETECTION] Contains code of the W32/Sality Windows virus
[NOTE] Process 'jusched.exe' was terminated
[NOTE] The file was moved to the quarantine directory under the name '533f726e.qua'.
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Module is infected -> <C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe>
[DETECTION] Contains code of the W32/Sality Windows virus
[NOTE] Process 'GrooveMonitor.exe' was terminated
[NOTE] The file was moved to the quarantine directory under the name '674b6741.qua'.
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!

Starting to scan executable files (registry).
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus

The registry was scanned ( '323' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\AutoRun.inf
[DETECTION] Is the TR/Agent.92 Trojan
C:\Documents and Settings\Synz\Desktop\OTL.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\chrome_launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\Installer\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\chrome_frame_helper.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\chrome_launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\Installer\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\winckuui.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
--> Object
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
C:\Documents and Settings\Synz\Local Settings\Temp\wingfae.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
--> Object
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
C:\Documents and Settings\Synz\Local Settings\Temp\winhpnijd.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
--> Object
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
C:\Documents and Settings\Synz\Local Settings\Temp\winlvym.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
--> Object
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Documents and Settings\Synz\Local Settings\Temp\winslmwof.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
--> Object
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Documents and Settings\Synz\Local Settings\Temp\wintnjeia.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
--> Object
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Documents and Settings\Synz\Local Settings\Temp\winugvsp.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
--> Object
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
C:\Documents and Settings\Synz\Local Settings\Temp\winyqvjo.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
--> Object
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Documents and Settings\Synz\Local Settings\Temp\chrome_11363\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\chrome_15026\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\chrome_16455\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\chrome_2764\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{22AA129A-8E5D-45AE-A3E4-D110703EF141}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{22AA129A-8E5D-45AE-A3E4-D110703EF141}\WindowsXP-KB942288-v3-x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{5CCCB5E2-D83C-42AD-B8BA-6C073D804247}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{6BD3444F-03E6-4E21-BAD0-50E6A5820433}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{700CE99A-BF60-457F-9AFB-3CAA65A73D29}\InstallSilverlight.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{88CDD09D-1B57-4BB4-A192-33BA0CBCB566}\NeroOSValidator.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{8D7309F4-C4B6-4408-8DA9-D3B0E7987822}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\NeroBar.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{C597C3FC-2110-451E-832E-9352964E56F9}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{C597C3FC-2110-451E-832E-9352964E56F9}\vcredist_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avadmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avcenter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avconfig.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avnotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avscan.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avupgsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avwebloader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avwsc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\fact.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\guardhlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\insthlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\licmgr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\presetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\sched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\update.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\vcredist_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\xp\avshadow.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX1\psxfin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX1\utils\cdztool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avadmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avcenter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avconfig.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avnotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avscan.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avupgsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avwebloader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avwsc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\fact.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\guardhlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\insthlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\licmgr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\presetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\sched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\update.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\vcredist_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\wsctool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\xp\avshadow.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avadmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avcenter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avconfig.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avnotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avscan.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avupgsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avwebloader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avwsc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\fact.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\guardhlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\insthlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\licmgr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\presetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\sched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\xp\avshadow.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Documents and Settings\Synz\Local Settings\Temporary Internet Files\Content.IE5\G509IFS5\ppstreamsetup-update100730[1].exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Garena\Garena\CrashSender.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Garena\Garena\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Garena\Garena\Update.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Garena\Garena\update2.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Garena\Garena\BlackShotLauncher\launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Garena\Garena\BlackShotLauncher\UpdateMove.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Garena\Garena\BlackShotLauncher\UpdateMove1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\GM Simple\DATA\DLL\ManaBars.dll
[DETECTION] Contains code of the W32/Sality Windows virus
C:\GM Simple\DATA\DLL\WarKey.dll
[DETECTION] Contains code of the W32/Sality Windows virus
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Adobe\Acrobat 6.0\Reader\AdobeUpdateManager.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Adobe\Acrobat 6.0\Reader\Updater\acroaum.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\AvRack\rtlrack.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\DVDVideoSoft\TB\CondPlug.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\DVDVideoSoft\TB\TBOffer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Java\Java Update\jaucheck.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Java\Java Update\jaureg.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OINFOP12.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSE7.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFDIAG.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFLB.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\SETUP.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Common Files\Nero\AdvrCntr5\NeroPatentActivation.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\ERUNT\AUTOBACK.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\ERUNT\ERUNT.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\ERUNT\NTREGOPT.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\java-rmi.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\java.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\javacpl.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\javaw.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\javaws.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\jbroker.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\jp2launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\jqsnotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\keytool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\kinit.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\klist.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\ktab.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\orbd.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\pack200.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\policytool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\rmid.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\rmiregistry.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\servertool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\ssvagent.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\tnameserv.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Java\jre6\bin\unpack200.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\CLVIEW.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\CNFNOT32.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\DRAT.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\DSSM.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\excelcnv.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\GRAPH.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\GrooveClean.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\GrooveMigrator.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\GrooveStdURLLauncher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\INFOPATH.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\MSOHTMED.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\MSQRY32.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\MSTORDB.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\OIS.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
C:\Program Files\Microsoft Office\Office12\REGFORM.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\SCANOST.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\SCANPST.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\SELFCERT.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\SETLANG.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\VPREVIEW.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\Wordconv.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Microsoft Office\Office12\1033\ONELEV.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Nero\Nero 10\Nero BurnLite\NMDllHost.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Nero\Nero 10\Nero ControlCenter\NCC.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Nero\Nero 10\Nero ControlCenter\NCChelper.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\Nero\Update\NANotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\VideoLAN\VLC\uninstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\WinRAR\Rar.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\WinRAR\RarExtLoader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\WinRAR\Uninstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\WinRAR\UnRAR.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\Program Files\WinRAR\WinRAR.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\WINDOWS\AppPatch\AppLoc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
C:\WINDOWS\system32\WISPTIS.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
Begin scan in 'D:\'
D:\AutoRun.inf
[DETECTION] Is the TR/Agent.92 Trojan
D:\ChromeSetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\DragonicaDownloaderV1.0.17.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Recycled.scr
[DETECTION] Contains code of the W32/Sality Windows virus
D:\wlsetup-web.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\ChromeSetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\document and settings\Synz\MY Document\Downloads\biosagentplus_40.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\document and settings\Synz\MY Document\Downloads\Garena_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\document and settings\Synz\MY Document\Downloads\wrar391.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\document and settings\Synz\MY Document\Downloads\Programs\digsby_install.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\chromeinstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\Firefox Setup 3.6.3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\flashget3.3.0.1092en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\Garena_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\install_flash_player.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\vlc-1.0.5-win32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\wlsetup-web.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\youtube2video.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\C drive\Downloads\sality_off\sality_off\Sality_off.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\cheatbox\chtb0609.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\cheatbox\Uninstal.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\daemon tool\DAEMON Tools Lite\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\flashget196en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\HamachiSetup-1.0.3.0-en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\install_flash_player.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\launch(2).exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\launch.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\ODS Noir skin beta testv0.6c.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\Server_Tools.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\vcsetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\vlc-0.9.9-win32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\wlsetup-custom.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\wrar39b3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\AccountServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GameServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\gameserver2.0.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GateServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GroupServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\Server Launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\UserAccount.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\GameServer\GameServer 2.0.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\GameServer\gameserver.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\old 2.0 gameserver\gameserver.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files\rpc412\rpc412_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\13102008PATCHER.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\chromeinstall-6u18.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\dotnetfx.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\dotnetfx35setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\DriverDetective.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\DTLite4355-0068.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\flashget3.2.0.1064cn.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Garena Anti-Hack Bypass v1.0.rar
[0] Archive type: RAR
[DETECTION] Is the TR/VB.VF.1 Trojan
--> Garena Anti-Hack Bypass\database.dll
[1] Archive type: OVL
--> Object
[DETECTION] Is the TR/VB.VF.1 Trojan
D:\Downloaded Files from Firefox\HideToolz.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Rootkit.Gen Trojan
--> HideToolz.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Rootkit.Gen Trojan
D:\Downloaded Files from Firefox\kROsakexe0528aN[Xray].rar
[0] Archive type: RAR
[DETECTION] Is the TR/Spy.3375190.A Trojan
--> kROsakexe0528aN[Xray].exe
[DETECTION] Is the TR/Spy.3375190.A Trojan
D:\Downloaded Files from Firefox\lame.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\launch(2).exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\launch(3).exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\launch(4).exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\launch.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\pci_filerecovery.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\PowerISO46.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\ppstreamsetup (1).exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\ppstreamsetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\REST2514.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RL!dePacker.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> RL!dePacker.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\Downloaded Files from Firefox\SFTPMSI.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Themida_and_WinLicense_2.0.1.0___Unpacking_.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Gendal.2260992 Trojan
--> Themida and WinLicense 2.0.1.0 (Unpacking)\unpackme\WinLicense_UnPack Me!.exe
[DETECTION] Is the TR/Gendal.2260992 Trojan
D:\Downloaded Files from Firefox\ud_hamachi.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\UnExeStealth.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Agent.8704.BU Trojan
--> unexestealth.exe
[DETECTION] Is the TR/Agent.8704.BU Trojan
D:\Downloaded Files from Firefox\vlc-1.0.3-win32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\wlsetup-custom.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\2008-01-02a_xpv9_data_folder(2)\2008-01-02a_xpv9_data_folder.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\3danalyzer-v236\3DAnalyze.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\3danalyzer-v236\3danalyzer-v236.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Bin_DiE_(Detect_it_Easy)_2008-1-6_2.6_die_0.64\DiE.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Cabal Chronicle\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Cabal Chronicle\CABAL Online (SG MY)\launcher\update\w9xpopen.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\CE\Cheat Engine\EmptyDLL.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Chronicle_Client_v1107\Acidstar.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Chronicle_Client_v1107\cabal.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Chronicle_Client_v1107\CabalMain.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Chronicle_Client_v1107\Uninstal.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\chtb0609\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Client\2009-07-15aRagexeRE_patched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\dota_keys_1.4-0.2.0\dotakeys.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\char-server_sql.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\ladmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\login-server_sql.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\mapcache.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\adduser.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\char-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\login-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Garena Anti-Hack Bypass v1.0\Garena Anti-Hack Bypass\database.dll
[0] Archive type: OVL
[DETECTION] Is the TR/VB.VF.1 Trojan
--> Object
[DETECTION] Is the TR/VB.VF.1 Trojan
D:\Downloaded Files from Firefox\Garena Anti-Hack Bypass v1.0\Garena Anti-Hack Bypass\Garena Anti-Hack ByPass.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Garena Universal Maphack v1.1\Garena Universal MH.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\gdbfn\Setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\HideToolz\HideToolz.exe
[0] Archive type: RSRC
[DETECTION] Is the TR/Rootkit.Gen Trojan
--> Object
[DETECTION] Is the TR/Rootkit.Gen Trojan
D:\Downloaded Files from Firefox\JDownloader\JDownloader\JDownloader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\Serious Sam HD.Repack.ALTHIR.exe
[0] Archive type: NSIS
--> ProgramFilesDir/All.gro
[1] Archive type: ZIP
--> Content/SeriousSamHD/Levels/00_Egypt/0_10_Metropolis.wld
[WARNING] The file could not be written!
D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\NetFx20SP2_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\PhysX_9.09.0408_SystemSoftware.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\DirectX\DXSETUP.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\kompozer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\mangle.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\rebasedlls.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\regchrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\regxpcom.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\shlibsign.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpcshell.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpicleanup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpidl.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpt_dump.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpt_link.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\MHS5.008\lol.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\Paint.NET.3.36\Paint.NET.3.36.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\PEiD-0.95-20081103\PEiD.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\pendriverecovery\pendriverecovery.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\PE_Tools\PETools\PETools.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\PE_Tools\PETools\SDK\Procs32\Examples\Procs_Ex3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\PE_Tools\PETools\SignMan\SignMan.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RealTemp_340\i7Turbo.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RealTemp_340\LoadTester.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RealTemp_340\RealTemp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RealTemp_340\RealTempGT.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\ASPLnchr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\FindHack.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\LimitRO.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\lua.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\Ragexe.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\Ragnarok.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\Setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\AI\USER_AI\mirAI_contro_panel_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\HShield\HSUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\HShield\Update\autoup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\RO\Gravity\RO\nProtect\npkcmsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sandbox\SandboxieBITS.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sandbox\SandboxieCrypto.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sandbox\SandboxieDcomLaunch.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sandbox\SandboxieRpcSs.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sandbox\SandboxieWUAU.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sandbox\SbieCtrl.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sandbox\SbieSvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sandbox\Start.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\1420_A09.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\bitcomet_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\Firefox Setup 3.0.10.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\FreewarePrimoPDF.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\install_flash_player.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\vcsetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\wlsetup-custom.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\wrar39b2.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Enterprise.WW\ose.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Office.en-us\DW20.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Office.en-us\dwtrig20.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\char-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\login-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\map-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\undelete\UndeletePlus\undelete_plus.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Downloaded Files from Firefox\UnExeStealth\unexestealth.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\dragon\installer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\chromeinstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\DragonicaDownloaderV1.0.17(2).exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\DragonicaDownloaderV1.0.17.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\Firefox Setup 3.6.3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\flashget3.3.0.1092en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\Garena_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\installer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\install_flash_player.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\vlc-1.0.5-win32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\wlsetup-web.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\youtube2video.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\cqccyh01updater.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\ManaBars.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\_Load GarenaHack_.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\Programs\vc6redistsetup_enu.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\Programs\vcredist_x86_en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\dragon\Downloads\sality_off\sality_off\Sality_off.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\AIKA Online\AIKAGlobal\AIKAGB.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\AIKA Online\AIKAGlobal\AIKALauncher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\AIKA Online\AIKAGlobal\uninstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\RAN\VEGARAN\extz.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\RAN\VEGARAN\game.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\RAN\VEGARAN\VEGARAN.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\War3 Tools\DotaKeys\dotakeys.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\Warcraft III 1.21B\War3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\games\Warcraft III 1.21B\worldedit.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\CrashSender.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\update.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\update2.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\BitTorrent-7.1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\chromeinstall-6u21.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\Garena_setup (1).exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\Garena_setup (2).exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\Garena_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\installer_roxio_easy_media_creator_9_0_English.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\Nero_BurnLite-10.0.10500.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\cep024\CEP.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\ecm100\ecm.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\ecm100\unecm.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\gmer\gmer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\pSX_1_13\psxfin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\blackshot\pSX_1_13\utils\cdztool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\BlackShotLauncher\launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\BlackShotLauncher\UpdateMove.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\Garena\BlackShotLauncher\UpdateMove1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\ninja\DwnlData\Synz\launch_65\launch.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\ninja\DwnlData\Synz\War3TFT_124e_English_51\War3TFT_124e_English.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\photoresizer\PIXresizer\PIXresizer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\gameserver2.0.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\New Server Files\AccountServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\New Server Files\gameserver.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\New Server Files\gameserver2.0.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\New Server Files\GateServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\New Server Files\GroupServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\New Server Files\Server Launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\New Server Files\UserAccount.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\PKO\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO - Games\PKO\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Client\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Client\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\client 2\Tales of Pirates Online\Frozen-Phoenix.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\client 2\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\client 2\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\client 3\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\client 3\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Kop135\Kop135\AccountServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Kop135\Kop135\gameserver.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Kop135\Kop135\GateServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Kop135\Kop135\GroupServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Kop135\Kop135\(1) AccountServer\AccountServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Kop135\Kop135\(2) GroupServer\GroupServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Kop135\Kop135\(3) GateServer\GateServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\Kop135\Kop135\(4) Gameserver\GameServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\UserAccount.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-2000478354-117609710-682003330-1003\Dd1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-2000478354-117609710-682003330-1003\Dd10.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-2000478354-117609710-682003330-1003\Dd11.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-2000478354-117609710-682003330-1003\Dd9.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd10\nvudisp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd10\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd11\DriversHQ.DriverDetective.Client.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd11\DriversHQ.DriverDetective.Client.Updater.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd4\Nintendo.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd4\NO$GBA.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd4\VisualBoyAdvance.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd4\no$gba-w_2.5c\NO$GBA.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dplaysvr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dpnsvr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dpvsetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dxdiag.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dxdllreg.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Redist\vcredist_sp1_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Redist\DirectX\DXSETUP.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\Copy of RO Server Files\char-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\Copy of RO Server Files\ladmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\Copy of RO Server Files\login-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\Copy of RO Server Files\mapcache.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\Copy of RO Server Files\tools\adduser.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\Copy of RO Server Files\tools\char-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\Copy of RO Server Files\tools\login-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\2009-07-15aRagexeRE_patched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\AddictedRO.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\ASPLnchr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\FindHack.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\kROsakexe0528aN[Xray].exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\lua.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\Ragexe.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\Ragnarok.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\Sakexe.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\sakray.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\Setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\Gravity\RO\Sakexe.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\Gravity\RO\sakray.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\HShield\HSUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\HShield\Update\autoup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Client\Gravity\RO\nProtect\npkcmsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files\char-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files\ladmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files\login-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files\mapcache.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files\tools\adduser.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files\tools\char-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files\tools\login-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\char-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\ladmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\login-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\mapcache.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\tools\adduser.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\tools\char-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\tools\login-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\SDO X\SDO-X Season 2\client.bin
[DETECTION] Contains code of the W32/Sality Windows virus
D:\SDO X\SDO-X Season 2\dance.exe
[DETECTION] Contains code of the W32/Sality Windows virus
D:\SDO X\SDO-X Season 2\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'F:\' <我的光盘>

Beginning disinfection:
D:\SDO X\SDO-X Season 2\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\SDO X\SDO-X Season 2\dance.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\SDO X\SDO-X Season 2\client.bin
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\tools\login-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\tools\char-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\tools\adduser.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\mapcache.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\login-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\ladmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files 2\eAthena-TXT-13086[Trunk]\char-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files\tools\login-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files\tools\char-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files\tools\adduser.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files\mapcache.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files\login-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files\ladmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Server Files\char-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\nProtect\npkcmsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\HShield\Update\autoup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\HShield\HSUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\Gravity\RO\sakray.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\Gravity\RO\Sakexe.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\Setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\sakray.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\Sakexe.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\Ragnarok.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\Ragexe.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\lua.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\kROsakexe0528aN[Xray].exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\FindHack.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\ASPLnchr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\AddictedRO.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\RO Client\Gravity\RO\2009-07-15aRagexeRE_patched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\Copy of RO Server Files\tools\login-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\Copy of RO Server Files\tools\char-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\Copy of RO Server Files\tools\adduser.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\Copy of RO Server Files\mapcache.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\Copy of RO Server Files\login-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\Copy of RO Server Files\ladmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RO\Copy of RO Server Files\char-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Redist\DirectX\DXSETUP.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Redist\vcredist_sp1_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dxdllreg.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dxdiag.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dpvsetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dpnsvr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd5\Serious Sam HD.Repack.ALTHIR\Bin\dplaysvr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd4\no$gba-w_2.5c\NO$GBA.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd4\VisualBoyAdvance.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd4\NO$GBA.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd4\Nintendo.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd11\DriversHQ.DriverDetective.Client.Updater.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd11\DriversHQ.DriverDetective.Client.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd10\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-796845957-412668190-1417001333-1003\Dd10\nvudisp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-2000478354-117609710-682003330-1003\Dd9.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-2000478354-117609710-682003330-1003\Dd11.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-2000478354-117609710-682003330-1003\Dd10.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\RECYCLER\S-1-5-21-2000478354-117609710-682003330-1003\Dd1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\UserAccount.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Kop135\Kop135\(4) Gameserver\GameServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Kop135\Kop135\(3) GateServer\GateServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Kop135\Kop135\(2) GroupServer\GroupServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Kop135\Kop135\(1) AccountServer\AccountServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Kop135\Kop135\GroupServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Kop135\Kop135\GateServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Kop135\Kop135\gameserver.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Kop135\Kop135\AccountServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\client 3\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\client 3\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\client 2\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\client 2\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\client 2\Tales of Pirates Online\Frozen-Phoenix.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Client\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO Private Server\Client\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\PKO\Tales of Pirates Online\top_d.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\PKO\Tales of Pirates Online\top.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\New Server Files\UserAccount.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\New Server Files\Server Launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\New Server Files\GroupServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\New Server Files\GateServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\New Server Files\gameserver2.0.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\New Server Files\gameserver.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\New Server Files\AccountServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\PKO - Games\gameserver2.0.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\photoresizer\PIXresizer\PIXresizer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\ninja\DwnlData\Synz\War3TFT_124e_English_51\War3TFT_124e_English.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\ninja\DwnlData\Synz\launch_65\launch.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\BlackShotLauncher\UpdateMove1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\BlackShotLauncher\UpdateMove.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\BlackShotLauncher\launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\pSX_1_13\utils\cdztool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\pSX_1_13\psxfin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\gmer\gmer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\ecm100\unecm.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\ecm100\ecm.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\cep024\CEP.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\Nero_BurnLite-10.0.10500.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\installer_roxio_easy_media_creator_9_0_English.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\Garena_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\Garena_setup (2).exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\Garena_setup (1).exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\chromeinstall-6u21.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\blackshot\BitTorrent-7.1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\update2.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\update.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Garena\CrashSender.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\Warcraft III 1.21B\worldedit.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\Warcraft III 1.21B\War3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\War3 Tools\DotaKeys\dotakeys.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\RAN\VEGARAN\VEGARAN.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\RAN\VEGARAN\game.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\RAN\VEGARAN\extz.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\AIKA Online\AIKAGlobal\uninstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\AIKA Online\AIKAGlobal\AIKALauncher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\games\AIKA Online\AIKAGlobal\AIKAGB.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\sality_off\sality_off\Sality_off.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\Programs\vcredist_x86_en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\Programs\vc6redistsetup_enu.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\_Load GarenaHack_.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\ManaBars.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\cqccyh01updater.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\youtube2video.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\wlsetup-web.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\vlc-1.0.5-win32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\install_flash_player.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\installer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\Garena_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\flashget3.3.0.1092en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\Firefox Setup 3.6.3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\DragonicaDownloaderV1.0.17.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\DragonicaDownloaderV1.0.17(2).exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\Downloads\chromeinstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\dragon\installer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\UnExeStealth\unexestealth.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\undelete\UndeletePlus\undelete_plus.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\map-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\login-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\char-server.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Office.en-us\dwtrig20.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Office.en-us\DW20.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Enterprise.WW\ose.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\wrar39b2.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\wlsetup-custom.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\vcsetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\install_flash_player.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\FreewarePrimoPDF.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\Firefox Setup 3.0.10.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\bitcomet_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sortware\1420_A09.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sandbox\Start.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sandbox\SbieSvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sandbox\SbieCtrl.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sandbox\SandboxieWUAU.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sandbox\SandboxieRpcSs.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sandbox\SandboxieDcomLaunch.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sandbox\SandboxieCrypto.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\sandbox\SandboxieBITS.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\nProtect\npkcmsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\HShield\Update\autoup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\HShield\HSUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\AI\USER_AI\mirAI_contro_panel_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\Setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\Ragnarok.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\Ragexe.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\lua.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\LimitRO.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\FindHack.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RO\Gravity\RO\ASPLnchr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RealTemp_340\RealTempGT.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RealTemp_340\RealTemp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RealTemp_340\LoadTester.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RealTemp_340\i7Turbo.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\PE_Tools\PETools\SignMan\SignMan.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\PE_Tools\PETools\SDK\Procs32\Examples\Procs_Ex3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\PE_Tools\PETools\PETools.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\pendriverecovery\pendriverecovery.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\PEiD-0.95-20081103\PEiD.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Paint.NET.3.36\Paint.NET.3.36.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\MHS5.008\lol.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpt_link.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpt_dump.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpidl.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpicleanup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpcshell.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\shlibsign.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\regxpcom.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\regchrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\rebasedlls.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\mangle.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\kompozer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\DirectX\DXSETUP.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\PhysX_9.09.0408_SystemSoftware.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\NetFx20SP2_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\JDownloader\JDownloader\JDownloader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\HideToolz\HideToolz.exe
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\gdbfn\Setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Garena Universal Maphack v1.1\Garena Universal MH.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Garena Anti-Hack Bypass v1.0\Garena Anti-Hack Bypass\Garena Anti-Hack ByPass.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Garena Anti-Hack Bypass v1.0\Garena Anti-Hack Bypass\database.dll
[DETECTION] Is the TR/VB.VF.1 Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\login-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\char-converter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\adduser.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\mapcache.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\login-server_sql.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\ladmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\char-server_sql.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\dota_keys_1.4-0.2.0\dotakeys.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Client\2009-07-15aRagexeRE_patched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\chtb0609\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Chronicle_Client_v1107\Uninstal.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Chronicle_Client_v1107\CabalMain.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Chronicle_Client_v1107\cabal.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Chronicle_Client_v1107\Acidstar.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\CE\Cheat Engine\EmptyDLL.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Cabal Chronicle\CABAL Online (SG MY)\launcher\update\w9xpopen.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Cabal Chronicle\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Bin_DiE_(Detect_it_Easy)_2008-1-6_2.6_die_0.64\DiE.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\3danalyzer-v236\3danalyzer-v236.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\3danalyzer-v236\3DAnalyze.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\2008-01-02a_xpv9_data_folder(2)\2008-01-02a_xpv9_data_folder.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\wlsetup-custom.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\vlc-1.0.3-win32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\UnExeStealth.zip
[DETECTION] Is the TR/Agent.8704.BU Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\ud_hamachi.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\Themida_and_WinLicense_2.0.1.0___Unpacking_.rar
[DETECTION] Is the TR/Gendal.2260992 Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\SFTPMSI.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\RL!dePacker.rar
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\REST2514.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\ppstreamsetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\ppstreamsetup (1).exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\PowerISO46.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\pci_filerecovery.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\launch.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\launch(4).exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\launch(3).exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\launch(2).exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\lame.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\kROsakexe0528aN[Xray].rar
[DETECTION] Is the TR/Spy.3375190.A Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\HideToolz.zip
[DETECTION] Is the TR/Rootkit.Gen Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\Garena Anti-Hack Bypass v1.0.rar
[DETECTION] Is the TR/VB.VF.1 Trojan
[WARNING] The file was ignored!
D:\Downloaded Files from Firefox\flashget3.2.0.1064cn.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\DTLite4355-0068.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\DriverDetective.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\dotnetfx35setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\dotnetfx.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\chromeinstall-6u18.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files from Firefox\13102008PATCHER.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\rpc412\rpc412_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\old 2.0 gameserver\gameserver.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\GameServer\gameserver.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\GameServer\GameServer 2.0.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\UserAccount.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\Server Launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GroupServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GateServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\gameserver2.0.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GameServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\AccountServer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\wrar39b3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\wlsetup-custom.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\vlc-0.9.9-win32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\vcsetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\Server_Tools.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\ODS Noir skin beta testv0.6c.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\launch.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\launch(2).exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\install_flash_player.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\HamachiSetup-1.0.3.0-en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Downloaded Files\flashget196en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\daemon tool\DAEMON Tools Lite\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\cheatbox\Uninstal.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\cheatbox\chtb0609.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\sality_off\sality_off\Sality_off.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\youtube2video.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\wlsetup-web.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\vlc-1.0.5-win32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\install_flash_player.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\Garena_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\flashget3.3.0.1092en.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\Firefox Setup 3.6.3.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\Downloads\chromeinstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\document and settings\Synz\MY Document\Downloads\Programs\digsby_install.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\document and settings\Synz\MY Document\Downloads\wrar391.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\document and settings\Synz\MY Document\Downloads\Garena_setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\document and settings\Synz\MY Document\Downloads\biosagentplus_40.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\C drive\ChromeSetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\wlsetup-web.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\Recycled.scr
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\DragonicaDownloaderV1.0.17.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\ChromeSetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
D:\AutoRun.inf
[DETECTION] Is the TR/Agent.92 Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\WISPTIS.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\WINDOWS\AppPatch\AppLoc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\WinRAR\WinRAR.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\WinRAR\UnRAR.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\WinRAR\Uninstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\WinRAR\RarExtLoader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\WinRAR\Rar.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\VideoLAN\VLC\uninstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Nero\Update\NANotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Nero\Nero 10\Nero ControlCenter\NCChelper.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Nero\Nero 10\Nero ControlCenter\NCC.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Nero\Nero 10\Nero BurnLite\NMDllHost.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\1033\ONELEV.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\Wordconv.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\VPREVIEW.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\SETLANG.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\SELFCERT.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\SCANPST.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\SCANOST.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\REGFORM.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[WARNING] The file was ignored!
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\OIS.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\MSTORDB.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\MSQRY32.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\MSOHTMED.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\INFOPATH.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\GrooveStdURLLauncher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\GrooveMigrator.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\GrooveClean.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\GRAPH.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\excelcnv.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\DSSM.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\DRAT.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\CNFNOT32.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft Office\Office12\CLVIEW.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\unpack200.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\tnameserv.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\ssvagent.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\servertool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\rmiregistry.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\rmid.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\policytool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\pack200.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\orbd.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\ktab.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\klist.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\kinit.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\keytool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\jqsnotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\jp2launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\jbroker.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\javaws.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\javaw.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\javacpl.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\java.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Java\jre6\bin\java-rmi.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\ERUNT\NTREGOPT.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\ERUNT\ERUNT.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\ERUNT\AUTOBACK.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Nero\AdvrCntr5\NeroPatentActivation.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\SETUP.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFLB.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFDIAG.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSE7.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\MSInfo\OINFOP12.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Java\Java Update\jaureg.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\Java\Java Update\jaucheck.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\DVDVideoSoft\TB\TBOffer.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\DVDVideoSoft\TB\CondPlug.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\AvRack\rtlrack.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Adobe\Acrobat 6.0\Reader\Updater\acroaum.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Adobe\Acrobat 6.0\Reader\AdobeUpdateManager.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\GM Simple\DATA\DLL\WarKey.dll
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\GM Simple\DATA\DLL\ManaBars.dll
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Garena\Garena\BlackShotLauncher\UpdateMove1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Garena\Garena\BlackShotLauncher\UpdateMove.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Garena\Garena\BlackShotLauncher\launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Garena\Garena\update2.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Garena\Garena\Update.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Garena\Garena\uninst.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Garena\Garena\CrashSender.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temporary Internet Files\Content.IE5\G509IFS5\ppstreamsetup-update100730[1].exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\xp\avshadow.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\sched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\presetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\licmgr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\insthlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\guardhlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\fact.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avwsc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avwebloader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avupgsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avscan.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avnotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avconfig.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avcenter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX3\avadmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\xp\avshadow.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\wsctool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\vcredist_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\update.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\sched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\presetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\licmgr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\insthlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\guardhlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\fact.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avwsc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avwebloader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avupgsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avscan.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avnotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avconfig.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avcenter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX2\avadmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX1\utils\cdztool.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX1\psxfin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\xp\avshadow.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\vcredist_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\update.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\sched.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\presetup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\licmgr.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\insthlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\guardhlp.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\fact.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avwsc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avwebloader.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avupgsvc.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avscan.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avnotify.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avconfig.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avcenter.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\RarSFX0\avadmin.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{C597C3FC-2110-451E-832E-9352964E56F9}\vcredist_x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{C597C3FC-2110-451E-832E-9352964E56F9}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\NeroBar.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{8D7309F4-C4B6-4408-8DA9-D3B0E7987822}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{88CDD09D-1B57-4BB4-A192-33BA0CBCB566}\NeroOSValidator.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{700CE99A-BF60-457F-9AFB-3CAA65A73D29}\InstallSilverlight.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{6BD3444F-03E6-4E21-BAD0-50E6A5820433}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{5CCCB5E2-D83C-42AD-B8BA-6C073D804247}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{22AA129A-8E5D-45AE-A3E4-D110703EF141}\WindowsXP-KB942288-v3-x86.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\ISSetupPrerequisites\{22AA129A-8E5D-45AE-A3E4-D110703EF141}\PRQStarter-1.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\NERO20100709115641857\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\chrome_2764\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\chrome_16455\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\chrome_15026\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\chrome_11363\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Temp\winyqvjo.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Temp\winugvsp.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Temp\wintnjeia.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Temp\winslmwof.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Temp\winlvym.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Temp\winhpnijd.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Temp\wingfae.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Temp\winckuui.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\Installer\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\chrome_launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\chrome_frame_helper.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\Installer\setup.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\chrome_launcher.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Desktop\OTL.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\AutoRun.inf
[DETECTION] Is the TR/Agent.92 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!
C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[DETECTION] Contains code of the W32/Sality Windows virus
[WARNING] The file was not repaired as requested!


End of the scan: 21 October 2010 18:02
Used time: 2:55:32 Hour(s)

The scan has been done completely.

16295 Scanned directories
552582 Files were scanned
511 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
552071 Files not concerned
3173 Archives were scanned
507 Warnings
2 Notes

List of the found malwares:


TR/Rootkit.Gen
TR/Crypt.XPACK.Gen
TR/VB.VF.1
TR/Agent.8704.BU
TR/Gendal.2260992
TR/Crypt.XPACK.Gen
TR/Spy.3375190.A
TR/Agent.92
TR/Crypt.CFI.Gen
TR/Downloader.Gen
BDS/Backdoor.Gen
W32/Sality

Note: most of the malwares found: W32/Sality

2) Downloaded and used a program named "Sality_off" to kill off W32/Sality.

Hope this helps.

[azarl]

Hi

Welcome to Geekstogo. I'll be helping you with this problem.

• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  
  
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

Your computer appears to have been infected by a backdoor trojan. This could allow hackers to remotely control your computer and steal critical system information including passwords.
I recommend you take the following steps immediately:

• Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. Alos change the passwords for any other site you use.
• Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
• Consider what other private information could possibly have been taken from your computer and take appropriate steps

More Information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

If you wish to reformat then please let me know in your next response, otherwise I'll continue with instructions for cleaning.

++++++++++ oOo +++++++++

You have a Sality infection. Sality is a file infector and attacks all executable and system files. This includes files that run scripts such as .doc and .pdf files. It will also infect portable devices such as USB drives. The only sure cure is a reformat, although I have managed to fix such machines in the past. Again, if you wish to reformat then please let me know in your next response, otherwise I'll continue with instructions for cleaning.

[Mudz]

Hi azari,

Thanks for your reply! I wish to try to clean my system before i attempt a complete format, is it all right?

[azarl]

OK. As I said, Sality is highly infectious, so to move forward we need a clean PC to download the removal tools to, and a clean USB memory stick to transfer them to the infected machine.

Notes:
Please read through tese instructions a few times until you are confident what to do before starting them. It is vital that these steps are performed in the correct order and exactly as posted. I suggest that you print off this post for reference before proceding.

In step 5 you will be asked to temporarily disable any security programs you are running (Anti-virus and Spyware). Click here for details

++++++++++ oOo +++++++++

Steps 1 & 2 are performed on the clean machine.

» Step 1 Securing the USB/Flash device «
Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.
  
  Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

» Step 2 Download the tools we need «
Even if you already have any of the following, please download them again, as your versions may be infected
Note: All of these tools require renaming before you copy then to the infected machine

• Download SalityKiller.zip, unzip it, rename SalityKiller.exe to SK.com and save it your USB disk
• Download Combofix.exe rename ComboFix.exe to SvcHost.com and save it your USB disk
• Download drweb-cureit.exe rename drweb-cureit.exe to DrW.com and save it your USB disk

The next steps are performed on your infected machine

» Step 3 Transfer the tools to the infected machine «

• Copy SK.com to your C:\ drive on the infected machine
• Copy SvcHost.com to your desktop on the infected machine
• Copy DrW.com to your desktop on the infected machine

» Step 4 Run SalityKiller «
On the infected machine:

• Click Start > Run
• Type in: c:\SK.com -a -j -k -l c:\SKLog.txt and press enter
• A black screen will appear as the scan starts
• Once complete, Press any key to continue.
• Locate SKreport.log, in C:\. Please post the contents of SKreport.log on your next reply after you've run the remaining steps.

» Step 5 Run ComboFix «
Browse to your desktop where you placed a copy of Combofix (SvcHost.com).

• Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on SvcHost.com & follow the prompts.
• As part of its process, ComboFix may check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  When finished, it may ask for a reboot. Please do so if requested.
  It shall produce a log for you. Please include the C:\ComboFix.txt in your next reply after you've run the remaining steps.

» Step 6 Run Dr Web «

• Doubleclick DrWeb.com, click on Start and allow it to run the express scan
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan
• Once the short scan has finished, choose the Complete Scan
• Select all drives. A red dot shows which drives have been chosen
• Click the green arrow at the right, and the scan will start
• Click Yes to all if it asks if you want to cure/move the file
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv. Open it, copy the contents and post it on your next reply. If you can't open it, rename it to Drweb.txt
• If asked to reboot, please do so. This will allow DrWebCureIT! to move/delete files that were in use

.

»Finally... «
Please let me know how you got in in your next reply and post all the logs

• SalityKiller log - SKLog.log
• Combofix log - Combofix.txt
• DrWeb log - DrwWeb.csv/DrWeb.txt

[Mudz]

Had some problems performing some of the steps above. Anyway, here are the logs:

1) SKLog.txt:


19:20:50:843 6176 scanning threads ...
19:20:52:062 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:062 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:109 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:156 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:203 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:250 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:296 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:343 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:375 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:421 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:468 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:500 6176 Infected thread was killed in process explorer.exe with PID 1252
19:20:52:656 6176 Infected thread was killed in process ctfmon.exe with PID 1636
19:20:52:656 6176 Infected thread was killed in process ctfmon.exe with PID 1636
19:20:52:656 6176 Infected thread was killed in process wscntfy.exe with PID 848
19:20:52:656 6176 Infected thread was killed in process wscntfy.exe with PID 848
19:20:54:109 6176 Infected thread was killed in process chrome.exe with PID 1656
19:20:54:109 6176 Infected thread was killed in process chrome.exe with PID 1656
19:20:54:140 6176 Infected thread was killed in process wuauclt.exe with PID 700
19:20:54:140 6176 Infected thread was killed in process wuauclt.exe with PID 700
19:20:54:406 6176 Infected thread was killed in process GM.exe with PID 1800
19:20:54:406 6176 Infected thread was killed in process GM.exe with PID 1800
19:20:54:765 6176 Infected thread was killed in process Garena.exe with PID 1792
19:20:54:765 6176 Infected thread was killed in process Garena.exe with PID 1792
19:20:54:812 6176 Infected thread was killed in process WarKey.dll with PID 1200
19:20:54:812 6176 Infected thread was killed in process WarKey.dll with PID 1200
19:20:55:750 6176 Infected thread was killed in process chrome.exe with PID 3688
19:20:55:750 6176 Infected thread was killed in process chrome.exe with PID 3688
19:20:56:062 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:062 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:062 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:062 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:078 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:093 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:109 6176 Infected thread was killed in process chrome.exe with PID 3420
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:265 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:281 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:296 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:312 6176 Infected thread was killed in process chrome.exe with PID 3528
19:20:56:437 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:437 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:437 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:437 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:437 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:437 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:437 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:453 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:468 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:484 6176 Infected thread was killed in process chrome.exe with PID 3564
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:625 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:640 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:656 6176 Infected thread was killed in process chrome.exe with PID 3744
19:20:56:796 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:796 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:796 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:812 6176 Infected thread was killed in process chrome.exe with PID 5700
19:20:56:828 6176 Infected thread was killed in process winixioy.exe with PID 4108
19:20:56:828 6176 Infected thread was killed in process winixioy.exe with PID 4108
19:21:00:390 6176 Infected thread was killed in process chrome.exe with PID 3420
19:21:02:968 6176 Infected thread was killed in process chrome.exe with PID 3564
19:21:03:093 6176 Infected thread was killed in process chrome.exe with PID 3744
19:21:03:234 6176 Infected thread was killed in process chrome.exe with PID 5700
19:21:07:375 6176
19:21:07:375 6176 scanning processes ...
19:21:07:421 6176
19:21:07:421 6176 removing autorun.inf files ...
19:21:07:437 6176
19:21:07:437 6176 Disabling autorun on all drive types
19:21:07:437 6176
19:21:07:437 6176 restoring SafeBoot registry node
19:21:07:437 6176 Restoring safe/network boot registry branches for windows XP
19:21:07:453 6200
Monitoring thread started
19:21:07:593 6176
19:21:07:593 6176 fixing registry ...
19:21:07:593 6176 SalityRegCure: Restoring general registry keys
19:21:07:703 6176 SalityRegCure: Fixing system.ini
19:21:07:718 6176
19:21:07:812 6176 scanning drives ...
19:21:07:812 6176 scanning C:\ ...
19:22:06:531 6176 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe infected Virus.Win32.Sality.aa ...19:22:06:531 6176 cured
19:22:44:031 6176 C:\GM Simple\DATA\DLL\ManaBars.dll infected Virus.Win32.Sality.aa ...19:22:44:031 6176 cured
19:22:46:468 6176 C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe infected Virus.Win32.Sality.aa ...19:22:46:468 6176 cured
19:22:52:359 6176 C:\Program Files\Avira\AntiVir Desktop\avconfig.exe infected Virus.Win32.Sality.aa ...19:22:52:359 6176 not cured
19:22:52:734 6176 C:\Program Files\Avira\AntiVir Desktop\avwsc.exe infected Virus.Win32.Sality.aa ...19:22:52:734 6176 not cured
19:22:53:421 6176 C:\Program Files\Avira\AntiVir Desktop\fact.exe infected Virus.Win32.Sality.aa ...19:22:53:421 6176 not cured
19:22:54:218 6176 C:\Program Files\Avira\AntiVir Desktop\guardhlp.exe infected Virus.Win32.Sality.aa ...19:22:54:234 6176 not cured
19:22:54:359 6176 C:\Program Files\Avira\AntiVir Desktop\licmgr.exe infected Virus.Win32.Sality.aa ...19:22:54:359 6176 not cured
19:22:54:750 6176 C:\Program Files\Avira\AntiVir Desktop\setup.exe infected Virus.Win32.Sality.aa ...19:22:54:750 6176 not cured
19:22:59:640 6176 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE infected Virus.Win32.Sality.aa ...19:22:59:640 6176 cured
19:23:44:890 6176 C:\Program Files\Microsoft Office\Office12\EXCEL.EXE infected Virus.Win32.Sality.aa ...19:23:44:890 6176 cured
19:23:53:562 6176 C:\Program Files\Microsoft Office\Office12\OIS.EXE infected Virus.Win32.Sality.aa ...19:23:53:562 6176 cured
19:23:58:140 6176 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE infected Virus.Win32.Sality.aa ...19:23:58:140 6176 cured
19:24:16:093 6176 C:\Program Files\WinRAR\WinRAR.exe infected Virus.Win32.Sality.aa ...19:24:16:187 6176 cured
19:26:35:937 6176 scanning D:\ ...
19:26:37:671 6176 D:\C drive\ChromeSetup.exe infected Virus.Win32.Sality.aa ...19:26:37:671 6176 cured
19:26:39:609 6176 D:\C drive\document and settings\Synz\MY Document\Downloads\biosagentplus_40.exe infected Virus.Win32.Sality.aa ...19:26:39:609 6176 cured
19:26:40:250 6176 D:\C drive\document and settings\Synz\MY Document\Downloads\Garena_setup.exe infected Virus.Win32.Sality.aa ...19:26:40:250 6176 cured
19:26:40:671 6176 D:\C drive\document and settings\Synz\MY Document\Downloads\Programs\digsby_install.exe infected Virus.Win32.Sality.aa ...19:26:40:671 6176 cured
19:26:41:109 6176 D:\C drive\document and settings\Synz\MY Document\Downloads\wrar391.exe infected Virus.Win32.Sality.aa ...19:26:41:109 6176 cured
19:26:43:843 6176 D:\C drive\Downloads\chromeinstall.exe infected Virus.Win32.Sality.aa ...19:26:43:843 6176 cured
19:26:44:015 6176 D:\C drive\Downloads\Firefox Setup 3.6.3.exe infected Virus.Win32.Sality.aa ...19:26:44:015 6176 cured
19:26:44:203 6176 D:\C drive\Downloads\flashget3.3.0.1092en.exe infected Virus.Win32.Sality.aa ...19:26:44:203 6176 cured
19:26:44:578 6176 D:\C drive\Downloads\install_flash_player.exe infected Virus.Win32.Sality.aa ...19:26:44:578 6176 cured
19:26:44:859 6176 D:\C drive\Downloads\sality_off\sality_off\Sality_off.exe infected Virus.Win32.Sality.aa ...19:26:44:859 6176 cured
19:26:45:171 6176 D:\C drive\Downloads\vlc-1.0.5-win32.exe infected Virus.Win32.Sality.aa ...19:26:45:171 6176 cured
19:26:45:421 6176 D:\C drive\Downloads\wlsetup-web.exe infected Virus.Win32.Sality.aa ...19:26:45:421 6176 cured
19:26:45:593 6176 D:\C drive\Downloads\youtube2video.exe infected Virus.Win32.Sality.aa ...19:26:45:593 6176 cured
19:26:46:718 6176 D:\cheatbox\chtb0609.exe infected Virus.Win32.Sality.aa ...19:26:46:718 6176 cured
19:26:47:156 6176 D:\cheatbox\Uninstal.exe infected Virus.Win32.Sality.aa ...19:26:47:156 6176 cured
19:26:47:453 6176 D:\ChromeSetup.exe infected Virus.Win32.Sality.aa ...19:26:47:453 6176 cured
19:26:49:875 6176 D:\daemon tool\DAEMON Tools Lite\uninst.exe infected Virus.Win32.Sality.aa ...19:26:49:875 6176 cured
19:26:50:656 6176 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\AccountServer.exe infected Virus.Win32.Sality.aa ...19:26:50:656 6176 cured
19:26:50:859 6176 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GameServer.exe infected Virus.Win32.Sality.aa ...19:26:50:859 6176 cured
19:26:51:046 6176 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\gameserver2.0.exe infected Virus.Win32.Sality.aa ...19:26:51:046 6176 cured
19:26:51:218 6176 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GateServer.exe infected Virus.Win32.Sality.aa ...19:26:51:218 6176 cured
19:26:51:390 6176 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GroupServer.exe infected Virus.Win32.Sality.aa ...19:26:51:390 6176 cured
19:26:51:578 6176 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\Server Launcher.exe infected Virus.Win32.Sality.aa ...19:26:51:578 6176 cured
19:26:51:750 6176 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\UserAccount.exe infected Virus.Win32.Sality.aa ...19:26:51:750 6176 cured
19:42:40:343 6176 D:\Garena\blackshot\sality_off\sality_off\Sality_off.exe infected Virus.Win32.Sality.aa ...19:42:40:343 6176 cured
20:05:56:421 6200 C:\Program Files\Avira\AntiVir Desktop\setup.exe infected Virus.Win32.Sality.aa ...20:05:56:812 6200 terminated
20:05:56:875 6200 C:\Program Files\Avira\AntiVir Desktop\setup.exe infected Virus.Win32.Sality.aa ...20:05:56:875 6200 not cured
20:07:28:875 6200 C:\Program Files\Avira\AntiVir Desktop\setup.exe infected Virus.Win32.Sality.aa ...20:07:29:296 6200 terminated
20:07:29:546 6200 C:\Program Files\Avira\AntiVir Desktop\setup.exe infected Virus.Win32.Sality.aa ...20:07:29:546 6200 not cured
20:08:47:359 6176
20:08:47:359 6200
Monitoring thread stopped
20:08:47:359 6176
completed
20:08:47:359 6176 Infected files: 41
20:08:47:359 6176 Infected processes: 2
20:08:47:359 6176 Infected threads: 446
20:08:47:359 6176 Cured files: 33
20:08:47:359 6176 Will be cured on reboot: 0
20:08:47:359 6176 Executed registry scripts: 5

2)ComboFix.txt:

ComboFix 10-10-21.06 - Synz 22/10/2010 21:37:21.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1150 [GMT 8:00]
Running from: c:\documents and settings\Synz\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Synz\Application Data\ygmdrm.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AIC32P
-------\Service_aic32p
-------\Legacy_AIC32P
-------\Service_aic32p


((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-22 12:41 . 2010-10-22 12:41 -------- d-----w- c:\program files\VS Revo Group
2010-10-22 12:36 . 2010-10-22 12:36 -------- d-----w- c:\program files\Unlocker
2010-10-22 11:18 . 2010-09-13 00:46 164688 ----a-w- C:\SK.com
2010-10-21 06:22 . 2010-10-21 06:22 -------- d-----w- c:\documents and settings\Synz\Application Data\Avira
2010-10-21 06:11 . 2010-03-01 02:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-21 06:11 . 2010-02-16 06:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-21 06:11 . 2009-05-11 04:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-21 06:11 . 2009-05-11 04:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-21 06:11 . 2010-10-21 06:11 -------- d-----w- c:\program files\Avira
2010-10-21 06:11 . 2010-10-21 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-18 07:10 . 2010-10-18 07:10 -------- d-----w- c:\program files\ERUNT
2010-10-14 16:59 . 2010-10-14 16:59 -------- d-----w- c:\documents and settings\Synz\Local Settings\Application Data\Help
2010-10-11 15:52 . 2010-10-11 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\xOcean
2010-10-08 17:01 . 2010-10-08 17:01 -------- d-----w- c:\windows\Sun
2010-10-08 16:40 . 2010-10-08 16:40 -------- d-----w- c:\program files\Common Files\Java
2010-10-08 16:40 . 2010-10-08 16:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-08 16:40 . 2010-10-08 16:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-08 16:40 . 2010-10-08 16:40 -------- d-----w- c:\program files\Java
2010-10-08 06:15 . 2010-10-08 06:15 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-10-03 19:11 . 2010-10-21 06:17 -------- d-----w- c:\documents and settings\Synz\Application Data\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 10:41 . 2006-10-26 05:45 293376 ----a-w- c:\windows\system32\WISPTIS.EXE
2010-10-21 10:40 . 2003-06-13 09:23 50176 ----a-w- c:\windows\apppatch\AppLoc.exe
2010-08-07 07:27 . 2010-08-07 07:27 262310 ----a-w- C:\PER PERMOHONAN PEMBIAYAAN PTPTN.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files\Ask.com\GenericAskToolbar.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
c:\program files\PHPNukeEN\tbPHP1.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [BU]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [BU]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-22 192000]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [BU]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [BU]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [BU]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 78848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Garena\\Garena.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Synz\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Synz\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"d:\\games\\Warcraft III 1.21B\\war3.exe"=
"c:\\Garena\\Garena\\Garena.exe"=
"c:\\GM Simple\\DATA\\DLL\\WarKey.dll"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"=
"g:\\SHORTI\\kolonija.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\setup.exe"=
"c:\\Program Files\\Unlocker\\UnlockerAssistant.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/1/2010 8:28 PM 33824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/21/2010 2:11 PM 135336]
S2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;"c:\program files\Nero\Update\NASvc.exe" --> c:\program files\Nero\Update\NASvc.exe [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Synz\LOCALS~1\Temp\NHO20.tmp --> c:\docume~1\Synz\LOCALS~1\Temp\NHO20.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena2\Garena\plugins\UI\safedrv.sys --> d:\garena2\Garena\plugins\UI\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AIC32P
.
Contents of the 'Scheduled Tasks' folder

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-117609710-682003330-1003Core.job
- c:\documents and settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-21 11:22]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-117609710-682003330-1003UA.job
- c:\documents and settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-21 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-autoclicker_is1 - c:\program files\auto-clicker\unins000.exe
AddRemove-BitTorrent - d:\bittorrent\BitTorrent.exe
AddRemove-BlackShot - d:\garena\blackshot\uninstall.exe
AddRemove-Fiddler - c:\program files\Fiddler\uninst.exe
AddRemove-Fiddler2 - c:\program files\Fiddler2\uninst.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Galactic Magnate_is1 - c:\program files\Galactic Magnate\uninst\unins000.exe
AddRemove-PHPNukeEN Toolbar - c:\progra~1\PHPNUK~1\UNWISE.EXE
AddRemove-PPStream - c:\program files\PPStream\unpps.exe
AddRemove-{A0A3DE9B-22BE-414F-925F-86296DC8896D}_is1 - d:\games\rappelz\Rappelz\unins000.exe
AddRemove-{C12A198C-E751-4729-839A-8FA07CF941C1}_is1 - d:\dragon\dragon\Dragonica\unins000.exe



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Synz\LOCALS~1\Temp\NHO20.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2988)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-22 21:43:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-22 13:43

Pre-Run: 1,218,007,040 bytes free
Post-Run: 1,185,382,400 bytes free

- - End Of File - - 688CC69978394528DBA29B0136BAE1CF

3) DrWeb.csv

winheqpx.exe;C:\DOCUME~1\Synz\LOCALS~1\Temp;Trojan.DownLoad.64240;Deleted.;
winulywcs.exe;C:\DOCUME~1\Synz\LOCALS~1\Temp;Trojan.DownLoader1.18855;Deleted.;
Au_.exe;C:\DOCUME~1\Synz\LOCALS~1\Temp\~nsu.tmp;Win32.Sector.5;Cured.;
chrome.exe;c:\documents and settings\synz\local settings\application data\google\chrome\application;Win32.Sector.5;Cured.;
googleupdate.exe;c:\documents and settings\synz\local settings\application data\google\update;Win32.Sector.5;Cured.;
odserv.exe;c:\program files\common files\microsoft shared\office12;Win32.Sector.5;Cured.;
ose.exe;c:\program files\common files\microsoft shared\source engine;Win32.Sector.5;Cured.;
grooveauditservice.exe;c:\program files\microsoft office\office12;Win32.Sector.5;Cured.;
CF15951.cfxxe;C:\ComboFix;Win32.Sector.5;Cured.;
ComboFix.exe;C:\Documents and Settings\Synz\Desktop;Win32.Sector.5;Cured.;
ComboFix.exe\32788R22FWJFW\Create.cmd;C:\Documents and Settings\Synz\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe;C:\Documents and Settings\Synz\Desktop;Archive contains infected objects;;
chrome_launcher.exe;C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63;Win32.Sector.5;Cured.;
setup.exe;C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\Installer;Win32.Sector.5;Cured.;
chrome_frame_helper.exe;C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41;Win32.Sector.5;Cured.;
chrome_launcher.exe;C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41;Win32.Sector.5;Cured.;
setup.exe;C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\Installer;Win32.Sector.5;Cured.;
GoogleUpdate.exe;C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update;Win32.Sector.5;Cured.;
GoogleCrashHandler.exe;C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\1.2.183.39;Win32.Sector.5;Cured.;
GoogleUpdate.exe;C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\1.2.183.39;Win32.Sector.5;Cured.;
Au_.exe;C:\Documents and Settings\Synz\Local Settings\temp\~nsu.tmp;Win32.Sector.5;Cured.;
CrashSender.exe;C:\Garena\Garena;Win32.Sector.5;Cured.;
uninst.exe;C:\Garena\Garena;Win32.Sector.5;Cured.;
Update.exe;C:\Garena\Garena;Win32.Sector.5;Cured.;
update2.exe;C:\Garena\Garena;Win32.Sector.5;Cured.;
launcher.exe;C:\Garena\Garena\BlackShotLauncher;Win32.Sector.5;Cured.;
UpdateMove.exe;C:\Garena\Garena\BlackShotLauncher;Win32.Sector.5;Cured.;
UpdateMove1.exe;C:\Garena\Garena\BlackShotLauncher;Win32.Sector.5;Cured.;
WarKey.dll;C:\GM Simple\DATA\DLL;Probably BACKDOOR.Trojan;;
ose.exe;C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C;Win32.Sector.5;Cured.;
DW20.EXE;C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C;Win32.Sector.5;Cured.;
dwtrig20.exe;C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C;Win32.Sector.5;Cured.;
AcroRd32.exe;C:\Program Files\Adobe\Acrobat 6.0\Reader;Win32.Sector.5;Cured.;
AdobeUpdateManager.exe;C:\Program Files\Adobe\Acrobat 6.0\Reader;Win32.Sector.5;Cured.;
ConsoleApp.exe;C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme;Win32.Sector.5;Cured.;
acroaum.exe;C:\Program Files\Adobe\Acrobat 6.0\Reader\Updater;Win32.Sector.5;Cured.;
avconfig.exe;C:\Program Files\Avira\AntiVir Desktop;Win32.Sector.5;Cured.;
avwsc.exe;C:\Program Files\Avira\AntiVir Desktop;Win32.Sector.5;Cured.;
fact.exe;C:\Program Files\Avira\AntiVir Desktop;Win32.Sector.5;Cured.;
guardhlp.exe;C:\Program Files\Avira\AntiVir Desktop;Win32.Sector.5;Cured.;
licmgr.exe;C:\Program Files\Avira\AntiVir Desktop;Win32.Sector.5;Cured.;
setup.exe;C:\Program Files\Avira\AntiVir Desktop;Win32.Sector.5;Cured.;
rtlrack.exe;C:\Program Files\AvRack;Win32.Sector.5;Cured.;
CondPlug.exe;C:\Program Files\Common Files\DVDVideoSoft\TB;Win32.Sector.5;Cured.;
DVDVideoSoftTB.exe;C:\Program Files\Common Files\DVDVideoSoft\TB;Win32.Sector.5;Cured.;
TBOffer.exe;C:\Program Files\Common Files\DVDVideoSoft\TB;Win32.Sector.5;Cured.;
IKernel.exe;C:\Program Files\Common Files\InstallShield\engine\6\Intel 32;Win32.Sector.5;Cured.;
jaucheck.exe;C:\Program Files\Common Files\Java\Java Update;Win32.Sector.5;Cured.;
jaureg.exe;C:\Program Files\Common Files\Java\Java Update;Win32.Sector.5;Cured.;
jucheck.exe;C:\Program Files\Common Files\Java\Java Update;Win32.Sector.5;Cured.;
DW20.EXE;C:\Program Files\Common Files\Microsoft Shared\DW;Win32.Sector.5;Cured.;
DWTRIG20.EXE;C:\Program Files\Common Files\Microsoft Shared\DW;Win32.Sector.5;Cured.;
EQNEDT32.EXE;C:\Program Files\Common Files\Microsoft Shared\EQUATION;Win32.Sector.5;Cured.;
OINFOP12.EXE;C:\Program Files\Common Files\Microsoft Shared\MSInfo;Win32.Sector.5;Cured.;
MSE7.EXE;C:\Program Files\Common Files\Microsoft Shared\OFFICE12;Win32.Sector.5;Cured.;
MSOXMLED.EXE;C:\Program Files\Common Files\Microsoft Shared\OFFICE12;Win32.Sector.5;Cured.;
OFFDIAG.EXE;C:\Program Files\Common Files\Microsoft Shared\OFFICE12;Win32.Sector.5;Cured.;
OFFLB.EXE;C:\Program Files\Common Files\Microsoft Shared\OFFICE12;Win32.Sector.5;Cured.;
ODEPLOY.EXE;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller;Win32.Sector.5;Cured.;
SETUP.EXE;C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller;Win32.Sector.5;Cured.;
SmartTagInstall.exe;C:\Program Files\Common Files\Microsoft Shared\Smart Tag;Win32.Sector.5;Cured.;
AUTOBACK.EXE;C:\Program Files\ERUNT;Win32.Sector.5;Cured.;
ERUNT.EXE;C:\Program Files\ERUNT;Win32.Sector.5;Cured.;
NTREGOPT.EXE;C:\Program Files\ERUNT;Win32.Sector.5;Cured.;
Setup.exe;C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E};Win32.Sector.5;Cured.;
java-rmi.exe;C:\Program Files\Java\jre6\bin;Win32.Sector.5;Cured.;
java.exe;C:\Program Files\Java\jre6\bin;Win32.Sector.5;Cured.;
javacpl.exe;C:\Program Files\Java\jre6\bin;Win32.Sector.5;Cured.;
javaw.exe;C:\Program Files\Java\jre6\bin;Win32.Sector.5;Cured.;
javaws.exe;C:\Program Files\Java\jre6\bin;Win32.Sector.5;Cured.;
jbroker.exe;C:\Program Files\Java\jre6\bin;Win32.Sector.5;Cured.;
jp2launcher.exe;C:\Program Files\Java\jre6\bin;Win32.Sector.5;Cured.;
mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.Sector.5;Cured.;
mbamgui.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.Sector.5;Cured.;
mbamservice.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.Sector.5;Cured.;
CLVIEW.EXE;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
CNFNOT32.EXE;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
DRAT.EXE;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
DSSM.EXE;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
EXCEL.EXE;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
excelcnv.exe;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
GRAPH.EXE;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
GROOVE.EXE;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
GrooveClean.exe;C:\Program Files\Microsoft Office\Office12;Win32.Sector.5;Cured.;
ONELEV.EXE;C:\Program Files\Microsoft Office\Office12\1033;Win32.Sector.5;Cured.;
msnsusii.exe;C:\Program Files\MSN\MSNCoreFiles\Install;Win32.Sector.5;Cured.;
Digcore.exe;C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components;Win32.Sector.5;Cured.;
Msncli.exe;C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components;Win32.Sector.5;Cured.;
uninstall.exe;C:\Program Files\VideoLAN\VLC;Win32.Sector.5;Cured.;
Rar.exe;C:\Program Files\WinRAR;Win32.Sector.5;Cured.;
RarExtLoader.exe;C:\Program Files\WinRAR;Win32.Sector.5;Cured.;
Uninstall.exe;C:\Program Files\WinRAR;Win32.Sector.5;Cured.;
UnRAR.exe;C:\Program Files\WinRAR;Win32.Sector.5;Cured.;
WinRAR.exe;C:\Program Files\WinRAR;Win32.Sector.5;Cured.;
ygmdrm.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Synz\Application Data;Win32.HLLW.Autoruner.22584;Deleted.;
ChromeSetup.exe;D:\;Win32.Sector.5;Cured.;
DragonicaDownloaderV1.0.17.exe;D:\;Win32.Sector.5;Cured.;
ChromeSetup.exe;D:\C drive;Win32.Sector.5;Cured.;
biosagentplus_40.exe;D:\C drive\document and settings\Synz\MY Document\Downloads;Win32.Sector.5;Cured.;
biosagentplus_40.exe;D:\C drive\document and settings\Synz\MY Document\Downloads;Win32.Sector.5Probably BACKDOOR.Trojan;;
Garena_setup.exe;D:\C drive\document and settings\Synz\MY Document\Downloads;Win32.Sector.5;Cured.;
wrar391.exe;D:\C drive\document and settings\Synz\MY Document\Downloads;Win32.Sector.5;Cured.;
digsby_install.exe;D:\C drive\document and settings\Synz\MY Document\Downloads\Programs;Win32.Sector.5;Cured.;
chromeinstall.exe;D:\C drive\Downloads;Win32.Sector.5;Cured.;
Firefox Setup 3.6.3.exe;D:\C drive\Downloads;Win32.Sector.5;Cured.;
Firefox Setup 3.6.3.exe;D:\C drive\Downloads;Trojan.DownLoad1.8321;Incurable.Moved.;
flashget3.3.0.1092en.exe;D:\C drive\Downloads;Win32.Sector.5;Cured.;
install_flash_player.exe;D:\C drive\Downloads;Win32.Sector.5;Cured.;
install_flash_player.exe;D:\C drive\Downloads;Trojan.MulDrop.39229;Incurable.Moved.;
vlc-1.0.5-win32.exe;D:\C drive\Downloads;Win32.Sector.5;Cured.;
wlsetup-web.exe;D:\C drive\Downloads;Win32.Sector.5;Cured.;
youtube2video.exe;D:\C drive\Downloads;Win32.Sector.5;Cured.;
Sality_off.exe;D:\C drive\Downloads\sality_off\sality_off;Win32.Sector.5;Cured.;
chtb0609.exe;D:\cheatbox;Win32.Sector.5;Cured.;
Uninstal.exe;D:\cheatbox;Win32.Sector.5;Cured.;
uninst.exe;D:\daemon tool\DAEMON Tools Lite;Win32.Sector.5;Cured.;
LadderChecker.dll;D:\DATA\DLL;Trojan.MulDrop1.16490;Deleted.;
flashget196en.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
HamachiSetup-1.0.3.0-en.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
install_flash_player.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
install_flash_player.exe;D:\Downloaded Files;Trojan.MulDrop.39229;Incurable.Moved.;
launch(2).exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
launch.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
ODS Noir skin beta testv0.6c.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
Server_Tools.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
vcsetup.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
vlc-0.9.9-win32.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
wlsetup-custom.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
wrar39b3.exe;D:\Downloaded Files;Win32.Sector.5;Cured.;
AccountServer.exe;D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES;Win32.Sector.5;Cured.;
GameServer.exe;D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES;Win32.Sector.5;Cured.;
gameserver2.0.exe;D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES;Win32.Sector.5;Cured.;
GateServer.exe;D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES;Win32.Sector.5;Cured.;
GroupServer.exe;D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES;Win32.Sector.5;Cured.;
Server Launcher.exe;D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES;Win32.Sector.5;Cured.;
UserAccount.exe;D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES;Win32.Sector.5;Cured.;
GameServer 2.0.exe;D:\Downloaded Files\GameServer;Win32.Sector.5;Cured.;
gameserver.exe;D:\Downloaded Files\GameServer;Win32.Sector.5;Cured.;
gameserver.exe;D:\Downloaded Files\old 2.0 gameserver;Win32.Sector.5;Cured.;
rpc412_setup.exe;D:\Downloaded Files\rpc412;Win32.Sector.5;Cured.;
13102008PATCHER.exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
chromeinstall-6u18.exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
dotnetfx.exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
dotnetfx35setup.exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
DriverDetective.exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
DTLite4355-0068.exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
flashget3.2.0.1064cn.exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
lame.exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
launch(2).exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
launch(3).exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
launch(4).exe;D:\Downloaded Files from Firefox;Win32.Sector.5;Cured.;
2008-01-02a_xpv9_data_folder.exe;D:\Downloaded Files from Firefox\2008-01-02a_xpv9_data_folder(2);Win32.Sector.5;Cured.;
3DAnalyze.exe;D:\Downloaded Files from Firefox\3danalyzer-v236;Win32.Sector.5;Cured.;
3danalyzer-v236.exe;D:\Downloaded Files from Firefox\3danalyzer-v236;Win32.Sector.5;Cured.;
ESTdnheadless.exe;D:\Downloaded Files from Firefox\Cabal Chronicle\CABAL Online (SG MY)\launcher\update;Win32.Sector.5;Cured.;
w9xpopen.exe;D:\Downloaded Files from Firefox\Cabal Chronicle\CABAL Online (SG MY)\launcher\update;Win32.Sector.5;Cured.;
EmptyDLL.exe;D:\Downloaded Files from Firefox\CE\Cheat Engine;Win32.Sector.5;Cured.;
Acidstar.exe;D:\Downloaded Files from Firefox\Chronicle_Client_v1107;Win32.Sector.5;Cured.;
cabal.exe;D:\Downloaded Files from Firefox\Chronicle_Client_v1107;Win32.Sector.5;Cured.;
CabalMain.exe;D:\Downloaded Files from Firefox\Chronicle_Client_v1107;Win32.Sector.5;Cured.;
Uninstal.exe;D:\Downloaded Files from Firefox\Chronicle_Client_v1107;Win32.Sector.5;Cured.;
XTrapVa.dll;D:\Downloaded Files from Firefox\Chronicle_Client_v1107\XTrap;Probably DLOADER.Trojan;;
setup.exe;D:\Downloaded Files from Firefox\chtb0609;Win32.Sector.5;Cured.;
2009-07-15aRagexeRE_patched.exe;D:\Downloaded Files from Firefox\Client;Win32.Sector.5;Cured.;
dotakeys.exe;D:\Downloaded Files from Firefox\dota_keys_1.4-0.2.0;Win32.Sector.5;Cured.;
char-server_sql.exe;D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable];Win32.Sector.5;Cured.;
ladmin.exe;D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable];Win32.Sector.5;Cured.;
login-server_sql.exe;D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable];Win32.Sector.5;Cured.;
mapcache.exe;D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable];Win32.Sector.5;Cured.;
adduser.exe;D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools;Win32.Sector.5;Cured.;
char-converter.exe;D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools;Win32.Sector.5;Cured.;
login-converter.exe;D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools;Win32.Sector.5;Cured.;
Garena Anti-Hack ByPass.exe;D:\Downloaded Files from Firefox\Garena Anti-Hack Bypass v1.0\Garena Anti-Hack Bypass;Win32.Sector.5;Cured.;
Garena Universal MH.exe;D:\Downloaded Files from Firefox\Garena Universal Maphack v1.1;Win32.Sector.5;Cured.;
Setup.exe;D:\Downloaded Files from Firefox\gdbfn;Win32.Sector.5;Cured.;
HideToolz.exe;D:\Downloaded Files from Firefox\HideToolz;Tool.HideApp.32;;
JDownloader.exe;D:\Downloaded Files from Firefox\JDownloader\JDownloader;Win32.Sector.5;Cured.;
NetFx20SP2_x86.exe;D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist;Win32.Sector.5;Cured.;
PhysX_9.09.0408_SystemSoftware.exe;D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist;Win32.Sector.5;Cured.;
DXSETUP.exe;D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\DirectX;Win32.Sector.5;Cured.;
kompozer.exe;D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10;Win32.Sector.5;Cured.;
mangle.exe;D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10;Win32.Sector.5;Cured.;
rebasedlls.exe;D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10;Win32.Sector.5;Cured.;
regchrome.exe;D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10;Win32.Sector.5;Cured.;
regxpcom.exe;D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10;Win32.Sector.5;Cured.;
shlibsign.exe;D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10;Win32.Sector.5;Cured.;
install_flash_player.exe;D:\Downloaded Files from Firefox\sortware;Trojan.MulDrop.39229;Incurable.Moved.;
installer.exe;D:\dragon;Win32.Sector.5;Cured.;
chromeinstall.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
DragonicaDownloaderV1.0.17(2).exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
DragonicaDownloaderV1.0.17.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
Firefox Setup 3.6.3.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
Firefox Setup 3.6.3.exe;D:\dragon\Downloads;Trojan.DownLoad1.8321;Incurable.Moved.;
flashget3.3.0.1092en.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
Garena_setup.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
installer.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
install_flash_player.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
install_flash_player.exe;D:\dragon\Downloads;Trojan.MulDrop.39229;Incurable.Moved.;
vlc-1.0.5-win32.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
wlsetup-web.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
youtube2video.exe;D:\dragon\Downloads;Win32.Sector.5;Cured.;
cqccyh01updater.exe;D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2;Win32.Sector.5;Cured.;
ManaBars.exe;D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2;Win32.Sector.5;Cured.;
_Load GarenaHack_.exe;D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2;Win32.Sector.5;Cured.;
LadderChecker.dll;D:\dragon\Downloads\GarenaMaster (1)\DATA\DLL;Trojan.MulDrop1.16490;Deleted.;
WarKey.dll;D:\dragon\Downloads\GarenaMaster (1)\DATA\DLL;Probably BACKDOOR.Trojan;;
LadderChecker.dll;D:\dragon\Downloads\GarenaMaster (6)\DATA\DLL;Trojan.MulDrop1.16490;Deleted.;
WarKey.dll;D:\dragon\Downloads\GarenaMaster (6)\DATA\DLL;Probably BACKDOOR.Trojan;;
vc6redistsetup_enu.exe;D:\dragon\Downloads\Programs;Win32.Sector.5;Cured.;
vcredist_x86_en.exe;D:\dragon\Downloads\Programs;Win32.Sector.5;Cured.;
Sality_off.exe;D:\dragon\Downloads\sality_off\sality_off;Win32.Sector.5;Cured.;
AIKALauncher.exe;D:\games\AIKA Online\AIKAGlobal;Win32.Sector.5;Cured.;
uninstall.exe;D:\games\AIKA Online\AIKAGlobal;Win32.Sector.5;Cured.;
extz.exe;D:\games\RAN\VEGARAN;Win32.Sector.5;Cured.;
game.exe;D:\games\RAN\VEGARAN;Win32.Sector.5;Cured.;
dotakeys.exe;D:\games\War3 Tools\DotaKeys;Win32.Sector.5;Cured.;
War3.exe;D:\games\Warcraft III 1.21B;Win32.Sector.5;Cured.;
worldedit.exe;D:\games\Warcraft III 1.21B;Win32.Sector.5;Cured.;
CrashSender.exe;D:\Garena;Win32.Sector.5;Cured.;
uninst.exe;D:\Garena;Win32.Sector.5;Cured.;
update.exe;D:\Garena;Win32.Sector.5;Cured.;
update2.exe;D:\Garena;Win32.Sector.5;Cured.;
BitTorrent-7.1.exe;D:\Garena\blackshot;Win32.Sector.5;Cured.;
chromeinstall-6u21.exe;D:\Garena\blackshot;Win32.Sector.5;Cured.;
Garena_setup (1).exe;D:\Garena\blackshot;Win32.Sector.5;Cured.;
Garena_setup (2).exe;D:\Garena\blackshot;Win32.Sector.5;Cured.;
Garena_setup.exe;D:\Garena\blackshot;Win32.Sector.5;Cured.;
installer_roxio_easy_media_creator_9_0_English.exe;D:\Garena\blackshot;Win32.Sector.5;Cured.;
Nero_BurnLite-10.0.10500.exe;D:\Garena\blackshot;Win32.Sector.5;Cured.;
revosetup.exe;D:\Garena\blackshot;Win32.Sector.5;Cured.;
CEP.EXE;D:\Garena\blackshot\cep024;Win32.Sector.5;Cured.;
ecm.exe;D:\Garena\blackshot\ecm100;Win32.Sector.5;Cured.;
unecm.exe;D:\Garena\blackshot\ecm100;Win32.Sector.5;Cured.;
gmer.exe;D:\Garena\blackshot\gmer;Win32.Sector.5;Cured.;
psxfin.exe;D:\Garena\blackshot\pSX_1_13;Win32.Sector.5;Cured.;
cdztool.exe;D:\Garena\blackshot\pSX_1_13\utils;Win32.Sector.5;Cured.;
Sality_off.exe;D:\Garena\blackshot\sality_off\sality_off;Win32.Sector.5;Cured.;
launcher.exe;D:\Garena\BlackShotLauncher;Win32.Sector.5;Cured.;
UpdateMove.exe;D:\Garena\BlackShotLauncher;Win32.Sector.5;Cured.;
UpdateMove1.exe;D:\Garena\BlackShotLauncher;Win32.Sector.5;Cured.;
LadderChecker.dll;D:\ninja\DATA\DLL;Trojan.MulDrop1.16490;Deleted.;
launch.exe;D:\ninja\DwnlData\Synz\launch_65;Win32.Sector.5;Cured.;
SvcHost.com\32788R22FWJFW\Create.cmd;G:\SvcHost.com;Probably BATCH.Virus;;
SvcHost.com;G:\;Archive contains infected objects;Moved.;
maksimus.exe;G:\TOPHILL;Trojan.Packed.20312;Deleted.;
psxfin.exe;G:\PS I\psx;Win32.Sector.5;Cured.;
cdztool.exe;G:\PS I\psx\utils;Win32.Sector.5;Cured.;
CEP.EXE;G:\PS I\cep024;Win32.Sector.5;Cured.;
tornado.exe;G:\GOLAC;Win32.Sector.5;Cured.;
tornado.exe;G:\GOLAC;Trojan.Packed.20312;Deleted.;
kolonija.exe;G:\SHORTI;Win32.Sector.5;Cured.;

Problems encountered:

1) the first time i scanned with combofix, my computer hanged while combofix was producing the log, and when i scanned the second time, i did not update it. However, i did install Microsoft Windows Recovery Console in the first scan.

2) During the scan with DrWeb, i chose custom scan instead of complete scan because when i could not choose any drive during complete scan.

[azarl]

Thanks, I'm going through the logs. I'll post back later with the next step

[Mudz]

Thanks, I'm going through the logs. I'll post back later with the next step

No problem, i am the one who should thank you for spending your time to help to solve my PC problems, thanks again!

[azarl]

» Step 1 «
Run SalityKiller again

• Click Start > Run
• Type in: c:\SK.com -a -j -k -l c:\SKLog.txt and press enter
• A black screen will appear as the scan starts
• Once complete, Press any key to continue.
• Locate SKreport.log, in C:\. Please post the contents of SKreport.log on your next reply after you've run the remaining steps.

» Step 2 «
ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:

Driver::
GarenaPEngine
XDva359

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"g:\\SHORTI\\kolonija.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

File::
c:\docume~1\Synz\LOCALS~1\Temp\NHO20.tmp
c:\windows\system32\XDva359.sys

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I need you to include in your next reply.

» Step 3 «
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[Mudz]

Here are the logs:

1)SKLog.txt:


00:21:23:796 2676 scanning threads ...
00:21:25:515 2676 Infected thread was killed in process chrome.exe with PID 584
00:21:25:515 2676 Infected thread was killed in process chrome.exe with PID 584
00:21:25:531 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:531 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:656 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:656 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:656 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:656 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:656 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:671 2676 Infected thread was killed in process chrome.exe with PID 1392
00:21:25:687 2676 Infected thread was killed in process wuauclt.exe with PID 212
00:21:25:687 2676 Infected thread was killed in process wuauclt.exe with PID 212
00:21:25:734 2676 Infected thread was killed in process chrome.exe with PID 2144
00:21:25:734 2676 Infected thread was killed in process chrome.exe with PID 2144
00:21:25:765 2676 Infected thread was killed in process chrome.exe with PID 2144
00:21:26:875 2676 Infected thread was killed in process chrome.exe with PID 2392
00:21:26:890 2676 Infected thread was killed in process chrome.exe with PID 2392
00:21:30:421 2676
00:21:30:421 2676 scanning processes ...
00:21:30:500 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe infected Virus.Win32.Sality.aa ...00:21:30:812 2676 terminated
00:21:31:015 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe infected Virus.Win32.Sality.aa ...00:21:31:015 2676 will be cured on reboot
00:21:31:125 2676
00:21:31:125 2676 removing autorun.inf files ...
00:21:31:140 2676
00:21:31:140 2676 Disabling autorun on all drive types
00:21:31:140 2676
00:21:31:140 2676 restoring SafeBoot registry node
00:21:31:140 2676 Restoring safe/network boot registry branches for windows XP
00:21:31:140 2692
Monitoring thread started
00:21:31:359 2676
00:21:31:359 2676 fixing registry ...
00:21:31:359 2676 SalityRegCure: Restoring general registry keys
00:21:31:531 2676 SalityRegCure: Fixing system.ini
00:21:31:531 2676
00:21:31:531 2676 scanning drives ...
00:21:31:531 2676 scanning C:\ ...
00:21:34:828 2676 C:\ComboFix\CF15951.cfxxe infected Virus.Win32.Sality.aa ...00:21:34:828 2676 cured
00:21:58:359 2676 C:\Documents and Settings\Synz\Desktop\ComboFix.exe infected Virus.Win32.Sality.aa ...00:21:58:359 2676 cured
00:21:59:453 2676 C:\Documents and Settings\Synz\DoctorWeb\Quarantine\ComboFix.exe infected Virus.Win32.Sality.aa ...00:21:59:453 2676 cured
00:21:59:656 2676 C:\Documents and Settings\Synz\DoctorWeb\Quarantine\Firefox Setup 3.6.0.exe infected Virus.Win32.Sality.aa ...00:21:59:656 2676 cured
00:21:59:906 2676 C:\Documents and Settings\Synz\DoctorWeb\Quarantine\Firefox Setup 3.6.3.exe infected Virus.Win32.Sality.aa ...00:21:59:906 2676 cured
00:22:00:125 2676 C:\Documents and Settings\Synz\DoctorWeb\Quarantine\install_flash_playe0.exe infected Virus.Win32.Sality.aa ...00:22:00:125 2676 cured
00:22:00:375 2676 C:\Documents and Settings\Synz\DoctorWeb\Quarantine\install_flash_playe1.exe infected Virus.Win32.Sality.aa ...00:22:00:375 2676 cured
00:22:00:593 2676 C:\Documents and Settings\Synz\DoctorWeb\Quarantine\install_flash_playe2.exe infected Virus.Win32.Sality.aa ...00:22:00:593 2676 cured
00:22:00:812 2676 C:\Documents and Settings\Synz\DoctorWeb\Quarantine\install_flash_player.exe infected Virus.Win32.Sality.aa ...00:22:00:812 2676 cured
00:22:01:687 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\chrome_launcher.exe infected Virus.Win32.Sality.aa ...00:22:01:687 2676 cured
00:22:02:328 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\6.0.472.63\Installer\setup.exe infected Virus.Win32.Sality.aa ...00:22:02:328 2676 cured
00:22:05:078 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\chrome_frame_helper.exe infected Virus.Win32.Sality.aa ...00:22:05:078 2676 cured
00:22:05:281 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\chrome_launcher.exe infected Virus.Win32.Sality.aa ...00:22:05:281 2676 cured
00:22:05:656 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\7.0.517.41\Installer\setup.exe infected Virus.Win32.Sality.aa ...00:22:05:656 2676 cured
00:22:08:140 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe infected Virus.Win32.Sality.aa ...00:22:08:140 2676 will be cured on reboot
00:22:16:515 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe infected Virus.Win32.Sality.aa ...00:22:16:515 2676 cured
00:22:16:703 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleUpdate.exe infected Virus.Win32.Sality.aa ...00:22:16:703 2676 cured
00:22:17:281 2676 C:\Documents and Settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe infected Virus.Win32.Sality.aa ...00:22:17:281 2676 cured
00:22:24:453 2676 C:\Documents and Settings\Synz\Local Settings\temp\736E1A27-D7886A30-24C42BC4-587BEB1A\42e87_xp.exe infected Virus.Win32.Sality.aa ...00:22:24:453 2676 cured
00:22:25:031 2676 C:\Documents and Settings\Synz\Local Settings\temp\736E1A27-D7886A30-24C42BC4-587BEB1A\8246cc.exe infected Virus.Win32.Sality.aa ...00:22:25:031 2676 cured
00:22:34:468 2676 C:\Garena\Garena\BlackShotLauncher\launcher.exe infected Virus.Win32.Sality.aa ...00:22:34:468 2676 cured
00:22:35:000 2676 C:\Garena\Garena\BlackShotLauncher\UpdateMove.exe infected Virus.Win32.Sality.aa ...00:22:35:000 2676 cured
00:22:35:203 2676 C:\Garena\Garena\BlackShotLauncher\UpdateMove1.exe infected Virus.Win32.Sality.aa ...00:22:35:203 2676 cured
00:22:35:656 2676 C:\Garena\Garena\CrashSender.exe infected Virus.Win32.Sality.aa ...00:22:35:656 2676 cured
00:22:39:453 2676 C:\Garena\Garena\uninst.exe infected Virus.Win32.Sality.aa ...00:22:39:453 2676 cured
00:22:39:703 2676 C:\Garena\Garena\Update.exe infected Virus.Win32.Sality.aa ...00:22:39:703 2676 cured
00:22:40:000 2676 C:\Garena\Garena\update2.exe infected Virus.Win32.Sality.aa ...00:22:40:000 2676 cured
00:22:41:109 2676 C:\GM Simple\DATA\DLL\ManaBars.dll infected Virus.Win32.Sality.aa ...00:22:41:109 2676 cured
00:22:41:343 2676 C:\GM Simple\DATA\DLL\WarKey.dll infected Virus.Win32.Sality.aa ...00:22:41:343 2676 cured
00:22:43:078 2676 C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe infected Virus.Win32.Sality.aa ...00:22:43:078 2676 cured
00:22:43:671 2676 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE infected Virus.Win32.Sality.aa ...00:22:43:671 2676 cured
00:22:43:937 2676 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe infected Virus.Win32.Sality.aa ...00:22:43:953 2676 cured
00:22:46:328 2676 C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe infected Virus.Win32.Sality.aa ...00:22:46:328 2676 cured
00:22:46:718 2676 C:\Program Files\Adobe\Acrobat 6.0\Reader\AdobeUpdateManager.exe infected Virus.Win32.Sality.aa ...00:22:46:718 2676 cured
00:22:48:015 2676 C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe infected Virus.Win32.Sality.aa ...00:22:48:015 2676 cured
00:22:48:468 2676 C:\Program Files\Adobe\Acrobat 6.0\Reader\Updater\acroaum.exe infected Virus.Win32.Sality.aa ...00:22:48:468 2676 cured
00:22:49:031 2676 C:\Program Files\AvRack\rtlrack.exe infected Virus.Win32.Sality.aa ...00:22:49:031 2676 cured
00:22:49:406 2676 C:\Program Files\Common Files\DVDVideoSoft\TB\CondPlug.exe infected Virus.Win32.Sality.aa ...00:22:49:406 2676 cured
00:22:49:781 2676 C:\Program Files\Common Files\DVDVideoSoft\TB\DVDVideoSoftTB.exe infected Virus.Win32.Sality.aa ...00:22:49:781 2676 cured
00:22:50:125 2676 C:\Program Files\Common Files\DVDVideoSoft\TB\TBOffer.exe infected Virus.Win32.Sality.aa ...00:22:50:125 2676 cured
00:22:50:718 2676 C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe infected Virus.Win32.Sality.aa ...00:22:50:718 2676 cured
00:22:50:984 2676 C:\Program Files\Common Files\Java\Java Update\jaucheck.exe infected Virus.Win32.Sality.aa ...00:22:50:984 2676 cured
00:22:51:187 2676 C:\Program Files\Common Files\Java\Java Update\jaureg.exe infected Virus.Win32.Sality.aa ...00:22:51:187 2676 cured
00:22:51:375 2676 C:\Program Files\Common Files\Java\Java Update\jucheck.exe infected Virus.Win32.Sality.aa ...00:22:51:375 2676 cured
00:22:52:078 2676 C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE infected Virus.Win32.Sality.aa ...00:22:52:078 2676 cured
00:22:52:312 2676 C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE infected Virus.Win32.Sality.aa ...00:22:52:312 2676 cured
00:22:52:578 2676 C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE infected Virus.Win32.Sality.aa ...00:22:52:578 2676 cured
00:22:54:281 2676 C:\Program Files\Common Files\Microsoft Shared\MSInfo\OINFOP12.EXE infected Virus.Win32.Sality.aa ...00:22:54:281 2676 cured
00:22:55:515 2676 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSE7.EXE infected Virus.Win32.Sality.aa ...00:22:55:515 2676 cured
00:22:55:796 2676 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE infected Virus.Win32.Sality.aa ...00:22:55:796 2676 cured
00:22:56:156 2676 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE infected Virus.Win32.Sality.aa ...00:22:56:156 2676 cured
00:22:57:359 2676 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFDIAG.EXE infected Virus.Win32.Sality.aa ...00:22:57:359 2676 cured
00:22:57:890 2676 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE infected Virus.Win32.Sality.aa ...00:22:57:890 2676 cured
00:22:58:640 2676 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\SETUP.EXE infected Virus.Win32.Sality.aa ...00:22:58:640 2676 cured
00:22:58:875 2676 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OFFLB.EXE infected Virus.Win32.Sality.aa ...00:22:58:875 2676 cured
00:23:00:546 2676 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe infected Virus.Win32.Sality.aa ...00:23:00:546 2676 cured
00:23:00:765 2676 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE infected Virus.Win32.Sality.aa ...00:23:00:765 2676 cured
00:23:03:984 2676 C:\Program Files\ERUNT\AUTOBACK.EXE infected Virus.Win32.Sality.aa ...00:23:03:984 2676 cured
00:23:04:187 2676 C:\Program Files\ERUNT\ERUNT.EXE infected Virus.Win32.Sality.aa ...00:23:04:187 2676 cured
00:23:04:375 2676 C:\Program Files\ERUNT\NTREGOPT.EXE infected Virus.Win32.Sality.aa ...00:23:04:375 2676 cured
00:23:04:687 2676 C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe infected Virus.Win32.Sality.aa ...00:23:04:687 2676 cured
00:23:05:390 2676 C:\Program Files\Java\jre6\bin\java-rmi.exe infected Virus.Win32.Sality.aa ...00:23:05:390 2676 cured
00:23:05:578 2676 C:\Program Files\Java\jre6\bin\java.exe infected Virus.Win32.Sality.aa ...00:23:05:578 2676 cured
00:23:05:765 2676 C:\Program Files\Java\jre6\bin\javacpl.exe infected Virus.Win32.Sality.aa ...00:23:05:765 2676 cured
00:23:05:937 2676 C:\Program Files\Java\jre6\bin\javaw.exe infected Virus.Win32.Sality.aa ...00:23:05:937 2676 cured
00:23:06:125 2676 C:\Program Files\Java\jre6\bin\javaws.exe infected Virus.Win32.Sality.aa ...00:23:06:125 2676 cured
00:23:06:375 2676 C:\Program Files\Java\jre6\bin\jbroker.exe infected Virus.Win32.Sality.aa ...00:23:06:375 2676 cured
00:23:06:609 2676 C:\Program Files\Java\jre6\bin\jp2launcher.exe infected Virus.Win32.Sality.aa ...00:23:06:609 2676 cured
00:23:06:906 2676 C:\Program Files\Java\jre6\bin\jqsnotify.exe infected Virus.Win32.Sality.aa ...00:23:06:906 2676 cured
00:23:07:125 2676 C:\Program Files\Java\jre6\bin\keytool.exe infected Virus.Win32.Sality.aa ...00:23:07:125 2676 cured
00:23:07:296 2676 C:\Program Files\Java\jre6\bin\kinit.exe infected Virus.Win32.Sality.aa ...00:23:07:296 2676 cured
00:23:07:484 2676 C:\Program Files\Java\jre6\bin\klist.exe infected Virus.Win32.Sality.aa ...00:23:07:484 2676 cured
00:23:07:671 2676 C:\Program Files\Java\jre6\bin\ktab.exe infected Virus.Win32.Sality.aa ...00:23:07:671 2676 cured
00:23:08:125 2676 C:\Program Files\Java\jre6\bin\orbd.exe infected Virus.Win32.Sality.aa ...00:23:08:125 2676 cured
00:23:08:312 2676 C:\Program Files\Java\jre6\bin\pack200.exe infected Virus.Win32.Sality.aa ...00:23:08:312 2676 cured
00:23:08:484 2676 C:\Program Files\Java\jre6\bin\policytool.exe infected Virus.Win32.Sality.aa ...00:23:08:484 2676 cured
00:23:08:718 2676 C:\Program Files\Java\jre6\bin\rmid.exe infected Virus.Win32.Sality.aa ...00:23:08:718 2676 cured
00:23:09:375 2676 C:\Program Files\Java\jre6\bin\rmiregistry.exe infected Virus.Win32.Sality.aa ...00:23:09:375 2676 cured
00:23:09:609 2676 C:\Program Files\Java\jre6\bin\servertool.exe infected Virus.Win32.Sality.aa ...00:23:09:609 2676 cured
00:23:09:953 2676 C:\Program Files\Java\jre6\bin\ssvagent.exe infected Virus.Win32.Sality.aa ...00:23:09:953 2676 cured
00:23:10:187 2676 C:\Program Files\Java\jre6\bin\tnameserv.exe infected Virus.Win32.Sality.aa ...00:23:10:187 2676 cured
00:23:12:468 2676 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe infected Virus.Win32.Sality.aa ...00:23:12:468 2676 cured
00:23:12:703 2676 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe infected Virus.Win32.Sality.aa ...00:23:12:703 2676 cured
00:23:12:937 2676 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe infected Virus.Win32.Sality.aa ...00:23:12:937 2676 cured
00:23:29:953 2676 C:\Program Files\Microsoft Office\Office12\1033\ONELEV.EXE infected Virus.Win32.Sality.aa ...00:23:29:953 2676 cured
00:23:35:890 2676 C:\Program Files\Microsoft Office\Office12\CLVIEW.EXE infected Virus.Win32.Sality.aa ...00:23:35:890 2676 cured
00:23:36:078 2676 C:\Program Files\Microsoft Office\Office12\CNFNOT32.EXE infected Virus.Win32.Sality.aa ...00:23:36:078 2676 cured
00:23:36:671 2676 C:\Program Files\Microsoft Office\Office12\DRAT.EXE infected Virus.Win32.Sality.aa ...00:23:36:671 2676 cured
00:23:36:859 2676 C:\Program Files\Microsoft Office\Office12\DSSM.EXE infected Virus.Win32.Sality.aa ...00:23:36:875 2676 cured
00:23:38:187 2676 C:\Program Files\Microsoft Office\Office12\EXCEL.EXE infected Virus.Win32.Sality.aa ...00:23:38:187 2676 cured
00:23:39:515 2676 C:\Program Files\Microsoft Office\Office12\excelcnv.exe infected Virus.Win32.Sality.aa ...00:23:39:515 2676 cured
00:23:40:453 2676 C:\Program Files\Microsoft Office\Office12\GRAPH.EXE infected Virus.Win32.Sality.aa ...00:23:40:453 2676 cured
00:23:42:109 2676 C:\Program Files\Microsoft Office\Office12\GROOVE.EXE infected Virus.Win32.Sality.aa ...00:23:42:109 2676 cured
00:23:42:343 2676 C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe infected Virus.Win32.Sality.aa ...00:23:42:343 2676 cured
00:23:42:593 2676 C:\Program Files\Microsoft Office\Office12\GrooveClean.exe infected Virus.Win32.Sality.aa ...00:23:42:593 2676 cured
00:23:43:171 2676 C:\Program Files\Microsoft Office\Office12\GrooveMigrator.exe infected Virus.Win32.Sality.aa ...00:23:43:171 2676 cured
00:23:43:484 2676 C:\Program Files\Microsoft Office\Office12\GrooveStdURLLauncher.exe infected Virus.Win32.Sality.aa ...00:23:43:484 2676 cured
00:23:44:203 2676 C:\Program Files\Microsoft Office\Office12\INFOPATH.EXE infected Virus.Win32.Sality.aa ...00:23:44:203 2676 cured
00:23:45:312 2676 C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE infected Virus.Win32.Sality.aa ...00:23:45:312 2676 cured
00:23:46:328 2676 C:\Program Files\Microsoft Office\Office12\MSOHTMED.EXE infected Virus.Win32.Sality.aa ...00:23:46:328 2676 cured
00:23:48:203 2676 C:\Program Files\Microsoft Office\Office12\MSPUB.EXE infected Virus.Win32.Sality.aa ...00:23:48:203 2676 cured
00:23:48:750 2676 C:\Program Files\Microsoft Office\Office12\MSQRY32.EXE infected Virus.Win32.Sality.aa ...00:23:48:750 2676 cured
00:23:49:031 2676 C:\Program Files\Microsoft Office\Office12\MSTORDB.EXE infected Virus.Win32.Sality.aa ...00:23:49:031 2676 cured
00:23:49:796 2676 C:\Program Files\Microsoft Office\Office12\OIS.EXE infected Virus.Win32.Sality.aa ...00:23:49:796 2676 cured
00:23:50:375 2676 C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE infected Virus.Win32.Sality.aa ...00:23:50:375 2676 cured
00:23:50:593 2676 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE infected Virus.Win32.Sality.aa ...00:23:50:593 2676 cured
00:23:56:734 2676 C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe infected Virus.Win32.Sality.aa ...00:23:56:734 2676 cured
00:23:57:640 2676 C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe infected Virus.Win32.Sality.aa ...00:23:57:640 2676 cured
00:23:58:203 2676 C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe infected Virus.Win32.Sality.aa ...00:23:58:203 2676 cured
00:24:05:703 2676 C:\Program Files\VideoLAN\VLC\uninstall.exe infected Virus.Win32.Sality.aa ...00:24:05:703 2676 cured
00:24:06:906 2676 C:\Program Files\WinRAR\Rar.exe infected Virus.Win32.Sality.aa ...00:24:06:906 2676 cured
00:24:07:125 2676 C:\Program Files\WinRAR\RarExtLoader.exe infected Virus.Win32.Sality.aa ...00:24:07:125 2676 cured
00:24:07:359 2676 C:\Program Files\WinRAR\Uninstall.exe infected Virus.Win32.Sality.aa ...00:24:07:359 2676 cured
00:24:07:593 2676 C:\Program Files\WinRAR\UnRAR.exe infected Virus.Win32.Sality.aa ...00:24:07:593 2676 cured
00:24:07:890 2676 C:\Program Files\WinRAR\WinRAR.exe infected Virus.Win32.Sality.aa ...00:24:07:890 2676 cured
00:24:09:250 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0052560.exe infected Virus.Win32.Sality.aa ...00:24:09:250 2676 cured
00:24:09:437 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0052562.exe infected Virus.Win32.Sality.aa ...00:24:09:437 2676 cured
00:24:09:687 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0052563.exe infected Virus.Win32.Sality.aa ...00:24:09:687 2676 cured
00:24:09:953 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0052574.exe infected Virus.Win32.Sality.aa ...00:24:09:953 2676 cured
00:24:10:140 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0052575.dll infected Virus.Win32.Sality.aa ...00:24:10:140 2676 cured
00:24:15:234 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053168.exe infected Virus.Win32.Sality.aa ...00:24:15:234 2676 cured
00:24:15:531 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053190.exe infected Virus.Win32.Sality.aa ...00:24:15:531 2676 cured
00:24:15:828 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053191.exe infected Virus.Win32.Sality.aa ...00:24:15:828 2676 cured
00:24:15:984 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053192.exe infected Virus.Win32.Sality.aa ...00:24:15:984 2676 cured
00:24:16:125 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053193.exe infected Virus.Win32.Sality.aa ...00:24:16:125 2676 cured
00:24:16:296 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053194.exe infected Virus.Win32.Sality.aa ...00:24:16:296 2676 cured
00:24:16:468 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053195.exe infected Virus.Win32.Sality.aa ...00:24:16:468 2676 cured
00:24:16:640 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053196.exe infected Virus.Win32.Sality.aa ...00:24:16:640 2676 cured
00:24:16:812 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053197.exe infected Virus.Win32.Sality.aa ...00:24:16:812 2676 cured
00:24:16:984 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053198.exe infected Virus.Win32.Sality.aa ...00:24:16:984 2676 cured
00:24:17:171 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053199.exe infected Virus.Win32.Sality.aa ...00:24:17:171 2676 cured
00:24:17:343 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053200.exe infected Virus.Win32.Sality.aa ...00:24:17:343 2676 cured
00:24:17:515 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053201.exe infected Virus.Win32.Sality.aa ...00:24:17:515 2676 cured
00:24:17:703 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053202.exe infected Virus.Win32.Sality.aa ...00:24:17:703 2676 cured
00:24:17:890 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053203.exe infected Virus.Win32.Sality.aa ...00:24:17:890 2676 cured
00:24:18:046 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053204.exe infected Virus.Win32.Sality.aa ...00:24:18:046 2676 cured
00:24:18:250 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053205.exe infected Virus.Win32.Sality.aa ...00:24:18:250 2676 cured
00:24:18:421 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053206.exe infected Virus.Win32.Sality.aa ...00:24:18:421 2676 cured
00:24:18:593 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053207.exe infected Virus.Win32.Sality.aa ...00:24:18:593 2676 cured
00:24:18:765 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053208.exe infected Virus.Win32.Sality.aa ...00:24:18:765 2676 cured
00:24:18:937 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053209.exe infected Virus.Win32.Sality.aa ...00:24:18:937 2676 cured
00:24:19:125 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053210.exe infected Virus.Win32.Sality.aa ...00:24:19:125 2676 cured
00:24:19:296 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053211.exe infected Virus.Win32.Sality.aa ...00:24:19:296 2676 cured
00:24:19:468 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053212.dll infected Virus.Win32.Sality.aa ...00:24:19:468 2676 cured
00:24:19:640 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053213.dll infected Virus.Win32.Sality.aa ...00:24:19:640 2676 cured
00:24:19:812 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053214.exe infected Virus.Win32.Sality.aa ...00:24:19:812 2676 cured
00:24:19:984 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053215.EXE infected Virus.Win32.Sality.aa ...00:24:19:984 2676 cured
00:24:20:156 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053216.exe infected Virus.Win32.Sality.aa ...00:24:20:156 2676 cured
00:24:20:343 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053217.exe infected Virus.Win32.Sality.aa ...00:24:20:343 2676 cured
00:24:20:515 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053218.exe infected Virus.Win32.Sality.aa ...00:24:20:515 2676 cured
00:24:20:687 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053219.exe infected Virus.Win32.Sality.aa ...00:24:20:687 2676 cured
00:24:20:843 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053220.exe infected Virus.Win32.Sality.aa ...00:24:20:843 2676 cured
00:24:21:031 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053221.exe infected Virus.Win32.Sality.aa ...00:24:21:031 2676 cured
00:24:21:203 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053222.exe infected Virus.Win32.Sality.aa ...00:24:21:203 2676 cured
00:24:21:390 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053223.exe infected Virus.Win32.Sality.aa ...00:24:21:390 2676 cured
00:24:21:578 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053224.exe infected Virus.Win32.Sality.aa ...00:24:21:578 2676 cured
00:24:21:750 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053225.exe infected Virus.Win32.Sality.aa ...00:24:21:750 2676 cured
00:24:21:921 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053226.exe infected Virus.Win32.Sality.aa ...00:24:21:921 2676 cured
00:24:22:093 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053227.exe infected Virus.Win32.Sality.aa ...00:24:22:093 2676 cured
00:24:22:281 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053228.exe infected Virus.Win32.Sality.aa ...00:24:22:281 2676 cured
00:24:22:593 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053229.EXE infected Virus.Win32.Sality.aa ...00:24:22:593 2676 cured
00:24:22:859 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053230.EXE infected Virus.Win32.Sality.aa ...00:24:22:859 2676 cured
00:24:23:125 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053231.EXE infected Virus.Win32.Sality.aa ...00:24:23:125 2676 cured
00:24:23:375 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053232.EXE infected Virus.Win32.Sality.aa ...00:24:23:375 2676 cured
00:24:23:625 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053233.EXE infected Virus.Win32.Sality.aa ...00:24:23:718 2676 cured
00:24:23:953 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053234.EXE infected Virus.Win32.Sality.aa ...00:24:23:953 2676 cured
00:24:24:203 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053235.EXE infected Virus.Win32.Sality.aa ...00:24:24:203 2676 cured
00:24:24:437 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053236.EXE infected Virus.Win32.Sality.aa ...00:24:24:625 2676 cured
00:24:24:875 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053237.EXE infected Virus.Win32.Sality.aa ...00:24:24:875 2676 cured
00:24:25:046 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053238.EXE infected Virus.Win32.Sality.aa ...00:24:25:046 2676 cured
00:24:25:218 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053239.EXE infected Virus.Win32.Sality.aa ...00:24:25:375 2676 cured
00:24:25:625 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053240.exe infected Virus.Win32.Sality.aa ...00:24:25:625 2676 cured
00:24:25:875 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053241.EXE infected Virus.Win32.Sality.aa ...00:24:25:875 2676 cured
00:24:26:109 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053242.EXE infected Virus.Win32.Sality.aa ...00:24:26:109 2676 cured
00:24:26:437 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053243.EXE infected Virus.Win32.Sality.aa ...00:24:26:437 2676 cured
00:24:26:578 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053244.EXE infected Virus.Win32.Sality.aa ...00:24:26:578 2676 cured
00:24:26:750 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053245.exe infected Virus.Win32.Sality.aa ...00:24:26:750 2676 cured
00:24:26:921 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053246.exe infected Virus.Win32.Sality.aa ...00:24:26:921 2676 cured
00:24:27:078 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053247.exe infected Virus.Win32.Sality.aa ...00:24:27:078 2676 cured
00:24:27:250 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053248.exe infected Virus.Win32.Sality.aa ...00:24:27:250 2676 cured
00:24:27:421 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053249.exe infected Virus.Win32.Sality.aa ...00:24:27:421 2676 cured
00:24:27:593 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053250.exe infected Virus.Win32.Sality.aa ...00:24:27:593 2676 cured
00:24:27:750 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053251.exe infected Virus.Win32.Sality.aa ...00:24:27:750 2676 cured
00:24:27:921 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053252.exe infected Virus.Win32.Sality.aa ...00:24:27:921 2676 cured
00:24:28:078 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053253.exe infected Virus.Win32.Sality.aa ...00:24:28:078 2676 cured
00:24:28:234 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053254.exe infected Virus.Win32.Sality.aa ...00:24:28:250 2676 cured
00:24:28:406 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053255.exe infected Virus.Win32.Sality.aa ...00:24:28:406 2676 cured
00:24:28:578 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053256.exe infected Virus.Win32.Sality.aa ...00:24:28:578 2676 cured
00:24:28:734 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053257.exe infected Virus.Win32.Sality.aa ...00:24:28:734 2676 cured
00:24:28:890 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053258.exe infected Virus.Win32.Sality.aa ...00:24:28:890 2676 cured
00:24:29:062 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053259.exe infected Virus.Win32.Sality.aa ...00:24:29:062 2676 cured
00:24:29:218 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053260.exe infected Virus.Win32.Sality.aa ...00:24:29:218 2676 cured
00:24:29:390 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053261.exe infected Virus.Win32.Sality.aa ...00:24:29:390 2676 cured
00:24:29:546 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053262.exe infected Virus.Win32.Sality.aa ...00:24:29:546 2676 cured
00:24:29:718 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053263.exe infected Virus.Win32.Sality.aa ...00:24:29:718 2676 cured
00:24:29:875 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053264.exe infected Virus.Win32.Sality.aa ...00:24:29:875 2676 cured
00:24:30:046 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053265.exe infected Virus.Win32.Sality.aa ...00:24:30:046 2676 cured
00:24:30:218 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053266.exe infected Virus.Win32.Sality.aa ...00:24:30:218 2676 cured
00:24:30:406 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053267.exe infected Virus.Win32.Sality.aa ...00:24:30:406 2676 cured
00:24:30:562 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053268.exe infected Virus.Win32.Sality.aa ...00:24:30:562 2676 cured
00:24:30:734 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053269.EXE infected Virus.Win32.Sality.aa ...00:24:30:734 2676 cured
00:24:30:890 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053270.EXE infected Virus.Win32.Sality.aa ...00:24:30:890 2676 cured
00:24:31:062 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053271.EXE infected Virus.Win32.Sality.aa ...00:24:31:062 2676 cured
00:24:31:218 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053272.EXE infected Virus.Win32.Sality.aa ...00:24:31:218 2676 cured
00:24:31:390 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053273.EXE infected Virus.Win32.Sality.aa ...00:24:31:390 2676 cured
00:24:31:562 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053274.EXE infected Virus.Win32.Sality.aa ...00:24:31:562 2676 cured
00:24:31:750 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053275.exe infected Virus.Win32.Sality.aa ...00:24:31:750 2676 cured
00:24:31:921 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053276.EXE infected Virus.Win32.Sality.aa ...00:24:31:921 2676 cured
00:24:32:109 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053277.EXE infected Virus.Win32.Sality.aa ...00:24:32:109 2676 cured
00:24:32:281 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053278.exe infected Virus.Win32.Sality.aa ...00:24:32:281 2676 cured
00:24:32:437 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053279.exe infected Virus.Win32.Sality.aa ...00:24:32:437 2676 cured
00:24:32:609 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053280.exe infected Virus.Win32.Sality.aa ...00:24:32:609 2676 cured
00:24:32:781 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053281.exe infected Virus.Win32.Sality.aa ...00:24:32:781 2676 cured
00:24:32:953 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053282.EXE infected Virus.Win32.Sality.aa ...00:24:32:953 2676 cured
00:24:33:109 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053283.EXE infected Virus.Win32.Sality.aa ...00:24:33:109 2676 cured
00:24:33:281 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053284.EXE infected Virus.Win32.Sality.aa ...00:24:33:281 2676 cured
00:24:33:468 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053285.EXE infected Virus.Win32.Sality.aa ...00:24:33:468 2676 cured
00:24:33:687 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053286.EXE infected Virus.Win32.Sality.aa ...00:24:33:687 2676 cured
00:24:33:875 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053287.EXE infected Virus.Win32.Sality.aa ...00:24:33:875 2676 cured
00:24:34:046 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053288.EXE infected Virus.Win32.Sality.aa ...00:24:34:046 2676 cured
00:24:34:234 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053289.EXE infected Virus.Win32.Sality.aa ...00:24:34:234 2676 cured
00:24:34:390 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053290.EXE infected Virus.Win32.Sality.aa ...00:24:34:390 2676 cured
00:24:34:562 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053291.exe infected Virus.Win32.Sality.aa ...00:24:34:562 2676 cured
00:24:34:734 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053292.exe infected Virus.Win32.Sality.aa ...00:24:34:734 2676 cured
00:24:34:890 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053293.exe infected Virus.Win32.Sality.aa ...00:24:34:890 2676 cured
00:24:35:078 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053294.exe infected Virus.Win32.Sality.aa ...00:24:35:078 2676 cured
00:24:35:265 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053295.exe infected Virus.Win32.Sality.aa ...00:24:35:265 2676 cured
00:24:35:437 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053296.exe infected Virus.Win32.Sality.aa ...00:24:35:437 2676 cured
00:24:35:609 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053297.exe infected Virus.Win32.Sality.aa ...00:24:35:609 2676 cured
00:24:35:796 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053298.exe infected Virus.Win32.Sality.aa ...00:24:35:796 2676 cured
00:24:35:984 2676 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053299.exe infected Virus.Win32.Sality.aa ...00:24:35:984 2676 cured
00:26:32:796 2676 scanning D:\ ...
00:26:34:015 2676 D:\C drive\ChromeSetup.exe infected Virus.Win32.Sality.aa ...00:26:34:015 2676 cured
00:26:35:437 2676 D:\C drive\document and settings\Synz\MY Document\Downloads\biosagentplus_40.exe infected Virus.Win32.Sality.aa ...00:26:35:437 2676 cured
00:26:35:843 2676 D:\C drive\document and settings\Synz\MY Document\Downloads\Garena_setup.exe infected Virus.Win32.Sality.aa ...00:26:35:843 2676 cured
00:26:36:093 2676 D:\C drive\document and settings\Synz\MY Document\Downloads\Programs\digsby_install.exe infected Virus.Win32.Sality.aa ...00:26:36:093 2676 cured
00:26:36:281 2676 D:\C drive\document and settings\Synz\MY Document\Downloads\wrar391.exe infected Virus.Win32.Sality.aa ...00:26:36:281 2676 cured
00:26:37:937 2676 D:\C drive\Downloads\chromeinstall.exe infected Virus.Win32.Sality.aa ...00:26:37:953 2676 cured
00:26:38:359 2676 D:\C drive\Downloads\flashget3.3.0.1092en.exe infected Virus.Win32.Sality.aa ...00:26:38:484 2676 cured
00:26:38:968 2676 D:\C drive\Downloads\sality_off\sality_off\Sality_off.exe infected Virus.Win32.Sality.aa ...00:26:38:968 2676 cured
00:26:39:718 2676 D:\C drive\Downloads\vlc-1.0.5-win32.exe infected Virus.Win32.Sality.aa ...00:26:39:718 2676 cured
00:26:39:968 2676 D:\C drive\Downloads\wlsetup-web.exe infected Virus.Win32.Sality.aa ...00:26:39:968 2676 cured
00:26:40:281 2676 D:\C drive\Downloads\youtube2video.exe infected Virus.Win32.Sality.aa ...00:26:40:281 2676 cured
00:26:41:546 2676 D:\cheatbox\chtb0609.exe infected Virus.Win32.Sality.aa ...00:26:41:546 2676 cured
00:26:41:953 2676 D:\cheatbox\Uninstal.exe infected Virus.Win32.Sality.aa ...00:26:41:953 2676 cured
00:26:42:218 2676 D:\ChromeSetup.exe infected Virus.Win32.Sality.aa ...00:26:42:218 2676 cured
00:26:44:468 2676 D:\daemon tool\DAEMON Tools Lite\uninst.exe infected Virus.Win32.Sality.aa ...00:26:44:468 2676 cured
00:26:45:421 2676 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\AccountServer.exe infected Virus.Win32.Sality.aa ...00:26:45:421 2676 cured
00:26:45:687 2676 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GameServer.exe infected Virus.Win32.Sality.aa ...00:26:45:687 2676 cured
00:26:46:125 2676 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\gameserver2.0.exe infected Virus.Win32.Sality.aa ...00:26:46:125 2676 cured
00:26:46:296 2676 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GateServer.exe infected Virus.Win32.Sality.aa ...00:26:46:296 2676 cured
00:26:46:531 2676 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\GroupServer.exe infected Virus.Win32.Sality.aa ...00:26:46:531 2676 cured
00:26:46:812 2676 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\Server Launcher.exe infected Virus.Win32.Sality.aa ...00:26:46:812 2676 cured
00:26:46:968 2676 D:\Downloaded Files\2.0 SERVER EXE FILES\2.0 SERVER EXE FILES\UserAccount.exe infected Virus.Win32.Sality.aa ...00:26:46:968 2676 cured
00:26:48:843 2676 D:\Downloaded Files\flashget196en.exe infected Virus.Win32.Sality.aa ...00:26:48:843 2676 cured
00:26:49:156 2676 D:\Downloaded Files\GameServer\GameServer 2.0.exe infected Virus.Win32.Sality.aa ...00:26:49:156 2676 cured
00:26:49:437 2676 D:\Downloaded Files\GameServer\gameserver.exe infected Virus.Win32.Sality.aa ...00:26:49:437 2676 cured
00:26:49:687 2676 D:\Downloaded Files\HamachiSetup-1.0.3.0-en.exe infected Virus.Win32.Sality.aa ...00:26:49:687 2676 cured
00:26:50:062 2676 D:\Downloaded Files\launch(2).exe infected Virus.Win32.Sality.aa ...00:26:50:062 2676 cured
00:26:50:359 2676 D:\Downloaded Files\launch.exe infected Virus.Win32.Sality.aa ...00:26:50:359 2676 cured
00:26:50:687 2676 D:\Downloaded Files\ODS Noir skin beta testv0.6c.exe infected Virus.Win32.Sality.aa ...00:26:50:687 2676 cured
00:26:51:015 2676 D:\Downloaded Files\old 2.0 gameserver\gameserver.exe infected Virus.Win32.Sality.aa ...00:26:51:015 2676 cured
00:26:51:687 2676 D:\Downloaded Files\rpc412\rpc412_setup.exe infected Virus.Win32.Sality.aa ...00:26:51:687 2676 cured
00:26:52:218 2676 D:\Downloaded Files\Server_Tools.exe infected Virus.Win32.Sality.aa ...00:26:52:218 2676 cured
00:26:53:734 2676 D:\Downloaded Files\vcsetup.exe infected Virus.Win32.Sality.aa ...00:26:53:734 2676 cured
00:26:53:968 2676 D:\Downloaded Files\vlc-0.9.9-win32.exe infected Virus.Win32.Sality.aa ...00:26:53:968 2676 cured
00:26:54:296 2676 D:\Downloaded Files\wlsetup-custom.exe infected Virus.Win32.Sality.aa ...00:26:54:296 2676 cured
00:26:54:578 2676 D:\Downloaded Files\wrar39b3.exe infected Virus.Win32.Sality.aa ...00:26:54:578 2676 cured
00:26:55:671 2676 D:\Downloaded Files from Firefox\13102008PATCHER.exe infected Virus.Win32.Sality.aa ...00:26:55:671 2676 cured
00:26:56:187 2676 D:\Downloaded Files from Firefox\2008-01-02a_xpv9_data_folder(2)\2008-01-02a_xpv9_data_folder.exe infected Virus.Win32.Sality.aa ...00:26:56:187 2676 cured
00:26:56:671 2676 D:\Downloaded Files from Firefox\3danalyzer-v236\3DAnalyze.exe infected Virus.Win32.Sality.aa ...00:26:56:671 2676 cured
00:26:56:859 2676 D:\Downloaded Files from Firefox\3danalyzer-v236\3danalyzer-v236.exe infected Virus.Win32.Sality.aa ...00:26:56:859 2676 cured
00:30:57:187 2676 D:\Downloaded Files from Firefox\Cabal Chronicle\CABAL Online (SG MY)\launcher\update\ESTdnheadless.exe infected Virus.Win32.Sality.aa ...00:30:57:187 2676 cured
00:30:57:843 2676 D:\Downloaded Files from Firefox\Cabal Chronicle\CABAL Online (SG MY)\launcher\update\w9xpopen.exe infected Virus.Win32.Sality.aa ...00:30:57:843 2676 cured
00:30:59:296 2676 D:\Downloaded Files from Firefox\CE\Cheat Engine\EmptyDLL.exe infected Virus.Win32.Sality.aa ...00:30:59:296 2676 cured
00:31:01:765 2676 D:\Downloaded Files from Firefox\chromeinstall-6u18.exe infected Virus.Win32.Sality.aa ...00:31:01:765 2676 cured
00:31:02:093 2676 D:\Downloaded Files from Firefox\Chronicle_Client_v1107\Acidstar.exe infected Virus.Win32.Sality.aa ...00:31:02:093 2676 cured
00:31:02:359 2676 D:\Downloaded Files from Firefox\Chronicle_Client_v1107\cabal.exe infected Virus.Win32.Sality.aa ...00:31:02:359 2676 cured
00:31:02:906 2676 D:\Downloaded Files from Firefox\Chronicle_Client_v1107\CabalMain.exe infected Virus.Win32.Sality.aa ...00:31:02:906 2676 cured
00:31:05:078 2676 D:\Downloaded Files from Firefox\Chronicle_Client_v1107\Uninstal.exe infected Virus.Win32.Sality.aa ...00:31:05:078 2676 cured
00:31:23:078 2676 D:\Downloaded Files from Firefox\chtb0609\setup.exe infected Virus.Win32.Sality.aa ...00:31:23:078 2676 cured
00:31:24:984 2676 D:\Downloaded Files from Firefox\Client\2009-07-15aRagexeRE_patched.exe infected Virus.Win32.Sality.aa ...00:31:24:984 2676 cured
00:31:26:843 2676 D:\Downloaded Files from Firefox\dota_keys_1.4-0.2.0\dotakeys.exe infected Virus.Win32.Sality.aa ...00:31:26:843 2676 cured
00:31:29:046 2676 D:\Downloaded Files from Firefox\dotnetfx.exe infected Virus.Win32.Sality.aa ...00:31:29:046 2676 cured
00:31:29:656 2676 D:\Downloaded Files from Firefox\dotnetfx35setup.exe infected Virus.Win32.Sality.aa ...00:31:29:656 2676 cured
00:31:30:062 2676 D:\Downloaded Files from Firefox\DriverDetective.exe infected Virus.Win32.Sality.aa ...00:31:30:062 2676 cured
00:31:31:312 2676 D:\Downloaded Files from Firefox\DTLite4355-0068.exe infected Virus.Win32.Sality.aa ...00:31:31:328 2676 cured
00:31:31:906 2676 D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\char-server_sql.exe infected Virus.Win32.Sality.aa ...00:31:31:906 2676 cured
00:31:33:171 2676 D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\ladmin.exe infected Virus.Win32.Sality.aa ...00:31:33:171 2676 cured
00:31:33:468 2676 D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\login-server_sql.exe infected Virus.Win32.Sality.aa ...00:31:33:468 2676 cured
00:31:33:703 2676 D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\mapcache.exe infected Virus.Win32.Sality.aa ...00:31:33:703 2676 cured
00:31:37:421 2676 D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\adduser.exe infected Virus.Win32.Sality.aa ...00:31:37:421 2676 cured
00:31:37:734 2676 D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\char-converter.exe infected Virus.Win32.Sality.aa ...00:31:37:734 2676 cured
00:31:38:078 2676 D:\Downloaded Files from Firefox\eAthena-SQL-13933[Stable]\tools\login-converter.exe infected Virus.Win32.Sality.aa ...00:31:38:078 2676 cured
00:31:39:156 2676 D:\Downloaded Files from Firefox\flashget3.2.0.1064cn.exe infected Virus.Win32.Sality.aa ...00:31:39:156 2676 cured
00:31:46:968 2676 D:\Downloaded Files from Firefox\Garena Anti-Hack Bypass v1.0\Garena Anti-Hack Bypass\Garena Anti-Hack ByPass.exe infected Virus.Win32.Sality.aa ...00:31:46:968 2676 cured
00:31:47:328 2676 D:\Downloaded Files from Firefox\Garena Universal Maphack v1.1\Garena Universal MH.exe infected Virus.Win32.Sality.aa ...00:31:47:328 2676 cured
00:31:48:000 2676 D:\Downloaded Files from Firefox\gdbfn\Setup.exe infected Virus.Win32.Sality.aa ...00:31:48:000 2676 cured
00:31:53:281 2676 D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\DirectX\DXSETUP.exe infected Virus.Win32.Sality.aa ...00:31:53:281 2676 cured
00:31:57:281 2676 D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\NetFx20SP2_x86.exe infected Virus.Win32.Sality.aa ...00:31:57:281 2676 cured
00:32:00:375 2676 D:\Downloaded Files from Firefox\JDownloader\JDownloader\downloads\987box\DAO\Redist\PhysX_9.09.0408_SystemSoftware.exe infected Virus.Win32.Sality.aa ...00:32:00:375 2676 cured
00:32:21:875 2676 D:\Downloaded Files from Firefox\JDownloader\JDownloader\JDownloader.exe infected Virus.Win32.Sality.aa ...00:32:21:875 2676 cured
00:32:27:281 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\kompozer.exe infected Virus.Win32.Sality.aa ...00:32:27:281 2676 cured
00:32:27:453 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\mangle.exe infected Virus.Win32.Sality.aa ...00:32:27:453 2676 cured
00:32:27:781 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\rebasedlls.exe infected Virus.Win32.Sality.aa ...00:32:27:781 2676 cured
00:32:27:984 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\regchrome.exe infected Virus.Win32.Sality.aa ...00:32:27:984 2676 cured
00:32:28:156 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\regxpcom.exe infected Virus.Win32.Sality.aa ...00:32:28:156 2676 cured
00:32:28:593 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\shlibsign.exe infected Virus.Win32.Sality.aa ...00:32:28:593 2676 cured
00:32:28:953 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpcshell.exe infected Virus.Win32.Sality.aa ...00:32:28:953 2676 cured
00:32:29:140 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpicleanup.exe infected Virus.Win32.Sality.aa ...00:32:29:140 2676 cured
00:32:29:328 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpidl.exe infected Virus.Win32.Sality.aa ...00:32:29:328 2676 cured
00:32:29:562 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpt_dump.exe infected Virus.Win32.Sality.aa ...00:32:29:562 2676 cured
00:32:29:750 2676 D:\Downloaded Files from Firefox\kompozer-0.7.10-win32\KompoZer 0.7.10\xpt_link.exe infected Virus.Win32.Sality.aa ...00:32:29:750 2676 cured
00:32:30:265 2676 D:\Downloaded Files from Firefox\lame.exe infected Virus.Win32.Sality.aa ...00:32:30:265 2676 cured
00:32:30:500 2676 D:\Downloaded Files from Firefox\launch(2).exe infected Virus.Win32.Sality.aa ...00:32:30:500 2676 cured
00:32:30:765 2676 D:\Downloaded Files from Firefox\launch(3).exe infected Virus.Win32.Sality.aa ...00:32:30:765 2676 cured
00:32:31:109 2676 D:\Downloaded Files from Firefox\launch(4).exe infected Virus.Win32.Sality.aa ...00:32:31:109 2676 cured
00:32:31:375 2676 D:\Downloaded Files from Firefox\launch.exe infected Virus.Win32.Sality.aa ...00:32:31:375 2676 cured
00:32:33:828 2676 D:\Downloaded Files from Firefox\MHS5.008\lol.exe infected Virus.Win32.Sality.aa ...00:32:33:828 2676 cured
00:32:37:718 2676 D:\Downloaded Files from Firefox\Paint.NET.3.36\Paint.NET.3.36.exe infected Virus.Win32.Sality.aa ...00:32:37:718 2676 cured
00:32:38:265 2676 D:\Downloaded Files from Firefox\pci_filerecovery.exe infected Virus.Win32.Sality.aa ...00:32:38:265 2676 cured
00:32:38:984 2676 D:\Downloaded Files from Firefox\PEiD-0.95-20081103\PEiD.exe infected Virus.Win32.Sality.aa ...00:32:38:984 2676 cured
00:32:39:828 2676 D:\Downloaded Files from Firefox\pendriverecovery\pendriverecovery.exe infected Virus.Win32.Sality.aa ...00:32:39:828 2676 cured
00:32:40:453 2676 D:\Downloaded Files from Firefox\PE_Tools\PETools\PETools.exe infected Virus.Win32.Sality.aa ...00:32:40:453 2676 cured
00:32:41:015 2676 D:\Downloaded Files from Firefox\PE_Tools\PETools\SDK\Procs32\Examples\Procs_Ex3.exe infected Virus.Win32.Sality.aa ...00:32:41:015 2676 cured
00:32:41:296 2676 D:\Downloaded Files from Firefox\PE_Tools\PETools\SignMan\SignMan.exe infected Virus.Win32.Sality.aa ...00:32:41:296 2676 cured
00:32:43:109 2676 D:\Downloaded Files from Firefox\PowerISO46.exe infected Virus.Win32.Sality.aa ...00:32:43:109 2676 cured
00:32:43:625 2676 D:\Downloaded Files from Firefox\ppstreamsetup (1).exe infected Virus.Win32.Sality.aa ...00:32:43:625 2676 cured
00:32:43:828 2676 D:\Downloaded Files from Firefox\ppstreamsetup.exe infected Virus.Win32.Sality.aa ...00:32:43:828 2676 cured
00:32:44:718 2676 D:\Downloaded Files from Firefox\RealTemp_340\i7Turbo.exe infected Virus.Win32.Sality.aa ...00:32:44:718 2676 cured
00:32:44:906 2676 D:\Downloaded Files from Firefox\RealTemp_340\LoadTester.exe infected Virus.Win32.Sality.aa ...00:32:44:906 2676 cured
00:32:45:093 2676 D:\Downloaded Files from Firefox\RealTemp_340\RealTemp.exe infected Virus.Win32.Sality.aa ...00:32:45:093 2676 cured
00:32:45:390 2676 D:\Downloaded Files from Firefox\RealTemp_340\RealTempGT.exe infected Virus.Win32.Sality.aa ...00:32:45:390 2676 cured
00:32:46:234 2676 D:\Downloaded Files from Firefox\REST2514.EXE infected Virus.Win32.Sality.aa ...00:32:46:234 2676 cured
00:32:46:562 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\AI\USER_AI\mirAI_contro_panel_setup.exe infected Virus.Win32.Sality.aa ...00:32:46:562 2676 cured
00:32:46:937 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\ASPLnchr.exe infected Virus.Win32.Sality.aa ...00:32:46:937 2676 cured
00:32:55:812 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\FindHack.exe infected Virus.Win32.Sality.aa ...00:32:55:812 2676 cured
00:32:56:656 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\HShield\HSUpdate.exe infected Virus.Win32.Sality.aa ...00:32:56:656 2676 cured
00:32:56:859 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\HShield\Update\autoup.exe infected Virus.Win32.Sality.aa ...00:32:56:859 2676 cured
00:32:57:375 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\LimitRO.exe infected Virus.Win32.Sality.aa ...00:32:57:375 2676 cured
00:32:57:593 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\lua.exe infected Virus.Win32.Sality.aa ...00:32:57:593 2676 cured
00:32:58:062 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\nProtect\npkcmsvc.exe infected Virus.Win32.Sality.aa ...00:32:58:062 2676 cured
00:32:58:578 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\Ragexe.exe infected Virus.Win32.Sality.aa ...00:32:58:578 2676 cured
00:32:58:750 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\Ragnarok.exe infected Virus.Win32.Sality.aa ...00:32:58:750 2676 cured
00:32:58:968 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\Setup.exe infected Virus.Win32.Sality.aa ...00:32:58:968 2676 cured
00:32:59:546 2676 D:\Downloaded Files from Firefox\RO\Gravity\RO\uninst.exe infected Virus.Win32.Sality.aa ...00:32:59:546 2676 cured
00:33:01:296 2676 D:\Downloaded Files from Firefox\sandbox\SandboxieBITS.exe infected Virus.Win32.Sality.aa ...00:33:01:312 2676 cured
00:33:01:468 2676 D:\Downloaded Files from Firefox\sandbox\SandboxieCrypto.exe infected Virus.Win32.Sality.aa ...00:33:01:468 2676 cured
00:33:01:718 2676 D:\Downloaded Files from Firefox\sandbox\SandboxieDcomLaunch.exe infected Virus.Win32.Sality.aa ...00:33:01:718 2676 cured
00:33:01:890 2676 D:\Downloaded Files from Firefox\sandbox\SandboxieRpcSs.exe infected Virus.Win32.Sality.aa ...00:33:01:890 2676 cured
00:33:02:062 2676 D:\Downloaded Files from Firefox\sandbox\SandboxieWUAU.exe infected Virus.Win32.Sality.aa ...00:33:02:062 2676 cured
00:33:02:593 2676 D:\Downloaded Files from Firefox\sandbox\SbieCtrl.exe infected Virus.Win32.Sality.aa ...00:33:02:593 2676 cured
00:33:03:156 2676 D:\Downloaded Files from Firefox\sandbox\SbieSvc.exe infected Virus.Win32.Sality.aa ...00:33:03:156 2676 cured
00:33:03:515 2676 D:\Downloaded Files from Firefox\sandbox\Start.exe infected Virus.Win32.Sality.aa ...00:33:03:515 2676 cured
00:33:04:046 2676 D:\Downloaded Files from Firefox\SFTPMSI.exe infected Virus.Win32.Sality.aa ...00:33:04:046 2676 cured
00:33:04:765 2676 D:\Downloaded Files from Firefox\sortware\1420_A09.EXE infected Virus.Win32.Sality.aa ...00:33:04:765 2676 cured
00:33:05:031 2676 D:\Downloaded Files from Firefox\sortware\bitcomet_setup.exe infected Virus.Win32.Sality.aa ...00:33:05:031 2676 cured
00:33:05:343 2676 D:\Downloaded Files from Firefox\sortware\Firefox Setup 3.0.10.exe infected Virus.Win32.Sality.aa ...00:33:05:343 2676 cured
00:33:05:562 2676 D:\Downloaded Files from Firefox\sortware\FreewarePrimoPDF.exe infected Virus.Win32.Sality.aa ...00:33:05:562 2676 cured
00:33:08:937 2676 D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Enterprise.WW\ose.exe infected Virus.Win32.Sality.aa ...00:33:08:937 2676 cured
00:33:09:609 2676 D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Office.en-us\DW20.EXE infected Virus.Win32.Sality.aa ...00:33:09:609 2676 cured
00:33:09:937 2676 D:\Downloaded Files from Firefox\sortware\Office Ent 2007\Office.en-us\dwtrig20.exe infected Virus.Win32.Sality.aa ...00:33:09:937 2676 cured
00:33:11:218 2676 D:\Downloaded Files from Firefox\sortware\Office Ent 2007\setup.exe infected Virus.Win32.Sality.aa ...00:33:11:218 2676 cured
00:33:11:562 2676 D:\Downloaded Files from Firefox\sortware\vcsetup.exe infected Virus.Win32.Sality.aa ...00:33:11:562 2676 cured
00:33:11:921 2676 D:\Downloaded Files from Firefox\sortware\wlsetup-custom.exe infected Virus.Win32.Sality.aa ...00:33:11:921 2676 cured
00:33:12:187 2676 D:\Downloaded Files from Firefox\sortware\wrar39b2.exe infected Virus.Win32.Sality.aa ...00:33:12:187 2676 cured
00:33:16:406 2676 D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\char-server.exe infected Virus.Win32.Sality.aa ...00:33:16:406 2676 cured
00:33:18:484 2676 D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\login-server.exe infected Virus.Win32.Sality.aa ...00:33:18:484 2676 cured
00:33:18:875 2676 D:\Downloaded Files from Firefox\trunk-13910-TXT\trunk-13910-TXT\map-server.exe infected Virus.Win32.Sality.aa ...00:33:18:875 2676 cured
00:33:22:843 2676 D:\Downloaded Files from Firefox\ud_hamachi.exe infected Virus.Win32.Sality.aa ...00:33:22:843 2676 cured
00:33:23:156 2676 D:\Downloaded Files from Firefox\undelete\UndeletePlus\undelete_plus.exe infected Virus.Win32.Sality.aa ...00:33:23:156 2676 cured
00:33:34:593 2676 D:\Downloaded Files from Firefox\vlc-1.0.3-win32.exe infected Virus.Win32.Sality.aa ...00:33:34:593 2676 cured
00:33:46:750 2676 D:\dragon\Downloads\chromeinstall.exe infected Virus.Win32.Sality.aa ...00:33:46:750 2676 cured
00:33:47:406 2676 D:\dragon\Downloads\DragonicaDownloaderV1.0.17(2).exe infected Virus.Win32.Sality.aa ...00:33:47:406 2676 cured
00:33:47:734 2676 D:\dragon\Downloads\DragonicaDownloaderV1.0.17.exe infected Virus.Win32.Sality.aa ...00:33:47:734 2676 cured
00:33:47:968 2676 D:\dragon\Downloads\flashget3.3.0.1092en.exe infected Virus.Win32.Sality.aa ...00:33:47:968 2676 cured
00:33:48:296 2676 D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\cqccyh01updater.exe infected Virus.Win32.Sality.aa ...00:33:48:296 2676 cured
00:33:48:593 2676 D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\ManaBars.exe infected Virus.Win32.Sality.aa ...00:33:48:593 2676 cured
00:33:49:031 2676 D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\_Load GarenaHack_.exe infected Virus.Win32.Sality.aa ...00:33:49:031 2676 cured
00:33:50:046 2676 D:\dragon\Downloads\Garena_setup.exe infected Virus.Win32.Sality.aa ...00:33:50:046 2676 cured
00:33:50:343 2676 D:\dragon\Downloads\installer.exe infected Virus.Win32.Sality.aa ...00:33:50:343 2676 cured
00:33:50:734 2676 D:\dragon\Downloads\Programs\vc6redistsetup_enu.exe infected Virus.Win32.Sality.aa ...00:33:50:734 2676 cured
00:33:51:031 2676 D:\dragon\Downloads\Programs\vcredist_x86_en.exe infected Virus.Win32.Sality.aa ...00:33:51:031 2676 cured
00:33:51:375 2676 D:\dragon\Downloads\sality_off\sality_off\Sality_off.exe infected Virus.Win32.Sality.aa ...00:33:51:375 2676 cured
00:33:51:734 2676 D:\dragon\Downloads\vlc-1.0.5-win32.exe infected Virus.Win32.Sality.aa ...00:33:51:734 2676 cured
00:33:52:140 2676 D:\dragon\Downloads\wlsetup-web.exe infected Virus.Win32.Sality.aa ...00:33:52:140 2676 cured
00:33:52:671 2676 D:\dragon\Downloads\youtube2video.exe infected Virus.Win32.Sality.aa ...00:33:52:671 2676 cured
00:33:54:328 2676 D:\dragon\installer.exe infected Virus.Win32.Sality.aa ...00:33:54:328 2676 cured
00:33:54:828 2676 D:\DragonicaDownloaderV1.0.17.exe infected Virus.Win32.Sality.aa ...00:33:54:828 2676 cured
00:33:56:093 2676 D:\games\AIKA Online\AIKAGlobal\AIKALauncher.exe infected Virus.Win32.Sality.aa ...00:33:56:093 2676 cured
00:37:08:625 2676 D:\games\AIKA Online\AIKAGlobal\uninstall.exe infected Virus.Win32.Sality.aa ...00:37:08:625 2676 cured
00:38:51:953 2676 D:\games\RAN\VEGARAN\extz.exe infected Virus.Win32.Sality.aa ...00:38:51:953 2676 cured
00:38:52:812 2676 D:\games\RAN\VEGARAN\game.exe infected Virus.Win32.Sality.aa ...00:38:52:812 2676 cured
00:40:16:750 2676 D:\games\War3 Tools\DotaKeys\dotakeys.exe infected Virus.Win32.Sality.aa ...00:40:16:750 2676 cured
00:40:51:859 2676 D:\games\Warcraft III 1.21B\worldedit.exe infected Virus.Win32.Sality.aa ...00:40:51:859 2676 cured
00:40:53:937 2676 D:\Garena\blackshot\BitTorrent-7.1.exe infected Virus.Win32.Sality.aa ...00:40:53:937 2676 cured
00:40:56:359 2676 D:\Garena\blackshot\cep024\CEP.EXE infected Virus.Win32.Sality.aa ...00:40:56:359 2676 cured
00:40:56:843 2676 D:\Garena\blackshot\chromeinstall-6u21.exe infected Virus.Win32.Sality.aa ...00:40:56:843 2676 cured
00:40:58:750 2676 D:\Garena\blackshot\ecm100\ecm.exe infected Virus.Win32.Sality.aa ...00:40:58:750 2676 cured
00:40:59:000 2676 D:\Garena\blackshot\ecm100\unecm.exe infected Virus.Win32.Sality.aa ...00:40:59:000 2676 cured
00:40:59:468 2676 D:\Garena\blackshot\Garena_setup (1).exe infected Virus.Win32.Sality.aa ...00:40:59:468 2676 cured
00:40:59:718 2676 D:\Garena\blackshot\Garena_setup (2).exe infected Virus.Win32.Sality.aa ...00:40:59:718 2676 cured
00:41:00:281 2676 D:\Garena\blackshot\Garena_setup.exe infected Virus.Win32.Sality.aa ...00:41:00:296 2676 cured
00:41:00:828 2676 D:\Garena\blackshot\gmer\gmer.exe infected Virus.Win32.Sality.aa ...00:41:00:828 2676 cured
00:41:01:890 2676 D:\Garena\blackshot\installer_roxio_easy_media_creator_9_0_English.exe infected Virus.Win32.Sality.aa ...00:41:01:890 2676 cured
00:41:04:765 2676 D:\Garena\blackshot\Nero_BurnLite-10.0.10500.exe infected Virus.Win32.Sality.aa ...00:41:04:765 2676 cured
00:41:05:812 2676 D:\Garena\blackshot\pSX_1_13\psxfin.exe infected Virus.Win32.Sality.aa ...00:41:05:812 2676 cured
00:41:06:109 2676 D:\Garena\blackshot\pSX_1_13\utils\cdztool.exe infected Virus.Win32.Sality.aa ...00:41:06:109 2676 cured
00:41:06:734 2676 D:\Garena\blackshot\revosetup.exe infected Virus.Win32.Sality.aa ...00:41:06:734 2676 cured
00:41:07:015 2676 D:\Garena\blackshot\sality_off\sality_off\Sality_off.exe infected Virus.Win32.Sality.aa ...00:41:07:015 2676 cured
00:41:09:734 2676 D:\Garena\BlackShotLauncher\launcher.exe infected Virus.Win32.Sality.aa ...00:41:09:734 2676 cured
00:41:10:234 2676 D:\Garena\BlackShotLauncher\UpdateMove.exe infected Virus.Win32.Sality.aa ...00:41:10:234 2676 cured
00:41:10:437 2676 D:\Garena\BlackShotLauncher\UpdateMove1.exe infected Virus.Win32.Sality.aa ...00:41:10:437 2676 cured
00:41:10:890 2676 D:\Garena\CrashSender.exe infected Virus.Win32.Sality.aa ...00:41:10:890 2676 cured
00:41:18:453 2676 D:\Garena\uninst.exe infected Virus.Win32.Sality.aa ...00:41:18:453 2676 cured
00:41:18:734 2676 D:\Garena\update.exe infected Virus.Win32.Sality.aa ...00:41:18:734 2676 cured
00:41:19:031 2676 D:\Garena\update2.exe infected Virus.Win32.Sality.aa ...00:41:19:031 2676 cured
00:43:19:015 2676 D:\ninja\DwnlData\Synz\launch_65\launch.exe infected Virus.Win32.Sality.aa ...00:43:19:015 2676 cured
00:43:21:296 2676 D:\photoresizer\PIXresizer\PIXresizer.exe infected Virus.Win32.Sality.aa ...00:43:21:296 2676 cured
00:43:22:015 2676 D:\PKO - Games\gameserver2.0.exe infected Virus.Win32.Sality.aa ...00:43:22:015 2676 cured
00:43:22:312 2676 D:\PKO - Games\New Server Files\AccountServer.exe infected Virus.Win32.Sality.aa ...00:43:22:312 2676 cured
00:43:22:875 2676 D:\PKO - Games\New Server Files\gameserver.exe infected Virus.Win32.Sality.aa ...00:43:22:875 2676 cured
00:43:23:468 2676 D:\PKO - Games\New Server Files\gameserver2.0.exe infected Virus.Win32.Sality.aa ...00:43:23:468 2676 cured
00:43:23:765 2676 D:\PKO - Games\New Server Files\GateServer.exe infected Virus.Win32.Sality.aa ...00:43:23:765 2676 cured
00:43:24:093 2676 D:\PKO - Games\New Server Files\GroupServer.exe infected Virus.Win32.Sality.aa ...00:43:24:093 2676 cured
00:43:33:250 2676 D:\PKO - Games\New Server Files\Server Launcher.exe infected Virus.Win32.Sality.aa ...00:43:33:250 2676 cured
00:43:33:750 2676 D:\PKO - Games\New Server Files\UserAccount.exe infected Virus.Win32.Sality.aa ...00:43:33:765 2676 cured
00:45:35:718 2676 D:\PKO - Games\PKO\Tales of Pirates Online\top.exe infected Virus.Win32.Sality.aa ...00:45:35:718 2676 cured
00:45:36:156 2676 D:\PKO - Games\PKO\Tales of Pirates Online\top_d.exe infected Virus.Win32.Sality.aa ...00:45:36:171 2676 cured
00:46:26:765 2676 D:\PKO Private Server\Client\Tales of Pirates Online\top.exe infected Virus.Win32.Sality.aa ...00:46:26:765 2676 cured
00:46:26:984 2676 D:\PKO Private Server\Client\Tales of Pirates Online\top_d.exe infected Virus.Win32.Sality.aa ...00:46:26:984 2676 cured
00:46:41:625 2676 D:\PKO Private Server\client 2\Tales of Pirates Online\Frozen-Phoenix.exe infected Virus.Win32.Sality.aa ...00:46:41:625 2676 cured
00:47:41:390 2676 D:\PKO Private Server\client 2\Tales of Pirates Online\top.exe infected Virus.Win32.Sality.aa ...00:47:41:390 2676 cured
00:47:41:593 2676 D:\PKO Private Server\client 2\Tales of Pirates Online\top_d.exe infected Virus.Win32.Sality.aa ...00:47:41:593 2676 cured
00:48:32:765 2676 D:\PKO Private Server\client 3\Tales of Pirates Online\top.exe infected Virus.Win32.Sality.aa ...00:48:32:765 2676 cured
00:48:33:000 2676 D:\PKO Private Server\client 3\Tales of Pirates Online\top_d.exe infected Virus.Win32.Sality.aa ...00:48:33:000 2676 cured
00:48:34:093 2676 D:\PKO Private Server\Kop135\Kop135\(1) AccountServer\AccountServer.exe infected Virus.Win32.Sality.aa ...00:48:34:093 2676 cured
00:48:34:875 2676 D:\PKO Private Server\Kop135\Kop135\(2) GroupServer\GroupServer.exe infected Virus.Win32.Sality.aa ...00:48:34:875 2676 cured
00:48:35:625 2676 D:\PKO Private Server\Kop135\Kop135\(3) GateServer\GateServer.exe infected Virus.Win32.Sality.aa ...00:48:35:625 2676 cured
00:48:36:078 2676 D:\PKO Private Server\Kop135\Kop135\(4) Gameserver\GameServer.exe infected Virus.Win32.Sality.aa ...00:48:36:078 2676 cured
00:48:41:000 2676 D:\PKO Private Server\Kop135\Kop135\AccountServer.exe infected Virus.Win32.Sality.aa ...00:48:41:000 2676 cured
00:48:41:328 2676 D:\PKO Private Server\Kop135\Kop135\gameserver.exe infected Virus.Win32.Sality.aa ...00:48:41:328 2676 cured
00:48:41:765 2676 D:\PKO Private Server\Kop135\Kop135\GateServer.exe infected Virus.Win32.Sality.aa ...00:48:41:765 2676 cured
00:48:42:062 2676 D:\PKO Private Server\Kop135\Kop135\GroupServer.exe infected Virus.Win32.Sality.aa ...00:48:42:062 2676 cured
00:51:00:687 2676 D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\top.exe infected Virus.Win32.Sality.aa ...00:51:00:687 2676 cured
00:51:01:062 2676 D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\top_d.exe infected Virus.Win32.Sality.aa ...00:51:01:062 2676 cured
00:51:14:578 2676 D:\PKO Private Server\New PKO 2.0\Tales of Pirates Online\UserAccount.exe infected Virus.Win32.Sality.aa ...00:51:14:578 2676 cured
00:51:17:484 2676 D:\RO\Copy of RO Server Files\char-server.exe infected Virus.Win32.Sality.aa ...00:51:17:484 2676 cured
00:51:18:937 2676 D:\RO\Copy of RO Server Files\ladmin.exe infected Virus.Win32.Sality.aa ...00:51:18:937 2676 cured
00:51:19:250 2676 D:\RO\Copy of RO Server Files\login-server.exe infected Virus.Win32.Sality.aa ...00:51:19:250 2676 cured
00:51:29:562 2676 D:\RO\RO Client\Gravity\RO\2009-07-15aRagexeRE_patched.exe infected Virus.Win32.Sality.aa ...00:51:29:562 2676 cured
00:51:30:125 2676 D:\RO\RO Client\Gravity\RO\AddictedRO.exe infected Virus.Win32.Sality.aa ...00:51:30:125 2676 cured
00:51:30:500 2676 D:\RO\RO Client\Gravity\RO\ASPLnchr.exe infected Virus.Win32.Sality.aa ...00:51:30:500 2676 cured
00:51:43:281 2676 D:\RO\RO Client\Gravity\RO\FindHack.exe infected Virus.Win32.Sality.aa ...00:51:43:281 2676 cured
00:51:44:218 2676 D:\RO\RO Client\Gravity\RO\Gravity\RO\Sakexe.exe infected Virus.Win32.Sality.aa ...00:51:44:218 2676 cured
00:51:44:468 2676 D:\RO\RO Client\Gravity\RO\Gravity\RO\sakray.exe infected Virus.Win32.Sality.aa ...00:51:44:468 2676 cured
00:51:44:906 2676 D:\RO\RO Client\Gravity\RO\HShield\HSUpdate.exe infected Virus.Win32.Sality.aa ...00:51:44:906 2676 cured
00:51:45:359 2676 D:\RO\RO Client\Gravity\RO\HShield\Update\autoup.exe infected Virus.Win32.Sality.aa ...00:51:45:359 2676 cured
00:51:45:984 2676 D:\RO\RO Client\Gravity\RO\kROsakexe0528aN[Xray].exe infected Virus.Win32.Sality.aa ...00:51:45:984 2676 cured
00:51:46:359 2676 D:\RO\RO Client\Gravity\RO\lua.exe infected Virus.Win32.Sality.aa ...00:51:46:359 2676 cured
00:51:49:296 2676 D:\RO\RO Server Files\char-server.exe infected Virus.Win32.Sality.aa ...00:51:49:296 2676 cured
00:51:59:796 2676 D:\RO\RO Server Files\ladmin.exe infected Virus.Win32.Sality.aa ...00:51:59:796 2676 cured
00:54:47:000 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053169.exe infected Virus.Win32.Sality.aa ...00:54:47:000 2676 cured
00:54:47:171 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053173.exe infected Virus.Win32.Sality.aa ...00:54:47:171 2676 cured
00:54:47:343 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053174.exe infected Virus.Win32.Sality.aa ...00:54:47:343 2676 cured
00:54:47:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053175.exe infected Virus.Win32.Sality.aa ...00:54:47:515 2676 cured
00:54:47:687 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053176.exe infected Virus.Win32.Sality.aa ...00:54:47:687 2676 cured
00:54:47:828 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053177.exe infected Virus.Win32.Sality.aa ...00:54:47:828 2676 cured
00:54:48:031 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053178.exe infected Virus.Win32.Sality.aa ...00:54:48:031 2676 cured
00:54:48:203 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053180.exe infected Virus.Win32.Sality.aa ...00:54:48:203 2676 cured
00:54:48:390 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053181.exe infected Virus.Win32.Sality.aa ...00:54:48:390 2676 cured
00:54:48:546 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053182.exe infected Virus.Win32.Sality.aa ...00:54:48:546 2676 cured
00:54:48:703 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053183.exe infected Virus.Win32.Sality.aa ...00:54:48:703 2676 cured
00:54:48:859 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053184.exe infected Virus.Win32.Sality.aa ...00:54:48:859 2676 cured
00:54:49:078 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053185.exe infected Virus.Win32.Sality.aa ...00:54:49:078 2676 cured
00:54:49:234 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053187.exe infected Virus.Win32.Sality.aa ...00:54:49:234 2676 cured
00:54:49:421 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053300.exe infected Virus.Win32.Sality.aa ...00:54:49:421 2676 cured
00:54:49:578 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053301.exe infected Virus.Win32.Sality.aa ...00:54:49:578 2676 cured
00:54:49:734 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053302.exe infected Virus.Win32.Sality.aa ...00:54:49:734 2676 cured
00:54:49:906 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053303.exe infected Virus.Win32.Sality.aa ...00:54:49:921 2676 cured
00:54:50:078 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053304.exe infected Virus.Win32.Sality.aa ...00:54:50:078 2676 cured
00:54:50:250 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053305.exe infected Virus.Win32.Sality.aa ...00:54:50:250 2676 cured
00:54:50:390 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053306.exe infected Virus.Win32.Sality.aa ...00:54:50:390 2676 cured
00:54:50:546 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053307.exe infected Virus.Win32.Sality.aa ...00:54:50:546 2676 cured
00:54:50:734 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053308.exe infected Virus.Win32.Sality.aa ...00:54:50:734 2676 cured
00:54:50:906 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053309.exe infected Virus.Win32.Sality.aa ...00:54:50:906 2676 cured
00:54:51:078 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053310.exe infected Virus.Win32.Sality.aa ...00:54:51:078 2676 cured
00:54:51:234 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053311.exe infected Virus.Win32.Sality.aa ...00:54:51:234 2676 cured
00:54:51:421 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053312.exe infected Virus.Win32.Sality.aa ...00:54:51:421 2676 cured
00:54:51:578 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053313.exe infected Virus.Win32.Sality.aa ...00:54:51:578 2676 cured
00:54:51:750 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053314.exe infected Virus.Win32.Sality.aa ...00:54:51:750 2676 cured
00:54:51:921 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053315.exe infected Virus.Win32.Sality.aa ...00:54:51:921 2676 cured
00:54:52:093 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053316.exe infected Virus.Win32.Sality.aa ...00:54:52:093 2676 cured
00:54:52:484 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053317.exe infected Virus.Win32.Sality.aa ...00:54:52:484 2676 cured
00:54:52:640 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053318.exe infected Virus.Win32.Sality.aa ...00:54:52:640 2676 cured
00:54:53:125 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053319.exe infected Virus.Win32.Sality.aa ...00:54:53:328 2676 cured
00:54:53:484 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053320.exe infected Virus.Win32.Sality.aa ...00:54:53:484 2676 cured
00:54:53:828 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053321.exe infected Virus.Win32.Sality.aa ...00:54:53:828 2676 cured
00:54:53:984 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053322.exe infected Virus.Win32.Sality.aa ...00:54:54:062 2676 cured
00:54:54:250 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053323.exe infected Virus.Win32.Sality.aa ...00:54:54:250 2676 cured
00:54:54:421 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053324.exe infected Virus.Win32.Sality.aa ...00:54:54:421 2676 cured
00:54:54:562 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053325.exe infected Virus.Win32.Sality.aa ...00:54:54:562 2676 cured
00:54:54:890 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053326.exe infected Virus.Win32.Sality.aa ...00:54:54:890 2676 cured
00:54:55:140 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053327.exe infected Virus.Win32.Sality.aa ...00:54:55:140 2676 cured
00:54:55:484 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053328.exe infected Virus.Win32.Sality.aa ...00:54:55:484 2676 cured
00:54:55:625 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053329.exe infected Virus.Win32.Sality.aa ...00:54:55:625 2676 cured
00:54:55:875 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053330.exe infected Virus.Win32.Sality.aa ...00:54:55:875 2676 cured
00:54:56:046 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053331.exe infected Virus.Win32.Sality.aa ...00:54:56:046 2676 cured
00:54:56:265 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053332.exe infected Virus.Win32.Sality.aa ...00:54:56:265 2676 cured
00:54:56:437 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053333.exe infected Virus.Win32.Sality.aa ...00:54:56:437 2676 cured
00:54:56:718 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053334.exe infected Virus.Win32.Sality.aa ...00:54:56:906 2676 cured
00:54:57:078 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053335.exe infected Virus.Win32.Sality.aa ...00:54:57:078 2676 cured
00:54:57:234 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053336.exe infected Virus.Win32.Sality.aa ...00:54:57:234 2676 cured
00:54:57:390 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053337.exe infected Virus.Win32.Sality.aa ...00:54:57:390 2676 cured
00:54:57:562 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053338.exe infected Virus.Win32.Sality.aa ...00:54:57:562 2676 cured
00:54:57:734 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053339.exe infected Virus.Win32.Sality.aa ...00:54:57:734 2676 cured
00:54:57:906 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053340.exe infected Virus.Win32.Sality.aa ...00:54:57:906 2676 cured
00:54:58:109 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053341.exe infected Virus.Win32.Sality.aa ...00:54:58:109 2676 cured
00:54:58:328 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053342.exe infected Virus.Win32.Sality.aa ...00:54:58:328 2676 cured
00:54:58:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053343.exe infected Virus.Win32.Sality.aa ...00:54:58:515 2676 cured
00:54:58:671 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053344.exe infected Virus.Win32.Sality.aa ...00:54:58:671 2676 cured
00:54:58:843 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053345.exe infected Virus.Win32.Sality.aa ...00:54:58:843 2676 cured
00:54:59:031 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053346.exe infected Virus.Win32.Sality.aa ...00:54:59:031 2676 cured
00:54:59:218 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053347.exe infected Virus.Win32.Sality.aa ...00:54:59:218 2676 cured
00:54:59:390 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053348.exe infected Virus.Win32.Sality.aa ...00:54:59:390 2676 cured
00:54:59:531 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053349.exe infected Virus.Win32.Sality.aa ...00:54:59:531 2676 cured
00:54:59:703 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053350.exe infected Virus.Win32.Sality.aa ...00:54:59:703 2676 cured
00:54:59:843 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053351.exe infected Virus.Win32.Sality.aa ...00:54:59:843 2676 cured
00:55:00:000 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053352.exe infected Virus.Win32.Sality.aa ...00:55:00:000 2676 cured
00:55:00:156 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053353.exe infected Virus.Win32.Sality.aa ...00:55:00:156 2676 cured
00:55:00:359 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053354.exe infected Virus.Win32.Sality.aa ...00:55:00:359 2676 cured
00:55:00:531 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053355.exe infected Virus.Win32.Sality.aa ...00:55:00:531 2676 cured
00:55:00:687 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053356.exe infected Virus.Win32.Sality.aa ...00:55:00:687 2676 cured
00:55:00:843 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053357.exe infected Virus.Win32.Sality.aa ...00:55:00:843 2676 cured
00:55:01:000 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053358.exe infected Virus.Win32.Sality.aa ...00:55:01:000 2676 cured
00:55:01:171 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053359.exe infected Virus.Win32.Sality.aa ...00:55:01:171 2676 cured
00:55:01:343 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053360.exe infected Virus.Win32.Sality.aa ...00:55:01:343 2676 cured
00:55:01:484 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053361.exe infected Virus.Win32.Sality.aa ...00:55:01:484 2676 cured
00:55:01:625 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053362.exe infected Virus.Win32.Sality.aa ...00:55:01:625 2676 cured
00:55:01:796 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053363.exe infected Virus.Win32.Sality.aa ...00:55:01:796 2676 cured
00:55:01:953 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053364.exe infected Virus.Win32.Sality.aa ...00:55:01:953 2676 cured
00:55:02:093 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053365.exe infected Virus.Win32.Sality.aa ...00:55:02:093 2676 cured
00:55:02:234 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053366.exe infected Virus.Win32.Sality.aa ...00:55:02:234 2676 cured
00:55:02:406 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053367.exe infected Virus.Win32.Sality.aa ...00:55:02:406 2676 cured
00:55:02:562 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053368.exe infected Virus.Win32.Sality.aa ...00:55:02:562 2676 cured
00:55:02:734 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053369.exe infected Virus.Win32.Sality.aa ...00:55:02:734 2676 cured
00:55:02:890 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053370.exe infected Virus.Win32.Sality.aa ...00:55:02:890 2676 cured
00:55:03:078 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053371.exe infected Virus.Win32.Sality.aa ...00:55:03:078 2676 cured
00:55:03:250 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053372.exe infected Virus.Win32.Sality.aa ...00:55:03:250 2676 cured
00:55:03:421 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053373.exe infected Virus.Win32.Sality.aa ...00:55:03:421 2676 cured
00:55:03:578 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053374.exe infected Virus.Win32.Sality.aa ...00:55:03:578 2676 cured
00:55:03:750 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053375.exe infected Virus.Win32.Sality.aa ...00:55:03:750 2676 cured
00:55:03:953 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053376.exe infected Virus.Win32.Sality.aa ...00:55:03:953 2676 cured
00:55:04:109 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053377.exe infected Virus.Win32.Sality.aa ...00:55:04:109 2676 cured
00:55:04:250 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053378.exe infected Virus.Win32.Sality.aa ...00:55:04:250 2676 cured
00:55:04:406 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053379.exe infected Virus.Win32.Sality.aa ...00:55:04:406 2676 cured
00:55:04:578 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053380.exe infected Virus.Win32.Sality.aa ...00:55:04:578 2676 cured
00:55:04:734 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053381.exe infected Virus.Win32.Sality.aa ...00:55:04:734 2676 cured
00:55:04:906 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053382.exe infected Virus.Win32.Sality.aa ...00:55:04:906 2676 cured
00:55:05:062 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053383.exe infected Virus.Win32.Sality.aa ...00:55:05:062 2676 cured
00:55:05:203 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053384.exe infected Virus.Win32.Sality.aa ...00:55:05:203 2676 cured
00:55:05:390 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053385.exe infected Virus.Win32.Sality.aa ...00:55:05:390 2676 cured
00:55:05:562 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053386.exe infected Virus.Win32.Sality.aa ...00:55:05:562 2676 cured
00:55:05:718 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053387.EXE infected Virus.Win32.Sality.aa ...00:55:05:718 2676 cured
00:55:05:875 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053388.exe infected Virus.Win32.Sality.aa ...00:55:05:875 2676 cured
00:55:06:062 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053389.exe infected Virus.Win32.Sality.aa ...00:55:06:062 2676 cured
00:55:06:203 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053390.exe infected Virus.Win32.Sality.aa ...00:55:06:203 2676 cured
00:55:06:375 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053391.exe infected Virus.Win32.Sality.aa ...00:55:06:375 2676 cured
00:55:06:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053392.exe infected Virus.Win32.Sality.aa ...00:55:06:515 2676 cured
00:55:06:671 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053393.exe infected Virus.Win32.Sality.aa ...00:55:06:671 2676 cured
00:55:06:812 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053394.exe infected Virus.Win32.Sality.aa ...00:55:06:812 2676 cured
00:55:07:031 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053395.exe infected Virus.Win32.Sality.aa ...00:55:07:031 2676 cured
00:55:07:312 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053396.exe infected Virus.Win32.Sality.aa ...00:55:07:312 2676 cured
00:55:07:468 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053397.exe infected Virus.Win32.Sality.aa ...00:55:07:468 2676 cured
00:55:07:656 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053398.exe infected Virus.Win32.Sality.aa ...00:55:07:656 2676 cured
00:55:07:828 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053399.exe infected Virus.Win32.Sality.aa ...00:55:07:828 2676 cured
00:55:08:046 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053400.exe infected Virus.Win32.Sality.aa ...00:55:08:140 2676 cured
00:55:08:375 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053401.exe infected Virus.Win32.Sality.aa ...00:55:08:375 2676 cured
00:55:08:609 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053402.exe infected Virus.Win32.Sality.aa ...00:55:08:609 2676 cured
00:55:09:125 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053403.exe infected Virus.Win32.Sality.aa ...00:55:09:125 2676 cured
00:55:09:359 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053404.exe infected Virus.Win32.Sality.aa ...00:55:09:359 2676 cured
00:55:09:687 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053405.exe infected Virus.Win32.Sality.aa ...00:55:09:687 2676 cured
00:55:09:843 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053406.exe infected Virus.Win32.Sality.aa ...00:55:09:843 2676 cured
00:55:10:265 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053407.exe infected Virus.Win32.Sality.aa ...00:55:10:265 2676 cured
00:55:10:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053408.exe infected Virus.Win32.Sality.aa ...00:55:10:515 2676 cured
00:55:10:859 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053409.EXE infected Virus.Win32.Sality.aa ...00:55:10:859 2676 cured
00:55:11:046 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053410.exe infected Virus.Win32.Sality.aa ...00:55:11:046 2676 cured
00:55:11:343 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053411.exe infected Virus.Win32.Sality.aa ...00:55:11:343 2676 cured
00:55:11:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053412.exe infected Virus.Win32.Sality.aa ...00:55:11:515 2676 cured
00:55:11:781 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053413.exe infected Virus.Win32.Sality.aa ...00:55:11:781 2676 cured
00:55:11:953 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053414.EXE infected Virus.Win32.Sality.aa ...00:55:11:953 2676 cured
00:55:12:140 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053415.exe infected Virus.Win32.Sality.aa ...00:55:12:140 2676 cured
00:55:12:296 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053416.exe infected Virus.Win32.Sality.aa ...00:55:12:296 2676 cured
00:55:12:453 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053417.exe infected Virus.Win32.Sality.aa ...00:55:12:453 2676 cured
00:55:12:625 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053418.exe infected Virus.Win32.Sality.aa ...00:55:12:625 2676 cured
00:55:12:781 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053419.exe infected Virus.Win32.Sality.aa ...00:55:12:781 2676 cured
00:55:12:968 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053420.exe infected Virus.Win32.Sality.aa ...00:55:12:968 2676 cured
00:55:13:171 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053421.exe infected Virus.Win32.Sality.aa ...00:55:13:171 2676 cured
00:55:13:359 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053422.exe infected Virus.Win32.Sality.aa ...00:55:13:359 2676 cured
00:55:13:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053423.exe infected Virus.Win32.Sality.aa ...00:55:13:515 2676 cured
00:55:13:687 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053424.exe infected Virus.Win32.Sality.aa ...00:55:13:687 2676 cured
00:55:13:890 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053425.exe infected Virus.Win32.Sality.aa ...00:55:13:890 2676 cured
00:55:14:046 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053426.exe infected Virus.Win32.Sality.aa ...00:55:14:046 2676 cured
00:55:14:203 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053427.exe infected Virus.Win32.Sality.aa ...00:55:14:203 2676 cured
00:55:14:343 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053428.exe infected Virus.Win32.Sality.aa ...00:55:14:343 2676 cured
00:55:14:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053429.exe infected Virus.Win32.Sality.aa ...00:55:14:515 2676 cured
00:55:14:671 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053430.exe infected Virus.Win32.Sality.aa ...00:55:14:671 2676 cured
00:55:14:843 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053431.exe infected Virus.Win32.Sality.aa ...00:55:14:843 2676 cured
00:55:15:046 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053432.exe infected Virus.Win32.Sality.aa ...00:55:15:046 2676 cured
00:55:15:203 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053433.exe infected Virus.Win32.Sality.aa ...00:55:15:203 2676 cured
00:55:15:359 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053434.exe infected Virus.Win32.Sality.aa ...00:55:15:359 2676 cured
00:55:15:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053435.exe infected Virus.Win32.Sality.aa ...00:55:15:515 2676 cured
00:55:15:656 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053436.exe infected Virus.Win32.Sality.aa ...00:55:15:656 2676 cured
00:55:15:812 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053437.exe infected Virus.Win32.Sality.aa ...00:55:15:812 2676 cured
00:55:16:031 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053438.exe infected Virus.Win32.Sality.aa ...00:55:16:031 2676 cured
00:55:16:187 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053439.exe infected Virus.Win32.Sality.aa ...00:55:16:187 2676 cured
00:55:16:343 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053440.exe infected Virus.Win32.Sality.aa ...00:55:16:343 2676 cured
00:55:16:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053441.exe infected Virus.Win32.Sality.aa ...00:55:16:515 2676 cured
00:55:16:671 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053442.exe infected Virus.Win32.Sality.aa ...00:55:16:671 2676 cured
00:55:16:828 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053443.exe infected Virus.Win32.Sality.aa ...00:55:16:828 2676 cured
00:55:17:015 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053444.exe infected Virus.Win32.Sality.aa ...00:55:17:015 2676 cured
00:55:17:156 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053445.exe infected Virus.Win32.Sality.aa ...00:55:17:156 2676 cured
00:55:17:312 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053446.exe infected Virus.Win32.Sality.aa ...00:55:17:312 2676 cured
00:55:17:468 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053447.exe infected Virus.Win32.Sality.aa ...00:55:17:468 2676 cured
00:55:17:640 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053448.exe infected Virus.Win32.Sality.aa ...00:55:17:640 2676 cured
00:55:17:796 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053449.exe infected Virus.Win32.Sality.aa ...00:55:17:796 2676 cured
00:55:17:937 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053450.EXE infected Virus.Win32.Sality.aa ...00:55:17:937 2676 cured
00:55:18:093 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053451.exe infected Virus.Win32.Sality.aa ...00:55:18:093 2676 cured
00:55:18:250 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053452.exe infected Virus.Win32.Sality.aa ...00:55:18:250 2676 cured
00:55:18:437 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053453.exe infected Virus.Win32.Sality.aa ...00:55:18:437 2676 cured
00:55:18:593 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053454.exe infected Virus.Win32.Sality.aa ...00:55:18:593 2676 cured
00:55:18:765 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053455.exe infected Virus.Win32.Sality.aa ...00:55:18:765 2676 cured
00:55:18:937 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053456.exe infected Virus.Win32.Sality.aa ...00:55:18:937 2676 cured
00:55:19:109 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053457.exe infected Virus.Win32.Sality.aa ...00:55:19:109 2676 cured
00:55:19:265 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053458.exe infected Virus.Win32.Sality.aa ...00:55:19:265 2676 cured
00:55:19:421 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053459.exe infected Virus.Win32.Sality.aa ...00:55:19:421 2676 cured
00:55:19:578 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053460.exe infected Virus.Win32.Sality.aa ...00:55:19:578 2676 cured
00:55:19:734 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053461.exe infected Virus.Win32.Sality.aa ...00:55:19:734 2676 cured
00:55:20:015 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053462.exe infected Virus.Win32.Sality.aa ...00:55:20:015 2676 cured
00:55:20:171 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053463.exe infected Virus.Win32.Sality.aa ...00:55:20:171 2676 cured
00:55:20:343 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053464.exe infected Virus.Win32.Sality.aa ...00:55:20:343 2676 cured
00:55:20:515 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053465.exe infected Virus.Win32.Sality.aa ...00:55:20:515 2676 cured
00:55:20:671 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053466.exe infected Virus.Win32.Sality.aa ...00:55:20:671 2676 cured
00:55:20:843 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053467.exe infected Virus.Win32.Sality.aa ...00:55:20:843 2676 cured
00:55:21:015 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053468.exe infected Virus.Win32.Sality.aa ...00:55:21:015 2676 cured
00:55:21:187 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053469.exe infected Virus.Win32.Sality.aa ...00:55:21:187 2676 cured
00:55:21:359 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053470.exe infected Virus.Win32.Sality.aa ...00:55:21:359 2676 cured
00:55:21:546 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053471.exe infected Virus.Win32.Sality.aa ...00:55:21:546 2676 cured
00:55:21:703 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053472.exe infected Virus.Win32.Sality.aa ...00:55:21:703 2676 cured
00:55:21:875 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053473.exe infected Virus.Win32.Sality.aa ...00:55:21:875 2676 cured
00:55:22:109 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053474.exe infected Virus.Win32.Sality.aa ...00:55:22:109 2676 cured
00:55:22:546 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053475.exe infected Virus.Win32.Sality.aa ...00:55:22:546 2676 cured
00:55:22:781 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053476.exe infected Virus.Win32.Sality.aa ...00:55:22:781 2676 cured
00:55:22:937 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053477.exe infected Virus.Win32.Sality.aa ...00:55:22:953 2676 cured
00:55:23:187 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053478.exe infected Virus.Win32.Sality.aa ...00:55:23:187 2676 cured
00:55:23:343 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053479.exe infected Virus.Win32.Sality.aa ...00:55:23:515 2676 cured
00:55:23:765 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053480.exe infected Virus.Win32.Sality.aa ...00:55:23:765 2676 cured
00:55:24:093 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053481.exe infected Virus.Win32.Sality.aa ...00:55:24:093 2676 cured
00:55:24:328 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053482.exe infected Virus.Win32.Sality.aa ...00:55:24:328 2676 cured
00:55:24:546 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053483.exe infected Virus.Win32.Sality.aa ...00:55:24:546 2676 cured
00:55:24:781 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053484.exe infected Virus.Win32.Sality.aa ...00:55:24:781 2676 cured
00:55:25:109 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053485.exe infected Virus.Win32.Sality.aa ...00:55:25:109 2676 cured
00:55:25:250 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053486.exe infected Virus.Win32.Sality.aa ...00:55:25:250 2676 cured
00:55:25:562 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053487.exe infected Virus.Win32.Sality.aa ...00:55:25:562 2676 cured
00:55:25:812 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053488.exe infected Virus.Win32.Sality.aa ...00:55:25:812 2676 cured
00:55:26:062 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053489.exe infected Virus.Win32.Sality.aa ...00:55:26:062 2676 cured
00:55:26:296 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053490.exe infected Virus.Win32.Sality.aa ...00:55:26:296 2676 cured
00:55:26:468 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053491.exe infected Virus.Win32.Sality.aa ...00:55:26:468 2676 cured
00:55:26:640 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053492.exe infected Virus.Win32.Sality.aa ...00:55:26:640 2676 cured
00:55:26:828 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053493.exe infected Virus.Win32.Sality.aa ...00:55:26:828 2676 cured
00:55:26:984 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053494.exe infected Virus.Win32.Sality.aa ...00:55:26:984 2676 cured
00:55:27:156 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053495.exe infected Virus.Win32.Sality.aa ...00:55:27:156 2676 cured
00:55:27:296 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053496.exe infected Virus.Win32.Sality.aa ...00:55:27:296 2676 cured
00:55:27:468 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053497.exe infected Virus.Win32.Sality.aa ...00:55:27:468 2676 cured
00:55:27:625 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053498.exe infected Virus.Win32.Sality.aa ...00:55:27:625 2676 cured
00:55:27:765 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053499.exe infected Virus.Win32.Sality.aa ...00:55:27:765 2676 cured
00:55:27:937 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053500.exe infected Virus.Win32.Sality.aa ...00:55:27:937 2676 cured
00:55:28:125 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053501.exe infected Virus.Win32.Sality.aa ...00:55:28:125 2676 cured
00:55:28:296 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053502.exe infected Virus.Win32.Sality.aa ...00:55:28:296 2676 cured
00:55:28:500 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053503.exe infected Virus.Win32.Sality.aa ...00:55:28:500 2676 cured
00:55:28:671 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053504.exe infected Virus.Win32.Sality.aa ...00:55:28:671 2676 cured
00:55:28:843 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053505.exe infected Virus.Win32.Sality.aa ...00:55:28:843 2676 cured
00:55:29:015 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053506.exe infected Virus.Win32.Sality.aa ...00:55:29:015 2676 cured
00:55:29:156 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053507.exe infected Virus.Win32.Sality.aa ...00:55:29:156 2676 cured
00:55:29:328 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053508.exe infected Virus.Win32.Sality.aa ...00:55:29:328 2676 cured
00:55:29:500 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053509.exe infected Virus.Win32.Sality.aa ...00:55:29:500 2676 cured
00:55:29:656 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053510.exe infected Virus.Win32.Sality.aa ...00:55:29:656 2676 cured
00:55:29:828 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053511.exe infected Virus.Win32.Sality.aa ...00:55:29:828 2676 cured
00:55:30:015 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053512.exe infected Virus.Win32.Sality.aa ...00:55:30:015 2676 cured
00:55:30:171 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053513.exe infected Virus.Win32.Sality.aa ...00:55:30:171 2676 cured
00:55:30:375 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053514.exe infected Virus.Win32.Sality.aa ...00:55:30:375 2676 cured
00:55:30:546 2676 D:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053515.exe infected Virus.Win32.Sality.aa ...00:55:30:546 2676 cured
00:55:33:390 2676
00:55:33:390 2692
Monitoring thread stopped
00:55:33:406 2676
completed
00:55:33:406 2676 Infected files: 692
00:55:33:406 2676 Infected processes: 1
00:55:33:406 2676 Infected threads: 27
00:55:33:406 2676 Cured files: 690
00:55:33:406 2676 Will be cured on reboot: 2
00:55:33:406 2676 Executed registry scripts: 1

2) ComboFix.txt:


ComboFix 10-10-21.06 - Synz 24/10/2010 1:18.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1252 [GMT 8:00]
Running from: c:\documents and settings\Synz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Synz\Desktop\CFScript.txt

FILE ::
"c:\docume~1\Synz\LOCALS~1\Temp\NHO20.tmp"
"c:\windows\system32\XDva359.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AIC32P
-------\Legacy_GARENAPENGINE
-------\Legacy_XDVA359
-------\Service_XDva359


((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.

2010-10-22 13:50 . 2010-10-22 15:14 -------- d-----w- c:\documents and settings\Synz\DoctorWeb
2010-10-22 12:41 . 2010-10-22 14:37 -------- d-----w- c:\program files\VS Revo Group
2010-10-22 11:18 . 2010-09-13 00:46 164688 ----a-w- C:\SK.com
2010-10-18 07:10 . 2010-10-18 07:10 -------- d-----w- c:\program files\ERUNT
2010-10-14 16:59 . 2010-10-14 16:59 -------- d-----w- c:\documents and settings\Synz\Local Settings\Application Data\Help
2010-10-11 15:52 . 2010-10-11 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\xOcean
2010-10-08 17:01 . 2010-10-08 17:01 -------- d-----w- c:\windows\Sun
2010-10-08 16:40 . 2010-10-08 16:40 -------- d-----w- c:\program files\Common Files\Java
2010-10-08 16:40 . 2010-10-08 16:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-08 16:40 . 2010-10-08 16:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-08 16:40 . 2010-10-08 16:40 -------- d-----w- c:\program files\Java
2010-10-08 06:15 . 2010-10-08 06:15 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-10-03 19:11 . 2010-10-21 06:17 -------- d-----w- c:\documents and settings\Synz\Application Data\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 10:41 . 2006-10-26 05:45 293376 ----a-w- c:\windows\system32\WISPTIS.EXE
2010-10-21 10:40 . 2003-06-13 09:23 50176 ----a-w- c:\windows\apppatch\AppLoc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files\Ask.com\GenericAskToolbar.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
c:\program files\PHPNukeEN\tbPHP1.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [BU]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [BU]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-23 146944]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [BU]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Garena\\Garena.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Synz\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Synz\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"d:\\games\\Warcraft III 1.21B\\war3.exe"=
"c:\\Garena\\Garena\\Garena.exe"=
"c:\\GM Simple\\DATA\\DLL\\WarKey.dll"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Documents and Settings\\Synz\\Local Settings\\Application Data\\Google\\Update\\1.2.183.39\\GoogleCrashHandler.exe"=

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [7/1/2010 8:28 PM 33824]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\garena2\Garena\plugins\UI\safedrv.sys --> d:\garena2\Garena\plugins\UI\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-117609710-682003330-1003Core.job
- c:\documents and settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-21 16:22]

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-117609710-682003330-1003UA.job
- c:\documents and settings\Synz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-21 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1464)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-24 01:22:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-23 17:22
ComboFix2.txt 2010-10-22 13:43

Pre-Run: 1,109,741,568 bytes free
Post-Run: 1,236,099,072 bytes free

- - End Of File - - DD8AEECC7D1CCD9DA2D7A6BADD07C8D8

3) MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4927

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

24/10/2010 01:30:48
mbam-log-2010-10-24 (01-30-48).txt

Scan type: Quick scan
Objects scanned: 130446
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Mudz, 23 October 2010 - 11:39 AM.

[azarl]

OK, it's still there, we'll try a different approach

» Step 1 Run SalityKiller «
On the infected machine:

• Click Start > Run
• Type in: c:\SK.com -a -j -k -l c:\SKLog.txt and press enter
• A black screen will appear as the scan starts
• Once complete, Press any key to continue.
• Locate SKreport.log, in C:\. Please post the contents of SKreport.log on your next reply after you've run the remaining steps.

Do not reboot!

» Step 2 Run Dr Web «

• Doubleclick DrWeb.com, click on Start and allow it to run the express scan
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan
• Once the short scan has finished, choose the Complete Scan
• Select all drives. A red dot shows which drives have been chosen
• Click the green arrow at the right, and the scan will start
• Click Yes to all if it asks if you want to cure/move the file
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv. Open it, copy the contents and post it on your next reply. If you can't open it, rename it to Drweb.txt
• If asked to reboot, please do so. This will allow DrWebCureIT! to move/delete files that were in use

» Step 3 Kaspersky Online Scanner «
Please do an online scan with Kaspersky WebScanner
Running Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Diallers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

.
»Finally... «
Run SalityKiller a final time, this time run:
c:\SK.com -a -j -k -l c:\SKLog2.txt


Please let me know how you got in in your next reply and post all the logs

• SalityKiller log - SKLog.log
• Combofix log - Combofix.txt
• 2nd SalityKiller log - SKLog2.log
• Kaspersky Webscan log

[Mudz]

Sorry but which one should i run in step 2? DrWeb or Combofix? Am wondering since you requested combofix log at the end of your post instead of DrWeb log. I have all other logs except for combofix log, so if you need me to post combofix log, do tell me in your next reply. Here are the logs:

1) SKLog.log:

01:27:13:828 4092 scanning threads ...
01:27:18:609 4092
01:27:18:609 4092 scanning processes ...
01:27:18:765 4092
01:27:18:781 4092 removing autorun.inf files ...
01:27:18:781 4092
01:27:18:781 4092 Disabling autorun on all drive types
01:27:18:781 0396
Monitoring thread started
01:27:18:937 4092
01:27:18:937 4092 restoring SafeBoot registry node
01:27:18:937 4092 Restoring safe/network boot registry branches for windows XP
01:27:19:375 4092
01:27:19:421 4092 fixing registry ...
01:27:19:421 4092 SalityRegCure: Restoring general registry keys
01:27:19:453 4092 SalityRegCure: Fixing system.ini
01:27:19:484 4092
01:27:19:546 4092 scanning drives ...
01:27:19:578 4092 scanning C:\ ...
01:30:15:531 4092 C:\System Volume Information\_restore{95724F8A-B5AC-445D-A5D3-1B38DA1009C7}\RP106\A0053517.exe infected Virus.Win32.Sality.aa ...01:30:15:531 4092 cured
01:32:57:750 4092 scanning D:\ ...
02:17:20:296 4092
02:17:20:328 0396
Monitoring thread stopped
02:17:20:328 4092
completed
02:17:20:328 4092 Infected files: 1
02:17:20:328 4092 Infected processes: 0
02:17:20:328 4092 Infected threads: 0
02:17:20:328 4092 Cured files: 1
02:17:20:328 4092 Will be cured on reboot: 0
02:17:20:328 4092 Executed registry scripts: 1

2) DrWeb.csv:

warkey.dll;c:\gm simple\data\dll;Probably BACKDOOR.Trojan;Incurable.Deleted.;
biosagentplus_40.exe;D:\C drive\document and settings\Synz\MY Document\Downloads;Probably BACKDOOR.Trojan;Moved.;
XTrapVa.dll;D:\Downloaded Files from Firefox\Chronicle_Client_v1107\XTrap;Probably DLOADER.Trojan;Moved.;
HideToolz.exe;D:\Downloaded Files from Firefox\HideToolz;Tool.HideApp.32;Moved.;
WarKey.dll;D:\dragon\Downloads\GarenaMaster (1)\DATA\DLL;Probably BACKDOOR.Trojan;Moved.;
WarKey.dll;D:\dragon\Downloads\GarenaMaster (6)\DATA\DLL;Probably BACKDOOR.Trojan;Moved.;
ComboFix.exe\32788R22FWJFW\Create.cmd;C:\Documents and Settings\Synz\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe;C:\Documents and Settings\Synz\Desktop;Archive contains infected objects;;
WarKey.dll;C:\GM Simple\DATA\DLL;Probably BACKDOOR.Trojan;Moved.;

3) Kaspersky Webscan log:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 25, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 25, 2010 04:10:41
Records in database: 4174441
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 288223
Threats found: 10
Infected objects found: 39
Suspicious objects found: 0
Scan duration: 04:44:16


File name / Threat / Threats count
C:\Documents and Settings\Synz\DoctorWeb\Quarantine\Firefox Setup 3.6.0.exe Infected: Trojan-Downloader.Win32.Banload.avkg 1
C:\Documents and Settings\Synz\DoctorWeb\Quarantine\Firefox Setup 3.6.3.exe Infected: Trojan-Downloader.Win32.Banload.avkg 1
C:\Documents and Settings\Synz\DoctorWeb\Quarantine\HideToolz.exe Infected: not-a-virus:RiskTool.Win32.HideProc.q 1
C:\Documents and Settings\Synz\My Documents\Downloads\GarenaMaster.rar Infected: Net-Worm.Win32.Kolabc.irf 1
C:\Documents and Settings\Synz\My Documents\Downloads\GarenaMaster.rar Infected: not-a-virus:FraudTool.Win32.Agent.atf 1
C:\GM Simple\DATA\DLL\GarenaPatcher.dll Infected: Trojan.Win32.Buzus.fwwv 1
C:\Qoobox\Quarantine\D\AutoRun.inf.vir Infected: Worm.Win32.AutoRun.gxh 1
D:\C drive\Downloads\GarenaMaster (1).rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\C drive\Downloads\GarenaMaster (1).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\C drive\Downloads\GarenaMaster (4).rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\C drive\Downloads\GarenaMaster (4).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\C drive\Downloads\GarenaMaster (5).rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\C drive\Downloads\GarenaMaster (5).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\C drive\Downloads\GarenaMaster (6).rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\C drive\Downloads\GarenaMaster (6).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\C drive\Downloads\GarenaMaster.rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\C drive\Downloads\GarenaMaster.rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\Downloaded Files from Firefox\HideToolz.zip Infected: not-a-virus:RiskTool.Win32.HideProc.q 1
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\setup.exe Infected: Trojan-Downloader.Win32.Agent.dsif 1
D:\Downloaded Files from Firefox\Themida_and_WinLicense_2.0.1.0___Unpacking_.rar Infected: Trojan-Dropper.Win32.Agent.cxix 1
D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\cqccyh01updater.exe Infected: Constructor.Win32.Agent.qa 1
D:\dragon\Downloads\GarenaMaster (1)\DATA\DLL\ManaBars.dll Infected: Net-Worm.Win32.Kolabc.irf 1
D:\dragon\Downloads\GarenaMaster (1).rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\dragon\Downloads\GarenaMaster (1).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\dragon\Downloads\GarenaMaster (4).rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\dragon\Downloads\GarenaMaster (4).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\dragon\Downloads\GarenaMaster (5).rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\dragon\Downloads\GarenaMaster (5).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\dragon\Downloads\GarenaMaster (6)\DATA\DLL\ManaBars.dll Infected: Net-Worm.Win32.Kolabc.irf 1
D:\dragon\Downloads\GarenaMaster (6).rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\dragon\Downloads\GarenaMaster (6).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\dragon\Downloads\GarenaMaster.rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\dragon\Downloads\GarenaMaster.rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\Garena\blackshot\GM (1).rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\Garena\blackshot\GM.rar Infected: Net-Worm.Win32.Kolabc.irf 1
D:\garenaz\DATA\DLL\ManaBars.dll Infected: Net-Worm.Win32.Kolabc.irf 1
D:\GarenaM4ST3R-v26L.rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\GarenaM4ST3R-v27b.rar Infected: Trojan-PSW.Win32.Mifeng.fw 1
D:\GarenaM4ST3R-v27b.rar Infected: Net-Worm.Win32.Kolabc.irf 1

Selected area has been scanned.

4) SKLog2.log:

23:32:19:531 1520 scanning threads ...
23:32:24:500 1520
23:32:24:500 1520 scanning processes ...
23:32:24:812 1520
23:32:24:812 1520 removing autorun.inf files ...
23:32:24:843 1520
23:32:24:843 1520 Disabling autorun on all drive types
23:32:24:843 1520
23:32:24:843 1520 restoring SafeBoot registry node
23:32:24:843 1520 Restoring safe/network boot registry branches for windows XP
23:32:24:843 2344
Monitoring thread started
23:32:24:859 1520
23:32:24:859 1520 fixing registry ...
23:32:24:937 1520 SalityRegCure: Restoring general registry keys
23:32:24:937 1520 SalityRegCure: Fixing system.ini
23:32:24:937 1520
23:32:24:937 1520 scanning drives ...
23:32:24:937 1520 scanning C:\ ...
23:38:07:640 1520 scanning D:\ ...
00:13:32:171 1520
00:13:32:203 2344
Monitoring thread stopped
00:13:32:203 1520
completed
00:13:32:203 1520 Infected files: 0
00:13:32:203 1520 Infected processes: 0
00:13:32:203 1520 Infected threads: 0
00:13:32:203 1520 Cured files: 0
00:13:32:203 1520 Will be cured on reboot: 0
00:13:32:203 1520 Executed registry scripts: 1

Last but not least, thank you very much!

Edited by Mudz, 25 October 2010 - 10:21 AM.

[azarl]

Much better

» Step 1 «
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\Documents and Settings\Synz\My Documents\Downloads\GarenaMaster.rar
  C:\GM Simple\DATA\DLL\GarenaPatcher.dll
  C:\Qoobox\
  D:\C drive\Downloads\GarenaMaster (1).rar
  D:\C drive\Downloads\GarenaMaster (4).rar
  D:\C drive\Downloads\GarenaMaster (5).rar
  D:\C drive\Downloads\GarenaMaster (6).rar
  D:\C drive\Downloads\GarenaMaster.rar
  D:\Downloaded Files from Firefox\HideToolz.zip
  D:\Downloaded Files from Firefox\sortware\Office Ent 2007\setup.exe
  D:\Downloaded Files from Firefox\Themida_and_WinLicense_2.0.1.0___Unpacking_.rar
  D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\cqccyh01updater.exe
  D:\dragon\Downloads\GarenaMaster (1)\DATA\DLL\ManaBars.dll
  D:\dragon\Downloads\GarenaMaster (1).rar
  D:\dragon\Downloads\GarenaMaster (4).rar
  D:\dragon\Downloads\GarenaMaster (5).rar
  D:\dragon\Downloads\GarenaMaster (6)\DATA\DLL\ManaBars.dll
  D:\dragon\Downloads\GarenaMaster (6).rar
  D:\dragon\Downloads\GarenaMaster.rar
  D:\dragon\Downloads\GarenaMaster.rar
  D:\Garena\blackshot\GM (1).rar
  D:\Garena\blackshot\GM.rar
  D:\garenaz\DATA\DLL\ManaBars.dll
  D:\GarenaM4ST3R-v26L.rar
  D:\GarenaM4ST3R-v27b.rar
  D:\GarenaM4ST3R-v27b.rar
  
  :Commands
  [purity]
  [emptytemp]
  
  [Reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

» Step 2 «

Run OTL again...

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• Please post this log too

[Mudz]

1) OTL.Txt:


All processes killed
========== FILES ==========
C:\Documents and Settings\Synz\My Documents\Downloads\GarenaMaster.rar moved successfully.
C:\GM Simple\DATA\DLL\GarenaPatcher.dll moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\D folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\AppPatch\Custom folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\AppPatch folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Synz\Application Data folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Synz folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
D:\C drive\Downloads\GarenaMaster (1).rar moved successfully.
D:\C drive\Downloads\GarenaMaster (4).rar moved successfully.
D:\C drive\Downloads\GarenaMaster (5).rar moved successfully.
D:\C drive\Downloads\GarenaMaster (6).rar moved successfully.
D:\C drive\Downloads\GarenaMaster.rar moved successfully.
D:\Downloaded Files from Firefox\HideToolz.zip moved successfully.
D:\Downloaded Files from Firefox\sortware\Office Ent 2007\setup.exe moved successfully.
D:\Downloaded Files from Firefox\Themida_and_WinLicense_2.0.1.0___Unpacking_.rar moved successfully.
D:\dragon\Downloads\GarenaHack_TDT_13-05-10-2\cqccyh01updater.exe moved successfully.
D:\dragon\Downloads\GarenaMaster (1)\DATA\DLL\ManaBars.dll moved successfully.
D:\dragon\Downloads\GarenaMaster (1).rar moved successfully.
D:\dragon\Downloads\GarenaMaster (4).rar moved successfully.
D:\dragon\Downloads\GarenaMaster (5).rar moved successfully.
D:\dragon\Downloads\GarenaMaster (6)\DATA\DLL\ManaBars.dll moved successfully.
D:\dragon\Downloads\GarenaMaster (6).rar moved successfully.
D:\dragon\Downloads\GarenaMaster.rar moved successfully.
File\Folder D:\dragon\Downloads\GarenaMaster.rar not found.
D:\Garena\blackshot\GM (1).rar moved successfully.
D:\Garena\blackshot\GM.rar moved successfully.
D:\garenaz\DATA\DLL\ManaBars.dll moved successfully.
D:\GarenaM4ST3R-v26L.rar moved successfully.
D:\GarenaM4ST3R-v27b.rar moved successfully.
File\Folder D:\GarenaM4ST3R-v27b.rar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Synz
->Temp folder emptied: 110288395 bytes
->Temporary Internet Files folder emptied: 61734066 bytes
->Java cache emptied: 16610655 bytes
->Google Chrome cache emptied: 151792739 bytes
->Flash cache emptied: 75099 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 327.00 mb


OTL by OldTimer - Version 3.2.15.2 log created on 10262010_123501

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2) OTL2.Txt:

OTL logfile created on: 26/10/2010 12:43:10 - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Synz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 82.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 1.42 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
Drive D: | 66.55 Gb Total Space | 4.05 Gb Free Space | 6.09% Space Free | Partition Type: NTFS
Drive F: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ADDICTEDZ | User Name: Synz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Synz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Synz\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (ssmdrv) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File not found
DRV - (GGSAFERDriver) -- D:\Garena2\Garena\plugins\UI\safedrv.sys File not found
DRV - (GarenaPEngine) -- C:\DOCUME~1\Synz\LOCALS~1\Temp\JYF2E9.tmp File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Synz\LOCALS~1\Temp\catchme.sys File not found
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2086743
IE - HKCU\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook


O1 HOSTS File: ([2010/10/24 01:21:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\tbPHP1.dll File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found
O4 - HKLM..\Run: [SoundMan] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe File not found
O4 - Startup: C:\Documents and Settings\Synz\Start Menu\Programs\Startup\PPS.lnk = C:\Program Files\PPStream\PPStream.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe File not found
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler\Fiddler.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Synz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Synz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/05/26 09:04:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/12 16:27:00 | 000,000,029 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/08/12 16:29:00 | 005,593,618 | R--- | M] () - F:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - Service
SafeBootNet: nm.sys - Driver
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/26 12:35:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/26 12:35:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/24 01:22:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/24 01:17:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/22 22:38:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/10/22 22:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/10/22 21:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\DoctorWeb
[2010/10/22 21:15:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/22 21:14:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/22 21:14:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/22 21:14:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/22 21:14:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/22 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/10/22 19:18:48 | 000,164,688 | ---- | C] (Kaspersky Lab ZAO) -- C:\SK.com
[2010/10/18 16:04:55 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Synz\Desktop\OTL.exe
[2010/10/18 15:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/10/18 15:17:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/18 15:10:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/18 15:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/15 00:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Local Settings\Application Data\Help
[2010/10/15 00:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Application Data\Help
[2010/10/11 23:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2010/10/09 01:01:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/09 00:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/09 00:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/09 00:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/09 00:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Application Data\Sun
[2010/10/08 14:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/10/04 03:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Application Data\BitTorrent
[2010/09/11 14:55:18 | 000,000,000 | ---D | C] -- C:\GM Simple
[2010/09/09 00:50:12 | 000,000,000 | ---D | C] -- C:\Garena
[2010/09/08 16:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/09/06 23:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/09/06 23:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/08/23 04:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Synz\Desktop\Final Assignment

========== Files - Modified Within 90 Days ==========

[2010/10/26 12:42:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/26 12:42:25 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/26 12:39:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-117609710-682003330-1003UA.job
[2010/10/26 12:20:19 | 007,860,739 | ---- | M] () -- C:\GM Simple.rar
[2010/10/26 12:10:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/25 15:16:39 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\DrWeb.csv
[2010/10/25 14:39:05 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-117609710-682003330-1003Core.job
[2010/10/24 01:21:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/24 00:21:58 | 003,883,317 | R--- | M] () -- C:\Documents and Settings\Synz\Desktop\ComboFix.exe
[2010/10/22 21:15:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/22 20:36:04 | 000,001,116 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\eBay.lnk
[2010/10/22 20:36:04 | 000,001,116 | ---- | M] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2010/10/22 20:22:31 | 000,000,410 | ---- | M] () -- C:\Documents and Settings\Synz\Shortcut to Program Files.lnk
[2010/10/22 19:09:22 | 051,062,072 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\DrW.com
[2010/10/21 22:41:08 | 000,001,440 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_21.10.2010_13-19drv.spi
[2010/10/21 18:38:34 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Synz\Desktop\OTL.exe
[2010/10/21 18:12:21 | 000,000,162 | -H-- | M] () -- C:\~$cument.rtf
[2010/10/21 17:55:30 | 000,000,402 | ---- | M] () -- C:\Document.rtf
[2010/10/21 14:37:26 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\Google Chrome.lnk
[2010/10/21 14:37:26 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/18 15:10:21 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\NTREGOPT.lnk
[2010/10/18 15:10:21 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\ERUNT.lnk
[2010/10/18 13:13:53 | 000,001,913 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2010/10/18 13:13:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\PCDNSetting.ini
[2010/10/18 13:11:58 | 000,001,287 | ---- | M] () -- C:\WINDOWS\powerlist.ini
[2010/10/18 13:11:56 | 000,001,252 | ---- | M] () -- C:\WINDOWS\powerplayer.ini
[2010/10/18 13:11:51 | 000,000,060 | ---- | M] () -- C:\WINDOWS\MediaList.ini
[2010/10/05 21:02:31 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\Garena.lnk
[2010/10/04 03:11:52 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/10/04 03:11:52 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/09/22 06:45:05 | 000,022,483 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\Executive.docx
[2010/09/19 21:23:12 | 000,125,826 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\cute-wallpaper-forever-friends-003.jpg
[2010/09/19 21:22:44 | 000,224,345 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\easter_wallpaper_61.jpg
[2010/09/13 08:46:16 | 000,164,688 | ---- | M] (Kaspersky Lab ZAO) -- C:\SK.com
[2010/09/09 00:00:52 | 003,932,214 | ---- | M] () -- C:\fwefwef.bmp
[2010/08/24 00:16:21 | 000,010,572 | ---- | M] () -- C:\Documents and Settings\Synz\Desktop\conquering fear.docx
[2010/07/30 23:00:56 | 000,012,700 | ---- | M] () -- C:\grudge.jpg
[2010/07/30 22:41:29 | 000,012,814 | ---- | M] () -- C:\lolz.jpg
[2010/07/30 22:40:27 | 000,019,538 | ---- | M] () -- C:\ggz.jpg
[2010/07/30 03:25:49 | 003,932,214 | ---- | M] () -- C:\gg.bmp
[2010/07/28 21:23:49 | 003,932,214 | ---- | M] () -- C:\haha.bmp

========== Files Created - No Company Name ==========

[2010/10/26 12:20:08 | 007,860,739 | ---- | C] () -- C:\GM Simple.rar
[2010/10/23 11:18:27 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\DrWeb.csv
[2010/10/22 21:35:09 | 003,883,317 | R--- | C] () -- C:\Documents and Settings\Synz\Desktop\ComboFix.exe
[2010/10/22 21:15:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/22 21:15:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/22 21:14:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/22 21:14:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/22 21:14:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/22 21:14:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/22 21:14:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/22 20:36:04 | 000,001,116 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\eBay.lnk
[2010/10/22 20:36:04 | 000,001,116 | ---- | C] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2010/10/22 20:22:31 | 000,000,410 | ---- | C] () -- C:\Documents and Settings\Synz\Shortcut to Program Files.lnk
[2010/10/22 19:19:05 | 051,062,072 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\DrW.com
[2010/10/21 22:34:35 | 000,001,440 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_21.10.2010_13-19drv.spi
[2010/10/21 18:12:21 | 000,000,162 | -H-- | C] () -- C:\~$cument.rtf
[2010/10/21 17:55:30 | 000,000,402 | ---- | C] () -- C:\Document.rtf
[2010/10/18 15:10:21 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\NTREGOPT.lnk
[2010/10/18 15:10:21 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\ERUNT.lnk
[2010/10/04 03:11:52 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/10/04 03:11:52 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/09/19 21:23:12 | 000,125,826 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\cute-wallpaper-forever-friends-003.jpg
[2010/09/19 21:22:44 | 000,224,345 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\easter_wallpaper_61.jpg
[2010/09/11 19:07:03 | 000,022,483 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\Executive.docx
[2010/09/09 00:00:52 | 003,932,214 | ---- | C] () -- C:\fwefwef.bmp
[2010/08/24 00:03:04 | 000,010,572 | ---- | C] () -- C:\Documents and Settings\Synz\Desktop\conquering fear.docx
[2010/08/21 00:40:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\PCDNSetting.ini
[2010/07/30 23:00:56 | 000,012,700 | ---- | C] () -- C:\grudge.jpg
[2010/07/30 22:41:28 | 000,012,814 | ---- | C] () -- C:\lolz.jpg
[2010/07/30 22:40:27 | 000,019,538 | ---- | C] () -- C:\ggz.jpg
[2010/07/30 03:25:49 | 003,932,214 | ---- | C] () -- C:\gg.bmp
[2010/07/28 21:23:49 | 003,932,214 | ---- | C] () -- C:\haha.bmp
[2010/07/23 23:17:54 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MediaList.ini
[2010/07/23 23:12:16 | 000,001,287 | ---- | C] () -- C:\WINDOWS\powerlist.ini
[2010/07/23 23:12:16 | 000,001,252 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2010/07/23 23:12:15 | 000,001,913 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2010/07/01 20:28:42 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010/05/26 12:20:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/26 11:49:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2010/05/26 11:48:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/05/26 11:48:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

========== LOP Check ==========

[2010/05/29 04:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/10/11 23:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2010/10/21 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Synz\Application Data\BitTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/26 09:04:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/26 05:47:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/10/22 21:15:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/24 01:22:31 | 000,007,671 | ---- | M] () -- C:\ComboFix.txt
[2010/05/26 09:04:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/21 17:55:30 | 000,000,402 | ---- | M] () -- C:\Document.rtf
[2010/09/09 00:00:52 | 003,932,214 | ---- | M] () -- C:\fwefwef.bmp
[2010/07/30 03:25:49 | 003,932,214 | ---- | M] () -- C:\gg.bmp
[2010/07/30 22:40:27 | 000,019,538 | ---- | M] () -- C:\ggz.jpg
[2010/10/26 12:20:19 | 007,860,739 | ---- | M] () -- C:\GM Simple.rar
[2010/07/30 23:00:56 | 000,012,700 | ---- | M] () -- C:\grudge.jpg
[2010/07/28 21:23:49 | 003,932,214 | ---- | M] () -- C:\haha.bmp
[2010/10/26 12:42:25 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/17 21:21:51 | 000,325,574 | ---- | M] () -- C:\hotel.bmp
[2010/05/26 09:04:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/30 22:41:29 | 000,012,814 | ---- | M] () -- C:\lolz.jpg
[2010/05/26 09:04:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 20:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/26 12:42:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/09/13 08:46:16 | 000,164,688 | ---- | M] (Kaspersky Lab ZAO) -- C:\SK.com
[2010/10/25 02:17:20 | 000,002,554 | ---- | M] () -- C:\SKLog.txt
[2010/10/26 00:13:32 | 000,002,210 | ---- | M] () -- C:\SKLog2.txt
[2010/10/21 18:12:21 | 000,000,162 | -H-- | M] () -- C:\~$cument.rtf

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/05/26 09:04:23 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/05/26 12:18:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/26 12:18:34 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/26 12:18:34 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/05/26 09:05:00 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/26 11:45:06 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/05/26 11:45:05 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Synz\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/24 00:21:58 | 003,883,317 | R--- | M] () -- C:\Documents and Settings\Synz\Desktop\ComboFix.exe
[2010/10/21 18:38:34 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Synz\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/26 11:45:05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Synz\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/26 12:42:33 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Synz\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >
[2010/10/21 18:40:35 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AppLoc.exe

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 20:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/07/16 22:45:24 | 000,348,715 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/26 12:41:48 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Synz\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2010/05/26 11:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/05/26 11:48:47 | 000,000,000 | ---D | M] -- C:\Program Files\AvRack
[2010/10/24 01:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/05/26 09:01:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/10/18 15:10:25 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2010/05/26 11:48:38 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/21 16:54:33 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/09 00:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/24 01:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 09:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/05/26 09:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/06/14 19:20:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/14 19:20:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/06/14 19:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/10/21 17:06:58 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/14 19:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/05/26 09:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/05/26 09:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/10/21 17:09:37 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/26 09:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/10/21 17:10:11 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/05/26 11:48:47 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager
[2010/05/26 11:44:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/06/21 23:22:39 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/10/22 22:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2010/10/22 22:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/10/21 14:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/05/26 09:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/05/26 09:03:19 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/05/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/05/26 09:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2008/04/14 20:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

< %AppData%\Adobe\crtmswin91\*.* >

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2008/04/14 20:00:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >