Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Gen.2 Reappears after reboot [Solved]

Started by feelmybrain , Feb 09 2012 02:05 PM

  • This topic is locked This topic is locked

#1
feelmybrain
Posted 09 February 2012 - 02:05 PM

feelmybrain

    Member

  • Member
  • PipPip
  • 32 posts
Hey,
I've been experiencing performance related issues for some time on my HP laptop running Windows 7. Recently, I started noticing Symantec Endpoint Protection's active scanner detecting and then removing files from a 'Temp' folder. This infection appears to go away for a limited time, but always reappears after rebooting the PC. Symantec detects the infected item as 'Trojan.Gen.2,' any help would be greatly appreciated. Thanks so much.

OTL logfile created on: 2/9/2012 2:42:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sue\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.43 Mb Total Physical Memory | 250.74 Mb Available Physical Memory | 24.72% Memory free
1.99 Gb Paging File | 0.70 Gb Available in Paging File | 35.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.77 Gb Total Space | 57.61 Gb Free Space | 40.93% Space Free | Partition Type: NTFS
Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.04% Space Free | Partition Type: NTFS

Computer Name: SUE-PC | User Name: Sue | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/09 14:30:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
PRC - [2012/01/15 23:42:22 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/04/25 16:52:37 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/04/25 16:52:36 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2011/04/12 08:26:18 | 000,277,832 | ---- | M] (AOL Inc.) -- c:\Program Files\AOL Toolbar\aoltbServer.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1198706548\ee\aolsoftware.exe
PRC - [2009/10/15 10:55:30 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/15 10:55:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/15 10:55:26 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/10/15 10:55:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/10/15 10:55:24 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/25 16:52:37 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll
MOD - [2007/04/23 20:10:44 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/01 13:41:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/15 10:55:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/15 10:55:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/15 10:55:28 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/10/15 10:55:26 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/15 10:55:24 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/03/29 15:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2012/02/07 00:18:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/06 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/06 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/14 11:35:34 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120208.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/14 11:35:34 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120208.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/28 20:44:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/15 10:55:32 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/15 10:55:32 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/15 10:55:32 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/15 10:55:16 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/15 10:55:16 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/10/15 10:55:14 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/08/08 19:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/16 22:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/01 15:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sue\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Sue\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB (SFImageUpload1_10.ImageUpload)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://aolsvc.aol.co...tg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcopho...eX_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.112.138 167.206.7.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{621D0678-1659-4645-B3A6-780BDDAAF948}: DhcpNameServer = 167.206.112.138 167.206.7.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC302945-AED3-4D1F-96C8-3D97C28F4FC1}: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{676ac6c5-ce05-11e0-858b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{676ac6c5-ce05-11e0-858b-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/09 14:29:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
[2012/02/07 00:18:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/01 19:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/01 19:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/01 19:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/27 09:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2012/01/27 09:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2012/01/26 10:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/23 15:17:56 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/01/23 14:14:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/01/23 09:50:38 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Sue\AppData\Local\log4cxx.dll
[2012/01/20 13:40:12 | 000,000,000 | ---D | C] -- C:\Users\Sue\AppData\Roaming\Malwarebytes
[2012/01/20 11:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/20 11:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/20 11:01:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/20 11:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/20 10:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/09 14:39:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/09 14:30:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sue\Desktop\OTL.exe
[2012/02/09 14:23:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/08 23:26:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/08 23:18:30 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 23:18:30 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 23:01:59 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 00:18:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/02/01 19:44:38 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/25 10:01:43 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 16:31:03 | 000,475,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/20 15:10:47 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/01/20 10:58:09 | 000,629,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/20 10:58:09 | 000,108,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/20 10:10:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/18 23:18:49 | 000,031,702 | ---- | M] () -- C:\Users\Sue\Documents\ADDRESSES.rtf
[2012/01/17 00:30:00 | 002,694,246 | ---- | M] () -- C:\Users\Sue\Documents\OH MURPHY.jpg
[2012/01/16 04:18:55 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSue.job
[2012/01/12 19:57:53 | 005,356,032 | ---- | M] () -- C:\Users\Sue\Documents\snow.pps
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 19:44:38 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/27 09:39:43 | 000,002,843 | ---- | C] () -- C:\Users\Sue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2012/01/25 10:01:43 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/23 09:50:38 | 000,094,208 | ---- | C] () -- C:\Users\Sue\AppData\Local\common_functions.dll
[2012/01/20 10:10:00 | 000,001,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/18 23:10:30 | 000,031,702 | ---- | C] () -- C:\Users\Sue\Documents\ADDRESSES.rtf
[2012/01/12 19:57:39 | 005,356,032 | ---- | C] () -- C:\Users\Sue\Documents\snow.pps
[2011/09/02 06:08:50 | 000,102,400 | ---- | C] () -- C:\Users\Sue\AppData\Local\ie_runner_app.exe
[2011/06/08 23:26:14 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/08 23:23:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/08/16 13:12:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/14 19:42:45 | 000,023,110 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/15 13:14:04 | 000,197,047 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2009/12/20 15:02:51 | 000,012,800 | ---- | C] () -- C:\Users\Sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 19:27:11 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/11/28 15:39:22 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/09/23 18:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/08/18 19:36:46 | 000,197,047 | ---- | C] () -- C:\Windows\hpoins30.dat
[2009/08/18 15:59:57 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,475,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,629,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,108,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/12/05 05:52:59 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2008/03/12 10:55:33 | 000,038,246 | ---- | C] () -- C:\Users\Sue\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2008/03/09 21:19:52 | 000,000,000 | ---- | C] () -- C:\Users\Sue\AppData\Roaming\wklnhst.dat
[2008/03/04 22:28:48 | 000,013,757 | ---- | C] () -- C:\Windows\hplj1010.ini
[2008/01/02 20:02:18 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/20 12:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 12:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/14 07:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/14 07:13:40 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/14 06:58:55 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/14 04:33:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/02/27 15:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 19:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2012/01/10 00:01:45 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Costco Photo Organizer
[2012/01/15 13:53:00 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Facebook
[2009/11/28 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\iWin
[2009/11/28 15:28:40 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\iWinArcade
[2009/11/28 15:29:09 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\MSNInstaller
[2010/05/24 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\muvee Technologies
[2009/11/28 15:29:09 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\PlayFirst
[2011/03/17 00:13:46 | 000,000,000 | ---D | M] -- C:\Users\Sue\AppData\Roaming\Printer Info Cache
[2011/05/15 13:53:47 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 723 bytes -> C:\Users\Sue\Documents\1.eml:OECustomProperty

