Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

w32.dref@mm [Solved]

Started by initialdproject , Jun 15 2012 09:35 PM

  • This topic is locked This topic is locked

#1
initialdproject
Posted 15 June 2012 - 09:35 PM

initialdproject

    New Member

  • Member
  • Pip
  • 9 posts
For the last two days I've tried to fix my lagging computer, which in addition to the w32.dref alerts I also experienced network connection issues, and finally I've come to terms with the fact that I don't know what I am doing. I was trying to get fix my network inconsistency and figure out why Symantec consistently gave me w32.dref@mm risks.

Until now: I've booted to safe mode and ran full system scans with Symantec, Microsoft Security Essentials, and malwarebytes. If I remember right MSE caught a keylogger and w32 in safe mode and "cleaned" them. I ran OTL in safe mode while exploring this forum and others like it. After booting normally I've been cleaning the computer of useless programs, unneeded data, and also running the previous three AVs as well as Symantec's power eraser - which turned up errors but I can't figure those out. Everything seemed fine until I tried to run TFC, then Symantec started alerting me of w32.dref@mm risks - which normally come in intermittent intervals. Back to square one.

Thank-you for your help in advance. I am looking to get rid of the w32.dref@mm risk, clean misc. items needed, and maybe even figure out why Symantec stopped SYMREDRV and can't run Teefer2 Miniport.

OTL:


OTL logfile created on: 6/15/2012 10:40:27 PM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ember\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 46.39% Memory free
6.11 Gb Paging File | 4.74 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 115.70 Gb Free Space | 40.17% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.72 Gb Free Space | 47.23% Space Free | Partition Type: NTFS

Computer Name: EMBER-PC | User Name: Ember | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 21:44:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ember\Desktop\OTL.exe
PRC - [2012/06/06 22:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ember\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/06/16 13:34:43 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/06/16 13:34:33 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Ember\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/11 18:50:58 | 000,181,688 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/09/04 16:44:20 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/25 07:26:04 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/08/25 07:25:54 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/08/25 07:25:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/08/25 07:25:52 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/08/25 06:31:34 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe
PRC - [2008/08/25 06:31:22 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe
PRC - [2008/08/14 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Ember\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/01/18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2007/11/16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/16 13:34:43 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/06/16 13:34:33 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2008/10/04 15:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/09/04 16:19:46 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/25 06:31:34 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe -- (STacSV)
SRV - [2008/08/25 06:31:22 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe -- (AESTFilters)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/05/31 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 04:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 04:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120614.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 04:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120614.032\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/10 21:53:40 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2011/06/16 13:34:34 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/01/06 14:15:39 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2008/12/26 00:43:02 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/27 02:25:30 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/10/27 02:25:28 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/09/04 16:47:26 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/09/04 16:45:36 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/09/03 08:05:20 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/25 07:25:52 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/25 06:37:44 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2008/08/25 06:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/08/25 06:31:44 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/08/15 11:41:08 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/08/15 11:41:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/15 11:41:06 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/16 07:46:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/16 07:46:50 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/16 07:46:48 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/10 04:57:56 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/07/04 01:35:48 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws...1B&tbp=homepage
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\SearchScopes\{5B254369-E3B9-4C16-9C92-2327136A5969}: "URL" = http://websearch.ask...25-D5848F622A06
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?.../?l=dis&o=1689"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.4
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.99
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.9.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.15.2.23037
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.12.2.3
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..keyword.URL: "http://blekko.com/ws...54FDA965C1B&q="
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ember\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ember\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ember\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ember\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/20 05:41:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 21:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 18:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/05/19 21:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2011/08/06 01:24:39 | 000,000,000 | ---D | M]

[2008/12/25 12:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ember\AppData\Roaming\mozilla\Extensions
[2012/06/14 21:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions
[2012/04/05 01:27:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/05 01:27:20 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2012/04/05 01:27:13 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/06/14 22:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2012/04/05 01:27:19 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2012/04/05 01:27:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/15 23:08:43 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/01/31 15:25:46 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/04/05 01:27:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/05 01:27:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/05 01:27:33 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\[email protected]
[2012/04/05 01:27:38 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Ember\AppData\Roaming\mozilla\Firefox\Profiles\vpy6uwes.default\extensions\[email protected]
[2010/01/25 22:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ember\AppData\Roaming\mozilla\Sunbird\Profiles\tkaxbb6f.default\extensions
[2012/06/12 13:40:27 | 000,002,400 | ---- | M] () -- C:\Users\Ember\AppData\Roaming\Mozilla\Firefox\Profiles\vpy6uwes.default\searchplugins\askcom.xml
[2012/06/15 17:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/31 12:36:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/04 23:16:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 09:09:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/29 15:34:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/02 10:12:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/26 23:28:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012/06/14 21:57:15 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ember\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ember\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ember\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ember\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ember\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ember\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Reader Library (Enabled) = C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Orbvious Interest = C:\Users\Ember\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkikpncfbjndhfkipijhdoddiadaipaa\1.6.13_0\
CHR - Extension: YouTube = C:\Users\Ember\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ember\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: rikaikun = C:\Users\Ember\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp\0.8.5_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Ember\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ember\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Ember\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)
O4 - HKU\S-1-5-18..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000..\Run: [F.lux] C:\Users\Ember\Local Settings\Apps\F.lux\flux.exe ()
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ember\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/06/14 23:03:17 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Ember\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ember\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ember\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D555816-1611-4E49-81A9-C30BC8F2CE02}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Ember\Pictures\mountain-sunset_8256.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ember\Pictures\mountain-sunset_8256.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e830ee3-99aa-11df-9063-002219d99f13}\Shell - "" = AutoRun
O33 - MountPoints2\{0e830ee3-99aa-11df-9063-002219d99f13}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 18:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/15 17:17:18 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Roaming\SumatraPDF
[2012/06/15 09:47:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ember\Desktop\OTL.exe
[2012/06/14 23:36:08 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Roaming\WinPatrol
[2012/06/14 23:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/06/14 23:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/06/14 23:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2012/06/14 23:35:05 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Roaming\addpcs
[2012/06/14 22:48:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/14 22:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/14 22:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/14 21:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/06/14 21:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/06/14 21:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/06/14 21:56:30 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Local\blekkotb_031
[2012/06/14 21:10:27 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Roaming\Malwarebytes
[2012/06/14 21:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 21:09:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/14 21:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/13 23:50:33 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/06/13 23:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/13 23:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/13 21:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/13 19:47:42 | 000,000,000 | ---D | C] -- C:\Users\Ember\Desktop\Bonnaroo
[2012/06/02 00:35:00 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Local\APN
[2012/06/02 00:32:40 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Local\DigitalVolcano
[2012/06/01 23:50:16 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Roaming\DigitalVolcano
[2012/06/01 23:50:12 | 000,000,000 | ---D | C] -- C:\Users\Ember\AppData\Roaming\IsolatedStorage
[2012/06/01 23:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[3 C:\Users\Ember\Desktop\Documents\*.tmp files -> C:\Users\Ember\Desktop\Documents\*.tmp -> ]
[3 C:\Users\Ember\*.tmp files -> C:\Users\Ember\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 22:51:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024883193-1135167248-1024583693-1000UA.job
[2012/06/15 22:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 21:47:22 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 21:44:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 21:44:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 21:43:36 | 000,318,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 21:43:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 21:42:34 | 3178,119,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 21:09:04 | 000,095,232 | ---- | M] () -- C:\Users\Ember\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 20:49:07 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/15 20:49:07 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/15 20:12:34 | 000,000,953 | ---- | M] () -- C:\Users\Ember\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/15 19:21:04 | 000,000,146 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/06/15 17:18:52 | 005,678,424 | ---- | M] (Symantec Corporation) -- C:\Users\Ember\Desktop\Sep_SupportTool.exe
[2012/06/15 14:36:42 | 000,000,512 | ---- | M] () -- C:\Users\Ember\Desktop\MBR.dat
[2012/06/15 10:28:59 | 000,001,356 | ---- | M] () -- C:\Users\Ember\AppData\Local\d3d9caps.dat
[2012/06/14 23:35:46 | 000,001,948 | ---- | M] () -- C:\Users\Ember\Desktop\WinPatrol.lnk
[2012/06/14 23:10:11 | 000,000,890 | ---- | M] () -- C:\Users\Ember\Desktop\TaskMan - Shortcut.lnk
[2012/06/14 22:47:54 | 000,000,915 | ---- | M] () -- C:\Users\Ember\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/14 22:47:42 | 000,000,716 | ---- | M] () -- C:\Users\Ember\Desktop\ERUNT.lnk
[2012/06/14 21:44:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ember\Desktop\OTL.exe
[2012/06/14 21:31:40 | 000,017,886 | ---- | M] () -- C:\Users\Ember\Desktop\Documents\cc_20120614_213113.reg
[2012/06/14 21:09:52 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 14:06:10 | 000,000,000 | ---- | M] () -- C:\t1ng.2
[2012/06/14 14:06:10 | 000,000,000 | ---- | M] () -- C:\t1ng.1
[2012/06/14 09:51:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024883193-1135167248-1024583693-1000Core.job
[2012/06/13 23:50:33 | 000,001,059 | ---- | M] () -- C:\Users\Ember\Desktop\Revo Uninstaller.lnk
[2012/06/13 23:04:29 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/13 21:08:39 | 000,000,921 | ---- | M] () -- C:\Users\Ember\Desktop\Dropbox.lnk
[2012/05/27 17:48:48 | 000,009,620 | ---- | M] () -- C:\Users\Ember\Desktop\Documents\cc_20120527_153857.reg
[3 C:\Users\Ember\Desktop\Documents\*.tmp files -> C:\Users\Ember\Desktop\Documents\*.tmp -> ]
[3 C:\Users\Ember\*.tmp files -> C:\Users\Ember\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 20:12:34 | 000,000,953 | ---- | C] () -- C:\Users\Ember\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/15 19:21:04 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2012/06/15 14:36:42 | 000,000,512 | ---- | C] () -- C:\Users\Ember\Desktop\MBR.dat
[2012/06/15 14:17:09 | 3178,119,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/14 23:35:46 | 000,001,948 | ---- | C] () -- C:\Users\Ember\Desktop\WinPatrol.lnk
[2012/06/14 23:10:11 | 000,000,890 | ---- | C] () -- C:\Users\Ember\Desktop\TaskMan - Shortcut.lnk
[2012/06/14 22:47:54 | 000,000,915 | ---- | C] () -- C:\Users\Ember\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/14 22:47:42 | 000,000,716 | ---- | C] () -- C:\Users\Ember\Desktop\ERUNT.lnk
[2012/06/14 21:31:17 | 000,017,886 | ---- | C] () -- C:\Users\Ember\Desktop\Documents\cc_20120614_213113.reg
[2012/06/14 21:09:52 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 14:06:10 | 000,000,000 | ---- | C] () -- C:\t1ng.2
[2012/06/14 14:06:10 | 000,000,000 | ---- | C] () -- C:\t1ng.1
[2012/06/13 23:50:33 | 000,001,059 | ---- | C] () -- C:\Users\Ember\Desktop\Revo Uninstaller.lnk
[2012/06/13 23:04:29 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/27 15:38:59 | 000,009,620 | ---- | C] () -- C:\Users\Ember\Desktop\Documents\cc_20120527_153857.reg
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== LOP Check ==========

[2010/02/10 19:35:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Stardock
[2010/02/16 17:33:17 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\.BitTornado
[2012/06/14 23:35:05 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\addpcs
[2012/05/27 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\Azureus
[2012/06/01 23:50:16 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\DigitalVolcano
[2012/06/15 22:54:08 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\Dropbox
[2011/12/14 03:17:32 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\FFSJ
[2012/06/01 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\IsolatedStorage
[2012/04/20 21:47:49 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\LockHunter
[2010/01/20 00:48:27 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\NetMeter
[2010/01/25 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\OpenOffice.org
[2009/12/27 22:57:04 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\Opera
[2010/02/04 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\SharePod
[2012/02/29 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\SPE
[2010/01/20 01:31:22 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\Stardock
[2012/06/15 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\SumatraPDF
[2009/01/04 04:56:49 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\Template
[2012/05/10 23:09:12 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\TrueCrypt
[2012/06/14 21:24:28 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\uTorrent
[2012/06/14 23:36:08 | 000,000,000 | ---D | M] -- C:\Users\Ember\AppData\Roaming\WinPatrol
[2010/06/29 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Stardock
[2012/06/15 17:25:05 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by initialdproject, 15 June 2012 - 09:40 PM.

  • 0

Advertisements

#2
maliprog
Posted 19 June 2012 - 11:49 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello initialdproject and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

For this step you must restart your system in Safe Mode. After this step continue all other steps in Normal mode.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
    IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKU\S-1-5-21-1024883193-1135167248-1024583693-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
    [2012/06/14 14:06:10 | 000,000,000 | ---- | M] () -- C:\t1ng.2
    [2012/06/14 14:06:10 | 000,000,000 | ---- | M] () -- C:\t1ng.1

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
initialdproject
Posted 20 June 2012 - 01:32 PM

initialdproject

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL Fix

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-1024883193-1135167248-1024583693-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry value HKEY_USERS\S-1-5-21-1024883193-1135167248-1024583693-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_USERS\S-1-5-21-1024883193-1135167248-1024583693-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\t1ng.2 moved successfully.
C:\t1ng.1 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Ember\Desktop\cmd.bat deleted successfully.
C:\Users\Ember\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ember
->Temp folder emptied: 64520 bytes
->Temporary Internet Files folder emptied: 38418 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 112058483 bytes
->Google Chrome cache emptied: 394530714 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 379 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
  • 0

#4
initialdproject
Posted 20 June 2012 - 02:17 PM

initialdproject

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I ran GMER twice and both times windows detected that it had a problem and stopped. I closed out all running applications, disabled Symantec - right-click -> Disable Symantec Endpoint Protection - and disconnected from the network. The scan was set for both C: and D: drives.

Thanks so much for your help!
  • 0

#5
maliprog
Posted 20 June 2012 - 03:00 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Leave GMER for now. Let's try these steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
initialdproject
Posted 21 June 2012 - 09:13 PM

initialdproject

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
23:01:00.0111 5044 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
23:01:01.0461 5044 ============================================================
23:01:01.0461 5044 Current date / time: 2012/06/21 23:01:01.0461
23:01:01.0462 5044 SystemInfo:
23:01:01.0462 5044
23:01:01.0462 5044 OS Version: 6.0.6002 ServicePack: 2.0
23:01:01.0462 5044 Product type: Workstation
23:01:01.0462 5044 ComputerName: EMBER-PC
23:01:01.0464 5044 UserName: Ember
23:01:01.0464 5044 Windows directory: C:\Windows
23:01:01.0464 5044 System windows directory: C:\Windows
23:01:01.0464 5044 Processor architecture: Intel x86
23:01:01.0464 5044 Number of processors: 2
23:01:01.0464 5044 Page size: 0x1000
23:01:01.0464 5044 Boot type: Normal boot
23:01:01.0464 5044 ============================================================
23:01:03.0203 5044 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:01:03.0209 5044 ============================================================
23:01:03.0209 5044 \Device\Harddisk0\DR0:
23:01:03.0209 5044 MBR partitions:
23:01:03.0209 5044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
23:01:03.0209 5044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0x24006800
23:01:03.0209 5044 ============================================================
23:01:03.0235 5044 C: <-> \Device\Harddisk0\DR0\Partition1
23:01:03.0257 5044 D: <-> \Device\Harddisk0\DR0\Partition0
23:01:03.0258 5044 ============================================================
23:01:03.0258 5044 Initialize success
23:01:03.0258 5044 ============================================================
23:01:11.0500 3520 ============================================================
23:01:11.0500 3520 Scan started
23:01:11.0500 3520 Mode: Manual; SigCheck; TDLFS;
23:01:11.0500 3520 ============================================================
23:01:12.0735 3520 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:01:13.0013 3520 ACPI - ok
23:01:13.0123 3520 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:01:13.0197 3520 adp94xx - ok
23:01:13.0265 3520 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:01:13.0331 3520 adpahci - ok
23:01:13.0371 3520 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:01:13.0426 3520 adpu160m - ok
23:01:13.0464 3520 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:01:13.0521 3520 adpu320 - ok
23:01:13.0574 3520 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:01:13.0646 3520 AeLookupSvc - ok
23:01:13.0768 3520 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
23:01:13.0837 3520 AESTFilters - ok
23:01:13.0957 3520 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:01:14.0021 3520 AFD - ok
23:01:14.0089 3520 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:01:14.0142 3520 agp440 - ok
23:01:14.0189 3520 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:01:14.0244 3520 aic78xx - ok
23:01:14.0312 3520 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:01:14.0410 3520 ALG - ok
23:01:14.0428 3520 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:01:14.0479 3520 aliide - ok
23:01:14.0502 3520 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:01:14.0557 3520 amdagp - ok
23:01:14.0592 3520 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:01:14.0643 3520 amdide - ok
23:01:14.0673 3520 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:01:14.0766 3520 AmdK7 - ok
23:01:14.0790 3520 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:01:14.0878 3520 AmdK8 - ok
23:01:14.0931 3520 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
23:01:15.0010 3520 ApfiltrService - ok
23:01:15.0043 3520 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:01:15.0105 3520 Appinfo - ok
23:01:15.0154 3520 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:01:15.0211 3520 arc - ok
23:01:15.0272 3520 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:01:15.0324 3520 arcsas - ok
23:01:15.0360 3520 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:01:15.0440 3520 AsyncMac - ok
23:01:15.0496 3520 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:01:15.0546 3520 atapi - ok
23:01:15.0647 3520 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:01:15.0733 3520 AudioEndpointBuilder - ok
23:01:15.0750 3520 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:01:15.0831 3520 Audiosrv - ok
23:01:15.0922 3520 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:01:16.0002 3520 Beep - ok
23:01:16.0125 3520 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:01:16.0219 3520 BFE - ok
23:01:16.0378 3520 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
23:01:16.0486 3520 BITS - ok
23:01:16.0508 3520 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:01:16.0590 3520 blbdrive - ok
23:01:16.0658 3520 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:01:16.0720 3520 bowser - ok
23:01:16.0762 3520 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:01:16.0829 3520 BrFiltLo - ok
23:01:16.0852 3520 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:01:16.0919 3520 BrFiltUp - ok
23:01:17.0120 3520 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:01:17.0206 3520 Browser - ok
23:01:17.0240 3520 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:01:17.0369 3520 Brserid - ok
23:01:17.0394 3520 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:01:17.0523 3520 BrSerWdm - ok
23:01:17.0611 3520 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:01:17.0736 3520 BrUsbMdm - ok
23:01:17.0817 3520 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:01:17.0941 3520 BrUsbSer - ok
23:01:18.0044 3520 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:01:18.0171 3520 BTHMODEM - ok
23:01:18.0288 3520 ccEvtMgr (93a45b3f2403670a6d14a0b466d97698) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:01:18.0356 3520 ccEvtMgr - ok
23:01:18.0366 3520 ccSetMgr (93a45b3f2403670a6d14a0b466d97698) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:01:18.0435 3520 ccSetMgr - ok
23:01:18.0520 3520 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:01:18.0607 3520 cdfs - ok
23:01:18.0684 3520 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:01:18.0768 3520 cdrom - ok
23:01:18.0840 3520 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:01:18.0909 3520 CertPropSvc - ok
23:01:18.0957 3520 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
23:01:19.0043 3520 circlass - ok
23:01:19.0132 3520 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:01:19.0204 3520 CLFS - ok
23:01:19.0272 3520 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:01:19.0390 3520 clr_optimization_v2.0.50727_32 - ok
23:01:19.0507 3520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:01:19.0578 3520 clr_optimization_v4.0.30319_32 - ok
23:01:19.0626 3520 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:01:19.0758 3520 CmBatt - ok
23:01:19.0805 3520 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:01:19.0854 3520 cmdide - ok
23:01:19.0885 3520 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
23:01:19.0927 3520 COH_Mon - ok
23:01:19.0951 3520 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:01:20.0002 3520 Compbatt - ok
23:01:20.0021 3520 COMSysApp - ok
23:01:20.0037 3520 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:01:20.0091 3520 crcdisk - ok
23:01:20.0115 3520 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:01:20.0201 3520 Crusoe - ok
23:01:20.0286 3520 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
23:01:20.0348 3520 CryptSvc - ok
23:01:20.0486 3520 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:01:20.0595 3520 DcomLaunch - ok
23:01:20.0670 3520 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:01:20.0791 3520 DfsC - ok
23:01:21.0126 3520 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:01:21.0312 3520 DFSR - ok
23:01:21.0546 3520 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:01:21.0628 3520 Dhcp - ok
23:01:21.0715 3520 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:01:21.0770 3520 disk - ok
23:01:21.0866 3520 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:01:21.0938 3520 Dnscache - ok
23:01:22.0014 3520 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:01:22.0092 3520 dot3svc - ok
23:01:22.0184 3520 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:01:22.0277 3520 DPS - ok
23:01:22.0316 3520 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:01:22.0384 3520 drmkaud - ok
23:01:22.0519 3520 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:01:22.0616 3520 DXGKrnl - ok
23:01:22.0682 3520 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
23:01:22.0773 3520 e1express - ok
23:01:22.0813 3520 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:01:22.0900 3520 E1G60 - ok
23:01:22.0939 3520 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:01:23.0017 3520 EapHost - ok
23:01:23.0112 3520 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:01:23.0177 3520 Ecache - ok
23:01:23.0285 3520 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:01:23.0369 3520 eeCtrl - ok
23:01:23.0449 3520 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:01:23.0584 3520 ehRecvr - ok
23:01:23.0615 3520 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:01:23.0791 3520 ehSched - ok
23:01:23.0809 3520 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:01:23.0859 3520 ehstart - ok
23:01:23.0952 3520 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:01:24.0002 3520 ElbyCDIO - ok
23:01:24.0083 3520 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:01:24.0157 3520 elxstor - ok
23:01:24.0289 3520 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:01:24.0374 3520 EMDMgmt - ok
23:01:24.0498 3520 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:01:24.0546 3520 EraserUtilRebootDrv - ok
23:01:24.0598 3520 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:01:24.0681 3520 ErrDev - ok
23:01:24.0790 3520 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:01:24.0879 3520 EventSystem - ok
23:01:24.0975 3520 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:01:25.0040 3520 exfat - ok
23:01:25.0115 3520 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:01:25.0193 3520 fastfat - ok
23:01:25.0227 3520 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:01:25.0310 3520 fdc - ok
23:01:25.0342 3520 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:01:25.0422 3520 fdPHost - ok
23:01:25.0447 3520 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:01:25.0576 3520 FDResPub - ok
23:01:25.0600 3520 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:01:25.0657 3520 FileInfo - ok
23:01:25.0676 3520 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:01:25.0760 3520 Filetrace - ok
23:01:25.0784 3520 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:01:25.0867 3520 flpydisk - ok
23:01:25.0945 3520 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:01:26.0012 3520 FltMgr - ok
23:01:26.0200 3520 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:01:26.0293 3520 FontCache - ok
23:01:26.0380 3520 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:01:26.0431 3520 FontCache3.0.0.0 - ok
23:01:26.0508 3520 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
23:01:26.0577 3520 Fs_Rec - ok
23:01:26.0617 3520 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:01:26.0670 3520 gagp30kx - ok
23:01:26.0711 3520 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:01:26.0751 3520 GEARAspiWDM - ok
23:01:26.0926 3520 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:01:26.0973 3520 GoogleDesktopManager-051210-111108 - ok
23:01:27.0101 3520 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:01:27.0204 3520 gpsvc - ok
23:01:27.0436 3520 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:01:27.0519 3520 gupdate - ok
23:01:27.0540 3520 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:01:27.0623 3520 gupdatem - ok
23:01:27.0718 3520 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:01:27.0793 3520 gusvc - ok
23:01:28.0054 3520 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:01:28.0154 3520 HDAudBus - ok
23:01:28.0191 3520 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:01:28.0326 3520 HidBth - ok
23:01:28.0397 3520 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
23:01:28.0465 3520 HidIr - ok
23:01:28.0518 3520 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
23:01:28.0572 3520 hidserv - ok
23:01:28.0607 3520 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:01:28.0675 3520 HidUsb - ok
23:01:28.0710 3520 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:01:28.0800 3520 hkmsvc - ok
23:01:28.0835 3520 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:01:28.0888 3520 HpCISSs - ok
23:01:28.0992 3520 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:01:29.0083 3520 HTTP - ok
23:01:29.0108 3520 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:01:29.0163 3520 i2omp - ok
23:01:29.0220 3520 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:01:29.0304 3520 i8042prt - ok
23:01:29.0380 3520 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:01:29.0441 3520 iaStorV - ok
23:01:29.0644 3520 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:01:29.0759 3520 idsvc - ok
23:01:31.0042 3520 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:01:31.0662 3520 igfx - ok
23:01:31.0868 3520 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:01:31.0928 3520 iirsp - ok
23:01:32.0050 3520 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:01:32.0145 3520 IKEEXT - ok
23:01:32.0215 3520 IntcHdmiAddService (8dab99684cfe8b4ddd5d6d0c5d55fdac) C:\Windows\system32\drivers\IntcHdmi.sys
23:01:32.0280 3520 IntcHdmiAddService - ok
23:01:32.0323 3520 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:01:32.0374 3520 intelide - ok
23:01:32.0404 3520 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:01:32.0487 3520 intelppm - ok
23:01:32.0532 3520 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:01:32.0621 3520 IPBusEnum - ok
23:01:32.0658 3520 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:01:32.0743 3520 IpFilterDriver - ok
23:01:32.0828 3520 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:01:32.0903 3520 iphlpsvc - ok
23:01:32.0912 3520 IpInIp - ok
23:01:32.0947 3520 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:01:33.0034 3520 IPMIDRV - ok
23:01:33.0079 3520 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:01:33.0167 3520 IPNAT - ok
23:01:33.0191 3520 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:01:33.0271 3520 IRENUM - ok
23:01:33.0311 3520 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:01:33.0365 3520 isapnp - ok
23:01:33.0470 3520 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:01:33.0532 3520 iScsiPrt - ok
23:01:33.0548 3520 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:01:33.0609 3520 iteatapi - ok
23:01:33.0651 3520 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
23:01:33.0717 3520 itecir - ok
23:01:33.0747 3520 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:01:33.0798 3520 iteraid - ok
23:01:33.0857 3520 k57nd60x (2fbf424e4e8d5f320d2f69d9a726de30) C:\Windows\system32\DRIVERS\k57nd60x.sys
23:01:33.0914 3520 k57nd60x - ok
23:01:33.0940 3520 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:01:33.0995 3520 kbdclass - ok
23:01:34.0064 3520 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:01:34.0136 3520 kbdhid - ok
23:01:34.0188 3520 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:01:34.0279 3520 KeyIso - ok
23:01:34.0354 3520 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:01:34.0434 3520 KSecDD - ok
23:01:34.0526 3520 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:01:34.0640 3520 KtmRm - ok
23:01:34.0716 3520 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
23:01:34.0780 3520 LanmanServer - ok
23:01:34.0852 3520 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:01:34.0935 3520 LanmanWorkstation - ok
23:01:35.0443 3520 LiveUpdate (e553c4b4b7b4b86cd71a2dfee1b58131) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:01:35.0729 3520 LiveUpdate - ok
23:01:35.0886 3520 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:01:35.0970 3520 lltdio - ok
23:01:36.0022 3520 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:01:36.0120 3520 lltdsvc - ok
23:01:36.0139 3520 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:01:36.0270 3520 lmhosts - ok
23:01:36.0294 3520 LMIGuardianSvc - ok
23:01:36.0303 3520 LMIInfo - ok
23:01:36.0353 3520 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
23:01:36.0400 3520 lmimirr - ok
23:01:36.0417 3520 LMIRfsClientNP - ok
23:01:36.0436 3520 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
23:01:36.0482 3520 LMIRfsDriver - ok
23:01:36.0547 3520 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:01:36.0601 3520 LSI_FC - ok
23:01:36.0649 3520 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:01:36.0702 3520 LSI_SAS - ok
23:01:36.0749 3520 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:01:36.0806 3520 LSI_SCSI - ok
23:01:36.0835 3520 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:01:36.0921 3520 luafv - ok
23:01:36.0980 3520 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
23:01:37.0042 3520 MBAMProtector - ok
23:01:37.0182 3520 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:01:37.0313 3520 MBAMService - ok
23:01:37.0348 3520 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:01:37.0403 3520 Mcx2Svc - ok
23:01:37.0441 3520 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:01:37.0496 3520 megasas - ok
23:01:37.0645 3520 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:01:37.0739 3520 MegaSR - ok
23:01:37.0769 3520 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:01:37.0856 3520 MMCSS - ok
23:01:37.0878 3520 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:01:37.0960 3520 Modem - ok
23:01:37.0980 3520 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:01:38.0066 3520 monitor - ok
23:01:38.0093 3520 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:01:38.0152 3520 mouclass - ok
23:01:38.0175 3520 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:01:38.0260 3520 mouhid - ok
23:01:38.0279 3520 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:01:38.0334 3520 MountMgr - ok
23:01:38.0419 3520 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
23:01:38.0483 3520 MpFilter - ok
23:01:38.0544 3520 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:01:38.0604 3520 mpio - ok
23:01:38.0634 3520 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:01:38.0706 3520 mpsdrv - ok
23:01:38.0810 3520 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:01:38.0904 3520 MpsSvc - ok
23:01:38.0935 3520 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:01:38.0984 3520 Mraid35x - ok
23:01:39.0051 3520 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:01:39.0109 3520 MRxDAV - ok
23:01:39.0177 3520 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:39.0239 3520 mrxsmb - ok
23:01:39.0338 3520 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:39.0399 3520 mrxsmb10 - ok
23:01:39.0436 3520 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:39.0492 3520 mrxsmb20 - ok
23:01:39.0569 3520 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
23:01:39.0621 3520 msahci - ok
23:01:39.0665 3520 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:01:39.0719 3520 msdsm - ok
23:01:39.0769 3520 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:01:39.0894 3520 MSDTC - ok
23:01:39.0923 3520 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:01:40.0007 3520 Msfs - ok
23:01:40.0041 3520 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:01:40.0092 3520 msisadrv - ok
23:01:40.0139 3520 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:01:40.0231 3520 MSiSCSI - ok
23:01:40.0239 3520 msiserver - ok
23:01:40.0286 3520 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:01:40.0368 3520 MSKSSRV - ok
23:01:40.0436 3520 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:01:40.0505 3520 MsMpSvc - ok
23:01:40.0525 3520 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:40.0604 3520 MSPCLOCK - ok
23:01:40.0617 3520 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:01:40.0701 3520 MSPQM - ok
23:01:40.0777 3520 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:01:40.0841 3520 MsRPC - ok
23:01:40.0882 3520 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:01:40.0938 3520 mssmbios - ok
23:01:40.0964 3520 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:01:41.0048 3520 MSTEE - ok
23:01:41.0071 3520 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:01:41.0128 3520 Mup - ok
23:01:41.0218 3520 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:01:41.0308 3520 napagent - ok
23:01:41.0384 3520 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:01:41.0449 3520 NativeWifiP - ok
23:01:41.0569 3520 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120620.034\NAVENG.SYS
23:01:41.0618 3520 NAVENG - ok
23:01:41.0854 3520 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120620.034\NAVEX15.SYS
23:01:42.0003 3520 NAVEX15 - ok
23:01:42.0294 3520 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:01:42.0386 3520 NDIS - ok
23:01:42.0425 3520 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:42.0498 3520 NdisTapi - ok
23:01:42.0512 3520 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:42.0594 3520 Ndisuio - ok
23:01:42.0719 3520 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:42.0830 3520 NdisWan - ok
23:01:42.0865 3520 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:01:42.0938 3520 NDProxy - ok
23:01:42.0955 3520 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:01:43.0044 3520 NetBIOS - ok
23:01:43.0123 3520 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:01:43.0224 3520 netbt - ok
23:01:43.0274 3520 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:01:43.0366 3520 Netlogon - ok
23:01:43.0442 3520 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:01:43.0543 3520 Netman - ok
23:01:43.0591 3520 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:01:43.0695 3520 netprofm - ok
23:01:43.0789 3520 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:01:43.0844 3520 NetTcpPortSharing - ok
23:01:44.0397 3520 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
23:01:44.0666 3520 NETw5v32 - ok
23:01:44.0841 3520 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:01:44.0890 3520 nfrd960 - ok
23:01:44.0966 3520 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:01:45.0020 3520 NisDrv - ok
23:01:45.0162 3520 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
23:01:45.0255 3520 NisSrv - ok
23:01:45.0309 3520 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:01:45.0408 3520 NlaSvc - ok
23:01:45.0470 3520 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:01:45.0542 3520 Npfs - ok
23:01:45.0567 3520 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:01:45.0655 3520 nsi - ok
23:01:45.0665 3520 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:01:45.0753 3520 nsiproxy - ok
23:01:45.0949 3520 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:01:46.0084 3520 Ntfs - ok
23:01:46.0121 3520 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:01:46.0252 3520 ntrigdigi - ok
23:01:46.0348 3520 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:01:46.0425 3520 Null - ok
23:01:46.0465 3520 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:01:46.0521 3520 nvraid - ok
23:01:46.0557 3520 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:01:46.0607 3520 nvstor - ok
23:01:46.0647 3520 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:01:46.0703 3520 nv_agp - ok
23:01:46.0717 3520 NwlnkFlt - ok
23:01:46.0731 3520 NwlnkFwd - ok
23:01:46.0803 3520 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys
23:01:46.0875 3520 OA001Ufd - ok
23:01:46.0940 3520 OA001Vid (438ffcb55b8ce39b0bc71afc0a059835) C:\Windows\system32\DRIVERS\OA001Vid.sys
23:01:47.0011 3520 OA001Vid - ok
23:01:47.0186 3520 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:01:47.0309 3520 odserv - ok
23:01:47.0383 3520 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:01:47.0454 3520 ohci1394 - ok
23:01:47.0524 3520 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:01:47.0689 3520 ose - ok
23:01:48.0018 3520 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:01:48.0110 3520 p2pimsvc - ok
23:01:48.0127 3520 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:01:48.0208 3520 p2psvc - ok
23:01:48.0256 3520 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:01:48.0385 3520 Parport - ok
23:01:48.0441 3520 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
23:01:48.0500 3520 partmgr - ok
23:01:48.0520 3520 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:01:48.0647 3520 Parvdm - ok
23:01:48.0763 3520 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:01:48.0822 3520 PcaSvc - ok
23:01:48.0903 3520 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:01:48.0966 3520 pci - ok
23:01:48.0990 3520 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:01:49.0045 3520 pciide - ok
23:01:49.0099 3520 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:01:49.0156 3520 pcmcia - ok
23:01:49.0303 3520 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:01:49.0486 3520 PEAUTH - ok
23:01:49.0562 3520 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\Windows\system32\drivers\pfc.sys
23:01:49.0591 3520 pfc ( UnsignedFile.Multi.Generic ) - warning
23:01:49.0591 3520 pfc - detected UnsignedFile.Multi.Generic (1)
23:01:49.0647 3520 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
23:01:49.0676 3520 pgfilter ( UnsignedFile.Multi.Generic ) - warning
23:01:49.0676 3520 pgfilter - detected UnsignedFile.Multi.Generic (1)
23:01:49.0897 3520 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:01:50.0030 3520 pla - ok
23:01:50.0208 3520 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:01:50.0310 3520 PlugPlay - ok
23:01:50.0440 3520 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:01:50.0546 3520 PNRPAutoReg - ok
23:01:50.0563 3520 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:01:50.0647 3520 PNRPsvc - ok
23:01:50.0719 3520 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:01:50.0809 3520 PolicyAgent - ok
23:01:50.0873 3520 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:01:50.0958 3520 PptpMiniport - ok
23:01:50.0998 3520 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:01:51.0090 3520 Processor - ok
23:01:51.0166 3520 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:01:51.0247 3520 ProfSvc - ok
23:01:51.0302 3520 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:01:51.0393 3520 ProtectedStorage - ok
23:01:51.0461 3520 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:01:51.0535 3520 PSched - ok
23:01:51.0602 3520 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
23:01:51.0649 3520 PxHelp20 - ok
23:01:51.0845 3520 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:01:51.0974 3520 ql2300 - ok
23:01:52.0031 3520 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:01:52.0083 3520 ql40xx - ok
23:01:52.0156 3520 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:01:52.0229 3520 QWAVE - ok
23:01:52.0276 3520 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:01:52.0329 3520 QWAVEdrv - ok
23:01:52.0650 3520 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
23:01:52.0865 3520 R300 - ok
23:01:53.0114 3520 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:01:53.0198 3520 RasAcd - ok
23:01:53.0232 3520 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:01:53.0325 3520 RasAuto - ok
23:01:53.0356 3520 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:53.0444 3520 Rasl2tp - ok
23:01:53.0528 3520 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:01:53.0618 3520 RasMan - ok
23:01:53.0671 3520 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:53.0742 3520 RasPppoe - ok
23:01:53.0809 3520 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:01:53.0868 3520 RasSstp - ok
23:01:53.0955 3520 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:01:54.0042 3520 rdbss - ok
23:01:54.0067 3520 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:54.0152 3520 RDPCDD - ok
23:01:54.0215 3520 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:01:54.0307 3520 rdpdr - ok
23:01:54.0317 3520 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:01:54.0410 3520 RDPENCDD - ok
23:01:54.0497 3520 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
23:01:54.0557 3520 RDPWD - ok
23:01:54.0608 3520 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:01:54.0696 3520 RemoteAccess - ok
23:01:54.0769 3520 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:01:54.0848 3520 RemoteRegistry - ok
23:01:54.0895 3520 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
23:01:54.0959 3520 rimmptsk - ok
23:01:54.0973 3520 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
23:01:55.0039 3520 rimsptsk - ok
23:01:55.0076 3520 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
23:01:55.0127 3520 rismxdp - ok
23:01:55.0155 3520 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:01:55.0217 3520 RpcLocator - ok
23:01:55.0343 3520 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:01:55.0440 3520 RpcSs - ok
23:01:55.0484 3520 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:01:55.0575 3520 rspndr - ok
23:01:55.0621 3520 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:01:55.0711 3520 SamSs - ok
23:01:55.0745 3520 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:01:55.0797 3520 sbp2port - ok
23:01:55.0862 3520 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:01:55.0940 3520 SCardSvr - ok
23:01:56.0101 3520 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:01:56.0187 3520 Schedule - ok
23:01:56.0250 3520 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:01:56.0318 3520 SCPolicySvc - ok
23:01:56.0386 3520 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
23:01:56.0459 3520 sdbus - ok
23:01:56.0499 3520 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:01:56.0566 3520 SDRSVC - ok
23:01:56.0597 3520 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:01:56.0724 3520 secdrv - ok
23:01:56.0745 3520 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:01:56.0832 3520 seclogon - ok
23:01:56.0866 3520 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
23:01:56.0954 3520 SENS - ok
23:01:56.0974 3520 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:01:57.0108 3520 Serenum - ok
23:01:57.0137 3520 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:01:57.0273 3520 Serial - ok
23:01:57.0316 3520 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:01:57.0428 3520 sermouse - ok
23:01:57.0543 3520 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:01:57.0635 3520 SessionEnv - ok
23:01:57.0649 3520 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
23:01:57.0716 3520 sffdisk - ok
23:01:57.0751 3520 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:01:57.0834 3520 sffp_mmc - ok
23:01:57.0883 3520 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:01:57.0950 3520 sffp_sd - ok
23:01:57.0989 3520 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:01:58.0131 3520 sfloppy - ok
23:01:58.0184 3520 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:01:58.0285 3520 SharedAccess - ok
23:01:58.0384 3520 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:01:58.0461 3520 ShellHWDetection - ok
23:01:58.0495 3520 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:01:58.0550 3520 sisagp - ok
23:01:58.0575 3520 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:01:58.0629 3520 SiSRaid2 - ok
23:01:58.0659 3520 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:01:58.0713 3520 SiSRaid4 - ok
23:01:59.0245 3520 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:01:59.0595 3520 slsvc - ok
23:01:59.0770 3520 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:01:59.0844 3520 SLUINotify - ok
23:01:59.0926 3520 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:02:00.0018 3520 Smb - ok
23:02:00.0343 3520 SmcService (4f5deefb11bdf0b905bcce60674fc2b4) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
23:02:00.0532 3520 SmcService - ok
23:02:00.0659 3520 SNAC (88b46aab883225b879bb17106d342181) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
23:02:00.0865 3520 SNAC - ok
23:02:01.0054 3520 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:02:01.0121 3520 SNMPTRAP - ok
23:02:01.0196 3520 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
23:02:01.0241 3520 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
23:02:01.0241 3520 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
23:02:01.0327 3520 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:02:01.0391 3520 SPBBCDrv - ok
23:02:01.0454 3520 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:02:01.0506 3520 spldr - ok
23:02:01.0564 3520 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:02:01.0679 3520 Spooler - ok
23:02:01.0782 3520 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
23:02:01.0845 3520 sprtsvc_DellSupportCenter - ok
23:02:01.0918 3520 SRTSP (5e4985a84f13abf5727bed3c50bd7031) C:\Windows\system32\Drivers\SRTSP.SYS
23:02:01.0977 3520 SRTSP - ok
23:02:02.0036 3520 SRTSPL (8117dca2cdf9d11c441c473dc9631655) C:\Windows\system32\Drivers\SRTSPL.SYS
23:02:02.0093 3520 SRTSPL - ok
23:02:02.0117 3520 SRTSPX (5e89104af0dc94b659ea8ec3e66c3eeb) C:\Windows\system32\Drivers\SRTSPX.SYS
23:02:02.0167 3520 SRTSPX - ok
23:02:02.0238 3520 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:02:02.0332 3520 srv - ok
23:02:02.0416 3520 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:02:02.0490 3520 srv2 - ok
23:02:02.0531 3520 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:02:02.0591 3520 srvnet - ok
23:02:02.0649 3520 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:02:02.0746 3520 SSDPSRV - ok
23:02:02.0782 3520 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:02:02.0846 3520 SstpSvc - ok
23:02:02.0972 3520 STacSV (19c539ffa23f7db20d6ac6e2905adc21) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
23:02:03.0042 3520 STacSV - ok
23:02:03.0132 3520 STHDA (d4ae2486c4290054b8d6f1adc4bad7fd) C:\Windows\system32\DRIVERS\stwrt.sys
23:02:03.0232 3520 STHDA - ok
23:02:03.0343 3520 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:02:03.0428 3520 stisvc - ok
23:02:03.0467 3520 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:02:03.0518 3520 swenum - ok
23:02:03.0590 3520 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:02:03.0687 3520 swprv - ok
23:02:04.0115 3520 Symantec AntiVirus (2bd0ff900b443cf8eb30844f47a2b4a4) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
23:02:04.0329 3520 Symantec AntiVirus - ok
23:02:04.0567 3520 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:02:04.0615 3520 Symc8xx - ok
23:02:04.0656 3520 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
23:02:04.0706 3520 SymEvent - ok
23:02:04.0733 3520 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\Windows\System32\Drivers\SYMREDRV.SYS
23:02:04.0797 3520 SYMREDRV - ok
23:02:04.0865 3520 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\Windows\System32\Drivers\SYMTDI.SYS
23:02:04.0924 3520 SYMTDI - ok
23:02:04.0951 3520 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:02:05.0015 3520 Sym_hi - ok
23:02:05.0051 3520 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:02:05.0100 3520 Sym_u3 - ok
23:02:05.0243 3520 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:02:05.0347 3520 SysMain - ok
23:02:05.0391 3520 SysPlant (f993e24ebbef8e9626fbea12a6b739f2) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
23:02:05.0438 3520 SysPlant - ok
23:02:05.0485 3520 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:02:05.0549 3520 TabletInputService - ok
23:02:05.0633 3520 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:02:05.0735 3520 TapiSrv - ok
23:02:05.0763 3520 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:02:05.0852 3520 TBS - ok
23:02:06.0030 3520 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
23:02:06.0150 3520 Tcpip - ok
23:02:06.0176 3520 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
23:02:06.0288 3520 Tcpip6 - ok
23:02:06.0302 3520 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
23:02:06.0369 3520 tcpipreg - ok
23:02:06.0397 3520 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:02:06.0478 3520 TDPIPE - ok
23:02:06.0498 3520 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:02:06.0581 3520 TDTCP - ok
23:02:06.0648 3520 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:02:06.0723 3520 tdx - ok
23:02:06.0766 3520 Teefer2 (62f7d6e6f7f4ee9e300ed9a945534486) C:\Windows\system32\DRIVERS\teefer2.sys
23:02:06.0811 3520 Teefer2 - ok
23:02:06.0879 3520 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:02:06.0935 3520 TermDD - ok
23:02:07.0043 3520 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:02:07.0143 3520 TermService - ok
23:02:07.0236 3520 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:02:07.0300 3520 Themes - ok
23:02:07.0330 3520 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:02:07.0414 3520 THREADORDER - ok
23:02:07.0466 3520 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:02:07.0566 3520 TrkWks - ok
23:02:07.0670 3520 truecrypt (ed5e4ce36c54f55e7698642e94d32ec7) C:\Windows\system32\drivers\truecrypt.sys
23:02:07.0735 3520 truecrypt - ok
23:02:07.0798 3520 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:02:07.0930 3520 TrustedInstaller - ok
23:02:08.0025 3520 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:02:08.0110 3520 tssecsrv - ok
23:02:08.0139 3520 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:02:08.0198 3520 tunmp - ok
23:02:08.0287 3520 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:02:08.0342 3520 tunnel - ok
23:02:08.0370 3520 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:02:08.0424 3520 uagp35 - ok
23:02:08.0510 3520 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:02:08.0587 3520 udfs - ok
23:02:08.0653 3520 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:02:08.0761 3520 UI0Detect - ok
23:02:08.0813 3520 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:02:08.0869 3520 uliagpkx - ok
23:02:08.0923 3520 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:02:08.0985 3520 uliahci - ok
23:02:09.0025 3520 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:02:09.0078 3520 UlSata - ok
23:02:09.0116 3520 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:02:09.0170 3520 ulsata2 - ok
23:02:09.0199 3520 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:02:09.0284 3520 umbus - ok
23:02:09.0335 3520 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:02:09.0432 3520 upnphost - ok
23:02:09.0463 3520 USBAAPL - ok
23:02:09.0540 3520 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:02:09.0613 3520 usbaudio - ok
23:02:09.0673 3520 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
23:02:09.0730 3520 usbbus - ok
23:02:09.0798 3520 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:02:09.0871 3520 usbccgp - ok
23:02:09.0916 3520 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:02:10.0048 3520 usbcir - ok
23:02:10.0113 3520 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
23:02:10.0159 3520 UsbDiag - ok
23:02:10.0215 3520 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:02:10.0299 3520 usbehci - ok
23:02:10.0395 3520 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:02:10.0474 3520 usbhub - ok
23:02:10.0527 3520 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
23:02:10.0571 3520 USBModem - ok
23:02:10.0610 3520 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:02:10.0739 3520 usbohci - ok
23:02:10.0759 3520 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
23:02:10.0888 3520 usbprint - ok
23:02:11.0006 3520 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:02:11.0081 3520 USBSTOR - ok
23:02:11.0109 3520 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:02:11.0179 3520 usbuhci - ok
23:02:11.0239 3520 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:02:11.0317 3520 UxSms - ok
23:02:11.0377 3520 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
23:02:11.0439 3520 VClone - ok
23:02:11.0535 3520 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:02:11.0696 3520 vds - ok
23:02:11.0805 3520 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:02:11.0889 3520 vga - ok
23:02:11.0902 3520 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:02:11.0993 3520 VgaSave - ok
23:02:12.0032 3520 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:02:12.0085 3520 viaagp - ok
23:02:12.0112 3520 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:02:12.0198 3520 ViaC7 - ok
23:02:12.0223 3520 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:02:12.0274 3520 viaide - ok
23:02:12.0297 3520 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:02:12.0355 3520 volmgr - ok
23:02:12.0445 3520 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:02:12.0531 3520 volmgrx - ok
23:02:12.0635 3520 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:02:12.0708 3520 volsnap - ok
23:02:12.0779 3520 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:02:12.0838 3520 vsmraid - ok
23:02:13.0028 3520 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:02:13.0251 3520 VSS - ok
23:02:13.0321 3520 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:02:13.0413 3520 W32Time - ok
23:02:13.0476 3520 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:02:13.0606 3520 WacomPen - ok
23:02:13.0697 3520 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:02:13.0772 3520 Wanarp - ok
23:02:13.0780 3520 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:02:13.0857 3520 Wanarpv6 - ok
23:02:13.0933 3520 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:02:14.0014 3520 wcncsvc - ok
23:02:14.0051 3520 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:02:14.0130 3520 WcsPlugInService - ok
23:02:14.0143 3520 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:02:14.0194 3520 Wd - ok
23:02:14.0285 3520 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:02:14.0398 3520 Wdf01000 - ok
23:02:14.0429 3520 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:02:14.0522 3520 WdiServiceHost - ok
23:02:14.0530 3520 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:02:14.0619 3520 WdiSystemHost - ok
23:02:14.0737 3520 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:02:14.0809 3520 WebClient - ok
23:02:14.0872 3520 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:02:14.0956 3520 Wecsvc - ok
23:02:14.0998 3520 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:02:15.0077 3520 wercplsupport - ok
23:02:15.0129 3520 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:02:15.0211 3520 WerSvc - ok
23:02:15.0329 3520 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:02:15.0400 3520 WinDefend - ok
23:02:15.0414 3520 WinHttpAutoProxySvc - ok
23:02:15.0484 3520 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:02:15.0571 3520 Winmgmt - ok
23:02:15.0785 3520 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:02:15.0895 3520 WinRM - ok
23:02:16.0048 3520 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:02:16.0134 3520 Wlansvc - ok
23:02:16.0197 3520 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:02:16.0265 3520 WmiAcpi - ok
23:02:16.0374 3520 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:02:16.0514 3520 wmiApSrv - ok
23:02:16.0767 3520 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:02:16.0877 3520 WMPNetworkSvc - ok
23:02:16.0917 3520 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:02:16.0990 3520 WPCSvc - ok
23:02:17.0031 3520 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:02:17.0115 3520 WPDBusEnum - ok
23:02:17.0187 3520 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:02:17.0251 3520 WpdUsb - ok
23:02:17.0527 3520 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:02:17.0670 3520 WPFFontCache_v0400 - ok
23:02:17.0699 3520 WPS (e5788aeeb08055e006d5074adfa5e1e8) C:\Windows\system32\drivers\wpsdrvnt.sys
23:02:17.0743 3520 WPS - ok
23:02:17.0819 3520 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
23:02:17.0867 3520 WpsHelper - ok
23:02:17.0910 3520 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:02:17.0991 3520 ws2ifsl - ok
23:02:18.0047 3520 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
23:02:18.0109 3520 wscsvc - ok
23:02:18.0118 3520 WSearch - ok
23:02:18.0530 3520 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:02:18.0712 3520 wuauserv - ok
23:02:18.0879 3520 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:02:18.0963 3520 WUDFRd - ok
23:02:19.0001 3520 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
23:02:19.0098 3520 wudfsvc - ok
23:02:19.0147 3520 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:02:20.0731 3520 \Device\Harddisk0\DR0 - ok
23:02:20.0769 3520 Boot (0x1200) (5fe70b6d4fa0504e2736c8ff25c0222a) \Device\Harddisk0\DR0\Partition0
23:02:20.0773 3520 \Device\Harddisk0\DR0\Partition0 - ok
23:02:20.0781 3520 Boot (0x1200) (ee150ae9dc793e585ebb3b736463db20) \Device\Harddisk0\DR0\Partition1
23:02:20.0785 3520 \Device\Harddisk0\DR0\Partition1 - ok
23:02:20.0788 3520 ============================================================
23:02:20.0788 3520 Scan finished
23:02:20.0788 3520 ============================================================
23:02:20.0814 4676 Detected object count: 3
23:02:20.0814 4676 Actual detected object count: 3
23:12:16.0823 4676 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
23:12:16.0823 4676 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:12:16.0833 4676 pgfilter ( UnsignedFile.Multi.Generic ) - skipped by user
23:12:16.0833 4676 pgfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:12:16.0836 4676 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:12:16.0836 4676 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#7
initialdproject
Posted 21 June 2012 - 11:28 PM

initialdproject

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 01:26:34
-----------------------------
01:26:34.199 OS Version: Windows 6.0.6002 Service Pack 2
01:26:34.199 Number of processors: 2 586 0x1706
01:26:34.199 ComputerName: EMBER-PC UserName: Ember
01:26:36.430 Initialize success
01:26:40.646 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:26:40.646 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
01:26:40.677 Disk 0 MBR read successfully
01:26:40.693 Disk 0 MBR scan
01:26:40.693 Disk 0 Windows VISTA default MBR code
01:26:40.709 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
01:26:40.740 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
01:26:40.755 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294925 MB offset 21133312
01:26:40.771 Disk 0 scanning sectors +625139712
01:26:40.849 Disk 0 scanning C:\Windows\system32\drivers
01:26:52.424 Service scanning
01:27:11.987 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
01:27:12.470 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
01:27:16.854 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
01:27:16.932 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
01:27:17.852 Modules scanning
01:27:29.162 Disk 0 trace - called modules:
01:27:29.271 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
01:27:29.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f0e8e0]
01:27:29.303 3 CLASSPNP.SYS[8a5a88b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x855208a0]
01:27:29.318 Scan finished successfully
01:27:43.436 Disk 0 MBR has been saved successfully to "C:\Users\Ember\Desktop\MBR.dat"
01:27:43.452 The log file has been saved successfully to "C:\Users\Ember\Desktop\aswMBRa.txt"



Sorry about the delay. Thanks!
  • 0

#8
maliprog
Posted 21 June 2012 - 11:31 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi initialdproject,

How is your system now? Do you still get any malware notifications?
  • 0

#9
initialdproject
Posted 22 June 2012 - 07:10 AM

initialdproject

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I have not recently. The notifications happen periodically. Thanks for all your help!
  • 0

#10
maliprog
Posted 22 June 2012 - 07:13 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice to hear that. Let's do antivirus scan to remove any leftovers.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#11
initialdproject
Posted 23 June 2012 - 02:43 PM

initialdproject

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Status: Deleted (events: 532)
6/22/2012 3:44:05 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\03C00000.VBN High
6/22/2012 3:44:05 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\03C00000.VBN//CryptZ High
6/22/2012 3:44:05 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\03C00000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:05 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\03C00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:05 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\03C00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:44:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40000.VBN High
6/22/2012 3:44:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40000.VBN//CryptZ High
6/22/2012 3:44:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:44:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40001.VBN High
6/22/2012 3:44:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40001.VBN//CryptZ High
6/22/2012 3:44:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:44:26 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40002.VBN High
6/22/2012 3:44:26 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40002.VBN//CryptZ High
6/22/2012 3:44:26 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:26 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:26 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:44:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40003.VBN High
6/22/2012 3:44:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40003.VBN//CryptZ High
6/22/2012 3:44:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\04A40003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:44:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740000.VBN High
6/22/2012 3:44:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740000.VBN//CryptZ High
6/22/2012 3:44:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:44:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740001.VBN High
6/22/2012 3:44:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740001.VBN//CryptZ High
6/22/2012 3:44:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:44:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740002.VBN High
6/22/2012 3:44:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740002.VBN//CryptZ High
6/22/2012 3:44:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:44:56 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740003.VBN High
6/22/2012 3:44:56 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740003.VBN//CryptZ High
6/22/2012 3:44:56 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:44:56 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:44:56 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05740003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:45:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00000.VBN High
6/22/2012 3:45:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00000.VBN//CryptZ High
6/22/2012 3:45:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:45:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:45:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:45:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00001.VBN High
6/22/2012 3:45:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00001.VBN//CryptZ High
6/22/2012 3:45:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:45:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:45:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:45:52 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00002.VBN High
6/22/2012 3:45:52 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00002.VBN//CryptZ High
6/22/2012 3:45:52 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:45:52 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:45:52 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F00002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:45:59 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80000.VBN High
6/22/2012 3:45:59 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80000.VBN//CryptZ High
6/22/2012 3:45:59 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:45:59 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:45:59 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:06 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80001.VBN High
6/22/2012 3:46:06 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80001.VBN//CryptZ High
6/22/2012 3:46:06 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:06 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:06 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:12 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80002.VBN High
6/22/2012 3:46:12 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80002.VBN//CryptZ High
6/22/2012 3:46:12 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:12 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:12 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\05F80002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06640000.VBN High
6/22/2012 3:46:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06640000.VBN//CryptZ High
6/22/2012 3:46:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06640000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06640000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06640000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0001.VBN High
6/22/2012 3:46:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0001.VBN//CryptZ High
6/22/2012 3:46:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:33 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0002.VBN High
6/22/2012 3:46:33 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0002.VBN//CryptZ High
6/22/2012 3:46:33 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:33 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:33 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\06DC0002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880000.VBN High
6/22/2012 3:46:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880000.VBN//CryptZ High
6/22/2012 3:46:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:45 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880001.VBN High
6/22/2012 3:46:45 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880001.VBN//CryptZ High
6/22/2012 3:46:45 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:45 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:45 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:51 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880002.VBN High
6/22/2012 3:46:51 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880002.VBN//CryptZ High
6/22/2012 3:46:51 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:51 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:51 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\07880002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:46:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40000.VBN High
6/22/2012 3:46:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40000.VBN//CryptZ High
6/22/2012 3:46:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:46:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:46:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:47:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40001.VBN High
6/22/2012 3:47:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40001.VBN//CryptZ High
6/22/2012 3:47:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:47:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:47:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\08D40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:47:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0000.VBN High
6/22/2012 3:47:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0000.VBN//CryptZ High
6/22/2012 3:47:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:47:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:47:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0001.VBN High
6/22/2012 3:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0001.VBN//CryptZ High
6/22/2012 3:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:48:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0002.VBN High
6/22/2012 3:48:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0002.VBN//CryptZ High
6/22/2012 3:48:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:48:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:48:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\096C0002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:48:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740000.VBN High
6/22/2012 3:48:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740000.VBN//CryptZ High
6/22/2012 3:48:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:48:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:48:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 3:48:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740001.VBN High
6/22/2012 3:48:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740001.VBN//CryptZ High
6/22/2012 3:48:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 3:48:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 3:48:13 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740002.VBN High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740002.VBN//CryptZ High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740003.VBN High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740003.VBN//CryptZ High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:44:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B740003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:44:51 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C4C0000.VBN High
6/22/2012 4:44:51 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C4C0000.VBN//CryptZ High
6/22/2012 4:44:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600000.VBN High
6/22/2012 4:44:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600000.VBN//CryptZ High
6/22/2012 4:44:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:44:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:44:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600001.VBN High
6/22/2012 4:45:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600001.VBN//CryptZ High
6/22/2012 4:45:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:03 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:10 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600002.VBN High
6/22/2012 4:45:10 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600002.VBN//CryptZ High
6/22/2012 4:45:10 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:10 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:10 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C600002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800000.VBN High
6/22/2012 4:45:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800000.VBN//CryptZ High
6/22/2012 4:45:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800001.VBN High
6/22/2012 4:45:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800001.VBN//CryptZ High
6/22/2012 4:45:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:29 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800002.VBN High
6/22/2012 4:45:29 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800002.VBN//CryptZ High
6/22/2012 4:45:29 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:29 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:29 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800003.VBN High
6/22/2012 4:45:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800003.VBN//CryptZ High
6/22/2012 4:45:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0C800003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:41 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40000.VBN High
6/22/2012 4:45:41 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40000.VBN//CryptZ High
6/22/2012 4:45:41 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:41 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:41 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40001.VBN High
6/22/2012 4:45:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40001.VBN//CryptZ High
6/22/2012 4:45:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:45:53 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40002.VBN High
6/22/2012 4:45:53 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40002.VBN//CryptZ High
6/22/2012 4:45:53 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:45:53 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:45:53 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:47:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40003.VBN High
6/22/2012 4:47:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40003.VBN//CryptZ High
6/22/2012 4:47:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:47:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:47:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0CA40003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:47:40 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180000.VBN High
6/22/2012 4:47:40 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180000.VBN//CryptZ High
6/22/2012 4:47:40 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:47:40 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:47:40 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:47:32 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180001.VBN High
6/22/2012 4:47:32 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180001.VBN//CryptZ High
6/22/2012 4:47:32 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:47:32 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:47:32 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180002.VBN High
6/22/2012 4:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180002.VBN//CryptZ High
6/22/2012 4:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:47:48 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D180002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:47:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500000.VBN High
6/22/2012 4:47:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500000.VBN//CryptZ High
6/22/2012 4:47:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:47:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:47:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:48:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500001.VBN High
6/22/2012 4:48:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500001.VBN//CryptZ High
6/22/2012 4:48:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:48:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:48:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D500001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:48:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740000.VBN High
6/22/2012 4:48:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740000.VBN//CryptZ High
6/22/2012 4:48:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:48:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:48:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:48:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740001.VBN High
6/22/2012 4:48:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740001.VBN//CryptZ High
6/22/2012 4:48:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:48:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:48:16 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:48:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740002.VBN High
6/22/2012 4:48:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740002.VBN//CryptZ High
6/22/2012 4:48:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:48:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:48:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D740002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:49:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0000.VBN High
6/22/2012 4:49:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0000.VBN//CryptZ High
6/22/2012 4:49:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:49:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:49:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:49:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0002.VBN High
6/22/2012 4:49:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0002.VBN//CryptZ High
6/22/2012 4:49:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:49:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:49:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:49:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0003.VBN High
6/22/2012 4:49:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0003.VBN//CryptZ High
6/22/2012 4:49:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:49:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:49:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0D9C0003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:49:46 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00000.VBN High
6/22/2012 4:49:46 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00000.VBN//CryptZ High
6/22/2012 4:49:46 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:49:46 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:49:46 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:49:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00001.VBN High
6/22/2012 4:49:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00001.VBN//CryptZ High
6/22/2012 4:49:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:49:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:49:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:50:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00002.VBN High
6/22/2012 4:50:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00002.VBN//CryptZ High
6/22/2012 4:50:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:50:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:50:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC00002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:50:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80000.VBN High
6/22/2012 4:50:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80000.VBN//CryptZ High
6/22/2012 4:50:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:50:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:50:02 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:50:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80001.VBN High
6/22/2012 4:50:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80001.VBN//CryptZ High
6/22/2012 4:50:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:50:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:50:09 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:50:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80002.VBN High
6/22/2012 4:50:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80002.VBN//CryptZ High
6/22/2012 4:50:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:50:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:50:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:50:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80003.VBN High
6/22/2012 4:50:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80003.VBN//CryptZ High
6/22/2012 4:50:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:50:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:50:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DC80003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:51:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DFC0001.VBN High
6/22/2012 4:51:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DFC0001.VBN//CryptZ High
6/22/2012 4:51:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DFC0001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:51:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DFC0001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:51:17 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0DFC0001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:51:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100000.VBN High
6/22/2012 4:51:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100000.VBN//CryptZ High
6/22/2012 4:51:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:51:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:51:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:51:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100001.VBN High
6/22/2012 4:51:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100001.VBN//CryptZ High
6/22/2012 4:51:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:51:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:51:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:51:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100002.VBN High
6/22/2012 4:51:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100002.VBN//CryptZ High
6/22/2012 4:51:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:51:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:51:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E100002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:51:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180000.VBN High
6/22/2012 4:51:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180000.VBN//CryptZ High
6/22/2012 4:51:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:51:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:51:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:51:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180001.VBN High
6/22/2012 4:51:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180001.VBN//CryptZ High
6/22/2012 4:51:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:51:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:51:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:52:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180002.VBN High
6/22/2012 4:52:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180002.VBN//CryptZ High
6/22/2012 4:52:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:52:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:52:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:52:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180003.VBN High
6/22/2012 4:52:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180003.VBN//CryptZ High
6/22/2012 4:52:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:52:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:52:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:52:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180004.VBN High
6/22/2012 4:52:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180004.VBN//CryptZ High
6/22/2012 4:52:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180004.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:52:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180004.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:52:23 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E180004.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:53:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480000.VBN High
6/22/2012 4:53:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480000.VBN//CryptZ High
6/22/2012 4:53:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:53:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:53:24 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:53:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480001.VBN High
6/22/2012 4:53:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480001.VBN//CryptZ High
6/22/2012 4:53:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:53:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:53:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:53:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480002.VBN High
6/22/2012 4:53:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480002.VBN//CryptZ High
6/22/2012 4:53:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:53:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:53:37 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E480002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:53:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640000.VBN High
6/22/2012 4:53:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640000.VBN//CryptZ High
6/22/2012 4:53:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:53:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:53:44 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:53:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640001.VBN High
6/22/2012 4:53:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640001.VBN//CryptZ High
6/22/2012 4:53:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:53:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:53:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:53:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640002.VBN High
6/22/2012 4:53:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640002.VBN//CryptZ High
6/22/2012 4:53:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:53:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:53:57 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E640002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:54:04 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0000.VBN High
6/22/2012 4:54:04 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0000.VBN//CryptZ High
6/22/2012 4:54:04 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:54:04 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:54:04 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:54:11 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0001.VBN High
6/22/2012 4:54:11 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0001.VBN//CryptZ High
6/22/2012 4:54:11 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:54:11 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:54:11 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:54:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0002.VBN High
6/22/2012 4:54:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0002.VBN//CryptZ High
6/22/2012 4:54:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:54:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:54:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:55:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0003.VBN High
6/22/2012 4:55:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0003.VBN//CryptZ High
6/22/2012 4:55:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:55:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:55:30 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E7C0003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:55:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900000.VBN High
6/22/2012 4:55:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900000.VBN//CryptZ High
6/22/2012 4:55:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:55:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:55:39 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:55:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900001.VBN High
6/22/2012 4:55:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900001.VBN//CryptZ High
6/22/2012 4:55:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:55:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:55:54 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:55:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900002.VBN High
6/22/2012 4:55:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900002.VBN//CryptZ High
6/22/2012 4:55:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:55:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:55:47 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E900002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:56:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80000.VBN High
6/22/2012 4:56:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80000.VBN//CryptZ High
6/22/2012 4:56:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:56:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:56:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:56:08 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80001.VBN High
6/22/2012 4:56:08 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80001.VBN//CryptZ High
6/22/2012 4:56:08 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:56:08 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:56:08 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:56:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80002.VBN High
6/22/2012 4:56:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80002.VBN//CryptZ High
6/22/2012 4:56:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:56:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:56:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0EE80002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:56:22 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40000.VBN High
6/22/2012 4:56:22 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40000.VBN//CryptZ High
6/22/2012 4:56:22 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:56:22 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:56:22 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:56:28 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40001.VBN High
6/22/2012 4:56:28 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40001.VBN//CryptZ High
6/22/2012 4:56:28 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:56:28 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:56:28 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:56:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40002.VBN High
6/22/2012 4:56:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40002.VBN//CryptZ High
6/22/2012 4:56:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:56:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:56:35 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FB40002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:57:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FD40000.VBN High
6/22/2012 4:57:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FD40000.VBN//CryptZ High
6/22/2012 4:57:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FD40000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:57:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FD40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:57:19 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FD40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:57:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00000.VBN High
6/22/2012 4:57:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00000.VBN//CryptZ High
6/22/2012 4:57:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:57:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:57:31 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:57:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00001.VBN High
6/22/2012 4:57:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00001.VBN//CryptZ High
6/22/2012 4:57:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:57:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:57:25 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:57:36 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00002.VBN High
6/22/2012 4:57:36 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00002.VBN//CryptZ High
6/22/2012 4:57:36 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:57:36 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:57:36 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FE00002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:57:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00000.VBN High
6/22/2012 4:57:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00000.VBN//CryptZ High
6/22/2012 4:57:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:57:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:57:42 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:57:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00001.VBN High
6/22/2012 4:57:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00001.VBN//CryptZ High
6/22/2012 4:57:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:57:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:57:49 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:57:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00002.VBN High
6/22/2012 4:57:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00002.VBN//CryptZ High
6/22/2012 4:57:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:57:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:57:55 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0FF00002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:58:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180000.VBN High
6/22/2012 4:58:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180000.VBN//CryptZ High
6/22/2012 4:58:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:58:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:58:01 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:58:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180001.VBN High
6/22/2012 4:58:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180001.VBN//CryptZ High
6/22/2012 4:58:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:58:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:58:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:58:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180002.VBN High
6/22/2012 4:58:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180002.VBN//CryptZ High
6/22/2012 4:58:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:58:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:58:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\11180002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:58:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40000.VBN High
6/22/2012 4:58:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40000.VBN//CryptZ High
6/22/2012 4:58:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40000.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:58:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:58:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40000.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:59:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40001.VBN High
6/22/2012 4:59:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40001.VBN//CryptZ High
6/22/2012 4:59:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:59:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:59:07 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:59:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40002.VBN High
6/22/2012 4:59:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40002.VBN//CryptZ High
6/22/2012 4:59:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:59:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:59:15 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:59:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40003.VBN High
6/22/2012 4:59:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40003.VBN//CryptZ High
6/22/2012 4:59:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40003.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:59:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40003.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:59:21 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\12C40003.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:59:29 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\146C0000.VBN High
6/22/2012 4:59:29 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\146C0000.VBN//CryptZ High
6/22/2012 4:59:35 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\146C0001.VBN High
6/22/2012 4:59:35 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\146C0001.VBN//CryptZ High
6/22/2012 4:59:43 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\146C0002.VBN High
6/22/2012 4:59:43 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\146C0002.VBN//CryptZ High
6/22/2012 4:59:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200001.VBN High
6/22/2012 4:59:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200001.VBN//CryptZ High
6/22/2012 4:59:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200001.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:59:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200001.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:59:50 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200001.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 4:59:58 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200002.VBN High
6/22/2012 4:59:58 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200002.VBN//CryptZ High
6/22/2012 4:59:58 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200002.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 4:59:58 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200002.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 4:59:58 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\16200002.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 5:00:07 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B180000\4FF92C15.VBN High
6/22/2012 5:00:07 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0B180000\4FF92C15.VBN//CryptZ High
6/22/2012 5:00:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E3C0003\4FBD9598.VBN High
6/22/2012 5:00:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E3C0003\4FBD9598.VBN//CryptZ High
6/22/2012 5:00:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E3C0003\4FBD9598.VBN//CryptZ//PE_Patch.PECompact High
6/22/2012 5:00:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E3C0003\4FBD9598.VBN//CryptZ//PE_Patch.PECompact//PecBundle High
6/22/2012 5:00:14 PM Deleted virus Email-Worm.Win32.Drefir.f C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0E3C0003\4FBD9598.VBN//CryptZ//PE_Patch.PECompact//PecBundle//PECompact High
6/22/2012 5:01:36 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\110C0006\5F4DCC65.VBN High
6/22/2012 5:01:36 PM Deleted Trojan program Trojan.Win32.Buzus.bztb C:\Documents and Settings\All Users\Symantec\Symantec Endpoint Protection\Quarantine\110C0006\5F4DCC65.VBN//CryptZ High



Sorry it took so long!
  • 0

#12
maliprog
Posted 24 June 2012 - 03:24 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi initialdproject,

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#13
maliprog
Posted 26 June 2012 - 02:18 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP