Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Gen & Trojan.Gen2 PLUS Backdoor.Cycbot [Solved]

Started by beerman , Nov 16 2011 09:35 AM

  • This topic is locked This topic is locked

#1
beerman
Posted 16 November 2011 - 09:35 AM

beerman

    Member

  • Member
  • PipPipPip
  • 188 posts
Hello GTG!

Need your assistance removing trojans identified by Symantec Endpoint. Although it says they are cleaned or quarantined they still show up for the last two days. Interestingly my initial attempt to download OTL was blocked (or, more accurately, didn't work when launched) but I was successful using the mirror site.

Also interesting, as OTL was running Endpoint found Backdoor.Cycbot, so something is definitely going on here.

Anyway, here is the OTL log:

OTL logfile created on: 11/16/2011 10:25:28 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dtreese\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 51.88% Memory free
15.85 Gb Paging File | 11.57 Gb Available in Paging File | 73.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.63 Gb Total Space | 124.62 Gb Free Space | 52.44% Space Free | Partition Type: NTFS
Drive X: | 1397.26 Gb Total Space | 189.75 Gb Free Space | 13.58% Space Free | Partition Type: NTFS

Computer Name: 4CR1VL1 | User Name: dtreese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/16 10:25:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
PRC - [2011/11/16 07:33:37 | 000,189,440 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe
PRC - [2011/11/16 05:45:58 | 000,174,080 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\A8B13\129A5.exe
PRC - [2011/11/15 07:50:58 | 000,267,776 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\Microsoft\A58A\6B9.exe
PRC - [2011/03/19 20:30:04 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 20:30:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/19 20:30:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2009/10/05 20:54:30 | 001,826,816 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/10/05 20:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/08/17 22:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/08 18:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/16 07:33:37 | 000,189,440 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe
MOD - [2011/11/16 05:45:58 | 000,174,080 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\A8B13\129A5.exe
MOD - [2011/11/15 07:50:58 | 000,267,776 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\Microsoft\A58A\6B9.exe
MOD - [2011/10/18 16:36:37 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll
MOD - [2011/10/18 16:35:38 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\a90c7ebd4a3635353ce9034ba4fa7928\Extensibility.ni.dll
MOD - [2011/10/18 16:35:37 | 002,359,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\9b3bab4a8b6b1d092ec334448c1392a7\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2011/10/18 16:35:34 | 004,466,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\b2b6fa97abbaa6df841dd21019df0ad7\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2011/10/18 16:35:32 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/18 16:35:27 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\437a568452685f365e2ed5f6ac1e4b19\Iris.Mapi.MessageStore.ni.dll
MOD - [2011/10/18 16:35:26 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\28b9e42f0592bc19d7422e99ca49b28d\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2011/10/18 16:35:21 | 003,826,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\66990b6af5ab6d26d39c30817b22390c\BusinessLayer.ni.dll
MOD - [2011/10/18 16:35:17 | 002,267,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\b7bd9b301dddfbb50ca13583c007636e\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2011/10/18 16:35:15 | 001,040,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\1b4ee5f72049eb671c422b5c83896117\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2011/10/18 16:35:14 | 000,177,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\bad645e10037a53cb4a78932b6f39005\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2011/10/18 16:35:10 | 001,526,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\c8880b3e5c1114811bc10d6568792f38\BCMRes.ni.dll
MOD - [2011/10/18 16:35:09 | 000,963,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\office\7b1c0fa0c8f737a36a504cea6ab9b2fb\office.ni.dll
MOD - [2011/10/18 16:35:08 | 000,484,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\df78f68a3d201582605031b26d39b5b8\BCMCommon.ni.dll
MOD - [2011/10/18 16:35:08 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\0ab3f1e3838ae7cecbc5258398a4d296\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2011/10/18 16:35:08 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\81bb2b9c79f79095455c1594c10adfaf\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2011/10/18 16:35:08 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\17b4308b0e6d35c1230135ed25fffbfe\stdole.ni.dll
MOD - [2011/10/18 14:12:32 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/18 14:12:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/18 14:12:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/18 14:12:03 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/18 14:11:58 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/18 14:11:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/18 14:11:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/18 14:11:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/18 14:11:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/18 14:11:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/09/22 17:03:40 | 002,666,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2010/01/09 22:01:00 | 000,591,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2010/01/09 22:00:59 | 000,310,720 | ---- | M] () -- C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2009/10/15 23:57:26 | 000,324,896 | ---- | M] () -- C:\Program Files (x86)\Safari\libtidy.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009/02/20 10:47:40 | 000,529,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/26 05:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/10/27 16:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/05 20:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV:64bit: - [2009/09/03 12:33:16 | 000,507,680 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/08/05 15:00:42 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/20 02:55:48 | 004,908,576 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 10:24:42 | 001,040,232 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2009/06/26 10:24:42 | 000,031,080 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2009/06/11 20:07:18 | 002,515,968 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2009/06/03 13:10:20 | 001,555,456 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2009/04/27 14:43:56 | 000,420,432 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
SRV - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 20:30:02 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 20:30:02 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/03/19 20:30:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/09 21:48:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/11 18:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/20 20:04:17 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/19 20:30:04 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/03/19 20:30:04 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/19 20:30:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/11 18:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/05 15:00:42 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/30 21:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 11:39:10 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV:64bit: - [2009/07/01 15:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/26 12:28:04 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/06/19 19:44:56 | 000,319,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tifm21.sys -- (tifm21)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/31 04:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 09:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/05/11 12:56:10 | 000,102,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/06/04 15:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV64.sys -- (PBADRV)
DRV - [2011/11/09 04:31:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 04:31:44 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/20 11:02:16 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111115.038\EX64.SYS -- (NAVEX15)
DRV - [2011/09/20 11:02:16 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111115.038\ENG64.SYS -- (NAVENG)
DRV - [2011/03/19 20:30:04 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/03/19 20:30:04 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/03/19 20:30:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [6B9.exe] C:\Users\dtreese\AppData\Roaming\Microsoft\A58A\6B9.exe ()
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
F3:64bit: - HKCU WinNT: Load - (C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) - C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) -C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://millercoorsu...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A43495A-645A-4AE9-9DCD-D7B41E2BA270}: DhcpNameServer = 10.30.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A09797F-9C11-48AD-AF2B-AFAE47EEAE1F}: NameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63826BF5-BD72-4281-8828-70E47C17E299}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Users\dtreese\AppData\Roaming\iexplore.exe
[2011/11/16 10:25:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
[2011/11/13 16:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011/11/13 08:29:17 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Roaming\13DFA
[2011/11/13 08:28:55 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Roaming\A8B13
[2011/11/09 16:30:46 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Roaming\IObit
[2011/11/09 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Random Password Generator
[2011/11/09 16:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/11/01 10:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/01 10:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/01 10:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/01 08:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/31 15:01:13 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Local\LogMeIn
[2011/10/31 15:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn

========== Files - Modified Within 30 Days ==========

[2011/11/16 10:25:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
[2011/11/15 17:06:58 | 000,598,569 | ---- | M] () -- C:\Users\dtreese\Desktop\Pages from 20080430145010951.pdf
[2011/11/15 17:02:55 | 000,036,129 | ---- | M] () -- C:\Users\dtreese\Desktop\BONBD1C99992.pdf
[2011/11/15 09:39:26 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 09:39:26 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/15 09:36:33 | 000,785,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/15 09:36:33 | 000,668,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/15 09:36:33 | 000,122,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/15 09:32:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/15 09:31:55 | 2087,874,559 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 06:48:59 | 000,001,992 | -H-- | M] () -- C:\Users\dtreese\Documents\Default.rdp
[2011/11/10 09:14:36 | 000,421,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/24 09:20:26 | 002,917,749 | ---- | M] () -- C:\Users\dtreese\Desktop\The official home of the Allegrippis Trails.pdf
[2011/10/17 11:06:42 | 000,007,600 | ---- | M] () -- C:\Users\dtreese\AppData\Local\Resmon.ResmonCfg
[2011/10/17 11:04:48 | 000,003,426 | ---- | M] () -- C:\Users\dtreese\Desktop\DetailClaimData 10-17-11.csv

========== Files Created - No Company Name ==========

[2011/11/15 17:06:58 | 000,598,569 | ---- | C] () -- C:\Users\dtreese\Desktop\Pages from 20080430145010951.pdf
[2011/11/15 17:02:55 | 000,036,129 | ---- | C] () -- C:\Users\dtreese\Desktop\BONBD1C99992.pdf
[2011/10/24 09:17:42 | 002,917,749 | ---- | C] () -- C:\Users\dtreese\Desktop\The official home of the Allegrippis Trails.pdf
[2011/10/17 11:04:48 | 000,003,426 | ---- | C] () -- C:\Users\dtreese\Desktop\DetailClaimData 10-17-11.csv
[2011/06/29 10:37:11 | 000,000,040 | -HS- | C] () -- C:\Users\dtreese\AppData\Roaming\27FGHDTZQ43K327FV6JFD8LTD7
[2011/03/20 19:54:18 | 000,003,002 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/03/14 21:19:24 | 000,007,600 | ---- | C] () -- C:\Users\dtreese\AppData\Local\Resmon.ResmonCfg
[2011/02/22 14:14:47 | 000,017,408 | ---- | C] () -- C:\Users\dtreese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/18 11:47:58 | 000,004,408 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/09 23:27:33 | 001,514,088 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/01/09 23:27:33 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010/01/09 23:27:33 | 000,308,840 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2010/01/09 22:00:02 | 000,745,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/09 21:35:11 | 000,377,168 | ---- | C] () -- C:\Windows\SysWow64\brcmbsp.dll
[2010/01/09 21:34:51 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2009/10/05 20:27:16 | 000,143,360 | R--- | C] () -- C:\Windows\SysWow64\preflib.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/05/20 14:31:00 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\LNKFILES.DLL

========== LOP Check ==========

[2011/11/16 07:33:37 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\13DFA
[2011/11/16 05:45:58 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\A8B13
[2011/10/03 15:36:33 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Accellion
[2011/06/29 10:37:19 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Agilix
[2010/01/18 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Broadcom
[2011/06/29 10:44:42 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\FranklinCovey
[2011/11/09 16:30:57 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\IObit
[2010/01/22 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Leadertech
[2011/03/10 15:34:07 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\PrintSet
[2010/08/18 14:27:57 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Research In Motion
[2010/01/18 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Wave Systems Corp
[2011/01/27 14:44:53 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\webex
[2010/11/26 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Windows Live Writer
[2011/02/08 11:58:51 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


And here is the Extras log:

OTL Extras logfile created on: 11/16/2011 10:25:28 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dtreese\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 51.88% Memory free
15.85 Gb Paging File | 11.57 Gb Available in Paging File | 73.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.63 Gb Total Space | 124.62 Gb Free Space | 52.44% Space Free | Partition Type: NTFS
Drive X: | 1397.26 Gb Total Space | 189.75 Gb Free Space | 13.58% Space Free | Partition Type: NTFS

Computer Name: 4CR1VL1 | User Name: dtreese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10193AAA-D72D-4A1A-B8AD-A9D9221595E7}" = Intel® PROSet/Wireless WiFi Driver
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{16B452B6-828D-4E93-A97E-B92C76E8E0DD}" = SO64MMWrapper
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{27753668-8F35-4FEE-BE5D-ADCD615D334A}" = Dell ControlPoint Connection Manager 64
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{3110A3AD-9890-42DF-8CE5-FBFE4E633ED2}" = Wave Infrastructure Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{736D17CD-0990-4A57-A9FA-E765B6A93EC3}" = Dell ControlPoint System Manager
"{87508272-99AC-47AA-9F65-5F8C09930CA6}" = Dell Control Point 64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{C3B66206-54AC-4A76-8CCF-7FE5670C3581}" = DCP64MMWrapper
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{F161E795-1A75-4DBD-AFAE-4980BA7EABDB}" = Dell ControlVault Host Components Installer 64Bit
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1debb82b-5c95-4de7-b2d4-15e0787adcea}" = Intermec PrintSet 4
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8944B5A2-A948-4BA2-9A14-B094EB23D779}" = SOTI Pocket Controller-Pro For BlackBerry
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}" = VMware Infrastructure Update
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0D361EB-7D08-40C7-9A90-69ED1A01B3D4}" = Micro Vane Workstation 5.4
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Dell Webcam Central" = Dell Webcam Central
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"OpenVPN" = OpenVPN 2.1.1
"Pocket Informant for BlackBerry" = Pocket Informant for BlackBerry
"PROHYBRIDR" = 2007 Microsoft Office system
"Random Password Generator_is1" = Random Password Generator
"VIPOrdersCE004100056_is1" = VIP OrdersCE Version 004.100.056
"VIPOrdersCE004100057_is1" = VIP OrdersCE Version 004.100.057
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks so much for your help!
  • 0

Advertisements

#2
Nedklaw
Posted 16 November 2011 - 01:56 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, beerman! :yes:

:) I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for beerman only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your logs and will post back soon.
  • 0

#3
Nedklaw
Posted 17 November 2011 - 07:49 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :yes:


Step 1

:)
Your computer has been infected by a backdoor Trojan. This could allow hackers to remotely control your computer, steal critical system information including passwords credit card numbers, addresses, phone numbers, and other information stored on your computer. Before we can start I recommend to:

  • Use another, clean computer to change all your internet passwords, especially your financial passwords like your banks, pay pal, eBay. Also change the passwords for any other sites that you use.
  • Call your financial companies and tell them that your account may have been stolen and ask what you can do.
  • Closely monitor all bank and credit card statements. If you do think that you are a victim of identity theft you can go to Defend: Recover From Identity Theft to learn more.

Step 2

Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):

  • Java™ 6 Update 14 (64-bit)
  • Random Password Generator
  • VIP OrdersCE Version 004.100.056

Step 3

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
MOD - [2011/11/16 07:33:37 | 000,189,440 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe
MOD - [2011/11/16 05:45:58 | 000,174,080 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\A8B13\129A5.exe
MOD - [2011/11/15 07:50:58 | 000,267,776 | ---- | M] () -- C:\Users\dtreese\AppData\Roaming\Microsoft\A58A\6B9.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52586
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [6B9.exe] C:\Users\dtreese\AppData\Roaming\Microsoft\A58A\6B9.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) - C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) -C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
File not found -- C:\Users\dtreese\AppData\Roaming\iexplore.exe
[2011/11/13 16:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011/11/13 08:29:17 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Roaming\13DFA
[2011/11/13 08:28:55 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Roaming\A8B13
[2011/11/09 16:30:46 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Roaming\IObit
[2011/11/09 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Random Password Generator
[2011/11/09 16:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/06/29 10:37:11 | 000,000,040 | -HS- | C] () -- C:\Users\dtreese\AppData\Roaming\27FGHDTZQ43K327FV6JFD8LTD7 

:Reg 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

:Files
C:\Users\dtreese\AppData\Roaming\Microsoft\A58A
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • aswMBR.txt
  • 0

#4
beerman
Posted 17 November 2011 - 08:41 PM

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Thanks for your help Nedklaw. A little freaked about the backdoor trojan. Any idea how long it has been there?

Anyway, the first two logs requested are below. I could not run aswMBR as I did it twice and both times got the Windows BSOD. Ran it a third time in Safe Mode and that log is attached.

Here are the two logs:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\6B9.exe deleted successfully.
C:\Users\dtreese\AppData\Roaming\Microsoft\A58A\6B9.exe moved successfully.
C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe moved successfully.
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe deleted successfully.
File \Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) -C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Program Files (x86)\LP\A58A folder moved successfully.
C:\Program Files (x86)\LP folder moved successfully.
C:\Users\dtreese\AppData\Roaming\13DFA folder moved successfully.
C:\Users\dtreese\AppData\Roaming\A8B13 folder moved successfully.
C:\Users\dtreese\AppData\Roaming\IObit\Random Password Generator folder moved successfully.
C:\Users\dtreese\AppData\Roaming\IObit folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Random Password Generator\ not found.
Folder C:\Program Files (x86)\IObit\ not found.
C:\Users\dtreese\AppData\Roaming\27FGHDTZQ43K327FV6JFD8LTD7 moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
C:\Users\dtreese\AppData\Roaming\Microsoft\A58A folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\dtreese\Desktop\cmd.bat deleted successfully.
C:\Users\dtreese\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 15370896 bytes
->Temporary Internet Files folder emptied: 199506 bytes

User: All Users

User: David Treese
->Temp folder emptied: 2074704 bytes
->Temporary Internet Files folder emptied: 49675282 bytes
->Java cache emptied: 13690431 bytes
->Flash cache emptied: 1749 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dtreese
->Temp folder emptied: 112526 bytes
->Temporary Internet Files folder emptied: 179177470 bytes
->Java cache emptied: 37099210 bytes
->Apple Safari cache emptied: 97684480 bytes
->Flash cache emptied: 82217 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 465278157 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67228 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 288775 bytes

Total Files Cleaned = 821.00 mb


[EMPTYFLASH]

User: administrator

User: All Users

User: David Treese
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: dtreese
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11172011_210444

Files\Folders moved on Reboot...
C:\Users\dtreese\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 11/17/2011 9:10:47 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dtreese\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.72 Gb Available Physical Memory | 72.22% Memory free
15.85 Gb Paging File | 13.64 Gb Available in Paging File | 86.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.63 Gb Total Space | 126.41 Gb Free Space | 53.19% Space Free | Partition Type: NTFS

Computer Name: 4CR1VL1 | User Name: dtreese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/16 10:25:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
PRC - [2011/09/07 14:53:57 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2011/03/19 20:30:04 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 20:30:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/19 20:30:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/05 20:54:30 | 001,826,816 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/10/05 20:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/08/17 22:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/08 18:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 14:12:32 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/18 14:12:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/18 14:12:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/18 14:12:03 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/18 14:11:58 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/18 14:11:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/18 14:11:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/18 14:11:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/18 14:11:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/18 14:11:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/05 20:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV:64bit: - [2009/09/03 12:33:16 | 000,507,680 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/08/05 15:00:42 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/20 02:55:48 | 004,908,576 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 10:24:42 | 001,040,232 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2009/06/26 10:24:42 | 000,031,080 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2009/06/11 20:07:18 | 002,515,968 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2009/06/03 13:10:20 | 001,555,456 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2009/04/27 14:43:56 | 000,420,432 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
SRV - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 20:30:02 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 20:30:02 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/03/19 20:30:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/09 21:48:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/11 18:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/20 20:04:17 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/19 20:30:04 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/03/19 20:30:04 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/19 20:30:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/11 18:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/05 15:00:42 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/30 21:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 11:39:10 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV:64bit: - [2009/07/01 15:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/26 12:28:04 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/06/19 19:44:56 | 000,319,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tifm21.sys -- (tifm21)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/31 04:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 09:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/05/11 12:56:10 | 000,102,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/06/04 15:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV64.sys -- (PBADRV)
DRV - [2011/11/09 04:31:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 04:31:44 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/20 11:02:16 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111117.002\EX64.SYS -- (NAVEX15)
DRV - [2011/09/20 11:02:16 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111117.002\ENG64.SYS -- (NAVENG)
DRV - [2011/03/19 20:30:04 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/03/19 20:30:04 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/03/19 20:30:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/default.aspx
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/11/17 21:04:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://millercoorsu...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A43495A-645A-4AE9-9DCD-D7B41E2BA270}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A09797F-9C11-48AD-AF2B-AFAE47EEAE1F}: NameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63826BF5-BD72-4281-8828-70E47C17E299}: DhcpNameServer = 10.0.0.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 Winlogon: Shell - (C:\Users\dtreese\AppData\Roaming\A8B13\129A5.exe) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 21:04:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/16 10:25:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
[2011/11/01 10:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/01 10:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/01 10:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/01 08:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/31 15:01:13 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Local\LogMeIn
[2011/10/31 15:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn

========== Files - Modified Within 30 Days ==========

[2011/11/17 21:13:06 | 000,785,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/17 21:13:06 | 000,668,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/17 21:13:06 | 000,122,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/17 21:06:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/17 21:06:34 | 2087,874,559 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/17 21:04:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/17 21:04:21 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 21:04:21 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/16 11:27:35 | 000,001,992 | -H-- | M] () -- C:\Users\dtreese\Documents\Default.rdp
[2011/11/16 10:25:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
[2011/11/15 17:06:58 | 000,598,569 | ---- | M] () -- C:\Users\dtreese\Desktop\Pages from 20080430145010951.pdf
[2011/11/15 17:02:55 | 000,036,129 | ---- | M] () -- C:\Users\dtreese\Desktop\BONBD1C99992.pdf
[2011/11/10 09:14:36 | 000,421,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/24 09:20:26 | 002,917,749 | ---- | M] () -- C:\Users\dtreese\Desktop\The official home of the Allegrippis Trails.pdf

========== Files Created - No Company Name ==========

[2011/11/15 17:06:58 | 000,598,569 | ---- | C] () -- C:\Users\dtreese\Desktop\Pages from 20080430145010951.pdf
[2011/11/15 17:02:55 | 000,036,129 | ---- | C] () -- C:\Users\dtreese\Desktop\BONBD1C99992.pdf
[2011/10/24 09:17:42 | 002,917,749 | ---- | C] () -- C:\Users\dtreese\Desktop\The official home of the Allegrippis Trails.pdf
[2011/03/20 19:54:18 | 000,003,002 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/03/14 21:19:24 | 000,007,600 | ---- | C] () -- C:\Users\dtreese\AppData\Local\Resmon.ResmonCfg
[2011/02/22 14:14:47 | 000,017,408 | ---- | C] () -- C:\Users\dtreese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/18 11:47:58 | 000,004,408 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/09 23:27:33 | 001,514,088 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/01/09 23:27:33 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010/01/09 23:27:33 | 000,308,840 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2010/01/09 22:00:02 | 000,745,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/09 21:35:11 | 000,377,168 | ---- | C] () -- C:\Windows\SysWow64\brcmbsp.dll
[2010/01/09 21:34:51 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2009/10/05 20:27:16 | 000,143,360 | R--- | C] () -- C:\Windows\SysWow64\preflib.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/05/20 14:31:00 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\LNKFILES.DLL

========== LOP Check ==========

[2011/11/01 12:14:39 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Broadcom
[2011/11/01 12:14:39 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Wave Systems Corp
[2010/01/15 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\BACS.exe
[2010/01/15 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\Broadcom
[2010/01/15 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\Wave Systems Corp
[2011/10/03 15:36:33 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Accellion
[2011/06/29 10:37:19 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Agilix
[2010/01/18 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Broadcom
[2011/06/29 10:44:42 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\FranklinCovey
[2010/01/22 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Leadertech
[2011/03/10 15:34:07 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\PrintSet
[2010/08/18 14:27:57 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Research In Motion
[2010/01/18 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Wave Systems Corp
[2011/01/27 14:44:53 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\webex
[2010/11/26 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Windows Live Writer
[2011/02/08 11:58:51 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

And the aseMBR log from Safe Mode.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-17 21:25:42
-----------------------------
21:25:42.752 OS Version: Windows x64 6.1.7601 Service Pack 1
21:25:42.752 Number of processors: 8 586 0x1E05
21:25:42.752 ComputerName: 4CR1VL1 UserName: dtreese
21:25:43.516 Initialze error C0000061 - driver not loaded
21:25:47.088 Service scanning
21:25:48.680 Modules scanning
21:25:48.680 Disk 0 trace - called modules:
21:25:48.680
21:25:48.680 Scan finished successfully
21:26:06.932 The log file has been saved successfully to "C:\Users\dtreese\Desktop\aswMBR.txt"



Good luck and thanks again.
  • 0

#5
Nedklaw
Posted 19 November 2011 - 01:10 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Your welcome!!!

A little freaked about the backdoor trojan. Any idea how long it has been there?

I guess a few days going by your OTL log which shows the main infection arrived a few days ago.


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
O20 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 Winlogon: Shell - (C:\Users\dtreese\AppData\Roaming\A8B13\129A5.exe) - File not found 

:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named).

First we will run a virus scan.


Click the cog in the upper right.

Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan.

Posted Image

Allow AVP to delete all infections found.
Once it has finished select report tab (last tab).
Select Detected threads report from the left and press Save button.
Save it to your desktop and attach to your next post.


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information.

Posted Image


On completion click the link to locate the zip file to upload and attach to your next post .

Posted Image


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • AVPTool Report
  • avptool_sysinfo.zip
  • 0

#6
beerman
Posted 19 November 2011 - 04:55 PM

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
OK. Here are the logs:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\dtreese\AppData\Roaming\A8B13\129A5.exe deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\dtreese\Desktop\cmd.bat deleted successfully.
C:\Users\dtreese\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: David Treese
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dtreese
->Temp folder emptied: 65622795 bytes
->Temporary Internet Files folder emptied: 8894162 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 17765376 bytes
->Flash cache emptied: 11220 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


[EMPTYFLASH]

User: administrator

User: All Users

User: David Treese
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: dtreese
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11192011_143308

Files\Folders moved on Reboot...
C:\Users\dtreese\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 11/19/2011 2:40:33 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dtreese\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.90% Memory free
15.85 Gb Paging File | 13.60 Gb Available in Paging File | 85.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.63 Gb Total Space | 125.95 Gb Free Space | 53.00% Space Free | Partition Type: NTFS

Computer Name: 4CR1VL1 | User Name: dtreese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/16 10:25:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
PRC - [2011/09/07 14:53:57 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2011/03/19 20:30:04 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 20:30:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/19 20:30:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2009/10/05 20:54:30 | 001,826,816 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/10/05 20:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/08/17 22:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/08 18:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 14:12:32 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/18 14:12:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/18 14:12:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/18 14:12:03 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/18 14:11:58 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/18 14:11:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/18 14:11:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/18 14:11:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/18 14:11:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/18 14:11:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/15 23:57:26 | 000,324,896 | ---- | M] () -- C:\Program Files (x86)\Safari\libtidy.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/05 20:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV:64bit: - [2009/09/03 12:33:16 | 000,507,680 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/08/05 15:00:42 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/20 02:55:48 | 004,908,576 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 10:24:42 | 001,040,232 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2009/06/26 10:24:42 | 000,031,080 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2009/06/11 20:07:18 | 002,515,968 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2009/06/03 13:10:20 | 001,555,456 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2009/04/27 14:43:56 | 000,420,432 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
SRV - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 20:30:02 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 20:30:02 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/03/19 20:30:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/09 21:48:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/11 18:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/20 20:04:17 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/19 20:30:04 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/03/19 20:30:04 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/19 20:30:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/11 18:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/05 15:00:42 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/30 21:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 11:39:10 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV:64bit: - [2009/07/01 15:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/26 12:28:04 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/06/19 19:44:56 | 000,319,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tifm21.sys -- (tifm21)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/31 04:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 09:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/05/11 12:56:10 | 000,102,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/06/04 15:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV64.sys -- (PBADRV)
DRV - [2011/11/09 04:31:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 04:31:44 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/20 11:02:16 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111117.036\EX64.SYS -- (NAVEX15)
DRV - [2011/09/20 11:02:16 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111117.036\ENG64.SYS -- (NAVENG)
DRV - [2011/03/19 20:30:04 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/03/19 20:30:04 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/03/19 20:30:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/default.aspx
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/11/19 14:33:09 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
F3:64bit: - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 WinNT: Load - (C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) - File not found
F3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 WinNT: Load - (C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://millercoorsu...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A43495A-645A-4AE9-9DCD-D7B41E2BA270}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A09797F-9C11-48AD-AF2B-AFAE47EEAE1F}: NameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63826BF5-BD72-4281-8828-70E47C17E299}: DhcpNameServer = 10.0.0.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 22:37:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\dtreese\Desktop\aswMBR.exe
[2011/11/17 21:04:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/16 10:25:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
[2011/11/01 10:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/01 10:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/01 10:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/01 08:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/31 15:01:13 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Local\LogMeIn
[2011/10/31 15:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn

========== Files - Modified Within 30 Days ==========

[2011/11/19 14:43:42 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 14:43:42 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/19 14:42:43 | 000,785,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/19 14:42:43 | 000,668,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/19 14:42:43 | 000,122,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/19 14:36:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/19 14:36:14 | 2087,874,559 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/19 14:33:09 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/19 14:24:15 | 758,018,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/18 17:18:55 | 000,032,768 | ---- | M] () -- C:\Users\dtreese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 23:02:40 | 001,008,092 | ---- | M] () -- C:\Users\dtreese\Desktop\rkill.com
[2011/11/17 22:35:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\dtreese\Desktop\aswMBR.exe
[2011/11/16 11:27:35 | 000,001,992 | -H-- | M] () -- C:\Users\dtreese\Documents\Default.rdp
[2011/11/16 10:25:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
[2011/11/15 17:06:58 | 000,598,569 | ---- | M] () -- C:\Users\dtreese\Desktop\Pages from 20080430145010951.pdf
[2011/11/15 17:02:55 | 000,036,129 | ---- | M] () -- C:\Users\dtreese\Desktop\BONBD1C99992.pdf
[2011/11/10 09:14:36 | 000,421,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/24 09:20:26 | 002,917,749 | ---- | M] () -- C:\Users\dtreese\Desktop\The official home of the Allegrippis Trails.pdf

========== Files Created - No Company Name ==========

[2011/11/17 23:02:40 | 001,008,092 | ---- | C] () -- C:\Users\dtreese\Desktop\rkill.com
[2011/11/15 17:06:58 | 000,598,569 | ---- | C] () -- C:\Users\dtreese\Desktop\Pages from 20080430145010951.pdf
[2011/11/15 17:02:55 | 000,036,129 | ---- | C] () -- C:\Users\dtreese\Desktop\BONBD1C99992.pdf
[2011/10/24 09:17:42 | 002,917,749 | ---- | C] () -- C:\Users\dtreese\Desktop\The official home of the Allegrippis Trails.pdf
[2011/03/20 19:54:18 | 000,003,002 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/03/14 21:19:24 | 000,007,600 | ---- | C] () -- C:\Users\dtreese\AppData\Local\Resmon.ResmonCfg
[2011/02/22 14:14:47 | 000,032,768 | ---- | C] () -- C:\Users\dtreese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/18 11:47:58 | 000,004,408 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/09 23:27:33 | 001,514,088 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/01/09 23:27:33 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010/01/09 23:27:33 | 000,308,840 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2010/01/09 22:00:02 | 000,745,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/09 21:35:11 | 000,377,168 | ---- | C] () -- C:\Windows\SysWow64\brcmbsp.dll
[2010/01/09 21:34:51 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2009/10/05 20:27:16 | 000,143,360 | R--- | C] () -- C:\Windows\SysWow64\preflib.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/05/20 14:31:00 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\LNKFILES.DLL

========== LOP Check ==========

[2011/11/01 12:14:39 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Broadcom
[2011/11/01 12:14:39 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Wave Systems Corp
[2010/01/15 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\BACS.exe
[2010/01/15 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\Broadcom
[2010/01/15 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\Wave Systems Corp
[2011/10/03 15:36:33 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Accellion
[2011/06/29 10:37:19 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Agilix
[2010/01/18 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Broadcom
[2011/06/29 10:44:42 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\FranklinCovey
[2010/01/22 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Leadertech
[2011/03/10 15:34:07 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\PrintSet
[2010/08/18 14:27:57 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Research In Motion
[2010/01/18 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Wave Systems Corp
[2011/01/27 14:44:53 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\webex
[2010/11/26 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Windows Live Writer
[2011/02/08 11:58:51 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Status: Deleted (events: 958)
11/19/2011 2:52:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00039.VBN High
11/19/2011 2:52:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00039.VBN//CryptZ High
11/19/2011 2:52:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003A.VBN High
11/19/2011 2:52:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003A.VBN//CryptZ High
11/19/2011 2:52:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003B.VBN High
11/19/2011 2:52:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003B.VBN//CryptZ High
11/19/2011 2:53:17 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003C.VBN High
11/19/2011 2:53:17 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003C.VBN//CryptZ High
11/19/2011 2:53:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003D.VBN High
11/19/2011 2:53:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003D.VBN//CryptZ High
11/19/2011 2:53:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003E.VBN High
11/19/2011 2:53:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003E.VBN//CryptZ High
11/19/2011 2:53:18 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00040.VBN High
11/19/2011 2:53:18 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00040.VBN//CryptZ High
11/19/2011 2:53:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003F.VBN High
11/19/2011 2:53:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0003F.VBN//CryptZ High
11/19/2011 2:53:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00041.VBN High
11/19/2011 2:53:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00041.VBN//CryptZ High
11/19/2011 2:53:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00042.VBN High
11/19/2011 2:53:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00042.VBN//CryptZ High
11/19/2011 2:53:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980005.VBN High
11/19/2011 2:53:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980005.VBN//CryptZ High
11/19/2011 2:53:23 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980006.VBN High
11/19/2011 2:53:23 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980006.VBN//CryptZ High
11/19/2011 2:53:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980007.VBN High
11/19/2011 2:53:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980007.VBN//CryptZ High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980008.VBN High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980008.VBN//CryptZ High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980009.VBN High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980009.VBN//CryptZ High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000A.VBN High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000A.VBN//CryptZ High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000C.VBN High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000C.VBN//CryptZ High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000B.VBN High
11/19/2011 2:53:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000B.VBN//CryptZ High
11/19/2011 2:53:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000D.VBN High
11/19/2011 2:53:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000D.VBN//CryptZ High
11/19/2011 2:53:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000E.VBN High
11/19/2011 2:53:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000E.VBN//CryptZ High
11/19/2011 2:53:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980014.VBN High
11/19/2011 2:53:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980014.VBN//CryptZ High
11/19/2011 2:53:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980015.VBN High
11/19/2011 2:53:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980015.VBN//CryptZ High
11/19/2011 2:53:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980016.VBN High
11/19/2011 2:53:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980016.VBN//CryptZ High
11/19/2011 2:53:29 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980017.VBN High
11/19/2011 2:53:29 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980017.VBN//CryptZ High
11/19/2011 2:53:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980018.VBN High
11/19/2011 2:53:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980018.VBN//CryptZ High
11/19/2011 2:53:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980019.VBN High
11/19/2011 2:53:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980019.VBN//CryptZ High
11/19/2011 2:53:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001A.VBN High
11/19/2011 2:53:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001A.VBN//CryptZ High
11/19/2011 2:53:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001B.VBN High
11/19/2011 2:53:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001B.VBN//CryptZ High
11/19/2011 2:53:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001C.VBN High
11/19/2011 2:53:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001C.VBN//CryptZ High
11/19/2011 2:53:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001D.VBN High
11/19/2011 2:53:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001D.VBN//CryptZ High
11/19/2011 2:53:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001E.VBN High
11/19/2011 2:53:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001E.VBN//CryptZ High
11/19/2011 2:53:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001F.VBN High
11/19/2011 2:53:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98001F.VBN//CryptZ High
11/19/2011 2:53:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980026.VBN High
11/19/2011 2:53:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980026.VBN//CryptZ High
11/19/2011 2:53:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980027.VBN High
11/19/2011 2:53:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980027.VBN//CryptZ High
11/19/2011 2:53:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980028.VBN High
11/19/2011 2:53:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980028.VBN//CryptZ High
11/19/2011 2:53:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002A.VBN High
11/19/2011 2:53:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002A.VBN//CryptZ High
11/19/2011 2:53:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980029.VBN High
11/19/2011 2:53:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980029.VBN//CryptZ High
11/19/2011 2:53:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002B.VBN High
11/19/2011 2:53:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002B.VBN//CryptZ High
11/19/2011 2:53:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002D.VBN High
11/19/2011 2:53:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002D.VBN//CryptZ High
11/19/2011 2:53:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002C.VBN High
11/19/2011 2:53:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002C.VBN//CryptZ High
11/19/2011 2:53:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002E.VBN High
11/19/2011 2:53:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002E.VBN//CryptZ High
11/19/2011 2:53:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002F.VBN High
11/19/2011 2:53:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98002F.VBN//CryptZ High
11/19/2011 2:53:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980030.VBN High
11/19/2011 2:53:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980030.VBN//CryptZ High
11/19/2011 2:53:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980031.VBN High
11/19/2011 2:53:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980031.VBN//CryptZ High
11/19/2011 2:53:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980032.VBN High
11/19/2011 2:53:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980032.VBN//CryptZ High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980033.VBN High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980033.VBN//CryptZ High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980034.VBN High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980034.VBN//CryptZ High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980035.VBN High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980035.VBN//CryptZ High
11/19/2011 2:53:39 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980036.VBN High
11/19/2011 2:53:39 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980036.VBN//CryptZ High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980037.VBN High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980037.VBN//CryptZ High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980038.VBN High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980038.VBN//CryptZ High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980039.VBN High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980039.VBN//CryptZ High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003A.VBN High
11/19/2011 2:53:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003A.VBN//CryptZ High
11/19/2011 2:53:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003B.VBN High
11/19/2011 2:53:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003B.VBN//CryptZ High
11/19/2011 2:53:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003C.VBN High
11/19/2011 2:53:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003C.VBN//CryptZ High
11/19/2011 2:53:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003D.VBN High
11/19/2011 2:53:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003D.VBN//CryptZ High
11/19/2011 2:53:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003E.VBN High
11/19/2011 2:53:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003E.VBN//CryptZ High
11/19/2011 2:53:42 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003F.VBN High
11/19/2011 2:53:42 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98003F.VBN//CryptZ High
11/19/2011 2:53:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004B.VBN High
11/19/2011 2:53:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004B.VBN//CryptZ High
11/19/2011 2:53:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004C.VBN High
11/19/2011 2:53:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004C.VBN//CryptZ High
11/19/2011 2:53:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004D.VBN High
11/19/2011 2:53:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004D.VBN//CryptZ High
11/19/2011 2:53:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004E.VBN High
11/19/2011 2:53:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004E.VBN//CryptZ High
11/19/2011 2:53:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004F.VBN High
11/19/2011 2:53:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004F.VBN//CryptZ High
11/19/2011 2:53:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980050.VBN High
11/19/2011 2:53:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980050.VBN//CryptZ High
11/19/2011 2:53:50 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980051.VBN High
11/19/2011 2:53:50 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980051.VBN//CryptZ High
11/19/2011 2:53:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980052.VBN High
11/19/2011 2:53:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980052.VBN//CryptZ High
11/19/2011 2:53:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980053.VBN High
11/19/2011 2:53:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980053.VBN//CryptZ High
11/19/2011 2:53:59 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980054.VBN High
11/19/2011 2:53:59 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980054.VBN//CryptZ High
11/19/2011 2:53:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980055.VBN High
11/19/2011 2:53:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980055.VBN//CryptZ High
11/19/2011 2:54:01 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980056.VBN High
11/19/2011 2:54:01 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980056.VBN//CryptZ High
11/19/2011 2:54:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005E.VBN High
11/19/2011 2:54:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005E.VBN//CryptZ High
11/19/2011 2:54:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005F.VBN High
11/19/2011 2:54:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005F.VBN//CryptZ High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980060.VBN High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980060.VBN//CryptZ High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980061.VBN High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980061.VBN//CryptZ High
11/19/2011 2:54:09 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980062.VBN High
11/19/2011 2:54:09 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980062.VBN//CryptZ High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980063.VBN High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980063.VBN//CryptZ High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980064.VBN High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980064.VBN//CryptZ High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980065.VBN High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980065.VBN//CryptZ High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980066.VBN High
11/19/2011 2:54:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980066.VBN//CryptZ High
11/19/2011 2:54:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980067.VBN High
11/19/2011 2:54:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980067.VBN//CryptZ High
11/19/2011 2:54:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980068.VBN High
11/19/2011 2:54:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980068.VBN//CryptZ High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980072.VBN High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980072.VBN//CryptZ High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980073.VBN High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980073.VBN//CryptZ High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980074.VBN High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980074.VBN//CryptZ High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980075.VBN High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980075.VBN//CryptZ High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980076.VBN High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980076.VBN//CryptZ High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980077.VBN High
11/19/2011 2:54:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980077.VBN//CryptZ High
11/19/2011 2:54:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980078.VBN High
11/19/2011 2:54:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980078.VBN//CryptZ High
11/19/2011 2:54:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980079.VBN High
11/19/2011 2:54:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007A.VBN High
11/19/2011 2:54:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980079.VBN//CryptZ High
11/19/2011 2:54:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007A.VBN//CryptZ High
11/19/2011 2:54:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007B.VBN High
11/19/2011 2:54:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007B.VBN//CryptZ High
11/19/2011 2:54:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980082.VBN High
11/19/2011 2:54:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980082.VBN//CryptZ High
11/19/2011 2:54:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980081.VBN High
11/19/2011 2:54:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980081.VBN//CryptZ High
11/19/2011 2:54:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980083.VBN High
11/19/2011 2:54:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980083.VBN//CryptZ High
11/19/2011 2:54:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980084.VBN High
11/19/2011 2:54:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980084.VBN//CryptZ High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980085.VBN High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980085.VBN//CryptZ High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980087.VBN High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980087.VBN//CryptZ High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980086.VBN High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980086.VBN//CryptZ High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980088.VBN High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980088.VBN//CryptZ High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980089.VBN High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980089.VBN//CryptZ High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008A.VBN High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008A.VBN//CryptZ High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008B.VBN High
11/19/2011 2:54:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008B.VBN//CryptZ High
11/19/2011 2:54:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008D.VBN High
11/19/2011 2:54:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008D.VBN//CryptZ High
11/19/2011 2:54:17 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008C.VBN High
11/19/2011 2:54:17 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008C.VBN//CryptZ High
11/19/2011 2:54:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008E.VBN High
11/19/2011 2:54:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008E.VBN//CryptZ High
11/19/2011 2:54:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008F.VBN High
11/19/2011 2:54:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98008F.VBN//CryptZ High
11/19/2011 2:54:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980090.VBN High
11/19/2011 2:54:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980090.VBN//CryptZ High
11/19/2011 2:54:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980091.VBN High
11/19/2011 2:54:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980091.VBN//CryptZ High
11/19/2011 2:54:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980092.VBN High
11/19/2011 2:54:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980092.VBN//CryptZ High
11/19/2011 2:54:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980093.VBN High
11/19/2011 2:54:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980093.VBN//CryptZ High
11/19/2011 2:54:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980094.VBN High
11/19/2011 2:54:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980094.VBN//CryptZ High
11/19/2011 2:54:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980095.VBN High
11/19/2011 2:54:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980095.VBN//CryptZ High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980097.VBN High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980097.VBN//CryptZ High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980098.VBN High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980098.VBN//CryptZ High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980099.VBN High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980099.VBN//CryptZ High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009B.VBN High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009B.VBN//CryptZ High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009A.VBN High
11/19/2011 2:54:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009A.VBN//CryptZ High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009C.VBN High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009C.VBN//CryptZ High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009D.VBN High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009D.VBN//CryptZ High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009E.VBN High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009E.VBN//CryptZ High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009F.VBN High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98009F.VBN//CryptZ High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A0.VBN High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A0.VBN//CryptZ High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A1.VBN High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A1.VBN//CryptZ High
11/19/2011 2:54:36 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A2.VBN High
11/19/2011 2:54:36 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A2.VBN//CryptZ High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A3.VBN High
11/19/2011 2:54:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A3.VBN//CryptZ High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A4.VBN High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A4.VBN//CryptZ High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A5.VBN High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A5.VBN//CryptZ High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A6.VBN High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A6.VBN//CryptZ High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A7.VBN High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A7.VBN//CryptZ High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A8.VBN High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A8.VBN//CryptZ High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A9.VBN High
11/19/2011 2:54:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800A9.VBN//CryptZ High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AA.VBN High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AA.VBN//CryptZ High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AB.VBN High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AB.VBN//CryptZ High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AC.VBN High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AC.VBN//CryptZ High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AD.VBN High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AD.VBN//CryptZ High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AE.VBN High
11/19/2011 2:54:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AE.VBN//CryptZ High
11/19/2011 2:54:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AF.VBN High
11/19/2011 2:54:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800AF.VBN//CryptZ High
11/19/2011 2:54:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B0.VBN High
11/19/2011 2:54:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B0.VBN//CryptZ High
11/19/2011 2:54:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B1.VBN High
11/19/2011 2:54:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B1.VBN//CryptZ High
11/19/2011 2:54:40 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B3.VBN High
11/19/2011 2:54:40 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B3.VBN//CryptZ High
11/19/2011 2:54:40 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B2.VBN High
11/19/2011 2:54:40 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B2.VBN//CryptZ High
11/19/2011 2:54:40 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B4.VBN High
11/19/2011 2:54:40 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B4.VBN//CryptZ High
11/19/2011 2:54:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B5.VBN High
11/19/2011 2:54:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B5.VBN//CryptZ High
11/19/2011 2:54:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B6.VBN High
11/19/2011 2:54:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B6.VBN//CryptZ High
11/19/2011 2:54:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B7.VBN High
11/19/2011 2:54:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B7.VBN//CryptZ High
11/19/2011 2:54:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B8.VBN High
11/19/2011 2:54:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B8.VBN//CryptZ High
11/19/2011 2:54:42 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B9.VBN High
11/19/2011 2:54:42 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800B9.VBN//CryptZ High
11/19/2011 2:54:42 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BB.VBN High
11/19/2011 2:54:42 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BB.VBN//CryptZ High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BA.VBN High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BA.VBN//CryptZ High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BD.VBN High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BD.VBN//CryptZ High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BC.VBN High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BC.VBN//CryptZ High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BE.VBN High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E9800BE.VBN//CryptZ High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0004.VBN High
11/19/2011 2:54:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0004.VBN//CryptZ High
11/19/2011 2:54:44 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0005.VBN High
11/19/2011 2:54:44 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0005.VBN//CryptZ High
11/19/2011 2:54:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0006.VBN High
11/19/2011 2:54:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0006.VBN//CryptZ High
11/19/2011 2:54:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0007.VBN High
11/19/2011 2:54:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0007.VBN//CryptZ High
11/19/2011 2:54:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0008.VBN High
11/19/2011 2:54:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0008.VBN//CryptZ High
11/19/2011 2:54:46 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0009.VBN High
11/19/2011 2:54:46 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0009.VBN//CryptZ High
11/19/2011 2:54:46 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000A.VBN High
11/19/2011 2:54:46 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000A.VBN//CryptZ High
11/19/2011 2:54:47 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000B.VBN High
11/19/2011 2:54:47 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000B.VBN//CryptZ High
11/19/2011 2:54:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000C.VBN High
11/19/2011 2:54:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000C.VBN//CryptZ High
11/19/2011 2:54:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000D.VBN High
11/19/2011 2:54:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000D.VBN//CryptZ High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000E.VBN High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000E.VBN//CryptZ High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000F.VBN High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C000F.VBN//CryptZ High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0015.VBN High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0015.VBN//CryptZ High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0016.VBN High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0016.VBN//CryptZ High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0017.VBN High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0017.VBN//CryptZ High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0018.VBN High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0018.VBN//CryptZ High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0019.VBN High
11/19/2011 2:54:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0019.VBN//CryptZ High
11/19/2011 2:54:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001A.VBN High
11/19/2011 2:54:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001A.VBN//CryptZ High
11/19/2011 2:54:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001C.VBN High
11/19/2011 2:54:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001C.VBN//CryptZ High
11/19/2011 2:54:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001B.VBN High
11/19/2011 2:54:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001B.VBN//CryptZ High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001D.VBN High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001D.VBN//CryptZ High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001E.VBN High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001E.VBN//CryptZ High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001F.VBN High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C001F.VBN//CryptZ High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0020.VBN High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0020.VBN//CryptZ High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0021.VBN High
11/19/2011 2:54:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0021.VBN//CryptZ High
11/19/2011 2:54:55 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0022.VBN High
11/19/2011 2:54:55 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0022.VBN//CryptZ High
11/19/2011 2:54:55 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0023.VBN High
11/19/2011 2:54:55 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0023.VBN//CryptZ High
11/19/2011 2:54:55 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0024.VBN High
11/19/2011 2:54:55 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0024.VBN//CryptZ High
11/19/2011 2:54:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0025.VBN High
11/19/2011 2:54:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0025.VBN//CryptZ High
11/19/2011 2:54:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0026.VBN High
11/19/2011 2:54:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0026.VBN//CryptZ High
11/19/2011 2:54:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0027.VBN High
11/19/2011 2:54:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0027.VBN//CryptZ High
11/19/2011 2:54:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0028.VBN High
11/19/2011 2:54:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0028.VBN//CryptZ High
11/19/2011 2:54:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0029.VBN High
11/19/2011 2:54:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0029.VBN//CryptZ High
11/19/2011 2:54:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002A.VBN High
11/19/2011 2:54:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002A.VBN//CryptZ High
11/19/2011 2:54:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0033.VBN High
11/19/2011 2:54:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0033.VBN//CryptZ High
11/19/2011 2:54:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0034.VBN High
11/19/2011 2:54:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0034.VBN//CryptZ High
11/19/2011 2:54:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0035.VBN High
11/19/2011 2:54:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0035.VBN//CryptZ High
11/19/2011 2:54:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0036.VBN High
11/19/2011 2:54:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0036.VBN//CryptZ High
11/19/2011 2:54:59 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0037.VBN High
11/19/2011 2:54:59 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0037.VBN//CryptZ High
11/19/2011 2:55:01 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0038.VBN High
11/19/2011 2:55:01 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0038.VBN//CryptZ High
11/19/2011 2:54:59 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0039.VBN High
11/19/2011 2:54:59 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0039.VBN//CryptZ High
11/19/2011 2:55:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003A.VBN High
11/19/2011 2:55:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003A.VBN//CryptZ High
11/19/2011 2:55:01 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003B.VBN High
11/19/2011 2:55:01 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003B.VBN//CryptZ High
11/19/2011 2:55:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003D.VBN High
11/19/2011 2:55:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003D.VBN//CryptZ High
11/19/2011 2:55:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003C.VBN High
11/19/2011 2:55:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003C.VBN//CryptZ High
11/19/2011 2:55:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003E.VBN High
11/19/2011 2:55:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003E.VBN//CryptZ High
11/19/2011 2:55:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003F.VBN High
11/19/2011 2:55:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C003F.VBN//CryptZ High
11/19/2011 2:55:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0040.VBN High
11/19/2011 2:55:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0040.VBN//CryptZ High
11/19/2011 2:55:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0046.VBN High
11/19/2011 2:55:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0046.VBN//CryptZ High
11/19/2011 2:55:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0047.VBN High
11/19/2011 2:55:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0047.VBN//CryptZ High
11/19/2011 2:55:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0048.VBN High
11/19/2011 2:55:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0048.VBN//CryptZ High
11/19/2011 2:55:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0049.VBN High
11/19/2011 2:55:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0049.VBN//CryptZ High
11/19/2011 2:55:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004A.VBN High
11/19/2011 2:55:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004A.VBN//CryptZ High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004B.VBN High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004B.VBN//CryptZ High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004C.VBN High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004C.VBN//CryptZ High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004D.VBN High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004D.VBN//CryptZ High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004E.VBN High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004E.VBN//CryptZ High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004F.VBN High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C004F.VBN//CryptZ High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0050.VBN High
11/19/2011 2:55:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0050.VBN//CryptZ High
11/19/2011 2:55:08 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0052.VBN High
11/19/2011 2:55:08 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0052.VBN//CryptZ High
11/19/2011 2:55:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0051.VBN High
11/19/2011 2:55:08 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0051.VBN//CryptZ High
11/19/2011 2:55:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0053.VBN High
11/19/2011 2:55:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0053.VBN//CryptZ High
11/19/2011 2:55:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0054.VBN High
11/19/2011 2:55:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0054.VBN//CryptZ High
11/19/2011 2:55:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0055.VBN High
11/19/2011 2:55:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0055.VBN//CryptZ High
11/19/2011 2:55:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0056.VBN High
11/19/2011 2:55:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0056.VBN//CryptZ High
11/19/2011 2:55:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0065.VBN High
11/19/2011 2:55:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0065.VBN//CryptZ High
11/19/2011 2:55:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0066.VBN High
11/19/2011 2:55:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0066.VBN//CryptZ High
11/19/2011 2:55:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0064.VBN High
11/19/2011 2:55:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0064.VBN//CryptZ High
11/19/2011 2:55:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0067.VBN High
11/19/2011 2:55:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0067.VBN//CryptZ High
11/19/2011 2:55:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0069.VBN High
11/19/2011 2:55:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0069.VBN//CryptZ High
11/19/2011 2:55:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0068.VBN High
11/19/2011 2:55:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0068.VBN//CryptZ High
11/19/2011 2:55:12 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006A.VBN High
11/19/2011 2:55:12 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006A.VBN//CryptZ High
11/19/2011 2:55:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006B.VBN High
11/19/2011 2:55:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006B.VBN//CryptZ High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006C.VBN High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006C.VBN//CryptZ High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006E.VBN High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006E.VBN//CryptZ High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006D.VBN High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006D.VBN//CryptZ High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006F.VBN High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C006F.VBN//CryptZ High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0070.VBN High
11/19/2011 2:55:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0070.VBN//CryptZ High
11/19/2011 2:55:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0078.VBN High
11/19/2011 2:55:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0078.VBN//CryptZ High
11/19/2011 2:55:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0079.VBN High
11/19/2011 2:55:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0079.VBN//CryptZ High
11/19/2011 2:55:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007A.VBN High
11/19/2011 2:55:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007A.VBN//CryptZ High
11/19/2011 2:55:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007B.VBN High
11/19/2011 2:55:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007B.VBN//CryptZ High
11/19/2011 2:55:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007C.VBN High
11/19/2011 2:55:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007C.VBN//CryptZ High
11/19/2011 2:55:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007D.VBN High
11/19/2011 2:55:16 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007D.VBN//CryptZ High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007E.VBN High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007E.VBN//CryptZ High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007F.VBN High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C007F.VBN//CryptZ High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0081.VBN High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0081.VBN//CryptZ High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0080.VBN High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0080.VBN//CryptZ High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0082.VBN High
11/19/2011 2:55:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0082.VBN//CryptZ High
11/19/2011 2:55:18 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0083.VBN High
11/19/2011 2:55:18 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0083.VBN//CryptZ High
11/19/2011 2:55:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0084.VBN High
11/19/2011 2:55:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0084.VBN//CryptZ High
11/19/2011 2:55:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0085.VBN High
11/19/2011 2:55:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0085.VBN//CryptZ High
11/19/2011 2:55:19 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0086.VBN High
11/19/2011 2:55:19 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0086.VBN//CryptZ High
11/19/2011 2:55:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0087.VBN High
11/19/2011 2:55:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0087.VBN//CryptZ High
11/19/2011 2:55:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0088.VBN High
11/19/2011 2:55:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0088.VBN//CryptZ High
11/19/2011 2:55:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0089.VBN High
11/19/2011 2:55:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0089.VBN//CryptZ High
11/19/2011 2:55:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008A.VBN High
11/19/2011 2:55:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008A.VBN//CryptZ High
11/19/2011 2:55:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008B.VBN High
11/19/2011 2:55:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008B.VBN//CryptZ High
11/19/2011 2:55:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008C.VBN High
11/19/2011 2:55:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008C.VBN//CryptZ High
11/19/2011 2:55:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008D.VBN High
11/19/2011 2:55:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008D.VBN//CryptZ High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008E.VBN High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008E.VBN//CryptZ High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008F.VBN High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C008F.VBN//CryptZ High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0095.VBN High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0095.VBN//CryptZ High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0096.VBN High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0096.VBN//CryptZ High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0097.VBN High
11/19/2011 2:55:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0097.VBN//CryptZ High
11/19/2011 2:55:23 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0098.VBN High
11/19/2011 2:55:23 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0098.VBN//CryptZ High
11/19/2011 2:55:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0099.VBN High
11/19/2011 2:55:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0099.VBN//CryptZ High
11/19/2011 2:55:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009A.VBN High
11/19/2011 2:55:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009A.VBN//CryptZ High
11/19/2011 2:55:25 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009B.VBN High
11/19/2011 2:55:25 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009B.VBN//CryptZ High
11/19/2011 2:55:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009C.VBN High
11/19/2011 2:55:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009C.VBN//CryptZ High
11/19/2011 2:55:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009D.VBN High
11/19/2011 2:55:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009D.VBN//CryptZ High
11/19/2011 2:55:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009E.VBN High
11/19/2011 2:55:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009E.VBN//CryptZ High
11/19/2011 2:55:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009F.VBN High
11/19/2011 2:55:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C009F.VBN//CryptZ High
11/19/2011 2:55:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A0.VBN High
11/19/2011 2:55:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A0.VBN//CryptZ High
11/19/2011 2:55:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A1.VBN High
11/19/2011 2:55:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A1.VBN//CryptZ High
11/19/2011 2:55:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A2.VBN High
11/19/2011 2:55:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A2.VBN//CryptZ High
11/19/2011 2:55:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A4.VBN High
11/19/2011 2:55:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A4.VBN//CryptZ High
11/19/2011 2:55:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A3.VBN High
11/19/2011 2:55:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A3.VBN//CryptZ High
11/19/2011 2:55:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AA.VBN High
11/19/2011 2:55:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AA.VBN//CryptZ High
11/19/2011 2:55:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AB.VBN High
11/19/2011 2:55:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AB.VBN//CryptZ High
11/19/2011 2:55:28 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AC.VBN High
11/19/2011 2:55:28 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AC.VBN//CryptZ High
11/19/2011 2:55:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AD.VBN High
11/19/2011 2:55:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AD.VBN//CryptZ High
11/19/2011 2:55:29 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AE.VBN High
11/19/2011 2:55:29 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AE.VBN//CryptZ High
11/19/2011 2:55:29 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AF.VBN High
11/19/2011 2:55:29 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00AF.VBN//CryptZ High
11/19/2011 2:55:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B0.VBN High
11/19/2011 2:55:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B0.VBN//CryptZ High
11/19/2011 2:55:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B1.VBN High
11/19/2011 2:55:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B1.VBN//CryptZ High
11/19/2011 2:55:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B2.VBN High
11/19/2011 2:55:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B2.VBN//CryptZ High
11/19/2011 2:55:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B3.VBN High
11/19/2011 2:55:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B3.VBN//CryptZ High
11/19/2011 2:55:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B4.VBN High
11/19/2011 2:55:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B4.VBN//CryptZ High
11/19/2011 2:55:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B5.VBN High
11/19/2011 2:55:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B5.VBN//CryptZ High
11/19/2011 2:55:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B8.VBN High
11/19/2011 2:55:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B8.VBN//CryptZ High
11/19/2011 2:55:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B6.VBN High
11/19/2011 2:55:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B6.VBN//CryptZ High
11/19/2011 2:55:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B9.VBN High
11/19/2011 2:55:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B9.VBN//CryptZ High
11/19/2011 2:55:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BA.VBN High
11/19/2011 2:55:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BA.VBN//CryptZ High
11/19/2011 2:55:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BB.VBN High
11/19/2011 2:55:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BB.VBN//CryptZ High
11/19/2011 2:55:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BD.VBN High
11/19/2011 2:55:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BD.VBN//CryptZ High
11/19/2011 2:55:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BC.VBN High
11/19/2011 2:55:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BC.VBN//CryptZ High
11/19/2011 2:55:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BE.VBN High
11/19/2011 2:55:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BE.VBN//CryptZ High
11/19/2011 2:55:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BF.VBN High
11/19/2011 2:55:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00BF.VBN//CryptZ High
11/19/2011 2:55:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C0.VBN High
11/19/2011 2:55:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C0.VBN//CryptZ High
11/19/2011 2:55:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C1.VBN High
11/19/2011 2:55:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C1.VBN//CryptZ High
11/19/2011 2:55:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C2.VBN High
11/19/2011 2:55:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C2.VBN//CryptZ High
11/19/2011 2:55:49 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C3.VBN High
11/19/2011 2:55:49 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C3.VBN//CryptZ High
11/19/2011 2:55:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C5.VBN High
11/19/2011 2:55:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C5.VBN//CryptZ High
11/19/2011 2:55:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C4.VBN High
11/19/2011 2:55:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C4.VBN//CryptZ High
11/19/2011 2:55:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C6.VBN High
11/19/2011 2:55:51 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C6.VBN//CryptZ High
11/19/2011 2:55:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C7.VBN High
11/19/2011 2:55:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C7.VBN//CryptZ High
11/19/2011 2:55:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C8.VBN High
11/19/2011 2:55:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C8.VBN//CryptZ High
11/19/2011 2:55:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C9.VBN High
11/19/2011 2:55:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00C9.VBN//CryptZ High
11/19/2011 2:55:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CA.VBN High
11/19/2011 2:55:52 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CA.VBN//CryptZ High
11/19/2011 2:55:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CC.VBN High
11/19/2011 2:55:53 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CC.VBN//CryptZ High
11/19/2011 2:55:55 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CB.VBN High
11/19/2011 2:55:55 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CB.VBN//CryptZ High
11/19/2011 2:55:55 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CD.VBN High
11/19/2011 2:55:55 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CD.VBN//CryptZ High
11/19/2011 2:55:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CE.VBN High
11/19/2011 2:55:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CE.VBN//CryptZ High
11/19/2011 2:55:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CF.VBN High
11/19/2011 2:55:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D0.VBN High
11/19/2011 2:55:56 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00CF.VBN//CryptZ High
11/19/2011 2:55:57 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D0.VBN//CryptZ High
11/19/2011 2:55:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D1.VBN High
11/19/2011 2:55:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D1.VBN//CryptZ High
11/19/2011 2:55:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D2.VBN High
11/19/2011 2:55:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D2.VBN//CryptZ High
11/19/2011 2:55:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D3.VBN High
11/19/2011 2:55:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D3.VBN//CryptZ High
11/19/2011 2:55:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D4.VBN High
11/19/2011 2:55:58 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D4.VBN//CryptZ High
11/19/2011 2:55:58 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D5.VBN High
11/19/2011 2:55:58 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D5.VBN//CryptZ High
11/19/2011 2:56:01 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D6.VBN High
11/19/2011 2:56:01 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D6.VBN//CryptZ High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D8.VBN High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D8.VBN//CryptZ High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D7.VBN High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D7.VBN//CryptZ High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D9.VBN High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00D9.VBN//CryptZ High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DA.VBN High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DA.VBN//CryptZ High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DB.VBN High
11/19/2011 2:56:02 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DB.VBN//CryptZ High
11/19/2011 2:56:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DC.VBN High
11/19/2011 2:56:03 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DC.VBN//CryptZ High
11/19/2011 2:56:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DE.VBN High
11/19/2011 2:56:04 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DE.VBN//CryptZ High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DD.VBN High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DD.VBN//CryptZ High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DF.VBN High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00DF.VBN//CryptZ High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E0.VBN High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E0.VBN//CryptZ High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E1.VBN High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E1.VBN//CryptZ High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E2.VBN High
11/19/2011 2:56:05 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E2.VBN//CryptZ High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E3.VBN High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E3.VBN//CryptZ High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E4.VBN High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E4.VBN//CryptZ High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E5.VBN High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E5.VBN//CryptZ High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E6.VBN High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E6.VBN//CryptZ High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E7.VBN High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E7.VBN//CryptZ High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E8.VBN High
11/19/2011 2:56:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E8.VBN//CryptZ High
11/19/2011 2:56:08 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E9.VBN High
11/19/2011 2:56:08 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00E9.VBN//CryptZ High
11/19/2011 2:56:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EA.VBN High
11/19/2011 2:56:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EA.VBN//CryptZ High
11/19/2011 2:56:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EB.VBN High
11/19/2011 2:56:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EB.VBN//CryptZ High
11/19/2011 2:56:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EC.VBN High
11/19/2011 2:56:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EC.VBN//CryptZ High
11/19/2011 2:56:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00ED.VBN High
11/19/2011 2:56:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00ED.VBN//CryptZ High
11/19/2011 2:56:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EE.VBN High
11/19/2011 2:56:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EE.VBN//CryptZ High
11/19/2011 2:56:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EF.VBN High
11/19/2011 2:56:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00EF.VBN//CryptZ High
11/19/2011 2:56:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F0.VBN High
11/19/2011 2:56:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F0.VBN//CryptZ High
11/19/2011 2:56:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F1.VBN High
11/19/2011 2:56:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F1.VBN//CryptZ High
11/19/2011 2:56:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F2.VBN High
11/19/2011 2:56:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F2.VBN//CryptZ High
11/19/2011 2:56:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F3.VBN High
11/19/2011 2:56:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F3.VBN//CryptZ High
11/19/2011 2:56:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F4.VBN High
11/19/2011 2:56:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F4.VBN//CryptZ High
11/19/2011 2:56:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F5.VBN High
11/19/2011 2:56:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F5.VBN//CryptZ High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F6.VBN High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F6.VBN//CryptZ High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F7.VBN High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F7.VBN//CryptZ High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F8.VBN High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F8.VBN//CryptZ High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F9.VBN High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00F9.VBN//CryptZ High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FA.VBN High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FA.VBN//CryptZ High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FB.VBN High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FB.VBN//CryptZ High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FC.VBN High
11/19/2011 2:56:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FC.VBN//CryptZ High
11/19/2011 2:56:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FD.VBN High
11/19/2011 2:56:14 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FD.VBN//CryptZ High
11/19/2011 2:56:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FE.VBN High
11/19/2011 2:56:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FE.VBN//CryptZ High
11/19/2011 2:56:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FF.VBN High
11/19/2011 2:56:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00FF.VBN//CryptZ High
11/19/2011 2:56:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0100.VBN High
11/19/2011 2:56:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0100.VBN//CryptZ High
11/19/2011 2:56:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00000\4FE2BECA.VBN High
11/19/2011 2:56:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00000\4FE2BECA.VBN//CryptZ High
11/19/2011 2:56:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00001\4FE2BEDE.VBN High
11/19/2011 2:56:17 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00001\4FE2BEDE.VBN//CryptZ High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00002\4FE2BEF1.VBN High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00002\4FE2BEF1.VBN//CryptZ High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00004\4FE33201.VBN High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00004\4FE33201.VBN//CryptZ High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00005\4FE3321A.VBN High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00005\4FE3321A.VBN//CryptZ High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00006\4FE3322F.VBN High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00006\4FE3322F.VBN//CryptZ High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00007\4FE33244.VBN High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00007\4FE33244.VBN//CryptZ High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00008\4FE3325F.VBN High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00008\4FE3325F.VBN//CryptZ High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00009\4FE33273.VBN High
11/19/2011 2:56:19 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00009\4FE33273.VBN//CryptZ High
11/19/2011 2:56:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0000A\4FE3328A.VBN High
11/19/2011 2:56:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0000A\4FE3328A.VBN//CryptZ High
11/19/2011 2:56:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0000B\4FE332A8.VBN High
11/19/2011 2:56:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0000B\4FE332A8.VBN//CryptZ High
11/19/2011 2:56:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0000D\4FE3A8A9.VBN High
11/19/2011 2:56:20 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA0000D\4FE3A8A9.VBN//CryptZ High
11/19/2011 2:56:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00022\4FE41BDB.VBN High
11/19/2011 2:56:21 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00022\4FE41BDB.VBN//CryptZ High
11/19/2011 2:56:21 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rnw C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00020\4FE3D69F.VBN High
11/19/2011 2:56:21 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rnw C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00020\4FE3D69F.VBN//CryptZ High
11/19/2011 2:56:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00023\4FE41BEF.VBN High
11/19/2011 2:56:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00023\4FE41BEF.VBN//CryptZ High
11/19/2011 2:56:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00024\4FE41C02.VBN High
11/19/2011 2:56:22 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00024\4FE41C02.VBN//CryptZ High
11/19/2011 2:56:23 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00025\4FE41C16.VBN High
11/19/2011 2:56:23 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00025\4FE41C16.VBN//CryptZ High
11/19/2011 2:56:23 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00026\4FE41C28.VBN High
11/19/2011 2:56:23 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00026\4FE41C28.VBN//CryptZ High
11/19/2011 2:56:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00031\4FE41C6B.VBN High
11/19/2011 2:56:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0BA00031\4FE41C6B.VBN//CryptZ High
11/19/2011 2:56:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980001\4EDD1B01.VBN High
11/19/2011 2:56:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980001\4EDD1B01.VBN//CryptZ High
11/19/2011 2:56:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980000\4EDD1AEF.VBN High
11/19/2011 2:56:24 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980000\4EDD1AEF.VBN//CryptZ High
11/19/2011 2:56:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980002\4EDD1B17.VBN High
11/19/2011 2:56:25 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980002\4EDD1B17.VBN//CryptZ High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980003\4EDD1B29.VBN High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980003\4EDD1B29.VBN//CryptZ High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980004\4EDD1B3D.VBN High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980004\4EDD1B3D.VBN//CryptZ High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000F\4EDD1B82.VBN High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98000F\4EDD1B82.VBN//CryptZ High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980010\4EDD1BA2.VBN High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980010\4EDD1BA2.VBN//CryptZ High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980011\4EDD1BE7.VBN High
11/19/2011 2:56:26 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980011\4EDD1BE7.VBN//CryptZ High
11/19/2011 2:56:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980012\4EDD1C23.VBN High
11/19/2011 2:56:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980012\4EDD1C23.VBN//CryptZ High
11/19/2011 2:56:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980013\4EDD1C6A.VBN High
11/19/2011 2:56:27 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980013\4EDD1C6A.VBN//CryptZ High
11/19/2011 2:56:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980020\4EDD1CD2.VBN High
11/19/2011 2:56:28 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980020\4EDD1CD2.VBN//CryptZ High
11/19/2011 2:56:29 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980022\4EDD1D26.VBN High
11/19/2011 2:56:30 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980021\4EDD1CE5.VBN High
11/19/2011 2:56:29 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980022\4EDD1D26.VBN//CryptZ High
11/19/2011 2:56:30 PM Deleted virus HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980021\4EDD1CE5.VBN//CryptZ High
11/19/2011 2:56:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980023\4EDD1D66.VBN High
11/19/2011 2:56:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980023\4EDD1D66.VBN//CryptZ High
11/19/2011 2:56:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980024\4EDD1D99.VBN High
11/19/2011 2:56:30 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980024\4EDD1D99.VBN//CryptZ High
11/19/2011 2:56:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980025\4EDD1DE2.VBN High
11/19/2011 2:56:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980025\4EDD1DE2.VBN//CryptZ High
11/19/2011 2:56:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980041\4EDD4000.VBN High
11/19/2011 2:56:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980041\4EDD4000.VBN//CryptZ High
11/19/2011 2:56:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980042\4EDD4014.VBN High
11/19/2011 2:56:31 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980042\4EDD4014.VBN//CryptZ High
11/19/2011 2:56:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980043\4EDD4025.VBN High
11/19/2011 2:56:32 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980043\4EDD4025.VBN//CryptZ High
11/19/2011 2:56:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980044\4EDD4037.VBN High
11/19/2011 2:56:33 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980044\4EDD4037.VBN//CryptZ High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980045\4EDD4048.VBN High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980045\4EDD4048.VBN//CryptZ High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980046\4EDD4059.VBN High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980046\4EDD4059.VBN//CryptZ High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980047\4EDD406A.VBN High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980047\4EDD406A.VBN//CryptZ High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980048\4EDD407B.VBN High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980048\4EDD407B.VBN//CryptZ High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980049\4EDD408C.VBN High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980049\4EDD408C.VBN//CryptZ High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004A\4EDD409D.VBN High
11/19/2011 2:56:34 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98004A\4EDD409D.VBN//CryptZ High
11/19/2011 2:56:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980057\4EDD40BC.VBN High
11/19/2011 2:56:35 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980057\4EDD40BC.VBN//CryptZ High
11/19/2011 2:56:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980058\4EDD40CE.VBN High
11/19/2011 2:56:36 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980058\4EDD40CE.VBN//CryptZ High
11/19/2011 2:56:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980059\4EDD40E0.VBN High
11/19/2011 2:56:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980059\4EDD40E0.VBN//CryptZ High
11/19/2011 2:56:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005A\4EDD40F1.VBN High
11/19/2011 2:56:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005A\4EDD40F1.VBN//CryptZ High
11/19/2011 2:56:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005B\4EDD4103.VBN High
11/19/2011 2:56:37 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005B\4EDD4103.VBN//CryptZ High
11/19/2011 2:56:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005C\4EDD4114.VBN High
11/19/2011 2:56:38 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005C\4EDD4114.VBN//CryptZ High
11/19/2011 2:56:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005D\4EDD4125.VBN High
11/19/2011 2:56:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98005D\4EDD4125.VBN//CryptZ High
11/19/2011 2:56:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980069\4EDD4157.VBN High
11/19/2011 2:56:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980069\4EDD4157.VBN//CryptZ High
11/19/2011 2:56:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006A\4EDD4168.VBN High
11/19/2011 2:56:39 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006A\4EDD4168.VBN//CryptZ High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006B\4EDD4179.VBN High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006B\4EDD4179.VBN//CryptZ High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006D\4EDD419C.VBN High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006C\4EDD418B.VBN High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006D\4EDD419C.VBN//CryptZ High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006C\4EDD418B.VBN//CryptZ High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006E\4EDD41AE.VBN High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006E\4EDD41AE.VBN//CryptZ High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006F\4EDD41BF.VBN High
11/19/2011 2:56:41 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98006F\4EDD41BF.VBN//CryptZ High
11/19/2011 2:56:42 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980070\4EDD41D1.VBN High
11/19/2011 2:56:42 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980070\4EDD41D1.VBN//CryptZ High
11/19/2011 2:56:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980071\4EDD41E2.VBN High
11/19/2011 2:56:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980071\4EDD41E2.VBN//CryptZ High
11/19/2011 2:56:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007C\4EDD421E.VBN High
11/19/2011 2:56:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007C\4EDD421E.VBN//CryptZ High
11/19/2011 2:56:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007E\4EDD4240.VBN High
11/19/2011 2:56:43 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007E\4EDD4240.VBN//CryptZ High
11/19/2011 2:56:44 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007D\4EDD422F.VBN High
11/19/2011 2:56:44 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007D\4EDD422F.VBN//CryptZ High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007F\4EDD4252.VBN High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E98007F\4EDD4252.VBN//CryptZ High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980080\4EDD4263.VBN High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980080\4EDD4263.VBN//CryptZ High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980096\4EDD42DF.VBN High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E980096\4EDD42DF.VBN//CryptZ High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EF00002\4EF24742.VBN High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EF00002\4EF24742.VBN//CryptZ High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0000\4FDE6F00.VBN High
11/19/2011 2:56:45 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0000\4FDE6F00.VBN//CryptZ High
11/19/2011 2:56:46 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0001\4FDE6F16.VBN High
11/19/2011 2:56:46 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0001\4FDE6F16.VBN//CryptZ High
11/19/2011 2:56:47 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0003\4FDE6F42.VBN High
11/19/2011 2:56:47 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0003\4FDE6F42.VBN//CryptZ High
11/19/2011 2:56:47 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0002\4FDE6F2C.VBN High
11/19/2011 2:56:47 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0002\4FDE6F2C.VBN//CryptZ High
11/19/2011 2:56:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0010\4FDE6F8B.VBN High
11/19/2011 2:56:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0010\4FDE6F8B.VBN//CryptZ High
11/19/2011 2:56:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0011\4FDE6FA0.VBN High
11/19/2011 2:56:48 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0011\4FDE6FA0.VBN//CryptZ High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0012\4FDE6FB3.VBN High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0012\4FDE6FB3.VBN//CryptZ High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0013\4FDE6FC5.VBN High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0013\4FDE6FC5.VBN//CryptZ High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0014\4FDE6FD7.VBN High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0014\4FDE6FD7.VBN//CryptZ High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002B\4FDE7059.VBN High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002B\4FDE7059.VBN//CryptZ High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002C\4FDE706D.VBN High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002C\4FDE706D.VBN//CryptZ High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002D\4FDE7081.VBN High
11/19/2011 2:56:49 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002D\4FDE7081.VBN//CryptZ High
11/19/2011 2:56:50 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002E\4FDE7094.VBN High
11/19/2011 2:56:50 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002E\4FDE7094.VBN//CryptZ High
11/19/2011 2:56:50 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002F\4FDE70A6.VBN High
11/19/2011 2:56:50 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C002F\4FDE70A6.VBN//CryptZ High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0030\4FDE70B9.VBN High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0030\4FDE70B9.VBN//CryptZ High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0031\4FDE70CA.VBN High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0031\4FDE70CA.VBN//CryptZ High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0032\4FDE70DB.VBN High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0032\4FDE70DB.VBN//CryptZ High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0041\4FDE712F.VBN High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0041\4FDE712F.VBN//CryptZ High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0042\4FDE7141.VBN High
11/19/2011 2:57:06 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0042\4FDE7141.VBN//CryptZ High
11/19/2011 2:57:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0043\4FDE7153.VBN High
11/19/2011 2:57:07 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0043\4FDE7153.VBN//CryptZ High
11/19/2011 2:57:08 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0044\4FDE7166.VBN High
11/19/2011 2:57:08 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0044\4FDE7166.VBN//CryptZ High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0045\4FDE7179.VBN High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0045\4FDE7179.VBN//CryptZ High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0057\4FDE71C5.VBN High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0057\4FDE71C5.VBN//CryptZ High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0058\4FDE71D6.VBN High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0058\4FDE71D6.VBN//CryptZ High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0059\4FDE71E8.VBN High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0059\4FDE71E8.VBN//CryptZ High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005A\4FDE721C.VBN High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005A\4FDE721C.VBN//CryptZ High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005B\4FDE722E.VBN High
11/19/2011 2:57:09 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005B\4FDE722E.VBN//CryptZ High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005C\4FDE723F.VBN High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005C\4FDE723F.VBN//CryptZ High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005D\4FDE7250.VBN High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005D\4FDE7250.VBN//CryptZ High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005E\4FDE7262.VBN High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005E\4FDE7262.VBN//CryptZ High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005F\4FDE7274.VBN High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C005F\4FDE7274.VBN//CryptZ High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0060\4FDE7286.VBN High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0060\4FDE7286.VBN//CryptZ High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0061\4FDE7298.VBN High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0061\4FDE7298.VBN//CryptZ High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0062\4FDE72A9.VBN High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0062\4FDE72A9.VBN//CryptZ High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0063\4FDE72BA.VBN High
11/19/2011 2:57:10 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0063\4FDE72BA.VBN//CryptZ High
11/19/2011 2:57:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0071\4FDE731C.VBN High
11/19/2011 2:57:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0071\4FDE731C.VBN//CryptZ High
11/19/2011 2:57:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0072\4FDE732F.VBN High
11/19/2011 2:57:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0072\4FDE732F.VBN//CryptZ High
11/19/2011 2:57:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0073\4FDE7345.VBN High
11/19/2011 2:57:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0073\4FDE7345.VBN//CryptZ High
11/19/2011 2:57:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0074\4FDE735C.VBN High
11/19/2011 2:57:11 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0074\4FDE735C.VBN//CryptZ High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0075\4FDE7373.VBN High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0075\4FDE7373.VBN//CryptZ High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0076\4FDE7389.VBN High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0076\4FDE7389.VBN//CryptZ High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0077\4FDE739C.VBN High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0077\4FDE739C.VBN//CryptZ High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0090\4FDE740A.VBN High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0090\4FDE740A.VBN//CryptZ High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0091\4FDE741C.VBN High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0091\4FDE741C.VBN//CryptZ High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0092\4FDE742F.VBN High
11/19/2011 2:57:12 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0092\4FDE742F.VBN//CryptZ High
11/19/2011 2:57:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0093\4FDE7442.VBN High
11/19/2011 2:57:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0093\4FDE7442.VBN//CryptZ High
11/19/2011 2:57:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0094\4FDE7454.VBN High
11/19/2011 2:57:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C0094\4FDE7454.VBN//CryptZ High
11/19/2011 2:57:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A5\4FDE7496.VBN High
11/19/2011 2:57:13 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A5\4FDE7496.VBN//CryptZ High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A6\4FDE74AB.VBN High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A6\4FDE74AB.VBN//CryptZ High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A7\4FDE74BE.VBN High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A8\4FDE74D0.VBN High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A7\4FDE74BE.VBN//CryptZ High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A8\4FDE74D0.VBN//CryptZ High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A9\4FDE74E3.VBN High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00A9\4FDE74E3.VBN//CryptZ High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B7\4FDE7531.VBN High
11/19/2011 2:57:15 PM Deleted Trojan program Trojan.Win32.Pakes.qvc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F5C00B7\4FDE7531.VBN//CryptZ High
11/19/2011 3:57:23 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rwf C:\_OTL\MovedFiles\11172011_210444\C_Users\dtreese\AppData\Roaming\13DFA\lvvm.exe High
11/19/2011 3:57:24 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rvq C:\_OTL\MovedFiles\11172011_210444\C_Users\dtreese\AppData\Roaming\Microsoft\A58A\6B9.exe High
11/19/2011 3:57:24 PM Deleted Trojan program Trojan.Win32.Jorik.Gbot.rwc C:\_OTL\MovedFiles\11172011_210444\C_Users\dtreese\AppData\Roaming\A8B13\129A5.exe High
11/19/2011 3:57:25 PM Deleted Trojan program Trojan.Win32.Jorik.Downloader.ki C:\_OTL\MovedFiles\11172011_210444\C_Users\dtreese\AppData\Roaming\Microsoft\A58A\74F3.tmp High
Status: Disinfected (events: 4)
11/19/2011 4:21:56 PM Disinfected Trojan program Trojan-Downloader.Win32.Deliver.lo Outlook\Mailbox - David Treese\IPM_SUBTREE\Sync Issues\Conflicts\[From:account manager][Subject:Spam:ACH Payment 5507022 Canceled][Time:2011/08/03 02:14:36]/report_082011-65.pdf.zip High
11/19/2011 4:21:56 PM Disinfected Trojan program Trojan-Downloader.Win32.Deliver.lo Outlook\Mailbox - David Treese\IPM_SUBTREE\Sync Issues\Conflicts\[From:account manager][Subject:Spam:ACH Payment 5507022 Canceled][Time:2011/08/03 02:14:36]/report_082011-65.pdf.zip/report_082011-65.pdf.exe High
11/19/2011 4:21:58 PM Disinfected Trojan program Trojan-Downloader.Win32.Deliver.mc Outlook\Mailbox - David Treese\IPM_SUBTREE\Sync Issues\Conflicts\[From:account manager][Subject:Spam:NACHA security nitification][Time:2011/08/03 01:24:55]/Report-8764.zip High
11/19/2011 4:21:58 PM Disinfected Trojan program Trojan-Downloader.Win32.Deliver.mc Outlook\Mailbox - David Treese\IPM_SUBTREE\Sync Issues\Conflicts\[From:account manager][Subject:Spam:NACHA security nitification][Time:2011/08/03 01:24:55]/Report-8764.zip/Report-8764.exe High


And the zip file is attached.

Thanks again.

Attached Files


  • 0

#7
Nedklaw
Posted 20 November 2011 - 02:12 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Have the warnings from Symantec Endpoint Protection stopped popping up? Are you experiencing any other problems?


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
F3:64bit: - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 WinNT: Load - (C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) - File not found
F3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 WinNT: Load - (C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe) - File not found 

:Files
C:\Users\dtreese\AppData\Roaming\13DFA
C:\Users\dtreese\AppData\Local\Temp\_uninst_44027730.bat
C:\Users\dtreese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_44027730.lnk
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 4

Can you try running aswMBR again in Normal Mode (if it doesn't work try Safe Mode) and post the log produced.


Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt
  • aswMBR.txt
  • 0

#8
beerman
Posted 20 November 2011 - 04:12 PM

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Thanks again! No other Symantec Endpoint notices and everything appears fine. :happy:

Here are the logs:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_USERS\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\dtreese\AppData\Roaming\13DFA\lvvm.exe deleted successfully.
========== FILES ==========
File\Folder C:\Users\dtreese\AppData\Roaming\13DFA not found.
File\Folder C:\Users\dtreese\AppData\Local\Temp\_uninst_44027730.bat not found.
File\Folder C:\Users\dtreese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_44027730.lnk not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\dtreese\Desktop\cmd.bat deleted successfully.
C:\Users\dtreese\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: David Treese
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dtreese
->Temp folder emptied: 3962 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 15679488 bytes
->Flash cache emptied: 4166 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: administrator

User: All Users

User: David Treese
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: dtreese
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11202011_154112

Files\Folders moved on Reboot...
C:\Users\dtreese\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 11/20/2011 3:47:10 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dtreese\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 70.05% Memory free
15.85 Gb Paging File | 13.40 Gb Available in Paging File | 84.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.63 Gb Total Space | 125.86 Gb Free Space | 52.96% Space Free | Partition Type: NTFS

Computer Name: 4CR1VL1 | User Name: dtreese | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/16 10:25:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
PRC - [2011/09/07 14:53:57 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2011/03/19 20:30:04 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 20:30:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/19 20:30:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2009/10/05 20:54:30 | 001,826,816 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/10/05 20:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/08/17 22:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/07/08 18:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 14:12:32 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/18 14:12:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/18 14:12:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/18 14:12:03 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/18 14:11:58 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/18 14:11:51 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/18 14:11:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/18 14:11:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/18 14:11:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/18 14:11:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/15 23:57:26 | 000,324,896 | ---- | M] () -- C:\Program Files (x86)\Safari\libtidy.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/05 20:54:10 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV:64bit: - [2009/09/03 12:33:16 | 000,507,680 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/08/05 15:00:42 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/20 02:55:48 | 004,908,576 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/26 10:24:42 | 001,040,232 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2009/06/26 10:24:42 | 000,031,080 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2009/06/11 20:07:18 | 002,515,968 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2009/06/03 13:10:20 | 001,555,456 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2009/04/27 14:43:56 | 000,420,432 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
SRV - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 20:30:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 20:30:02 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 20:30:02 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/03/19 20:30:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/09 21:48:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/11 18:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/20 20:04:17 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/19 20:30:04 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/03/19 20:30:04 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/19 20:30:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/11 18:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/05 15:00:42 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/30 21:20:18 | 000,281,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 11:39:10 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\BACS\BASFND.sys -- (BASFND)
DRV:64bit: - [2009/07/01 15:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/26 12:28:04 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/06/19 19:44:56 | 000,319,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tifm21.sys -- (tifm21)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/31 04:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 09:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/05/11 12:56:10 | 000,102,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/06/04 15:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV64.sys -- (PBADRV)
DRV - [2011/11/09 04:31:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 04:31:44 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/20 11:02:16 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111117.036\EX64.SYS -- (NAVEX15)
DRV - [2011/09/20 11:02:16 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111117.036\ENG64.SYS -- (NAVENG)
DRV - [2011/03/19 20:30:04 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/03/19 20:30:04 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/03/19 20:30:04 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/default.aspx
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/11/20 15:41:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://millercoorsu...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A43495A-645A-4AE9-9DCD-D7B41E2BA270}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A09797F-9C11-48AD-AF2B-AFAE47EEAE1F}: NameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63826BF5-BD72-4281-8828-70E47C17E299}: DhcpNameServer = 10.0.0.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-962395197-4016970835-1205081151-1159 Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/19 14:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/17 22:37:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\dtreese\Desktop\aswMBR.exe
[2011/11/17 21:04:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/16 10:25:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
[2011/11/01 10:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/01 10:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/01 10:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/01 08:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/31 15:01:13 | 000,000,000 | ---D | C] -- C:\Users\dtreese\AppData\Local\LogMeIn
[2011/10/31 15:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn

========== Files - Modified Within 30 Days ==========

[2011/11/20 15:50:08 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 15:50:08 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 15:48:55 | 000,789,492 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/20 15:48:55 | 000,671,478 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/20 15:48:55 | 000,123,764 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/20 15:42:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/20 15:42:35 | 2087,874,559 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 15:41:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/19 17:49:51 | 000,012,848 | ---- | M] () -- C:\Users\dtreese\Desktop\avptool_sysinfo.zip
[2011/11/19 15:57:25 | 000,111,054 | -HS- | M] () -- C:\Windows\3057394drv.spi
[2011/11/19 14:46:20 | 102,255,112 | ---- | M] () -- C:\Users\dtreese\Desktop\setup_11.0.0.1245.x01_2011_11_19_21_59.exe
[2011/11/19 14:24:15 | 758,018,758 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/18 17:18:55 | 000,032,768 | ---- | M] () -- C:\Users\dtreese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 23:02:40 | 001,008,092 | ---- | M] () -- C:\Users\dtreese\Desktop\rkill.com
[2011/11/17 22:35:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\dtreese\Desktop\aswMBR.exe
[2011/11/16 11:27:35 | 000,001,992 | -H-- | M] () -- C:\Users\dtreese\Documents\Default.rdp
[2011/11/16 10:25:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dtreese\Desktop\OTL.com
[2011/11/15 17:06:58 | 000,598,569 | ---- | M] () -- C:\Users\dtreese\Desktop\Pages from 20080430145010951.pdf
[2011/11/15 17:02:55 | 000,036,129 | ---- | M] () -- C:\Users\dtreese\Desktop\BONBD1C99992.pdf
[2011/11/10 09:14:36 | 000,421,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/24 09:20:26 | 002,917,749 | ---- | M] () -- C:\Users\dtreese\Desktop\The official home of the Allegrippis Trails.pdf

========== Files Created - No Company Name ==========

[2011/11/19 17:50:35 | 000,012,848 | ---- | C] () -- C:\Users\dtreese\Desktop\avptool_sysinfo.zip
[2011/11/19 14:51:38 | 000,111,054 | -HS- | C] () -- C:\Windows\3057394drv.spi
[2011/11/19 14:45:25 | 102,255,112 | ---- | C] () -- C:\Users\dtreese\Desktop\setup_11.0.0.1245.x01_2011_11_19_21_59.exe
[2011/11/17 23:02:40 | 001,008,092 | ---- | C] () -- C:\Users\dtreese\Desktop\rkill.com
[2011/11/15 17:06:58 | 000,598,569 | ---- | C] () -- C:\Users\dtreese\Desktop\Pages from 20080430145010951.pdf
[2011/11/15 17:02:55 | 000,036,129 | ---- | C] () -- C:\Users\dtreese\Desktop\BONBD1C99992.pdf
[2011/10/24 09:17:42 | 002,917,749 | ---- | C] () -- C:\Users\dtreese\Desktop\The official home of the Allegrippis Trails.pdf
[2011/03/20 19:54:18 | 000,003,002 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/03/14 21:19:24 | 000,007,600 | ---- | C] () -- C:\Users\dtreese\AppData\Local\Resmon.ResmonCfg
[2011/02/22 14:14:47 | 000,032,768 | ---- | C] () -- C:\Users\dtreese\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/18 11:47:58 | 000,004,408 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/09 23:27:33 | 001,514,088 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/01/09 23:27:33 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010/01/09 23:27:33 | 000,308,840 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2010/01/09 22:00:02 | 000,745,748 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/09 21:35:11 | 000,377,168 | ---- | C] () -- C:\Windows\SysWow64\brcmbsp.dll
[2010/01/09 21:34:51 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2009/10/05 20:27:16 | 000,143,360 | R--- | C] () -- C:\Windows\SysWow64\preflib.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/05/20 14:31:00 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\LNKFILES.DLL

========== LOP Check ==========

[2011/11/01 12:14:39 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Broadcom
[2011/11/01 12:14:39 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Wave Systems Corp
[2010/01/15 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\BACS.exe
[2010/01/15 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\Broadcom
[2010/01/15 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\David Treese\AppData\Roaming\Wave Systems Corp
[2011/10/03 15:36:33 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Accellion
[2011/06/29 10:37:19 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Agilix
[2010/01/18 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Broadcom
[2011/06/29 10:44:42 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\FranklinCovey
[2010/01/22 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Leadertech
[2011/03/10 15:34:07 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\PrintSet
[2010/08/18 14:27:57 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Research In Motion
[2010/01/18 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Wave Systems Corp
[2011/01/27 14:44:53 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\webex
[2010/11/26 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\dtreese\AppData\Roaming\Windows Live Writer
[2011/02/08 11:58:51 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8201

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/20/2011 4:02:39 PM
mbam-log-2011-11-20 (16-02-39).txt

Scan type: Quick scan
Objects scanned: 205257
Time elapsed: 1 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


As for ESET, it ran and found nothing. I cannot, however, find the log or the program. :huh: I clicked "uninstall upon exit" and I guess it deleted the log as well.

Again tried to run aswMBR and got stop error/blue screen in both normal mode and safe mode. Is this an indicator of something, or just incompatibility with the system? :(

Thanks.
  • 0

#9
beerman
Posted 21 November 2011 - 08:31 AM

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Ah, spoke too soon. Came in to the office today and connected to the network. Within a few minutes the Symantec Endpoint notices started popping up again. Trojan.Gen and Trojan.Gen2. Does this have anything to do with why aswMBR will not run?

Good luck and thanks again.
  • 0

#10
Nedklaw
Posted 21 November 2011 - 02:53 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
It could be the latest TDL4 preventing aswMBR from running.

Lets look deeper into your system:


Step 1

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Step 2

Hi. :)

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Things I want to see in your next reply

  • ComboFix.txt
  • MBRCheck Report
  • 0

Advertisements

#11
beerman
Posted 21 November 2011 - 03:15 PM

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
I have ComboFix download but am a little wary of disabling Symantec Endpoint given the number of items quarantined today. I will try to run with Symantec active and see what happens.
  • 0

#12
Nedklaw
Posted 21 November 2011 - 03:21 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
It's important to disable your anti-virus software whilst running the scan so it doesn't interfere with Combofix.
  • 0

#13
beerman
Posted 21 November 2011 - 03:43 PM

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Before getting your reply I decided to go ahead and disable it anyway (although ComboFix said it wasn't disabled but I double checked and it was). Anyway, ComboFix ran and the computer rebooted. Log file is ready to go but when I tried to open Safari I received an error window that said: "Illegal operation attempted on a registry key that has been marked for deletion." I receive the same error when I tried to launch Internet Explorer.

I am sending this from another computer as I cannot now access a web browser. I can send the ComboFix log if you want. I ran MBRcheck and nothing reported.
  • 0

#14
beerman
Posted 21 November 2011 - 03:48 PM

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Figured out a way to get the logs to you. Here they are:

ComboFix 11-11-21.01 - dtreese 11/21/2011 16:20:34.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8116.6006 [GMT -5:00]
Running from: c:\users\dtreese\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\dtreese\g2mdlhlpx.exe
c:\users\dtreese\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-20 21:00 . 2011-11-20 21:00 -------- d-----w- c:\users\dtreese\AppData\Roaming\Malwarebytes
2011-11-20 20:53 . 2011-11-20 20:53 -------- d-----w- c:\programdata\Malwarebytes
2011-11-20 20:53 . 2011-11-20 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-20 20:53 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-19 19:47 . 2011-11-19 19:47 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-18 02:04 . 2011-11-18 02:04 -------- d-----w- C:\_OTL
2011-11-09 14:49 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 14:49 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 14:49 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:49 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 17:16 . 2011-11-01 17:16 -------- d-----w- c:\users\administrator\AppData\Roaming\VMware
2011-11-01 17:15 . 2011-11-01 17:15 -------- d-----w- c:\users\administrator\AppData\Local\VMware
2011-11-01 17:14 . 2011-11-01 17:14 -------- d-----w- c:\users\administrator\AppData\Local\Adobe
2011-11-01 17:14 . 2011-11-01 17:14 -------- d-----w- c:\users\administrator\AppData\Roaming\Logitech
2011-11-01 17:14 . 2011-11-01 17:14 -------- d-----w- c:\users\administrator\AppData\Roaming\Intel Corporation
2011-11-01 17:14 . 2011-11-01 17:14 -------- d-----w- c:\users\administrator\AppData\Roaming\Apple Computer
2011-11-01 17:14 . 2011-11-01 17:14 -------- d-----w- c:\users\administrator\AppData\Roaming\Wave Systems Corp
2011-11-01 17:14 . 2011-11-01 17:14 -------- d-----w- c:\users\administrator\AppData\Roaming\Broadcom
2011-11-01 17:14 . 2011-11-01 17:14 -------- d-----r- c:\users\administrator\Virtual Machines
2011-11-01 17:14 . 2011-11-01 17:14 -------- d-----w- c:\users\administrator\AppData\Local\Symantec
2011-11-01 15:59 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-11-01 15:57 . 2011-11-01 15:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-01 15:57 . 2011-11-01 15:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-01 15:57 . 2011-11-01 15:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-01 15:57 . 2011-11-01 15:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-01 15:57 . 2011-11-01 15:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-01 15:57 . 2011-11-01 15:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-01 15:57 . 2011-11-01 15:57 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-11-01 15:56 . 2011-11-01 15:57 -------- d-----w- c:\program files (x86)\QuickTime
2011-11-01 15:52 . 2011-11-01 15:52 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-01 13:30 . 2011-11-01 13:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-31 20:01 . 2011-10-31 20:01 -------- d-----w- c:\users\dtreese\AppData\Local\LogMeIn
2011-10-31 20:01 . 2011-10-31 20:01 -------- d-----w- c:\programdata\LogMeIn
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 09:06 . 2010-04-16 20:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-01 05:24 . 2011-10-13 07:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 07:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 07:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 07:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:37 . 2011-10-12 22:36 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 22:36 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 22:36 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-12 22:36 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-03-20 115560]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-9-3 1338656]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-22 1207312]
PrintSet Uppdate.lnk - c:\program files (x86)\Intermec\PrintSet 4\WiseUpdt.EXE [2008-2-6 214792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
2;2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 buttonsvc64;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-04-27 420432]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-06-26 1040232]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-06-26 31080]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-09-03 507680]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4908576]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-10-06 76288]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 01:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 01:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-05 450048]
"nwiz"="nwiz.exe" [2009-09-17 1712744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-17 16336488]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-09-17 94312]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"combofix"="c:\combofix\CF12000.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.5
TCP: Interfaces\{2A09797F-9C11-48AD-AF2B-AFAE47EEAE1F}: NameServer = 10.0.0.5
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ISUSPM - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
SafeBoot-Symantec Antvirus
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
.
**************************************************************************
.
Completion time: 2011-11-21 16:31:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 21:31
.
Pre-Run: 135,858,835,456 bytes free
Post-Run: 135,478,194,176 bytes free
.
- - End Of File - - 86A4EE03FEED9E6AADF90CB2A1A3943A


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Precision M6500
Logical Drives Mask: 0x0080000c

Kernel Drivers (total 222):
0x03662000 \SystemRoot\system32\ntoskrnl.exe
0x03619000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00CFB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D4A000 \SystemRoot\system32\PSHED.dll
0x00D5E000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E88000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F2C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F3B000 \SystemRoot\system32\drivers\ACPI.sys
0x00F92000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F9B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FA5000 \SystemRoot\system32\drivers\pci.sys
0x00FD8000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FE5000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E09000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x00DBC000 \SystemRoot\System32\drivers\mountmgr.sys
0x01087000 \SystemRoot\system32\drivers\vmbus.sys
0x010C3000 \SystemRoot\system32\drivers\winhv.sys
0x01291000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0149B000 \SystemRoot\system32\drivers\amdxata.sys
0x014A6000 \SystemRoot\system32\drivers\fltmgr.sys
0x014F2000 \SystemRoot\system32\drivers\fileinfo.sys
0x01506000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0160B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01512000 \SystemRoot\System32\Drivers\msrpc.sys
0x017AE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01570000 \SystemRoot\System32\Drivers\cng.sys
0x017C9000 \SystemRoot\System32\drivers\pcw.sys
0x017DA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x010D7000 \SystemRoot\system32\drivers\ndis.sys
0x01200000 \SystemRoot\system32\drivers\NETIO.SYS
0x01260000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01841000 \SystemRoot\System32\drivers\tcpip.sys
0x01A45000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A8F000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01A9F000 \SystemRoot\system32\drivers\volsnap.sys
0x01AEB000 \SystemRoot\System32\Drivers\spldr.sys
0x01AF3000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B2D000 \SystemRoot\system32\DRIVERS\PBADRV64.sys
0x01B39000 \SystemRoot\System32\Drivers\mup.sys
0x01B4B000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B54000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B8E000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x044B0000 \SystemRoot\system32\drivers\cdrom.sys
0x044DA000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x04604000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111121.003\EX64.SYS
0x0454F000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x04585000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111121.003\ENG64.SYS
0x045A5000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x045B9000 \SystemRoot\System32\Drivers\Null.SYS
0x045C2000 \SystemRoot\System32\Drivers\Beep.SYS
0x045C9000 \SystemRoot\System32\drivers\vga.sys
0x045D7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04200000 \SystemRoot\System32\drivers\watchdog.sys
0x04210000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04219000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04222000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0422B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04236000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04247000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04269000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04A8C000 \SystemRoot\system32\drivers\afd.sys
0x04B15000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04B5A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04B63000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04B89000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x04B9D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04BAC000 \SystemRoot\system32\DRIVERS\serial.sys
0x04BC9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04A00000 \SystemRoot\system32\drivers\vpcvmm.sys
0x04A57000 \SystemRoot\system32\drivers\termdd.sys
0x01000000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04A6B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04A77000 \SystemRoot\system32\drivers\mssmbios.sys
0x04CB6000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04D2F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x04D55000 \SystemRoot\System32\drivers\discache.sys
0x04D64000 \SystemRoot\system32\drivers\csc.sys
0x04C00000 \SystemRoot\System32\Drivers\dfsc.sys
0x04C1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04C2F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x058EC000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x063F5000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04E3E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F32000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04F78000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04F89000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04E00000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05079000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x05000000 \SystemRoot\system32\DRIVERS\b57nd60a.sys
0x055B4000 \SystemRoot\system32\drivers\1394ohci.sys
0x05800000 \SystemRoot\system32\drivers\tifm21.sys
0x0504E000 \SystemRoot\system32\drivers\sdbus.sys
0x04FDF000 \SystemRoot\system32\drivers\i8042prt.sys
0x05853000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0506E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04E24000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0589E000 \SystemRoot\system32\drivers\kbdclass.sys
0x055F2000 \SystemRoot\system32\DRIVERS\serenum.sys
0x058AD000 \SystemRoot\system32\DRIVERS\parport.sys
0x058CA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05070000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04E33000 \SystemRoot\system32\drivers\wmiacpi.sys
0x04C55000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x058D7000 \SystemRoot\system32\drivers\CompositeBus.sys
0x063F7000 \SystemRoot\System32\Drivers\RootMdm.sys
0x04C6B000 \SystemRoot\system32\drivers\modem.sys
0x04C7A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04C90000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04DE7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x01800000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04BE4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01051000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04276000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DF3000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x04A82000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x0182F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05075000 \SystemRoot\system32\drivers\swenum.sys
0x068BF000 \SystemRoot\system32\drivers\ks.sys
0x06902000 \SystemRoot\system32\drivers\umbus.sys
0x06914000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x06931000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x06940000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x0697C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x069D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06800000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0687B000 \SystemRoot\system32\DRIVERS\portcls.sys
0x011CA000 \SystemRoot\system32\DRIVERS\drmk.sys
0x068B8000 \SystemRoot\system32\drivers\ksthunk.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x069EB000 \SystemRoot\System32\drivers\Dxapi.sys
0x04290000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0429E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x01BD4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x015E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02060000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0208E000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x020B9000 \SystemRoot\System32\Drivers\cvusbdrv.sys
0x02109000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x02117000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02130000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02139000 \SystemRoot\system32\DRIVERS\LEqdUsb.Sys
0x02150000 \SystemRoot\system32\drivers\kbdhid.sys
0x0215E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0216B000 \SystemRoot\system32\DRIVERS\LHidEqd.Sys
0x02173000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x02186000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x0219A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x021A8000 \SystemRoot\system32\drivers\ftdibus.sys
0x021B8000 \SystemRoot\system32\drivers\ftser2k.sys
0x00650000 \SystemRoot\System32\cdd.dll
0x021D1000 \SystemRoot\system32\drivers\luafv.sys
0x02000000 \SystemRoot\system32\drivers\WudfPf.sys
0x02021000 \SystemRoot\system32\drivers\WinUSB.SYS
0x020C7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x020F8000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x02032000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x048FC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0494F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04962000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04800000 \SystemRoot\system32\drivers\HTTP.sys
0x048C9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0497A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04992000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05693000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x056E1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05705000 \??\C:\Program Files\Broadcom\BACS\BASFND.sys
0x0570C000 \SystemRoot\system32\drivers\peauth.sys
0x057B2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x057BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x057EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0B0B7000 \SystemRoot\System32\DRIVERS\srv.sys
0x0B14F000 \SystemRoot\system32\drivers\spsys.sys
0x0B1C0000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x775C0000 \Windows\System32\ntdll.dll
0x48280000 \Windows\System32\smss.exe
0xFF8E0000 \Windows\System32\apisetschema.dll
0xFF220000 \Windows\System32\autochk.exe
0xFF830000 \Windows\System32\msvcrt.dll
0xFF750000 \Windows\System32\advapi32.dll
0xFF6D0000 \Windows\System32\shlwapi.dll
0x77460000 \Windows\System32\wininet.dll
0xFF6C0000 \Windows\System32\nsi.dll
0xFF690000 \Windows\System32\imm32.dll
0xFF670000 \Windows\System32\imagehlp.dll
0xFF560000 \Windows\System32\msctf.dll
0x77250000 \Windows\System32\iertutil.dll
0xFF540000 \Windows\System32\sechost.dll
0xFF470000 \Windows\System32\usp10.dll
0x77130000 \Windows\System32\kernel32.dll
0xFF290000 \Windows\System32\setupapi.dll
0xFF1F0000 \Windows\System32\comdlg32.dll
0xFF190000 \Windows\System32\Wldap32.dll
0x77030000 \Windows\System32\user32.dll
0x77790000 \Windows\System32\psapi.dll
0xFF110000 \Windows\System32\difxapi.dll
0xFF070000 \Windows\System32\clbcatq.dll
0x77780000 \Windows\System32\normaliz.dll
0xFEE60000 \Windows\System32\ole32.dll
0xFED80000 \Windows\System32\oleaut32.dll
0xFED70000 \Windows\System32\lpk.dll
0xFDFE0000 \Windows\System32\shell32.dll
0xFDF90000 \Windows\System32\ws2_32.dll
0xFDF20000 \Windows\System32\gdi32.dll
0x76EE0000 \Windows\System32\urlmon.dll
0xFDDF0000 \Windows\System32\rpcrt4.dll
0xFDDB0000 \Windows\System32\wintrust.dll
0xFDD10000 \Windows\System32\comctl32.dll
0xFDBA0000 \Windows\System32\crypt32.dll
0xFDB30000 \Windows\System32\KernelBase.dll
0xFDB10000 \Windows\System32\devobj.dll
0xFDAD0000 \Windows\System32\cfgmgr32.dll
0xFDAC0000 \Windows\System32\msasn1.dll
0x75520000 \Windows\SysWOW64\normaliz.dll

Processes (total 67):
0 System Idle Process
4 System
352 C:\Windows\System32\smss.exe
452 csrss.exe
544 csrss.exe
552 C:\Windows\System32\wininit.exe
608 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\winlogon.exe
844 C:\Windows\System32\nvvsvc.exe
884 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
148 C:\Windows\System32\svchost.exe
364 C:\Windows\System32\svchost.exe
472 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\stacsv64.exe
368 C:\Windows\System32\audiodg.exe
1220 C:\Windows\System32\svchost.exe
1332 WUDFHost.exe
1376 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
1412 C:\Windows\System32\svchost.exe
1528 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
1868 C:\Windows\System32\spoolsv.exe
1896 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
1920 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
1940 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\svchost.exe
2124 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
2180 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2208 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2228 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2252 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2280 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
2348 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
2428 C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2560 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2660 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2708 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2740 C:\Windows\System32\svchost.exe
2776 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
2820 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
2828 WmiPrvSE.exe
2924 unsecapp.exe
3032 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2436 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3312 WmiPrvSE.exe
3832 C:\Windows\System32\svchost.exe
3932 C:\Windows\System32\nvvsvc.exe
4080 C:\Windows\System32\taskhost.exe
3616 C:\Windows\System32\dwm.exe
3948 C:\Windows\explorer.exe
4224 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
4388 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
5116 C:\Windows\System32\SearchIndexer.exe
4456 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
3252 C:\Windows\System32\svchost.exe
4924 C:\Windows\System32\sppsvc.exe
4664 C:\Program Files\Windows Media Player\wmpnetwk.exe
3820 C:\Windows\System32\SearchProtocolHost.exe
2264 C:\Windows\System32\notepad.exe
3780 C:\Windows\System32\svchost.exe
4796 C:\Windows\System32\SearchFilterHost.exe
832 dllhost.exe
3300 dllhost.exe
2332 C:\Users\dtreese\Desktop\MBRCheck.exe
2816 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`35c00000 (NTFS)
\\.\X: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: 1ø€ÿÿA€Íú€ÿÿÜ8aø€ÿÿð1ø€ÿÿ
PhysicalDrive1 Model Number: ST31500341AS, Rev: CC1H

Size Device Name MBR Status
--------------------------------------------
238 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Hope this helps.
  • 0

#15
Nedklaw
Posted 21 November 2011 - 03:56 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
This is a known issue that can happen after running ComboFix. Just simply restarting your computer should solve the problem. I will now analyse your logs and should formulate a reply tomorrow. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP