Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xesvqd.pif Causing processes to have Insane CPU usage


  • This topic is locked This topic is locked
18 replies to this topic

#1 MetalmanIX

MetalmanIX

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 19 March 2014 - 02:11 PM

So when i start up my Laptop and hit the Resource monitor I see that various processes(one each time) eat up 12-13% of my CPU with no reason at all.  My cpu is an i7 2630QM  Its definitely a problem because when I end the problematic process, another process goes to 12-13% almost instantly.  It could start with Skype, then go to Firefox jump on to Chrome and then to Auto cad.  It keeps hooking up to processes endlessly no matter how many of them I close.  It drives my fan crazy and makes it work at full speed even when the machine is idle. 

 

Thing is that whatever drive I hook up gets instantly infected too.  I put a lot of things on a USB drive and go to copy centers to print them and people there always tell me my USB stick is infected and give me weird looks all the time.

 

I used Malware Bytes removal tool and always finds these 5 threads:malware.png

I remove the threads, reboot as instructed but when I scan again they are still there.

I also have an 1.5TB portable HDD hooked up which is probably infected too.

 

So here is my DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.51.2
Run by Metalman at 20:51:53 on 2014-03-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8170.3343 [GMT 2:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Program Files (x86)\Sweex\UWD\VMonitor.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files (x86)\S-Bar\S-Bar.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
C:\Users\Metalman\AppData\Local\Temp\wincbgk.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\perfmon.exe
C:\Windows\system32\taskhost.exe
C:\Users\Metalman\AppData\Local\Temp\winyhxflv.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.204\deploy\LoLLauncher.exe
C:\Program Files (x86)\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.77\deploy\LolClient.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\mspaint.exe
C:\Users\Metalman\AppData\Local\Temp\winxwweya.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Facebook Update] "C:\Users\Metalman\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Metalman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
StartupFolder: C:\Users\Metalman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\Users\Metalman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TRIVIA~1.LNK - C:\Users\Metalman\AppData\Local\Temp\{B7893201-FB3B-4E25-9D00-C57EB5676C59}\{4E61888C-3D42-4691-AD25-E9AF648EAB63}\ATR1.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SWEEXS~1.LNK - C:\Program Files (x86)\Sweex\UWD\VMonitor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{959DD255-B984-48DD-992C-59EC89014CE1} : DHCPNameServer = 192.168.10.254
TCP: Interfaces\{C1256BCC-DB35-4DEB-99E9-03EEF4E40E03} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C1256BCC-DB35-4DEB-99E9-03EEF4E40E03}\34954514833473135314 : DHCPNameServer = 192.168.10.254
TCP: Interfaces\{C1256BCC-DB35-4DEB-99E9-03EEF4E40E03}\759664960235079727F637 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E706686F-28A7-40CA-A950-1750B5D88F4E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E706686F-28A7-40CA-A950-1750B5D88F4E}\349545140254642423 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E706686F-28A7-40CA-A950-1750B5D88F4E}\B44554C40214348414941435024533 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-Run: [fspuip] C:\Program Files (x86)\FSP\fspuip.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Metalman\AppData\Roaming\Mozilla\Firefox\Profiles\gpibsssz.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Metalman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-9-30 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-9-30 28216]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-30 14904]
R2 iocbios2;iocbios2;C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2013-7-23 26328]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-10 418376]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2012-12-3 160768]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-4 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-15 16941856]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-6 5341536]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [2013-9-4 18384]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2013-7-7 44032]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-1-23 27608]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-10 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-2-19 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-5-21 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-5-21 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-10 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2014-1-21 31744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2014-1-21 29184]
S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;C:\Windows\System32\drivers\lgandnetdiag264.sys [2014-1-21 29696]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2014-1-21 36352]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-2 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2013-9-27 307304]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2010-1-7 448512]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-7-2 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-2 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\System32\drivers\vmuvc.sys [2013-12-3 202112]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\System32\drivers\vvftUVC.sys [2013-12-3 303616]
.
=============== File Associations ===============
.
.pif: <filetype is not registered>
.
=============== Created Last 30 ================
.
2014-03-19 08:47:18	103140	----a-w-	C:\xesvqd.pif
2014-03-12 18:01:31	--------	d-----w-	C:\Windows\SysWow64\xlive
2014-03-12 18:01:31	--------	d-----w-	C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-12 17:58:15	--------	d-----w-	C:\Program Files (x86)\Capcom
2014-03-03 13:02:36	--------	d-----w-	C:\Users\Metalman\AppData\Local\G4ME-hack
2014-02-26 18:42:20	--------	d-----w-	C:\Users\Metalman\AppData\Local\Skype
2014-02-26 18:42:14	--------	d-----r-	C:\Program Files (x86)\Skype
2014-02-23 08:40:08	--------	d-----w-	C:\Users\Metalman\AppData\Local\EMU
2014-02-23 08:37:03	--------	d-----w-	C:\Program Files (x86)\Brothers - A Tale of Two Sons
2014-02-20 22:19:31	--------	d-----w-	C:\Users\Metalman\AppData\Local\Sublight
2014-02-20 22:19:29	--------	d-----w-	C:\Program Files\Sublight
2014-02-19 19:24:21	39200	----a-w-	C:\Windows\System32\drivers\nvvad64v.sys
2014-02-19 19:24:21	33056	----a-w-	C:\Windows\SysWow64\nvaudcap32v.dll
2014-02-19 18:38:38	--------	d-----w-	C:\Program Files (x86)\mIRC
2014-02-19 18:05:50	31520	----a-w-	C:\Windows\System32\nvhdap64.dll
2014-02-19 18:05:50	197408	----a-w-	C:\Windows\System32\drivers\nvhda64v.sys
2014-02-19 18:05:50	1515296	----a-w-	C:\Windows\System32\nvhdagenco6420103.dll
2014-02-19 18:05:49	1885472	----a-w-	C:\Windows\System32\nvdispco6433489.dll
2014-02-19 18:05:49	1515296	----a-w-	C:\Windows\System32\nvdispgenco6433489.dll
.
==================== Find3M  ====================
.
2014-03-12 18:38:17	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 18:38:17	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 13:06:00	6714312	----a-w-	C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00	3497816	----a-w-	C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58	922968	----a-w-	C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58	64968	----a-w-	C:\Windows\System32\nvshext.dll
2014-03-04 13:05:58	2558808	----a-w-	C:\Windows\System32\nvsvcr.dll
2014-03-04 13:05:57	386336	----a-w-	C:\Windows\System32\nvmctray.dll
2014-02-05 09:31:00	1048152	----a-w-	C:\Windows\SysWow64\nvspcap.dll
2014-02-05 09:30:41	1179576	----a-w-	C:\Windows\System32\nvspcap64.dll
2014-01-06 19:49:51	214392	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2014-01-06 19:20:10	214392	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-27 18:42:16	35104	----a-w-	C:\Windows\System32\nvaudcap64v.dll
.
============= FINISH: 20:52:02.85 ===============

Is there any other option besides formatting here? And if I format and hook up one of my usb drives again wont it get infected again instantly?

 

-Thanks in advance!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 19 March 2014 - 03:41 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

No Antivirus Program installed!

I don't see an Anti Virus Program running on your machine.

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are
Avast!
or
Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 MetalmanIX

MetalmanIX
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 19 March 2014 - 04:05 PM

Hello and thank you for the fast reply.

I have read and understood all your points perfectly.

 

Let me not here firstly that I am aware of potential risks of P2P software but as a PC  user for almost 15 years I can assure you that any P2P filesharing I do is 100% secure from 100% trusted sources.  I  never download anything without being sure.

 

Secondly as you correctly noticed I don't have an Antivirus software for the single reason that they are incredibly annoying and cause all sorts of issues with fault alarms and connections issues. 

 

The source of the virus is almost 100% known to me.  Many colleagues have reported that PCs in my unis computer lab are massively infected and I have transferred those infections with my usb stick on my pc.

 

Again, thank you for the advice.

 

I have just installed Avast in the mean time.

 

Running TDSS-Killer gives me 0 threats.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 20 March 2014 - 03:11 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 MetalmanIX

MetalmanIX
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 20 March 2014 - 10:30 AM

ComboFix 14-03-19.01 - Metalman 20-Mar-14  17:22:16.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8170.6229 [GMT 2:00]
Running from: c:\users\Metalman\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\nvlmtn.pif
c:\programdata\1386691227.bdinstall.bin
c:\programdata\1386691486.bdinstall.bin
c:\programdata\Roaming
E:\kqgwv.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-20 to 2014-03-20  )))))))))))))))))))))))))))))))
.
.
2014-03-20 15:26 . 2014-03-20 15:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-19 21:05 . 2014-03-20 15:18    --------    d-----w-    c:\programdata\AVAST Software
2014-03-12 18:01 . 2014-03-12 18:01    --------    d-----w-    c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-03-12 18:01 . 2014-03-12 18:01    --------    d-----w-    c:\windows\SysWow64\xlive
2014-03-12 17:58 . 2014-03-12 17:58    --------    d-----w-    c:\program files (x86)\Capcom
2014-03-03 13:02 . 2014-03-03 13:02    --------    d-----w-    c:\users\Metalman\AppData\Local\G4ME-hack
2014-02-26 18:42 . 2014-02-26 18:42    --------    d-----w-    c:\users\Metalman\AppData\Local\Skype
2014-02-26 18:42 . 2014-02-26 18:42    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-02-26 18:42 . 2014-02-26 18:42    --------    d-----r-    c:\program files (x86)\Skype
2014-02-23 08:40 . 2014-02-23 08:40    --------    d-----w-    c:\users\Metalman\AppData\Local\EMU
2014-02-23 08:37 . 2014-02-23 08:37    --------    d-----w-    c:\program files (x86)\Brothers - A Tale of Two Sons
2014-02-20 22:19 . 2014-02-20 22:20    --------    d-----w-    c:\users\Metalman\AppData\Local\Sublight
2014-02-20 22:19 . 2014-02-20 22:19    --------    d-----w-    c:\program files\Sublight
2014-02-19 19:24 . 2013-12-27 18:42    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2014-02-19 19:24 . 2013-12-27 18:42    33056    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2014-02-19 18:38 . 2014-02-19 19:15    --------    d-----w-    c:\program files (x86)\mIRC
2014-02-19 18:07 . 2014-02-19 18:07    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2014-02-19 18:05 . 2013-11-28 13:38    31520    ----a-w-    c:\windows\system32\nvhdap64.dll
2014-02-19 18:05 . 2013-11-28 13:38    197408    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2014-02-19 18:05 . 2013-11-22 08:36    1515296    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2014-02-19 18:05 . 2014-02-08 18:34    1885472    ----a-w-    c:\windows\system32\nvdispco6433489.dll
2014-02-19 18:05 . 2014-02-08 18:34    1515296    ----a-w-    c:\windows\system32\nvdispgenco6433489.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:38 . 2013-09-27 16:41    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 18:38 . 2013-09-27 16:41    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 14:35 . 2013-11-23 18:52    18302384    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2013-11-15 15:49    2715264    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2013-09-27 15:57    62408    ----a-w-    c:\windows\system32\OpenCL.dll
2014-03-04 14:35 . 2013-09-27 15:57    54216    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-03-04 14:35 . 2013-09-27 15:56    31474976    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2013-09-27 15:56    3093280    ----a-w-    c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2013-09-27 15:56    15783992    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2013-09-27 15:56    14709720    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-03-04 13:06 . 2013-09-27 15:57    6714312    ----a-w-    c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2013-09-27 15:57    3497816    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2013-09-27 15:57    922968    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2013-09-27 15:57    64968    ----a-w-    c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2013-09-27 15:57    2558808    ----a-w-    c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2013-09-27 15:57    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2014-02-05 09:31 . 2013-11-15 15:51    1048152    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2013-11-15 15:51    1179576    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-01-06 19:49 . 2013-11-01 22:47    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2014-01-06 19:20 . 2013-11-01 22:47    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-01-06 17:00 . 2014-01-06 17:00    267776    ----a-w-    c:\users\Metalman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
2013-12-27 18:42 . 2013-11-15 15:49    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2014-02-10 1199104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-12-10 56128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 323968]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2012-12-03 5504416]
.
c:\users\Metalman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2014-1-6 267776]
Samsung Magician.lnk - c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe  /AUTOHIDE [2013-12-18 4580256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sweex snapshot button monitor.lnk - c:\program files (x86)\Sweex\UWD\VMonitor.exe [2013-12-3 143360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Metalman\AppData\Local\Temp\ALSysIO64.sys;c:\users\Metalman\AppData\Local\Temp\ALSysIO64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag264.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\users\Metalman\AppData\Local\Temp\HWiNFO64A.SYS;c:\users\Metalman\AppData\Local\Temp\HWiNFO64A.SYS [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys;c:\windows\SYSNATIVE\Drivers\VMUVC.sys [x]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys;c:\windows\SYSNATIVE\drivers\vvftUVC.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:08    1150280    ----a-w-    c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-27 18:38]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-27 16:37]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-27 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Metalman\AppData\Roaming\Mozilla\Firefox\Profiles\gpibsssz.default\
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Metalman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trivial Pursuit_ Unhinged Registration.lnk - c:\users\Metalman\AppData\Local\Temp\{B7893201-FB3B-4E25-9D00-C57EB5676C59}\{4E61888C-3D42-4691-AD25-E9AF648EAB63}\ATR1.EXE /remind /language=ENU /PRNM="Trivial Pursuit: Unhinged"/PRMP="TLPT"/SKUN="PCXX"/GTYP="SOCL"
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-20  17:27:50
ComboFix-quarantined-files.txt  2014-03-20 15:27
.
Pre-Run: 103,063,597,056 bytes free
Post-Run: 102,922,764,288 bytes free
.
- - End Of File - - C9EFA4C24452851CAAD1811ABFF2E0CA
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 20 March 2014 - 11:07 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 MetalmanIX

MetalmanIX
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 20 March 2014 - 11:20 AM

Malwarebytes Anti-Malware (PRO) 1.75.0.1100
www.malwarebytes.org

Database version: v2014.03.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Metalman :: UNKNOWN-PC [administrator]

Protection: Disabled

20-Mar-14 6:13:34 PM
mbam-log-2014-03-20 (18-13-34).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 92601
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\nvlmtn.pif (Trojan.Malpack.Gen) -> Quarantined and deleted successfully.

(end)
 



#8 MetalmanIX

MetalmanIX
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 20 March 2014 - 12:18 PM

ESET still taking too long.  An hour in at 48% so far. 



#9 MetalmanIX

MetalmanIX
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 20 March 2014 - 01:35 PM

C:\autorun.inf    INF/Autorun.gen worm
C:\nvlmtn.pif    Win32/Sality virus
C:\Battlefield 4\bf4_x86.exe    Win32/Sality.NBA virus
C:\Battlefield 4\__Installer\punkbuster\redist\pbsvc.exe    Win32/Sality.NBA virus
C:\Fraps\fraps.exe    Win32/Sality.NBA virus
C:\Fraps\uninstall.exe    Win32/Sality.NBA virus
C:\NVIDIA\DisplayDriver\334.89\Win8_WinVista_Win7_64\International\GFExperience\7z.exe    Win32/Sality.NBA virus
C:\NVIDIA\DisplayDriver\334.89\Win8_WinVista_Win7_64\International\NV3DVision\3DVision_334.89.exe    Win32/Sality.NBA virus
C:\NVIDIA\DisplayDriver\335.23\Win8_WinVista_Win7_64\International\GFExperience\7z.exe    Win32/Sality.NBA virus
C:\NVIDIA\DisplayDriver\335.23\Win8_WinVista_Win7_64\International\NV3DVision\3DVision_335.23.exe    Win32/Sality.NBA virus
C:\NVIDIA\DisplayDriver\GeForce334.89Driver\GFExperience\7z.exe    Win32/Sality.NBA virus
C:\NVIDIA\DisplayDriver\GeForce334.89Driver\NV3DVision\3DVision_334.89.exe    Win32/Sality.NBA virus
C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{C8253685-B05E-46C6-B98C-C7C47AD13F26}\7z.exe    Win32/Sality.NBA virus
C:\Program Files\Sublight\unins000.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\BitTornado\btdownloadgui.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\BitTornado\uninst.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\BitTornado\w9xpopen.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Brothers - A Tale of Two Sons\unins000.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Brothers - A Tale of Two Sons\Binaries\Redist\vcredist_x86.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Brothers - A Tale of Two Sons\_CommonRedist\vcredist\2010\vcredist_x64.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Brothers - A Tale of Two Sons\_CommonRedist\vcredist\2010\vcredist_x86.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Camera Recorder\Camera Recorder\CameraRecorder.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\unins000.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\FileZilla FTP Client\fzputtygen.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\FileZilla FTP Client\fzsftp.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.154\33.0.1750.154_33.0.1750.146_chrome_updater.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\InstallShield Installation Information\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}\setup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\InstallShield Installation Information\{9C42F308-A660-4445-9269-A740EEDCC1F0}\setup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\LG Electronics\LG United Mobile Driver\InstallUSB.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\LG Electronics\LG United Mobile Driver\InstallUSB9x.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\LG Electronics\LG United Mobile Driver\UninstallShld.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\LG Electronics\LG United Mobile Driver\UninstallShld9x.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\LG Electronics\LG United Mobile Driver\UninstallUSB.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\LG Electronics\LG United Mobile Driver\UninstallUSB9x.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\dotnetfx35setup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\mIRC\uninstall.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\MPC-HC\unins000.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\7z.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Postbox\uninstall\helper.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\R.G. Catalyst\Batman Arkham Asylum\Binaries\BmStartApp.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\R.G. Catalyst\Batman Arkham Asylum\Binaries\steam_api.dll    a variant of Win32/HackTool.Crack.BL potentially unsafe application
C:\Program Files (x86)\R.G. Catalyst\Batman Arkham Asylum\Binaries\UE3ShaderCompileWorker.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\R.G. Catalyst\Batman Arkham Asylum\Uninstall\unins000.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Remote Mouse\unins000.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Samsung\Samsung Magician\unins000.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\WriteMiniDump.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\backup\english\steambackup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\backup\french\steambackup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\backup\german\steambackup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\backup\italian\steambackup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\backup\spanish\steambackup.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\games\appid_10540.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\games\appid_10560.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\games\appid_17300.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\games\appid_17330.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\games\appid_17340.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\games\appid_6510.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\Steam\steam\games\appid_6520.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\VideoLAN\VLC\vlc-cache-gen.exe    Win32/Sality.NBA virus
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe    Win32/Sality.NBA virus
C:\ProgramData\NVIDIA Corporation\NetService\GeForce_Experience_Update_v1.8.1.0.exe    Win32/Sality.NBA virus
C:\ProgramData\Samsung\Backup\Samsung_Magician_ML_Setup_Backup.exe    Win32/Sality.NBA virus
C:\Qoobox\Quarantine\C\nvlmtn.pif.vir    Win32/Sality virus
C:\Qoobox\Quarantine\E\kqgwv.exe.vir    Win32/Sality virus
C:\Users\All Users\NVIDIA Corporation\NetService\GeForce_Experience_Update_v1.8.1.0.exe    Win32/Sality.NBA virus
C:\Users\All Users\Samsung\Backup\Samsung_Magician_ML_Setup_Backup.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXXPWZIV\BiTool[1].dll    Win32/Somoto.C potentially unwanted application
C:\Users\Metalman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXXPWZIV\bi_downloader[1].exe    Win32/Somoto.A potentially unwanted application
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\00004131\streaming-assets-half_life_2.16429844.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\00004ac7\vops-team_fortress_2.16790368.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\000054af\streaming-assets-steam.17178767.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\0000560a\dao.17429581.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\0000561a\dao.17448781.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\00005681\dao.17529219.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\000056b6\vops-league_of_legends.17558826.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\000056bd\dao.17562149.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\000056e3\dao.17646152.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\00005711\drsupdate.17681648_RUNASUSER.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\00005721\dao.17692143.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\00005773\dao.17731592.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\0000578e\DAO.17749621.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\000057aa\DAO.17777837.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\000057d2\DAO.17829829.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\000057eb\DAO.17845377.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Local\NVIDIA\NvBackend\Packages\00005825\DAO.17882696.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Roaming\uTorrent\uTorrent.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Roaming\uTorrent\updates\3.3.2_30446.exe    Win32/Sality.NBA virus
C:\Users\Metalman\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Desktop\root_gpad\adb.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\ATITool_0.27b4.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\battlelog-web-plugins_2.3.2_130.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\BitlordSetup.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\BitTornado-0.3.17-w32install.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\BlueStacks-SplitInstaller_native.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\CheatEngine63(1).exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\CheatEngine63.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Metalman\Downloads\coretemp_1236.exe    a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\Metalman\Downloads\DTLite4481-0347.exe    Win32/DownWare.L potentially unwanted application
C:\Users\Metalman\Downloads\jxpiinstall(1).exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\MalBytespro175.rar    a variant of Win32/Keygen.EM potentially unsafe application
C:\Users\Metalman\Downloads\MPC-HC.1.7.1.x86.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\RemoteMouse.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Metalman\Downloads\sHaRewbb_drmagic40.rar    Win32/Keygen.IK potentially unsafe application
C:\Users\Metalman\Downloads\SkypeSetup.exe    Win32/Sality.NBA virus
C:\Users\Metalman\Downloads\SopCast.zip    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Metalman\Downloads\Unlocker1.9.2.exe    a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Metalman\Downloads\utorrent(3).exe    Win32/Sality.NBA virus
E:\autorun.inf    INF/Autorun.gen worm
E:\kqgwv.exe    Win32/Sality virus
E:\ttbnp.exe    Win32/Sality virus
E:\Backup\Desktop\Don't Starve Steam Trainer.exe    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
E:\Backup\Desktop\ME3+18Tr-LNG.exe    Win32/Sality.NBA virus
E:\Backup\Desktop\New folder (2)\New folder (3)\Midnight.exe    Win32/Sality.NBA virus
E:\Backup\RTL8187L_XP_5.1313.0613.2008_Win7_6.1316.1209.2009_UI_1.00.0179.L\Setup.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\keygen.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\StellarPhoenixWindowsDataRecovery-Professional.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\Eksamino A\Pliroforiki\Ergastirio4\putty.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\HDD Regenarator\HDD_Regenerator_2011_08-05-2013_Setup.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\mIRC\uninstall.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\Remo.Recover.Windows.v3.0.0.118.Incl.Keygen-Lz0\lzprfja1.zip    a variant of Win32/Keygen.HE potentially unsafe application
E:\Backup\USBACKUP5.8\RRW\Remo Recover 4.0.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\testdisk-6.14\fidentify_win.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\testdisk-6.14\photorec_win.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\testdisk-6.14\testdisk_win.exe    Win32/Sality.NBA virus
E:\Backup\USBACKUP5.8\USB Backup\Format\dvrgenpr12001211preavtd.rar    Win32/DriverGenius.A potentially unwanted application
E:\Downloads\EasyBCD 2.2.exe    Win32/Sality.NBA virus
E:\Drivers\bt_intel centrino_high speed adapter\Autorun.exe    Win32/Sality.NBA virus
E:\Drivers\bt_intel centrino_high speed adapter\VistaWin7\vs32\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\bt_intel centrino_high speed adapter\XP\x32\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\Sata controller drivers\IRST(gia to performance tou ssd)\GUI\iata_cd.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\ChCfg.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\MSHDQFE\Win2K3\us\kb888111srvrtm.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\MSHDQFE\Win2K_XP\us\kb888111w2ksp4.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista\AERTSrv.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista\RtHDVBg.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista\RtHDVCpl.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista\RtkAudioService.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista\RtkNGUI.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista\RtlUpd.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista\SkyTel.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista\vncutil.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\Vista64\SkyTel.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\WDM\Alcmtr.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\WDM\RtkAudioService.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\WDM\RtlUpd.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\WDM\SkyTel.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\WDM\SoundMan.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Audio\6309_PG316_Win7_Vista_XP_UAAV10a-5013\WDM\vncutil.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Bluetooth\Autorun.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Bluetooth\VistaWin7\vs32\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Bluetooth\XP\x32\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\CardReader\Realtek_RTSUVSTOR_V6.1.7600.10008_WHQL_noTB\setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\CardReader\Realtek_RTSUVSTOR_V6.1.7600.10008_WHQL_noTB\DriverBin_32bit\revcon.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\Chipset\infinst_autol\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\IRST\iata_enu\setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\LAN\Install_Win7_7034_12212010\setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\ME\1.5M_7.0.4.1197\ME_SW\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\ME\1.5M_7.0.4.1197\ME_SW\Intel Control Center\SetupICC.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\ME\1.5M_7.0.4.1197\ME_SW\LMS\LMS.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\ME\1.5M_7.0.4.1197\ME_SW\UNS\UNS.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\TouchPad\FSP_WDF_9048_STL_WHQL\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\TouchPad\FSP_WDF_9048_STL_WHQL\i386\FspUip.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\USB3.0\USB3-200-200A-DR-WIN-20101217\EXE\RENESAS-USB3-Host-Driver-20320-setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\WLAN\AW-NE785H\Install_CD\setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\WLAN\Intel\HOWFW0413G\Autorun.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\WLAN\Intel\HOWFW0413G\Win7\Docs\iULaunch.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\WLAN\Intel\HOWFW0413G\Win7\S32\Drivers\iProdifx.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\WLAN\Intel\HOWFW0413G\Win7\S32\Install\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\WLAN\Intel\HOWFW0413G\XP\Docs\iULaunch.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\WLAN\Intel\HOWFW0413G\XP\x32\Drivers\iProdifx.exe    Win32/Sality.NBA virus
E:\Drivers\win7 32\WLAN\Intel\HOWFW0413G\XP\x32\Install\Setup.exe    Win32/Sality.NBA virus
E:\Drivers\win7 64\VGA\NVidia N12E-GT VGA Driver\Win7_64_HDA(268.90)\Display.Update\ComUpdatus.exe    Win32/Sality.NBA virus
E:\Drivers\win7 64\VGA\NVidia N12E-GT VGA Driver\Win7_64_HDA(268.90)\Display.Update\daemonu.exe    Win32/Sality.NBA virus
E:\Drivers\win7 64\VGA\NVidia N12E-GT VGA Driver\Win7_64_HDA(268.90)\Display.Update\nvlhr.exe    Win32/Sality.NBA virus
E:\Drivers\win7 64\VGA\NVidia N12E-GT VGA Driver\Win7_64_HDA(268.90)\NV3DVision\3DVision_268.90.exe    Win32/Sality.NBA virus
E:\Drivers\Windows.7.Loader.v2.0.6 Reloaded -DAZ [Team Rjaa]\Windows Loader.exe    Win32/Sality.NBA virus
E:\Guild Wars 2\Gw2.exe    Win32/Sality.NBA virus
E:\Qoobox\Quarantine\E\kqgwv.exe.vir    Win32/Sality virus
E:\Torrent Downloads\Games\rld-saints4.iso    a variant of Win32/HackTool.Crack.BQ potentially unsafe application
E:\Torrent Downloads\Games\Batman Arkham Trilogy [Repack] R.G. Catalyst\Autorun.exe    Win32/Sality.NBA virus
E:\Torrent Downloads\Games\Batman Arkham Trilogy [Repack] R.G. Catalyst\[01] Batman Arkham Asylum\Setup.exe    Win32/Sality.NBA virus
E:\Torrent Downloads\Games\Batman Arkham Trilogy [Repack] R.G. Catalyst\[02] Batman Arkham City\Setup.exe    Win32/Sality.NBA virus
E:\Torrent Downloads\Games\Batman Arkham Trilogy [Repack] R.G. Catalyst\[03] Batman Arkham Origins\Setup.exe    Win32/Sality.NBA virus
E:\Torrent Downloads\Games\Dark_Souls_Prepare_To_Die_Edition-FLT\flt-dspd.iso    a variant of Win32/Packed.VMProtect.AAN trojan
E:\Torrent Downloads\Games\Dishonored.Game.of.The.Year.Edition-HI2U\hi-dgoty.iso    a variant of Win32/HackTool.Crack.BL potentially unsafe application
E:\Torrent Downloads\Games\Injustice.Gods.Among.Us.Ultimate.Edition-RELOADED\rld-ingoamus.iso    a variant of Win32/HackTool.Crack.BL potentially unsafe application
E:\Torrent Downloads\Games\Metal.Gear.Rising.Revengeance-RELOADED\rld-megerire.iso    a variant of Win32/HackTool.Crack.BL potentially unsafe application
E:\Torrent Downloads\Games\Plants vs. Zombies\PlantsVsZombies.exe    Win32/Sality.NBA virus
E:\Torrent Downloads\Games\Pool.Nation-RELOADED\rld-pona.iso    a variant of Win32/HackTool.Crack.BL potentially unsafe application
E:\Torrent Downloads\Software\Windows 7 Loader + Activator v2.0.6 Reloaded - DAZ [Team Rjaa].rar    Win32/HackTool.WinActivator.I potentially unsafe application
E:\Torrent Downloads\Software\Acronis True Image Home 2013 16 Build 6514 (en_US)\Acronis True Image Home 2013 Activator\ActivationAcronisTIH.exe    Win32/Sality.NBA virus
E:\Torrent Downloads\Software\AUTODESK.AUTOCAD.LT.V2013.WIN64-ISO\acadlt2013_x64.iso    a variant of Win32/Keygen.HA potentially unsafe application
E:\Torrent Downloads\Software\AUTODESK.AUTOCAD.LT.V2013.WIN64-ISO\acadlt2013_x64.rar    a variant of Win32/Keygen.HA potentially unsafe application
E:\Torrent Downloads\Software\Image-Line.FL.Studio.Edition.v10.0.0 @vAin4us\flstudio_10.0.exe    Win32/OpenCandy potentially unsafe application
E:\Torrent Downloads\Software\Image-Line.FL.Studio.Edition.v10.0.0 @vAin4us\flstudio_10.0_crack.exe    Win32/Sality.NBA virus
E:\Torrent Downloads\TV Series\Weeds Season 7 Complete 720p\Gw2Setup(4).exe    Win32/Sality.NBA virus
E:\Videos\iLividSetup-r484-n-bu.exe    Win32/Toolbar.SearchSuite potentially unwanted application
E:\WD\WD Apps for Windows\XP64\wic_x64_enu.exe    Win32/Sality.NBA virus
Operating memory    Win32/Sality.NBA virus
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 20 March 2014 - 03:32 PM

I'm afraid I have very bad news. Your system is infected with a nasty variant of Virut, a dangerous polymorphic file infector with IRCBot functionality which infects .exe, .scr files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of damage can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.
CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.
McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.
AVG Overview of W32/Virut Virut is commonly spread via a flash drive (usb, pen, thumb, jump) infection using RUNDLL32.EXE and other malicious files. It is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...
Keygen and Crack Sites Distribute VIRUX and FakeAV However, the CA Security Advisor Research Blog have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS. Since virut is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files (which could number in the thousands) cannot be deleted and anti-malware scanners cannot disinfect them properly. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include: • Reimaging the system • Restoring the entire system using a full system backup from before the backdoor infection • Reformatting and reinstalling the system
Backdoors and What They Mean to You This is what security expert miekiemoes has to say: Virut and other File infectors - Throwing in the Towel?

If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.
This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 MetalmanIX

MetalmanIX
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 20 March 2014 - 03:50 PM

Ok I get it formatting is the only option.  I am no stranger to formatting and reinstalling windows but what happens to my external HDD and USB Stick?

 

As soon as I plug them in after formatting aren't they gonna infect my system all over again?  How do I solve this?



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 20 March 2014 - 04:42 PM

when backing up, don´t use flash drives.

Don´t back up any executable or .scr files.

Disinfect your external devices with a live CD like Kaspersky Rescue disk.

 

 

Create/Scan with Kaspersky Rescue Disk

Follow the instructions on this page for downloading the kav_rescue_10.iso (200 mb) file and creating the Kaspersky Rescue Disk.

Make sure you set to boot the machine from the CDRom drive first. Then save and exit the BIOS. The computer will begin to boot. Insert the disc in the CDrom drive, then restart the machine. It should then boot from that CD.

It's best if you refer to the instructions and images at Kaspersky How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Once it boots from CD, press a key so it continues to boot from that CD.

Select the language, then be sure to select Kaspersky Rescue Disk Graphic Mode.

Kaspersky should begin scanning your machine. If it finds infection, look carefully at the files it lists. If any of them seem to be legit files, do not allow it to clean/quarantine/delete them. Rather, save the log and post the results for me to look over.


Edited by TB-Psychotic, 20 March 2014 - 04:42 PM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 MetalmanIX

MetalmanIX
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 20 March 2014 - 04:49 PM

Hmm cant I boot it from a usb stick or just CD/DVD?

 

And on your last step, do you mean I should not choose to clean any files or just legit ones?  I mean do I hit clean or just post the log here?



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 20 March 2014 - 05:00 PM

With a tool like Unetbootin, you should be able to create a bootable USB stick from the ISO file.

 

I strongly recommend to delete any file infected by sality - even a single file you missed may reinfect your computer.

 

And again: Stop using cracked software and P2P networks - when running P2P, your computer is linked with a network containing billions of computers around the world. You´ll never now if one of them spreads malware...


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 MetalmanIX

MetalmanIX
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 20 March 2014 - 05:36 PM

Ok used Unetbootin and installed it on a stick, restarted and booted from it, chose graphic mode but I got an error saying it cant mount the root kernel so I am guessing I need to actually burn it on a cd...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users