< End of report >
  • 0

Advertisements

#2
Render
Posted 13 February 2012 - 07:02 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
feelmybrain
Posted 14 February 2012 - 03:16 PM

feelmybrain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-14 15:41:15
-----------------------------
15:41:15.308 OS Version: Windows 6.1.7601 Service Pack 1
15:41:15.308 Number of processors: 2 586 0xF0D
15:41:15.308 ComputerName: SUE-PC UserName: Sue
15:41:18.834 Initialize success
15:41:29.177 AVAST engine defs: 12021400
15:42:08.926 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:42:08.941 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
15:42:08.972 Disk 0 MBR read successfully
15:42:08.972 Disk 0 MBR scan
15:42:09.082 Disk 0 Windows 7 default MBR code
15:42:09.082 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144145 MB offset 63
15:42:09.160 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8479 MB offset 295210440
15:42:09.206 Disk 0 scanning sectors +312576705
15:42:09.394 Disk 0 scanning C:\Windows\system32\drivers
15:42:43.152 Service scanning
15:42:44.946 Modules scanning
15:43:01.357 Disk 0 trace - called modules:
15:43:01.389 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
15:43:01.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e915e0]
15:43:01.888 3 CLASSPNP.SYS[8797e59e] -> nt!IofCallDriver -> [0x85096700]
15:43:01.903 5 ACPI.sys[872c43d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8509a028]
15:43:03.448 AVAST engine scan C:\Windows
15:43:10.047 AVAST engine scan C:\Windows\system32
15:49:32.598 AVAST engine scan C:\Windows\system32\drivers
15:49:56.935 AVAST engine scan C:\Users\Sue
16:06:48.012 AVAST engine scan C:\ProgramData
16:09:50.423 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ141B.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:50.563 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ309E.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:09:50.735 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ32F6.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:09:50.953 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ363E.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:51.281 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ3771.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:51.609 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ37E2.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:51.874 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ3A28.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:52.092 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ3DC4.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:52.357 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ3E83.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:52.591 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ428E.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:53.013 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ44AF.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:53.293 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ4E94.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:53.746 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ5420.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:54.042 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ5481.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:54.307 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ54D3.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:54.635 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ566D.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:54.838 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ58BE.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:55.041 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ59B6.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:55.306 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ5A7E.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:55.555 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ65BA.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:55.883 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ678A.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:56.320 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ6986.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:56.725 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ6A92.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:57.084 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ6C7A.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:57.381 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ6E36.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:57.568 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ6F54.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:09:57.786 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ6F7D.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:58.036 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ7055.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:58.426 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ800F.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:58.738 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ8020.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:59.003 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ8130.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:59.377 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ827C.tmp **INFECTED** Win32:Adware-gen [Adw]
16:09:59.705 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ8441.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:00.204 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ84C4.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:00.485 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ8898.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:10:00.828 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ89EF.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:01.234 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ971E.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:01.624 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ99D5.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:01.920 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9A56.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:02.482 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9BBD.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:02.919 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9DB3.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:03.215 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9E8.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:03.371 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQ9F4E.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:10:03.699 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQA588.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:10:03.808 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQA954.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:10:04.276 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQAD07.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:04.822 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQAD99.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:05.259 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQB0B5.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:05.649 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQB0DF.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:05.992 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQB164.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:06.241 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQB584.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:06.538 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQB9C0.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:10:06.803 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQC3DD.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:07.068 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQC471.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:07.474 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQC6EF.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:07.848 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQC715.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:08.191 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQC819.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:08.550 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQCCF1.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:09.018 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQD008.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:09.237 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQD5E.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:09.549 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQD675.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:09.861 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQDCD7.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:10.157 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQDCF1.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:10.563 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQE0DD.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:10.906 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQE211.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:11.077 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQE6BE.tmp **INFECTED** Win32:AntiAV-C [Tool]
16:10:11.530 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQE862.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:11.982 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQEC40.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:12.466 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQEDF3.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:12.747 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQF393.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:12.996 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQF4E0.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:13.230 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQF736.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:13.605 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQF73D.tmp **INFECTED** Win32:Adware-gen [Adw]
16:10:13.901 File: C:\ProgramData\Symantec\SRTSP\Quarantine\APQFF74.tmp **INFECTED** Win32:Adware-gen [Adw]
16:11:16.410 Scan finished successfully
16:12:50.388 Disk 0 MBR has been saved successfully to "C:\Users\Sue\Desktop\MBR.dat"
16:12:50.404 The log file has been saved successfully to "C:\Users\Sue\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   556bytes   121 downloads

  • 0

#4
feelmybrain
Posted 14 February 2012 - 03:20 PM

feelmybrain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
First of all, thanks for replying. I've attached the info you requested above. I would also like to add, I do not have the Windows installation discs, but it looks like there is a recovery partition on this HP laptop.

Also, I have been running Symantec EndPoint as well as Microsoft Security Essentials for some time. I was afraid that Symantec wasn't working correctly as the infected objects kept reappearing. I now realize this may cause problems so I went ahead and uninstalled Microsoft Security Essentials.
  • 0

#5
Render
Posted 14 February 2012 - 04:33 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Running two antivirus programs simultaneously is not a safe practice at all, as you're more likely to get infected and have other performance issues with your computer.

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
feelmybrain
Posted 15 February 2012 - 09:34 AM

feelmybrain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.15.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sue :: SUE-PC [administrator]

2/15/2012 9:48:31 AM
mbam-log-2012-02-15 (09-48-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210412
Time elapsed: 26 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#7
feelmybrain
Posted 15 February 2012 - 09:47 AM

feelmybrain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
note: 1 week before posting I ran MBAM and detected roughly 200 infected items. The program then prompted me to reboot to complete deletion of infected items. I guess it's coming up clean now so that's a good thing!
  • 0

#8
Render
Posted 15 February 2012 - 11:10 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Yes, it looks clean. Please do the following now:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
  	
:Files
C:\ProgramData\Symantec\SRTSP\Quarantine\*.tmp
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT...

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • VRT scan report
  • attached analysis zip file

  • 0

#9
feelmybrain
Posted 15 February 2012 - 12:54 PM

feelmybrain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I'm following your directions and running the custom fix in OTL, but when I ran it I got this error: "Cannot create file c:\users\sue\desktop\cmd.bat"

At the bottom of the OTL window it says "Moving file c:\programData\symantec\SRTSP\Quarantine\*.tmp..." I'm debating wether I should force restart, it appears to just be sitting there, but not doing anything.

Edited by feelmybrain, 15 February 2012 - 01:00 PM.

  • 0

#10
Render
Posted 15 February 2012 - 01:05 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please force close OTL. Then run this script instead:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Than proceed with VRT tool scan, please.
  • 0

Advertisements

#11
feelmybrain
Posted 15 February 2012 - 01:08 PM

feelmybrain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
As soon as I closed the OTL window, I noticed behind it was a Symantec Endpoint Protection Alert, it seems like it is detecting OTL.exe as dangerous process "Event Info: Terminate Process." Perhaps I should disable Symantec and then run the OTL custom fix? Let me know if this is correct and I will go ahead and do it.
  • 0

#12
Render
Posted 15 February 2012 - 01:11 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes, temporary disable it.
  • 0

#13
feelmybrain
Posted 16 February 2012 - 08:11 AM

feelmybrain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Just wanted to give an update. I'm still running the Kaspersky Virus Removal Tool automatic scan mode. The duration is now saying 18h:16m:04sec, Finish in : 1 day, Completed 35%, 102 Threats Detected. I left the laptop running overnight, but I mistakenly left 'sleep' mode enabled, I just disabled it so there should be no further interuptions. Is it normal for the automatic scan mode of this tool to run for this long? Is the '1 day remaining' estimate accurate? Thanks for helping me out and answering my questions.
  • 0

#14
Render
Posted 16 February 2012 - 12:58 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It depends on overall speed of your system. So please be patient ;)
  • 0

#15
feelmybrain
Posted 16 February 2012 - 01:59 PM

feelmybrain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\ProgramData\Symantec\SRTSP\Quarantine\*.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sue\Desktop\cmd.bat deleted successfully.
C:\Users\Sue\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sue\Desktop\cmd.bat deleted successfully.
C:\Users\Sue\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sue\Desktop\cmd.bat deleted successfully.
C:\Users\Sue\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sue\Desktop\cmd.bat deleted successfully.
C:\Users\Sue\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Sue\Desktop\cmd.bat deleted successfully.
C:\Users\Sue\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sue
->Temp folder emptied: 580247745 bytes
->Temporary Internet Files folder emptied: 36917452 bytes
->Java cache emptied: 11439612 bytes
->Google Chrome cache emptied: 63263258 bytes
->Apple Safari cache emptied: 2673664 bytes
->Flash cache emptied: 405797 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 256536 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 457628490 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,099.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Sue
->Java cache emptied: 0 bytes

User: TEMP

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sue
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 02152012_143113

Files\Folders moved on Reboot...
C:\Users\Sue\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Windows\temp\sqlite_tVQ7gjTKZFUrGzX moved successfully.

Registry entries deleted on Reboot...

Kaspersky Automatic Scan:
Status: Deleted (events: 234)
2/15/2012 3:20:40 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09900126.VBN Medium
2/15/2012 3:20:33 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09900125.VBN Medium
2/15/2012 3:20:40 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09900126.VBN//CryptZ Medium
2/15/2012 3:20:33 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\09900125.VBN//CryptZ Medium
2/15/2012 3:20:34 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0990014E.VBN Medium
2/15/2012 3:20:34 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0990014E.VBN//CryptZ Medium
2/15/2012 3:20:43 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0990014F.VBN Medium
2/15/2012 3:20:43 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0990014F.VBN//CryptZ Medium
2/15/2012 3:20:50 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0990016D.VBN Medium
2/15/2012 3:20:50 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0990016D.VBN//CryptZ Medium
2/15/2012 3:21:06 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0990016C.VBN Medium
2/15/2012 3:21:06 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0990016C.VBN//CryptZ Medium
2/15/2012 3:21:18 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\099001B4.VBN Medium
2/15/2012 3:21:18 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\099001B4.VBN//CryptZ Medium
2/15/2012 3:28:49 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\099002E1.VBN Medium
2/15/2012 3:28:49 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\099002E1.VBN//CryptZ Medium
2/15/2012 3:28:50 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\099002E8.VBN Medium
2/15/2012 3:28:50 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\099002E8.VBN//CryptZ Medium
2/15/2012 3:29:30 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0A140000.VBN Medium
2/15/2012 3:29:30 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0A140000.VBN//CryptZ Medium
2/15/2012 3:29:30 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80001.VBN Medium
2/15/2012 3:29:30 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80001.VBN//CryptZ Medium
2/15/2012 3:29:32 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80002.VBN Medium
2/15/2012 3:29:32 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80002.VBN//CryptZ Medium
2/15/2012 3:29:32 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80002.VBN//CryptZ//data0000 Medium
2/15/2012 3:29:41 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80003.VBN Medium
2/15/2012 3:29:41 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80003.VBN//CryptZ Medium
2/15/2012 3:29:41 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80003.VBN//CryptZ//data0001 Medium
2/15/2012 3:29:41 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80003.VBN//CryptZ//data0001//data0000 Medium
2/15/2012 3:29:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80004.VBN Medium
2/15/2012 3:29:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80004.VBN//CryptZ Medium
2/15/2012 3:29:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AB80004.VBN//CryptZ//data0000 Medium
2/15/2012 3:29:51 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AD4004F.VBN Medium
2/15/2012 3:29:51 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AD4004F.VBN//CryptZ Medium
2/15/2012 3:29:51 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AD4004F.VBN//CryptZ//data0001 Medium
2/15/2012 3:29:51 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0AD4004F.VBN//CryptZ//data0001//data0000 Medium
2/15/2012 3:29:53 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40001.VBN Medium
2/15/2012 3:29:53 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40001.VBN//CryptZ Medium
2/15/2012 3:29:53 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40001.VBN//CryptZ//data0000 Medium
2/15/2012 3:30:03 PM Deleted malware VirTool.Win32.Antiav.if C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40002.VBN Medium
2/15/2012 3:30:03 PM Deleted malware VirTool.Win32.Antiav.if C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40002.VBN//CryptZ Medium
2/15/2012 3:30:10 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40016.VBN Medium
2/15/2012 3:30:10 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40016.VBN//CryptZ Medium
2/15/2012 3:30:20 PM Deleted malware VirTool.Win32.Antiav.if C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4001A.VBN Medium
2/15/2012 3:30:20 PM Deleted malware VirTool.Win32.Antiav.if C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4001A.VBN//CryptZ Medium
2/15/2012 3:30:26 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40028.VBN Medium
2/15/2012 3:30:26 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40028.VBN//CryptZ Medium
2/15/2012 3:30:29 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40023.VBN Medium
2/15/2012 3:30:29 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40023.VBN//CryptZ Medium
2/15/2012 3:30:31 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4002C.VBN Medium
2/15/2012 3:30:31 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4002C.VBN//CryptZ Medium
2/15/2012 3:31:18 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4002D.VBN Medium
2/15/2012 3:31:18 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4002D.VBN//CryptZ Medium
2/15/2012 3:31:21 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4002E.VBN Medium
2/15/2012 3:31:21 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4002E.VBN//CryptZ Medium
2/15/2012 3:31:25 PM Deleted malware VirTool.Win32.Antiav.if C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4002F.VBN Medium
2/15/2012 3:31:25 PM Deleted malware VirTool.Win32.Antiav.if C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE4002F.VBN//CryptZ Medium
2/15/2012 3:31:27 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40036.VBN Medium
2/15/2012 3:31:27 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40036.VBN//CryptZ Medium
2/15/2012 3:31:27 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40036.VBN//CryptZ//data0000 Medium
2/15/2012 3:31:28 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40042.VBN Medium
2/15/2012 3:31:28 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40042.VBN//CryptZ Medium
2/15/2012 3:31:31 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40045.VBN Medium
2/15/2012 3:31:31 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40045.VBN//CryptZ Medium
2/15/2012 3:31:31 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CE40045.VBN//CryptZ//data0000 Medium
2/15/2012 3:31:33 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C003A.VBN Medium
2/15/2012 3:31:33 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C003A.VBN//CryptZ Medium
2/15/2012 3:31:33 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C003A.VBN//CryptZ//data0000 Medium
2/15/2012 3:31:34 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0039.VBN Medium
2/15/2012 3:31:34 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0039.VBN//CryptZ Medium
2/15/2012 3:31:35 PM Deleted malware VirTool.Win32.Antiav.if C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C003B.VBN Medium
2/15/2012 3:31:35 PM Deleted malware VirTool.Win32.Antiav.if C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C003B.VBN//CryptZ Medium
2/15/2012 3:31:37 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0040.VBN Medium
2/15/2012 3:31:37 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0040.VBN//CryptZ Medium
2/15/2012 3:31:37 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0040.VBN//CryptZ//data0000 Medium
2/15/2012 3:31:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0041.VBN Medium
2/15/2012 3:31:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0041.VBN//CryptZ Medium
2/15/2012 3:31:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0041.VBN//CryptZ//data0000 Medium
2/15/2012 3:31:40 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0042.VBN Medium
2/15/2012 3:31:40 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0042.VBN//CryptZ Medium
2/15/2012 3:31:40 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0042.VBN//CryptZ//data0000 Medium
2/15/2012 3:31:41 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0043.VBN Medium
2/15/2012 3:31:41 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0043.VBN//CryptZ Medium
2/15/2012 3:31:43 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aai C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C004F.VBN Medium
2/15/2012 3:31:43 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aai C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C004F.VBN//CryptZ Medium
2/15/2012 3:31:43 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aai C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C004F.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:44 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0050.VBN Medium
2/15/2012 3:31:44 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.act C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0050.VBN//CryptZ Medium
2/15/2012 3:31:44 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.act C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0050.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:45 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aba C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0051.VBN Medium
2/15/2012 3:31:45 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aba C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0051.VBN//CryptZ Medium
2/15/2012 3:31:45 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aba C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0051.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:44 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0050.VBN//CryptZ//data0004 Medium
2/15/2012 3:31:47 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0053.VBN Medium
2/15/2012 3:31:47 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.rw C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0053.VBN//CryptZ Medium
2/15/2012 3:31:47 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.rw C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0053.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:47 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0054.VBN Medium
2/15/2012 3:31:47 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0054.VBN//CryptZ Medium
2/15/2012 3:31:47 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0054.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:49 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.mx C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0055.VBN Medium
2/15/2012 3:31:49 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.mx C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0055.VBN//CryptZ Medium
2/15/2012 3:31:49 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.mx C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0055.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:47 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0053.VBN//CryptZ//data0004 Medium
2/15/2012 3:31:50 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.jd C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0056.VBN Medium
2/15/2012 3:31:50 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.qs C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0056.VBN//CryptZ Medium
2/15/2012 3:31:50 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.qs C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0056.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:51 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gu C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0057.VBN Medium
2/15/2012 3:31:51 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gu C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0057.VBN//CryptZ Medium
2/15/2012 3:31:51 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gu C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0057.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:53 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ud C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0058.VBN Medium
2/15/2012 3:31:53 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ud C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0058.VBN//CryptZ Medium
2/15/2012 3:31:53 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ud C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0058.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:50 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.jd C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0056.VBN//CryptZ//data0004 Medium
2/15/2012 3:31:54 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ow C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0059.VBN Medium
2/15/2012 3:31:54 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ow C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0059.VBN//CryptZ Medium
2/15/2012 3:31:54 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ow C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0059.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:55 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.acm C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C005B.VBN Medium
2/15/2012 3:31:55 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.acm C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C005B.VBN//CryptZ Medium
2/15/2012 3:31:55 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.acm C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C005B.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:56 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C005C.VBN Medium
2/15/2012 3:31:56 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.afh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C005C.VBN//CryptZ Medium
2/15/2012 3:31:56 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.afh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C005C.VBN//CryptZ//data0002 Medium
2/15/2012 3:31:56 PM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C005C.VBN//CryptZ//data0004 Medium
2/15/2012 3:31:59 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0001.VBN Medium
2/15/2012 3:31:59 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0001.VBN//CryptZ Medium
2/15/2012 3:31:59 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0001.VBN//CryptZ//data0000 Medium
2/15/2012 3:32:00 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0093.VBN Medium
2/15/2012 3:32:00 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0093.VBN//CryptZ Medium
2/15/2012 3:32:00 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0093.VBN//CryptZ//data0001 Medium
2/15/2012 3:32:00 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0093.VBN//CryptZ//data0001//data0000 Medium
2/15/2012 3:32:02 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029B.VBN Medium
2/15/2012 3:32:02 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029B.VBN//CryptZ Medium
2/15/2012 3:32:02 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029B.VBN//CryptZ//data0001 Medium
2/15/2012 3:32:02 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029B.VBN//CryptZ//data0001//data0000 Medium
2/15/2012 3:32:02 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029C.VBN Medium
2/15/2012 3:32:02 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029C.VBN//CryptZ Medium
2/15/2012 3:32:02 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029C.VBN//CryptZ//data0000 Medium
2/15/2012 3:32:06 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029D.VBN Medium
2/15/2012 3:32:06 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E50029D.VBN//CryptZ Medium
2/15/2012 3:32:07 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FA4000B.VBN Medium
2/15/2012 3:32:07 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FA4000B.VBN//CryptZ Medium
2/15/2012 3:32:08 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FA4000A.VBN Medium
2/15/2012 3:32:08 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FA4000A.VBN//CryptZ Medium
2/15/2012 3:32:11 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FA4000C.VBN Medium
2/15/2012 3:32:11 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FA4000C.VBN//CryptZ Medium
2/15/2012 3:32:11 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FA4000D.VBN Medium
2/15/2012 3:32:11 PM Deleted adware not-a-virus:AdWare.Win32.Agent.wqk C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FA4000D.VBN//CryptZ Medium
2/15/2012 3:33:00 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0001\4FFE1FAF.VBN Medium
2/15/2012 3:33:00 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0001\4FFE1FAF.VBN//CryptZ Medium
2/15/2012 3:33:00 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0001\4FFE1FAF.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:03 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0000\4FFE18C9.VBN Medium
2/15/2012 3:33:03 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0000\4FFE18C9.VBN//CryptZ Medium
2/15/2012 3:33:03 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0000\4FFE18C9.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:06 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0006\4FFE2587.VBN Medium
2/15/2012 3:33:06 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0006\4FFE2587.VBN//CryptZ Medium
2/15/2012 3:33:06 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0ADC0006\4FFE2587.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:08 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00124\4FA74208.VBN Medium
2/15/2012 3:33:08 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00124\4FA74208.VBN//CryptZ Medium
2/15/2012 3:33:08 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00124\4FA74208.VBN//CryptZ//data0001 Medium
2/15/2012 3:33:08 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00124\4FA74208.VBN//CryptZ//data0001//data0000 Medium
2/15/2012 3:33:10 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00126\4FA74C84.VBN Medium
2/15/2012 3:33:10 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00126\4FA74C84.VBN//CryptZ Medium
2/15/2012 3:33:12 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00127\4FA75136.VBN Medium
2/15/2012 3:33:12 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00127\4FA75136.VBN//CryptZ Medium
2/15/2012 3:33:12 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00127\4FA75136.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:15 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00129\4FA75CC8.VBN Medium
2/15/2012 3:33:15 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA00129\4FA75CC8.VBN//CryptZ Medium
2/15/2012 3:33:19 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA0012A\4FA764D8.VBN Medium
2/15/2012 3:33:19 PM Deleted malware VirTool.Win32.Antiav.fc C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA0012A\4FA764D8.VBN//CryptZ Medium
2/15/2012 3:33:21 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0019\4F7C1C9D.VBN Medium
2/15/2012 3:33:21 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0019\4F7C1C9D.VBN//CryptZ Medium
2/15/2012 3:33:21 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D5C0019\4F7C1C9D.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:26 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80000\4FDD7794.VBN Medium
2/15/2012 3:33:26 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80000\4FDD7794.VBN//CryptZ Medium
2/15/2012 3:33:26 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80000\4FDD7794.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:29 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80001\4FDD8F35.VBN Medium
2/15/2012 3:33:29 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80001\4FDD8F35.VBN//CryptZ Medium
2/15/2012 3:33:29 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80001\4FDD8F35.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:32 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80002\4FDD9A4A.VBN Medium
2/15/2012 3:33:32 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80002\4FDD9A4A.VBN//CryptZ Medium
2/15/2012 3:33:32 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80002\4FDD9A4A.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:35 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80005\4FDDBC00.VBN Medium
2/15/2012 3:33:35 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80005\4FDDBC00.VBN//CryptZ Medium
2/15/2012 3:33:35 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80005\4FDDBC00.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0085\4F2E0416.VBN Medium
2/15/2012 3:33:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0085\4F2E0416.VBN//CryptZ Medium
2/15/2012 3:33:38 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E0C0085\4F2E0416.VBN//CryptZ//data0000 Medium
2/15/2012 3:33:43 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\13700021\5F79A514.VBN Medium
2/15/2012 3:33:43 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\13700021\5F79A514.VBN//CryptZ Medium
2/15/2012 3:33:43 PM Deleted malware VirTool.Win32.Antiav.bp C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\13700021\5F79A514.VBN//CryptZ//data0000 Medium
2/16/2012 10:52:54 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[3].cab Medium
2/16/2012 10:52:52 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gu C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[1].cab Medium
2/16/2012 10:52:54 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.rw C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[3].cab//upgrade.exe Medium
2/16/2012 10:52:52 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gu C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[1].cab//upgrade.exe Medium
2/16/2012 10:52:54 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.rw C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[3].cab//upgrade.exe//data0002 Medium
2/16/2012 10:52:52 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gu C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[1].cab//upgrade.exe//data0002 Medium
2/16/2012 10:52:54 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[3].cab//upgrade.exe//data0004 Medium
2/16/2012 10:53:05 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aai C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[4].cab Medium
2/16/2012 10:53:05 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aai C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[4].cab//upgrade.exe Medium
2/16/2012 10:53:05 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aai C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[4].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:05 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[5].cab Medium
2/16/2012 10:53:05 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.afh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[5].cab//upgrade.exe Medium
2/16/2012 10:53:05 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.afh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[5].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:05 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UGEH0SH\upgrade[5].cab//upgrade.exe//data0004 Medium
2/16/2012 10:53:08 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.jd C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[1].cab Medium
2/16/2012 10:53:08 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.qs C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[1].cab//upgrade.exe Medium
2/16/2012 10:53:08 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.qs C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[1].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:13 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ud C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[3].cab Medium
2/16/2012 10:53:13 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ud C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[3].cab//upgrade.exe Medium
2/16/2012 10:53:13 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ud C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[3].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:08 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.jd C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[1].cab//upgrade.exe//data0004 Medium
2/16/2012 10:53:13 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aba C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[4].cab Medium
2/16/2012 10:53:13 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aba C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[4].cab//upgrade.exe Medium
2/16/2012 10:53:13 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.aba C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK0S8LQ5\upgrade[4].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:15 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[1].cab Medium
2/16/2012 10:53:15 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[1].cab//upgrade.exe Medium
2/16/2012 10:53:15 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.gh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[1].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:15 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ow C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[2].cab Medium
2/16/2012 10:53:15 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ow C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[2].cab//upgrade.exe Medium
2/16/2012 10:53:15 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.ow C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[2].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:16 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[3].cab Medium
2/16/2012 10:53:16 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.yy C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[3].cab//upgrade.exe Medium
2/16/2012 10:53:16 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.yy C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[3].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:17 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[4].cab Medium
2/16/2012 10:53:17 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.act C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[4].cab//upgrade.exe Medium
2/16/2012 10:53:17 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.act C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[4].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:16 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[3].cab//upgrade.exe//data0004 Medium
2/16/2012 10:53:18 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.mx C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SODNDAQD\upgrade[1].cab Medium
2/16/2012 10:53:18 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.mx C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SODNDAQD\upgrade[1].cab//upgrade.exe Medium
2/16/2012 10:53:18 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.mx C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SODNDAQD\upgrade[1].cab//upgrade.exe//data0002 Medium
2/16/2012 10:53:17 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.bhh C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL4KUNHY\upgrade[4].cab//upgrade.exe//data0004 Medium
2/16/2012 10:53:19 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.acm C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SODNDAQD\upgrade[3].cab Medium
2/16/2012 10:53:19 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.acm C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SODNDAQD\upgrade[3].cab//upgrade.exe Medium
2/16/2012 10:53:19 AM Deleted adware not-a-virus:AdWare.Win32.Zwangi.acm C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SODNDAQD\upgrade[3].cab//upgrade.exe//data0002 Medium

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP