Solved Ads by SASA removal

[landonswan]

After cleanup, it said it found more threats. Here is the log of those:

2015-03-23 18:38:32.998 Sophos Virus Removal Tool version 2.5.4
2015-03-23 18:38:32.998 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-03-23 18:38:32.998 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-03-23 18:38:32.998 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-03-23 18:38:32.998 Checking for updates...
2015-03-23 18:38:36.071 Update progress: proxy server not available
2015-03-23 18:38:41.547 Option all = no
2015-03-23 18:38:41.547 Option recurse = yes
2015-03-23 18:38:41.547 Option archive = no
2015-03-23 18:38:41.547 Option service = yes
2015-03-23 18:38:41.547 Option confirm = yes
2015-03-23 18:38:41.547 Option sxl = yes
2015-03-23 18:38:41.547 Option max-data-age = 35
2015-03-23 18:38:41.547 Option EnableSafeClean = yes
2015-03-23 18:38:42.748 Option vdl-logging = yes
2015-03-23 18:38:42.748 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-23 18:38:42.748 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-23 18:38:42.748 Component SVRTcli.exe version 2.5.4
2015-03-23 18:38:42.748 Component control.dll version 2.5.4
2015-03-23 18:38:42.748 Component SVRTservice.exe version 2.5.4
2015-03-23 18:38:42.748 Component engine\osdp.dll version 1.44.1.2183
2015-03-23 18:38:42.748 Component engine\veex.dll version 3.58.3.2183
2015-03-23 18:38:42.748 Component engine\savi.dll version 8.1.5.2183
2015-03-23 18:38:42.764 Component rkdisk.dll version 1.5.30.0
2015-03-23 18:38:42.764 Version info: Product version 2.5.4
2015-03-23 18:38:42.764 Version info: Detection engine 3.58.3
2015-03-23 18:38:42.764 Version info: Detection data 5.11
2015-03-23 18:38:42.764 Version info: Build date 2/3/2015
2015-03-23 18:38:42.764 Version info: Data files added 452
2015-03-23 18:38:42.764 Version info: Last successful update (not yet updated)
2015-03-23 18:38:54.698 Downloading updates...
2015-03-23 18:38:54.698 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE512 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE513 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE514 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE515 LATEST
2015-03-23 18:38:54.698 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-03-23 18:38:54.698 Update progress: [I19463] Syncing product SAVIW32 51
2015-03-23 18:38:56.648 Update progress: [I19463] Syncing product IDE512 166
2015-03-23 18:38:58.769 Installing updates...
2015-03-23 18:38:59.378 Error level 1
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE513 171
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE514 120
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE515 1
2015-03-23 18:39:49.360 Update successful
2015-03-23 18:40:13.166 Option all = no
2015-03-23 18:40:13.166 Option recurse = yes
2015-03-23 18:40:13.166 Option archive = no
2015-03-23 18:40:13.166 Option service = yes
2015-03-23 18:40:13.166 Option confirm = yes
2015-03-23 18:40:13.166 Option sxl = yes
2015-03-23 18:40:13.166 Option max-data-age = 35
2015-03-23 18:40:13.166 Option EnableSafeClean = yes
2015-03-23 18:40:13.228 Option vdl-logging = yes
2015-03-23 18:40:13.228 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-23 18:40:13.228 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-23 18:40:13.244 Component SVRTcli.exe version 2.5.4
2015-03-23 18:40:13.244 Component control.dll version 2.5.4
2015-03-23 18:40:13.244 Component SVRTservice.exe version 2.5.4
2015-03-23 18:40:13.244 Component engine\osdp.dll version 1.44.1.2183
2015-03-23 18:40:13.244 Component engine\veex.dll version 3.58.3.2183
2015-03-23 18:40:13.244 Component engine\savi.dll version 8.1.5.2183
2015-03-23 18:40:13.244 Component rkdisk.dll version 1.5.30.0
2015-03-23 18:40:25.802 Version info: Product version 2.5.4
2015-03-23 18:40:25.802 Version info: Detection engine 3.58.3
2015-03-23 18:40:25.802 Version info: Detection data 5.11G
2015-03-23 18:40:25.802 Version info: Build date 2/3/2015
2015-03-23 18:40:25.802 Version info: Data files added 452
2015-03-23 18:40:25.802 Version info: Last successful update 3/23/2015 2:39:49 PM

2015-03-23 19:15:57.639 Could not open C:\hiberfil.sys
2015-03-23 19:16:12.600 Could not open C:\pagefile.sys
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{458c5c74-cf35-11e4-ae89-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{67ac7370-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac7374-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac75a3-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac7749-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{bf491a05-ce4d-11e4-b7e5-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{f9375a36-d184-11e4-9d4c-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 20:27:58.062 >>> Virus 'Mal/PDFEx-H' found in file C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:53:16.429 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-03-23 20:53:16.434 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-03-23 20:53:21.776 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-03-23 20:53:21.795 Could not open C:\Windows\System32\config\RegBack\SAM
2015-03-23 20:53:21.802 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-03-23 20:53:21.808 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-03-23 20:53:21.814 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-03-23 21:17:45.495 >>> Virus 'Mal/EncPk-KY' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe
2015-03-23 21:17:45.495 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:45.496 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:45.496 >>> Virus 'Mal/EncPk-KY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.505 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html
2015-03-23 21:17:57.506 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.506 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.507 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.714 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html
2015-03-23 21:18:22.715 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.715 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.716 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.211 >>> Virus 'Mal/PDFEx-H' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.029 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.823 >>> Virus 'Mal/Medfos-K' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe
2015-03-23 21:19:09.824 >>> Virus 'Mal/Medfos-K' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.824 >>> Virus 'Mal/Medfos-K' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.825 >>> Virus 'Mal/Medfos-K' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.059 >>> Virus 'Mal/EncPk-KY' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe
2015-03-23 21:19:20.060 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.060 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.061 >>> Virus 'Mal/EncPk-KY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.214 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll
2015-03-23 21:19:37.214 >>> Virus 'Mal/Behav-365' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.215 >>> Virus 'Mal/Behav-365' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.215 >>> Virus 'Mal/Behav-365' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.487 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-23 21:19:37.487 Disinfection not offered
2015-03-23 21:20:03.212 >>> Virus 'Mal/Krap-D' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.649 >>> Virus 'Mal/Krap-E' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe
2015-03-23 21:20:37.650 >>> Virus 'Mal/Krap-E' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.650 >>> Virus 'Mal/Krap-E' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.651 >>> Virus 'Mal/Krap-E' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.296 >>> Virus 'Mal/Krap-A' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe
2015-03-23 21:21:00.297 >>> Virus 'Mal/Krap-A' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.298 >>> Virus 'Mal/Krap-A' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.299 >>> Virus 'Mal/Krap-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:01.598 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-23 21:21:01.598 Disinfection not offered
2015-03-23 21:21:24.561 >>> Virus 'Mal/Generic-S' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe
2015-03-23 21:21:24.562 >>> Virus 'Mal/Generic-S' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe
2015-03-23 21:21:24.563 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:24.563 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:24.564 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:30.876 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-23 21:21:30.876 Disinfection not offered
2015-03-23 21:22:10.958 >>> Virus 'Mal/TDSSPk-F' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.637 >>> Virus 'Troj/VB-EJV' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e
2015-03-23 21:22:21.638 >>> Virus 'Troj/VB-EJV' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.639 >>> Virus 'Troj/VB-EJV' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.640 >>> Virus 'Troj/VB-EJV' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:42:43.433 Password protected file E:\toshiba250external\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:00:20.405 Password protected file E:\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:17:48.036 Password protected file E:\work pc transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:31:56.051 Could not open LOGICAL:0007:00000000
2015-03-23 22:31:56.051 Could not open H:\
2015-03-23 22:31:56.066 Could not open LOGICAL:0008:00000000
2015-03-23 22:31:56.066 Could not open I:\
2015-03-23 22:31:56.066 Could not open LOGICAL:0009:00000000
2015-03-23 22:31:56.082 Could not open J:\
2015-03-23 22:31:56.082 Could not open LOGICAL:000A:00000000
2015-03-23 22:31:56.097 Could not open K:\
2015-03-23 22:31:56.363 Could not open PHYSICAL:0082:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0083:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0084:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0085:0000:0000:0001
2015-03-23 22:31:56.441 The following items will be cleaned up:
2015-03-23 22:31:56.441 Mal/PDFEx-H
2015-03-23 22:31:56.441 Mal/EncPk-KY
2015-03-23 22:31:56.441 Mal/ExpJS-AM
2015-03-23 22:31:56.441 Mal/Medfos-K
2015-03-23 22:31:56.441 Mal/Behav-365
2015-03-23 22:31:56.441 Mal/Krap-D
2015-03-23 22:31:56.441 Mal/Krap-E
2015-03-23 22:31:56.456 Mal/Krap-A
2015-03-23 22:31:56.456 Mal/Generic-S
2015-03-23 22:31:56.456 Mal/TDSSPk-F
2015-03-23 22:31:56.456 Troj/VB-EJV
2015-03-23 22:31:56.456 Mal/Behav-365
2015-03-23 22:31:56.456 Troj/PdfJS-HO
2015-03-23 22:31:56.456 Mal/Behav-365
2015-03-24 13:45:29.797 Threat 'Mal/PDFEx-H' has been cleaned up.
2015-03-24 13:45:29.797 File "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.797 File "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" has been cleaned up.
2015-03-24 13:45:29.797 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" has been cleaned up.
2015-03-24 13:45:29.798 Registry value "HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 Registry value "HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-03-24 13:45:29.798 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-03-24 13:45:29.798 Removal successful
2015-03-24 13:45:46.052 Threat 'Mal/EncPk-KY' has been cleaned up.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe" belongs to malware 'Mal/EncPk-KY'.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe" has been cleaned up.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe" belongs to malware 'Mal/EncPk-KY'.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe" has been cleaned up.
2015-03-24 13:45:46.052 Removal successful
2015-03-24 13:46:12.175 Threat 'Mal/ExpJS-AM' has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html" has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html" has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html" has been cleaned up.
2015-03-24 13:46:12.175 Removal successful
2015-03-24 13:46:20.451 Threat 'Mal/Medfos-K' has been cleaned up.
2015-03-24 13:46:20.451 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe" belongs to malware 'Mal/Medfos-K'.
2015-03-24 13:46:20.451 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe" has been cleaned up.
2015-03-24 13:46:20.452 Removal successful
2015-03-24 13:46:29.756 Threat 'Mal/Behav-365' has been cleaned up.
2015-03-24 13:46:29.756 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll" belongs to malware 'Mal/Behav-365'.
2015-03-24 13:46:29.756 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll" has been cleaned up.
2015-03-24 13:46:29.756 Removal successful
2015-03-24 13:46:38.997 Threat 'Mal/Krap-D' has been cleaned up.
2015-03-24 13:46:38.997 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe" belongs to malware 'Mal/Krap-D'.
2015-03-24 13:46:38.997 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe" has been cleaned up.
2015-03-24 13:46:38.997 Removal successful
2015-03-24 13:46:48.406 Threat 'Mal/Krap-E' has been cleaned up.
2015-03-24 13:46:48.406 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe" belongs to malware 'Mal/Krap-E'.
2015-03-24 13:46:48.406 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe" has been cleaned up.
2015-03-24 13:46:48.406 Removal successful
2015-03-24 13:46:57.565 Threat 'Mal/Krap-A' has been cleaned up.
2015-03-24 13:46:57.565 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe" belongs to malware 'Mal/Krap-A'.
2015-03-24 13:46:57.565 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe" has been cleaned up.
2015-03-24 13:46:57.565 Removal successful
2015-03-24 13:47:07.262 Threat 'Mal/Generic-S' has been cleaned up.
2015-03-24 13:47:07.262 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe" belongs to malware 'Mal/Generic-S'.
2015-03-24 13:47:07.262 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe" has been cleaned up.
2015-03-24 13:47:07.262 Removal successful
2015-03-24 13:47:15.344 Threat 'Mal/TDSSPk-F' has been cleaned up.
2015-03-24 13:47:15.344 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950" belongs to malware 'Mal/TDSSPk-F'.
2015-03-24 13:47:15.344 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950" has been cleaned up.
2015-03-24 13:47:15.344 Removal successful
2015-03-24 13:47:23.373 Threat 'Troj/VB-EJV' has been cleaned up.
2015-03-24 13:47:23.373 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e" belongs to 'Troj/VB-EJV'.
2015-03-24 13:47:23.373 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e" has been cleaned up.
2015-03-24 13:47:23.374 Removal successful
2015-03-24 13:47:23.698 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-24 13:47:23.698 Disinfection not offered
2015-03-24 13:47:23.699 Disinfection failed [0xa0040208]
2015-03-24 13:47:23.863 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-24 13:47:23.863 Disinfection not offered
2015-03-24 13:47:23.863 Disinfection failed [0xa0040208]
2015-03-24 13:47:24.051 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-24 13:47:24.051 Disinfection not offered
2015-03-24 13:47:24.051 Disinfection failed [0xa0040208]
2015-03-24 13:47:24.054 Error: cleanup failed.
2015-03-24 13:47:24.087 Contents of SafeClean bin directory:
2015-03-24 13:47:24.087 {
2015-03-24 13:47:24.087 RecordID : "0000000000000001",
2015-03-24 13:47:24.087 ItemType : "1",
2015-03-24 13:47:24.087 Location : "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.087 FileName : "pdf[1].pdf",
2015-03-24 13:47:24.087 ThreatName : "Mal/PDFEx-H",
2015-03-24 13:47:24.087 Checksum : "7553dbbaf582432f962cf53ece5944560ac9e1e72eb61f18d5f7f548baa0bbc1",
2015-03-24 13:47:24.087 TimeStamp : "Tue Mar 24 09:45:12 2015"
2015-03-24 13:47:24.087 }
2015-03-24 13:47:24.087 {
2015-03-24 13:47:24.088 RecordID : "0000000000000002",
2015-03-24 13:47:24.088 ItemType : "1",
2015-03-24 13:47:24.088 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.088 FileName : "pdf[1].pdf",
2015-03-24 13:47:24.088 ThreatName : "Mal/PDFEx-H",
2015-03-24 13:47:24.088 Checksum : "7553dbbaf582432f962cf53ece5944560ac9e1e72eb61f18d5f7f548baa0bbc1",
2015-03-24 13:47:24.088 TimeStamp : "Tue Mar 24 09:45:12 2015"
2015-03-24 13:47:24.088 }
2015-03-24 13:47:24.088 {
2015-03-24 13:47:24.088 RecordID : "0000000000000003",
2015-03-24 13:47:24.088 ItemType : "1",
2015-03-24 13:47:24.088 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\",
2015-03-24 13:47:24.088 FileName : "movie[1].exe",
2015-03-24 13:47:24.088 ThreatName : "Mal/EncPk-KY",
2015-03-24 13:47:24.088 Checksum : "85b81e8f66586321a1fd5e924daf7f4fc17e2237fe6b73a7df15ebefb9b7f34c",
2015-03-24 13:47:24.089 TimeStamp : "Tue Mar 24 09:45:29 2015"
2015-03-24 13:47:24.089 }
2015-03-24 13:47:24.089 {
2015-03-24 13:47:24.089 RecordID : "0000000000000004",
2015-03-24 13:47:24.089 ItemType : "1",
2015-03-24 13:47:24.089 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\",
2015-03-24 13:47:24.089 FileName : "movie[2].exe",
2015-03-24 13:47:24.089 ThreatName : "Mal/EncPk-KY",
2015-03-24 13:47:24.089 Checksum : "b5fbc754148f09fbe35bcdb0578922cb546f846503f095ca8ff6bd62f70c7cc0",
2015-03-24 13:47:24.089 TimeStamp : "Tue Mar 24 09:45:29 2015"
2015-03-24 13:47:24.089 }
2015-03-24 13:47:24.089 {
2015-03-24 13:47:24.089 RecordID : "0000000000000005",
2015-03-24 13:47:24.089 ItemType : "1",
2015-03-24 13:47:24.089 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\",
2015-03-24 13:47:24.090 FileName : "news[1].html",
2015-03-24 13:47:24.090 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.090 Checksum : "50e047a60fe38a30309a0c1692494741b898f65411926710c72a39ffad86e4f0",
2015-03-24 13:47:24.090 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.090 }
2015-03-24 13:47:24.090 {
2015-03-24 13:47:24.090 RecordID : "0000000000000006",
2015-03-24 13:47:24.090 ItemType : "1",
2015-03-24 13:47:24.090 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.090 FileName : "in[1].html",
2015-03-24 13:47:24.090 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.090 Checksum : "f48ab708f0d03b45d7c1311e27164b1d007275d4bf5dac5abc5b122968c6615d",
2015-03-24 13:47:24.090 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.090 }
2015-03-24 13:47:24.090 {
2015-03-24 13:47:24.091 RecordID : "0000000000000007",
2015-03-24 13:47:24.091 ItemType : "1",
2015-03-24 13:47:24.091 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\",
2015-03-24 13:47:24.091 FileName : "news[1].html",
2015-03-24 13:47:24.091 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.091 Checksum : "bde0117a4ac26625fff0a9eb2633aafd4555e3acf1f094ea755d2c96667f8501",
2015-03-24 13:47:24.091 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.091 }
2015-03-24 13:47:24.091 {
2015-03-24 13:47:24.091 RecordID : "0000000000000008",
2015-03-24 13:47:24.091 ItemType : "1",
2015-03-24 13:47:24.091 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\",
2015-03-24 13:47:24.091 FileName : "movie[1].exe",
2015-03-24 13:47:24.091 ThreatName : "Mal/Medfos-K",
2015-03-24 13:47:24.091 Checksum : "8e0ba7b4439e2abeb3d697765fe4d2c68ee50ae369a7d8c7fcf227d7076fcb98",
2015-03-24 13:47:24.092 TimeStamp : "Tue Mar 24 09:46:12 2015"
2015-03-24 13:47:24.092 }
2015-03-24 13:47:24.092 {
2015-03-24 13:47:24.092 RecordID : "0000000000000009",
2015-03-24 13:47:24.092 ItemType : "1",
2015-03-24 13:47:24.092 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\",
2015-03-24 13:47:24.092 FileName : "netsysdev.dll",
2015-03-24 13:47:24.092 ThreatName : "Mal/Behav-365",
2015-03-24 13:47:24.092 Checksum : "c5196cf17d335afc5cd4a8ae1e6fb7e1a9c1f63fa12bc26ab98486bf0e9f9fd9",
2015-03-24 13:47:24.092 TimeStamp : "Tue Mar 24 09:46:20 2015"
2015-03-24 13:47:24.092 }
2015-03-24 13:47:24.092 {
2015-03-24 13:47:24.092 RecordID : "000000000000000a",
2015-03-24 13:47:24.092 ItemType : "1",
2015-03-24 13:47:24.093 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.093 FileName : "c.exe",
2015-03-24 13:47:24.093 ThreatName : "Mal/Krap-D",
2015-03-24 13:47:24.093 Checksum : "deac3873d7c0e4f751c6d3b58fe252f18c2101d55bd3e274690d704e451597c0",
2015-03-24 13:47:24.093 TimeStamp : "Tue Mar 24 09:46:29 2015"
2015-03-24 13:47:24.093 }
2015-03-24 13:47:24.093 {
2015-03-24 13:47:24.093 RecordID : "000000000000000b",
2015-03-24 13:47:24.093 ItemType : "1",
2015-03-24 13:47:24.093 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.093 FileName : "e.exe",
2015-03-24 13:47:24.093 ThreatName : "Mal/Krap-E",
2015-03-24 13:47:24.093 Checksum : "fdf08640931ae384eda605faa9951a014b0428c6dffbf6e32e059a811030ed28",
2015-03-24 13:47:24.093 TimeStamp : "Tue Mar 24 09:46:38 2015"
2015-03-24 13:47:24.093 }
2015-03-24 13:47:24.093 {
2015-03-24 13:47:24.094 RecordID : "000000000000000c",
2015-03-24 13:47:24.094 ItemType : "1",
2015-03-24 13:47:24.094 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.094 FileName : "f.exe",
2015-03-24 13:47:24.094 ThreatName : "Mal/Krap-A",
2015-03-24 13:47:24.094 Checksum : "a6d3021dfd8e5951619b39c5fcffdd38d8211006e7f58b7e7bc8f99d4099b5c7",
2015-03-24 13:47:24.094 TimeStamp : "Tue Mar 24 09:46:48 2015"
2015-03-24 13:47:24.094 }
2015-03-24 13:47:24.094 {
2015-03-24 13:47:24.094 RecordID : "000000000000000d",
2015-03-24 13:47:24.094 ItemType : "1",
2015-03-24 13:47:24.094 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.094 FileName : "statx.exe",
2015-03-24 13:47:24.094 ThreatName : "Mal/Generic-S",
2015-03-24 13:47:24.095 Checksum : "de2b7f73b2470533134b6475aa8885f4bd92966dd3059fbd8a6a7f7e15a85c17",
2015-03-24 13:47:24.095 TimeStamp : "Tue Mar 24 09:46:57 2015"
2015-03-24 13:47:24.095 }
2015-03-24 13:47:24.095 {
2015-03-24 13:47:24.095 RecordID : "000000000000000e",
2015-03-24 13:47:24.095 ItemType : "1",
2015-03-24 13:47:24.095 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\",
2015-03-24 13:47:24.095 FileName : "799a240d-6447d950",
2015-03-24 13:47:24.095 ThreatName : "Mal/TDSSPk-F",
2015-03-24 13:47:24.095 Checksum : "99e95a77c554be077c03372e9bd8db4f7a19c08aa3d1956e665a5f259ebd43ec",
2015-03-24 13:47:24.095 TimeStamp : "Tue Mar 24 09:47:07 2015"
2015-03-24 13:47:24.095 }
2015-03-24 13:47:24.095 {
2015-03-24 13:47:24.095 RecordID : "000000000000000f",
2015-03-24 13:47:24.095 ItemType : "1",
2015-03-24 13:47:24.096 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\",
2015-03-24 13:47:24.096 FileName : "2432330f-5f71242e",
2015-03-24 13:47:24.096 ThreatName : "Troj/VB-EJV",
2015-03-24 13:47:24.096 Checksum : "c787a407237496fd940a385733c884ec264d10e140a674e7dbcdb387839a9b23",
2015-03-24 13:47:24.096 TimeStamp : "Tue Mar 24 09:47:15 2015"
2015-03-24 13:47:24.096 }
2015-03-24 13:47:24.980 Error level 0

 

[landonswan]

The "ads by sasa" behavior seems to be gone, but the SophosVirusRemoval tool said it found more and I should run another scan. That takes about 6 hours. Shall I?

Or should I do other steps?

I really appreciate your help.

 

[landonswan]

I took the liberty to rerun the scan about 5 hours ago. It just finished. Here is the log for it:

2015-03-23 18:38:32.998 Sophos Virus Removal Tool version 2.5.4
2015-03-23 18:38:32.998 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-03-23 18:38:32.998 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-03-23 18:38:32.998 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-03-23 18:38:32.998 Checking for updates...
2015-03-23 18:38:36.071 Update progress: proxy server not available
2015-03-23 18:38:41.547 Option all = no
2015-03-23 18:38:41.547 Option recurse = yes
2015-03-23 18:38:41.547 Option archive = no
2015-03-23 18:38:41.547 Option service = yes
2015-03-23 18:38:41.547 Option confirm = yes
2015-03-23 18:38:41.547 Option sxl = yes
2015-03-23 18:38:41.547 Option max-data-age = 35
2015-03-23 18:38:41.547 Option EnableSafeClean = yes
2015-03-23 18:38:42.748 Option vdl-logging = yes
2015-03-23 18:38:42.748 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-23 18:38:42.748 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-23 18:38:42.748 Component SVRTcli.exe version 2.5.4
2015-03-23 18:38:42.748 Component control.dll version 2.5.4
2015-03-23 18:38:42.748 Component SVRTservice.exe version 2.5.4
2015-03-23 18:38:42.748 Component engine\osdp.dll version 1.44.1.2183
2015-03-23 18:38:42.748 Component engine\veex.dll version 3.58.3.2183
2015-03-23 18:38:42.748 Component engine\savi.dll version 8.1.5.2183
2015-03-23 18:38:42.764 Component rkdisk.dll version 1.5.30.0
2015-03-23 18:38:42.764 Version info: Product version 2.5.4
2015-03-23 18:38:42.764 Version info: Detection engine 3.58.3
2015-03-23 18:38:42.764 Version info: Detection data 5.11
2015-03-23 18:38:42.764 Version info: Build date 2/3/2015
2015-03-23 18:38:42.764 Version info: Data files added 452
2015-03-23 18:38:42.764 Version info: Last successful update (not yet updated)
2015-03-23 18:38:54.698 Downloading updates...
2015-03-23 18:38:54.698 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE512 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE513 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE514 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE515 LATEST
2015-03-23 18:38:54.698 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-03-23 18:38:54.698 Update progress: [I19463] Syncing product SAVIW32 51
2015-03-23 18:38:56.648 Update progress: [I19463] Syncing product IDE512 166
2015-03-23 18:38:58.769 Installing updates...
2015-03-23 18:38:59.378 Error level 1
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE513 171
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE514 120
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE515 1
2015-03-23 18:39:49.360 Update successful
2015-03-23 18:40:13.166 Option all = no
2015-03-23 18:40:13.166 Option recurse = yes
2015-03-23 18:40:13.166 Option archive = no
2015-03-23 18:40:13.166 Option service = yes
2015-03-23 18:40:13.166 Option confirm = yes
2015-03-23 18:40:13.166 Option sxl = yes
2015-03-23 18:40:13.166 Option max-data-age = 35
2015-03-23 18:40:13.166 Option EnableSafeClean = yes
2015-03-23 18:40:13.228 Option vdl-logging = yes
2015-03-23 18:40:13.228 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-23 18:40:13.228 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-23 18:40:13.244 Component SVRTcli.exe version 2.5.4
2015-03-23 18:40:13.244 Component control.dll version 2.5.4
2015-03-23 18:40:13.244 Component SVRTservice.exe version 2.5.4
2015-03-23 18:40:13.244 Component engine\osdp.dll version 1.44.1.2183
2015-03-23 18:40:13.244 Component engine\veex.dll version 3.58.3.2183
2015-03-23 18:40:13.244 Component engine\savi.dll version 8.1.5.2183
2015-03-23 18:40:13.244 Component rkdisk.dll version 1.5.30.0
2015-03-23 18:40:25.802 Version info: Product version 2.5.4
2015-03-23 18:40:25.802 Version info: Detection engine 3.58.3
2015-03-23 18:40:25.802 Version info: Detection data 5.11G
2015-03-23 18:40:25.802 Version info: Build date 2/3/2015
2015-03-23 18:40:25.802 Version info: Data files added 452
2015-03-23 18:40:25.802 Version info: Last successful update 3/23/2015 2:39:49 PM

2015-03-23 19:15:57.639 Could not open C:\hiberfil.sys
2015-03-23 19:16:12.600 Could not open C:\pagefile.sys
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{458c5c74-cf35-11e4-ae89-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{67ac7370-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac7374-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac75a3-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac7749-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{bf491a05-ce4d-11e4-b7e5-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{f9375a36-d184-11e4-9d4c-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 20:27:58.062 >>> Virus 'Mal/PDFEx-H' found in file C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:53:16.429 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-03-23 20:53:16.434 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-03-23 20:53:21.776 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-03-23 20:53:21.795 Could not open C:\Windows\System32\config\RegBack\SAM
2015-03-23 20:53:21.802 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-03-23 20:53:21.808 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-03-23 20:53:21.814 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-03-23 21:17:45.495 >>> Virus 'Mal/EncPk-KY' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe
2015-03-23 21:17:45.495 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:45.496 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:45.496 >>> Virus 'Mal/EncPk-KY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.505 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html
2015-03-23 21:17:57.506 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.506 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.507 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.714 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html
2015-03-23 21:18:22.715 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.715 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.716 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.211 >>> Virus 'Mal/PDFEx-H' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.029 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.823 >>> Virus 'Mal/Medfos-K' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe
2015-03-23 21:19:09.824 >>> Virus 'Mal/Medfos-K' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.824 >>> Virus 'Mal/Medfos-K' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.825 >>> Virus 'Mal/Medfos-K' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.059 >>> Virus 'Mal/EncPk-KY' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe
2015-03-23 21:19:20.060 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.060 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.061 >>> Virus 'Mal/EncPk-KY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.214 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll
2015-03-23 21:19:37.214 >>> Virus 'Mal/Behav-365' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.215 >>> Virus 'Mal/Behav-365' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.215 >>> Virus 'Mal/Behav-365' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.487 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-23 21:19:37.487 Disinfection not offered
2015-03-23 21:20:03.212 >>> Virus 'Mal/Krap-D' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.649 >>> Virus 'Mal/Krap-E' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe
2015-03-23 21:20:37.650 >>> Virus 'Mal/Krap-E' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.650 >>> Virus 'Mal/Krap-E' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.651 >>> Virus 'Mal/Krap-E' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.296 >>> Virus 'Mal/Krap-A' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe
2015-03-23 21:21:00.297 >>> Virus 'Mal/Krap-A' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.298 >>> Virus 'Mal/Krap-A' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.299 >>> Virus 'Mal/Krap-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:01.598 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-23 21:21:01.598 Disinfection not offered
2015-03-23 21:21:24.561 >>> Virus 'Mal/Generic-S' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe
2015-03-23 21:21:24.562 >>> Virus 'Mal/Generic-S' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe
2015-03-23 21:21:24.563 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:24.563 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:24.564 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:30.876 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-23 21:21:30.876 Disinfection not offered
2015-03-23 21:22:10.958 >>> Virus 'Mal/TDSSPk-F' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.637 >>> Virus 'Troj/VB-EJV' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e
2015-03-23 21:22:21.638 >>> Virus 'Troj/VB-EJV' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.639 >>> Virus 'Troj/VB-EJV' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.640 >>> Virus 'Troj/VB-EJV' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:42:43.433 Password protected file E:\toshiba250external\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:00:20.405 Password protected file E:\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:17:48.036 Password protected file E:\work pc transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:31:56.051 Could not open LOGICAL:0007:00000000
2015-03-23 22:31:56.051 Could not open H:\
2015-03-23 22:31:56.066 Could not open LOGICAL:0008:00000000
2015-03-23 22:31:56.066 Could not open I:\
2015-03-23 22:31:56.066 Could not open LOGICAL:0009:00000000
2015-03-23 22:31:56.082 Could not open J:\
2015-03-23 22:31:56.082 Could not open LOGICAL:000A:00000000
2015-03-23 22:31:56.097 Could not open K:\
2015-03-23 22:31:56.363 Could not open PHYSICAL:0082:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0083:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0084:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0085:0000:0000:0001
2015-03-23 22:31:56.441 The following items will be cleaned up:
2015-03-23 22:31:56.441 Mal/PDFEx-H
2015-03-23 22:31:56.441 Mal/EncPk-KY
2015-03-23 22:31:56.441 Mal/ExpJS-AM
2015-03-23 22:31:56.441 Mal/Medfos-K
2015-03-23 22:31:56.441 Mal/Behav-365
2015-03-23 22:31:56.441 Mal/Krap-D
2015-03-23 22:31:56.441 Mal/Krap-E
2015-03-23 22:31:56.456 Mal/Krap-A
2015-03-23 22:31:56.456 Mal/Generic-S
2015-03-23 22:31:56.456 Mal/TDSSPk-F
2015-03-23 22:31:56.456 Troj/VB-EJV
2015-03-23 22:31:56.456 Mal/Behav-365
2015-03-23 22:31:56.456 Troj/PdfJS-HO
2015-03-23 22:31:56.456 Mal/Behav-365
2015-03-24 13:45:29.797 Threat 'Mal/PDFEx-H' has been cleaned up.
2015-03-24 13:45:29.797 File "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.797 File "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" has been cleaned up.
2015-03-24 13:45:29.797 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" has been cleaned up.
2015-03-24 13:45:29.798 Registry value "HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 Registry value "HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-03-24 13:45:29.798 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-03-24 13:45:29.798 Removal successful
2015-03-24 13:45:46.052 Threat 'Mal/EncPk-KY' has been cleaned up.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe" belongs to malware 'Mal/EncPk-KY'.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe" has been cleaned up.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe" belongs to malware 'Mal/EncPk-KY'.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe" has been cleaned up.
2015-03-24 13:45:46.052 Removal successful
2015-03-24 13:46:12.175 Threat 'Mal/ExpJS-AM' has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html" has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html" has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html" has been cleaned up.
2015-03-24 13:46:12.175 Removal successful
2015-03-24 13:46:20.451 Threat 'Mal/Medfos-K' has been cleaned up.
2015-03-24 13:46:20.451 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe" belongs to malware 'Mal/Medfos-K'.
2015-03-24 13:46:20.451 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe" has been cleaned up.
2015-03-24 13:46:20.452 Removal successful
2015-03-24 13:46:29.756 Threat 'Mal/Behav-365' has been cleaned up.
2015-03-24 13:46:29.756 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll" belongs to malware 'Mal/Behav-365'.
2015-03-24 13:46:29.756 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll" has been cleaned up.
2015-03-24 13:46:29.756 Removal successful
2015-03-24 13:46:38.997 Threat 'Mal/Krap-D' has been cleaned up.
2015-03-24 13:46:38.997 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe" belongs to malware 'Mal/Krap-D'.
2015-03-24 13:46:38.997 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe" has been cleaned up.
2015-03-24 13:46:38.997 Removal successful
2015-03-24 13:46:48.406 Threat 'Mal/Krap-E' has been cleaned up.
2015-03-24 13:46:48.406 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe" belongs to malware 'Mal/Krap-E'.
2015-03-24 13:46:48.406 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe" has been cleaned up.
2015-03-24 13:46:48.406 Removal successful
2015-03-24 13:46:57.565 Threat 'Mal/Krap-A' has been cleaned up.
2015-03-24 13:46:57.565 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe" belongs to malware 'Mal/Krap-A'.
2015-03-24 13:46:57.565 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe" has been cleaned up.
2015-03-24 13:46:57.565 Removal successful
2015-03-24 13:47:07.262 Threat 'Mal/Generic-S' has been cleaned up.
2015-03-24 13:47:07.262 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe" belongs to malware 'Mal/Generic-S'.
2015-03-24 13:47:07.262 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe" has been cleaned up.
2015-03-24 13:47:07.262 Removal successful
2015-03-24 13:47:15.344 Threat 'Mal/TDSSPk-F' has been cleaned up.
2015-03-24 13:47:15.344 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950" belongs to malware 'Mal/TDSSPk-F'.
2015-03-24 13:47:15.344 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950" has been cleaned up.
2015-03-24 13:47:15.344 Removal successful
2015-03-24 13:47:23.373 Threat 'Troj/VB-EJV' has been cleaned up.
2015-03-24 13:47:23.373 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e" belongs to 'Troj/VB-EJV'.
2015-03-24 13:47:23.373 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e" has been cleaned up.
2015-03-24 13:47:23.374 Removal successful
2015-03-24 13:47:23.698 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-24 13:47:23.698 Disinfection not offered
2015-03-24 13:47:23.699 Disinfection failed [0xa0040208]
2015-03-24 13:47:23.863 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-24 13:47:23.863 Disinfection not offered
2015-03-24 13:47:23.863 Disinfection failed [0xa0040208]
2015-03-24 13:47:24.051 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-24 13:47:24.051 Disinfection not offered
2015-03-24 13:47:24.051 Disinfection failed [0xa0040208]
2015-03-24 13:47:24.054 Error: cleanup failed.
2015-03-24 13:47:24.087 Contents of SafeClean bin directory:
2015-03-24 13:47:24.087 {
2015-03-24 13:47:24.087 RecordID : "0000000000000001",
2015-03-24 13:47:24.087 ItemType : "1",
2015-03-24 13:47:24.087 Location : "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.087 FileName : "pdf[1].pdf",
2015-03-24 13:47:24.087 ThreatName : "Mal/PDFEx-H",
2015-03-24 13:47:24.087 Checksum : "7553dbbaf582432f962cf53ece5944560ac9e1e72eb61f18d5f7f548baa0bbc1",
2015-03-24 13:47:24.087 TimeStamp : "Tue Mar 24 09:45:12 2015"
2015-03-24 13:47:24.087 }
2015-03-24 13:47:24.087 {
2015-03-24 13:47:24.088 RecordID : "0000000000000002",
2015-03-24 13:47:24.088 ItemType : "1",
2015-03-24 13:47:24.088 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.088 FileName : "pdf[1].pdf",
2015-03-24 13:47:24.088 ThreatName : "Mal/PDFEx-H",
2015-03-24 13:47:24.088 Checksum : "7553dbbaf582432f962cf53ece5944560ac9e1e72eb61f18d5f7f548baa0bbc1",
2015-03-24 13:47:24.088 TimeStamp : "Tue Mar 24 09:45:12 2015"
2015-03-24 13:47:24.088 }
2015-03-24 13:47:24.088 {
2015-03-24 13:47:24.088 RecordID : "0000000000000003",
2015-03-24 13:47:24.088 ItemType : "1",
2015-03-24 13:47:24.088 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\",
2015-03-24 13:47:24.088 FileName : "movie[1].exe",
2015-03-24 13:47:24.088 ThreatName : "Mal/EncPk-KY",
2015-03-24 13:47:24.088 Checksum : "85b81e8f66586321a1fd5e924daf7f4fc17e2237fe6b73a7df15ebefb9b7f34c",
2015-03-24 13:47:24.089 TimeStamp : "Tue Mar 24 09:45:29 2015"
2015-03-24 13:47:24.089 }
2015-03-24 13:47:24.089 {
2015-03-24 13:47:24.089 RecordID : "0000000000000004",
2015-03-24 13:47:24.089 ItemType : "1",
2015-03-24 13:47:24.089 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\",
2015-03-24 13:47:24.089 FileName : "movie[2].exe",
2015-03-24 13:47:24.089 ThreatName : "Mal/EncPk-KY",
2015-03-24 13:47:24.089 Checksum : "b5fbc754148f09fbe35bcdb0578922cb546f846503f095ca8ff6bd62f70c7cc0",
2015-03-24 13:47:24.089 TimeStamp : "Tue Mar 24 09:45:29 2015"
2015-03-24 13:47:24.089 }
2015-03-24 13:47:24.089 {
2015-03-24 13:47:24.089 RecordID : "0000000000000005",
2015-03-24 13:47:24.089 ItemType : "1",
2015-03-24 13:47:24.089 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\",
2015-03-24 13:47:24.090 FileName : "news[1].html",
2015-03-24 13:47:24.090 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.090 Checksum : "50e047a60fe38a30309a0c1692494741b898f65411926710c72a39ffad86e4f0",
2015-03-24 13:47:24.090 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.090 }
2015-03-24 13:47:24.090 {
2015-03-24 13:47:24.090 RecordID : "0000000000000006",
2015-03-24 13:47:24.090 ItemType : "1",
2015-03-24 13:47:24.090 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.090 FileName : "in[1].html",
2015-03-24 13:47:24.090 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.090 Checksum : "f48ab708f0d03b45d7c1311e27164b1d007275d4bf5dac5abc5b122968c6615d",
2015-03-24 13:47:24.090 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.090 }
2015-03-24 13:47:24.090 {
2015-03-24 13:47:24.091 RecordID : "0000000000000007",
2015-03-24 13:47:24.091 ItemType : "1",
2015-03-24 13:47:24.091 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\",
2015-03-24 13:47:24.091 FileName : "news[1].html",
2015-03-24 13:47:24.091 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.091 Checksum : "bde0117a4ac26625fff0a9eb2633aafd4555e3acf1f094ea755d2c96667f8501",
2015-03-24 13:47:24.091 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.091 }
2015-03-24 13:47:24.091 {
2015-03-24 13:47:24.091 RecordID : "0000000000000008",
2015-03-24 13:47:24.091 ItemType : "1",
2015-03-24 13:47:24.091 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\",
2015-03-24 13:47:24.091 FileName : "movie[1].exe",
2015-03-24 13:47:24.091 ThreatName : "Mal/Medfos-K",
2015-03-24 13:47:24.091 Checksum : "8e0ba7b4439e2abeb3d697765fe4d2c68ee50ae369a7d8c7fcf227d7076fcb98",
2015-03-24 13:47:24.092 TimeStamp : "Tue Mar 24 09:46:12 2015"
2015-03-24 13:47:24.092 }
2015-03-24 13:47:24.092 {
2015-03-24 13:47:24.092 RecordID : "0000000000000009",
2015-03-24 13:47:24.092 ItemType : "1",
2015-03-24 13:47:24.092 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\",
2015-03-24 13:47:24.092 FileName : "netsysdev.dll",
2015-03-24 13:47:24.092 ThreatName : "Mal/Behav-365",
2015-03-24 13:47:24.092 Checksum : "c5196cf17d335afc5cd4a8ae1e6fb7e1a9c1f63fa12bc26ab98486bf0e9f9fd9",
2015-03-24 13:47:24.092 TimeStamp : "Tue Mar 24 09:46:20 2015"
2015-03-24 13:47:24.092 }
2015-03-24 13:47:24.092 {
2015-03-24 13:47:24.092 RecordID : "000000000000000a",
2015-03-24 13:47:24.092 ItemType : "1",
2015-03-24 13:47:24.093 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.093 FileName : "c.exe",
2015-03-24 13:47:24.093 ThreatName : "Mal/Krap-D",
2015-03-24 13:47:24.093 Checksum : "deac3873d7c0e4f751c6d3b58fe252f18c2101d55bd3e274690d704e451597c0",
2015-03-24 13:47:24.093 TimeStamp : "Tue Mar 24 09:46:29 2015"
2015-03-24 13:47:24.093 }
2015-03-24 13:47:24.093 {
2015-03-24 13:47:24.093 RecordID : "000000000000000b",
2015-03-24 13:47:24.093 ItemType : "1",
2015-03-24 13:47:24.093 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.093 FileName : "e.exe",
2015-03-24 13:47:24.093 ThreatName : "Mal/Krap-E",
2015-03-24 13:47:24.093 Checksum : "fdf08640931ae384eda605faa9951a014b0428c6dffbf6e32e059a811030ed28",
2015-03-24 13:47:24.093 TimeStamp : "Tue Mar 24 09:46:38 2015"
2015-03-24 13:47:24.093 }
2015-03-24 13:47:24.093 {
2015-03-24 13:47:24.094 RecordID : "000000000000000c",
2015-03-24 13:47:24.094 ItemType : "1",
2015-03-24 13:47:24.094 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.094 FileName : "f.exe",
2015-03-24 13:47:24.094 ThreatName : "Mal/Krap-A",
2015-03-24 13:47:24.094 Checksum : "a6d3021dfd8e5951619b39c5fcffdd38d8211006e7f58b7e7bc8f99d4099b5c7",
2015-03-24 13:47:24.094 TimeStamp : "Tue Mar 24 09:46:48 2015"
2015-03-24 13:47:24.094 }
2015-03-24 13:47:24.094 {
2015-03-24 13:47:24.094 RecordID : "000000000000000d",
2015-03-24 13:47:24.094 ItemType : "1",
2015-03-24 13:47:24.094 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.094 FileName : "statx.exe",
2015-03-24 13:47:24.094 ThreatName : "Mal/Generic-S",
2015-03-24 13:47:24.095 Checksum : "de2b7f73b2470533134b6475aa8885f4bd92966dd3059fbd8a6a7f7e15a85c17",
2015-03-24 13:47:24.095 TimeStamp : "Tue Mar 24 09:46:57 2015"
2015-03-24 13:47:24.095 }
2015-03-24 13:47:24.095 {
2015-03-24 13:47:24.095 RecordID : "000000000000000e",
2015-03-24 13:47:24.095 ItemType : "1",
2015-03-24 13:47:24.095 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\",
2015-03-24 13:47:24.095 FileName : "799a240d-6447d950",
2015-03-24 13:47:24.095 ThreatName : "Mal/TDSSPk-F",
2015-03-24 13:47:24.095 Checksum : "99e95a77c554be077c03372e9bd8db4f7a19c08aa3d1956e665a5f259ebd43ec",
2015-03-24 13:47:24.095 TimeStamp : "Tue Mar 24 09:47:07 2015"
2015-03-24 13:47:24.095 }
2015-03-24 13:47:24.095 {
2015-03-24 13:47:24.095 RecordID : "000000000000000f",
2015-03-24 13:47:24.095 ItemType : "1",
2015-03-24 13:47:24.096 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\",
2015-03-24 13:47:24.096 FileName : "2432330f-5f71242e",
2015-03-24 13:47:24.096 ThreatName : "Troj/VB-EJV",
2015-03-24 13:47:24.096 Checksum : "c787a407237496fd940a385733c884ec264d10e140a674e7dbcdb387839a9b23",
2015-03-24 13:47:24.096 TimeStamp : "Tue Mar 24 09:47:15 2015"
2015-03-24 13:47:24.096 }
2015-03-24 13:47:24.980 Error level 0

2015-03-24 13:49:08.063

------------------------------------------------------------

2015-03-24 13:57:29.127 Sophos Virus Removal Tool version 2.5.4
2015-03-24 13:57:29.127 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-03-24 13:57:29.127 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-03-24 13:57:29.127 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-03-24 13:57:29.128 Checking for updates...
2015-03-24 13:57:33.143 Update progress: proxy server not available
2015-03-24 13:58:00.738 Option all = no
2015-03-24 13:58:00.738 Option recurse = yes
2015-03-24 13:58:00.738 Option archive = no
2015-03-24 13:58:00.738 Option service = yes
2015-03-24 13:58:00.738 Option confirm = yes
2015-03-24 13:58:00.738 Option sxl = yes
2015-03-24 13:58:00.739 Option max-data-age = 35
2015-03-24 13:58:00.739 Option EnableSafeClean = yes
2015-03-24 13:58:00.807 Option vdl-logging = yes
2015-03-24 13:58:00.814 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-24 13:58:00.814 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-24 13:58:00.816 Component SVRTcli.exe version 2.5.4
2015-03-24 13:58:00.816 Component control.dll version 2.5.4
2015-03-24 13:58:00.817 Component SVRTservice.exe version 2.5.4
2015-03-24 13:58:00.817 Component engine\osdp.dll version 1.44.1.2183
2015-03-24 13:58:00.818 Component engine\veex.dll version 3.58.3.2183
2015-03-24 13:58:00.819 Component engine\savi.dll version 8.1.5.2183
2015-03-24 13:58:00.820 Component rkdisk.dll version 1.5.30.0
2015-03-24 13:58:00.820 Version info: Product version 2.5.4
2015-03-24 13:58:00.821 Version info: Detection engine 3.58.3
2015-03-24 13:58:00.821 Version info: Detection data 5.11G
2015-03-24 13:58:00.821 Version info: Build date 2/3/2015
2015-03-24 13:58:00.821 Version info: Data files added 452
2015-03-24 13:58:00.821 Version info: Last successful update 3/23/2015 2:39:49 PM
2015-03-24 13:58:01.472 Downloading updates...
2015-03-24 13:58:01.473 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-03-24 13:58:01.473 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-03-24 13:58:01.473 Update progress: [I49502] Found supplement IDE512 LATEST
2015-03-24 13:58:01.473 Update progress: [I49502] Found supplement IDE513 LATEST
2015-03-24 13:58:01.474 Update progress: [I49502] Found supplement IDE514 LATEST
2015-03-24 13:58:01.474 Update progress: [I49502] Found supplement IDE515 LATEST
2015-03-24 13:58:01.474 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-03-24 13:58:01.474 Update progress: [I19463] Syncing product SAVIW32 51
2015-03-24 13:58:01.474 Update progress: [I19463] Syncing product IDE512 166
2015-03-24 13:58:01.783 Update progress: [I19463] Syncing product IDE513 171
2015-03-24 13:58:01.783 Update progress: [I19463] Syncing product IDE514 125
2015-03-24 13:58:02.253 Installing updates...
2015-03-24 13:58:02.856 Error level 1
2015-03-24 13:58:03.461 Update progress: [I19463] Syncing product IDE515 1
2015-03-24 13:58:03.699 Update successful
2015-03-24 13:58:12.397 Option all = no
2015-03-24 13:58:12.397 Option recurse = yes
2015-03-24 13:58:12.398 Option archive = no
2015-03-24 13:58:12.398 Option service = yes
2015-03-24 13:58:12.398 Option confirm = yes
2015-03-24 13:58:12.398 Option sxl = yes
2015-03-24 13:58:12.399 Option max-data-age = 35
2015-03-24 13:58:12.399 Option EnableSafeClean = yes
2015-03-24 13:58:12.466 Option vdl-logging = yes
2015-03-24 13:58:12.473 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-24 13:58:12.473 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-24 13:58:12.475 Component SVRTcli.exe version 2.5.4
2015-03-24 13:58:12.476 Component control.dll version 2.5.4
2015-03-24 13:58:12.476 Component SVRTservice.exe version 2.5.4
2015-03-24 13:58:12.477 Component engine\osdp.dll version 1.44.1.2183
2015-03-24 13:58:12.477 Component engine\veex.dll version 3.58.3.2183
2015-03-24 13:58:12.478 Component engine\savi.dll version 8.1.5.2183
2015-03-24 13:58:12.479 Component rkdisk.dll version 1.5.30.0
2015-03-24 13:58:12.479 Version info: Product version 2.5.4
2015-03-24 13:58:12.480 Version info: Detection engine 3.58.3
2015-03-24 13:58:12.480 Version info: Detection data 5.11G
2015-03-24 13:58:12.480 Version info: Build date 2/3/2015
2015-03-24 13:58:12.480 Version info: Data files added 457
2015-03-24 13:58:12.480 Version info: Last successful update 3/24/2015 9:58:03 AM

2015-03-24 14:34:29.353 Could not open C:\hiberfil.sys
2015-03-24 14:34:43.529 Could not open C:\pagefile.sys
2015-03-24 14:51:05.205 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.207 Could not open C:\System Volume Information\{458c5c74-cf35-11e4-ae89-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.209 Could not open C:\System Volume Information\{67ac7749-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.211 Could not open C:\System Volume Information\{bf491a05-ce4d-11e4-b7e5-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.213 Could not open C:\System Volume Information\{f9375a36-d184-11e4-9d4c-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.214 Could not open C:\System Volume Information\{f9375b16-d184-11e4-9d4c-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:52:06.373 Could not open C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-03-24 14:52:06.375 Could not open C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-03-24 14:52:06.597 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-03-24 14:52:06.626 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-03-24 14:52:10.200 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2015-03-24 14:52:10.782 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-03-24 14:52:22.871 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-03-24 16:13:30.523 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-03-24 16:13:30.528 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-03-24 16:13:36.303 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-03-24 16:13:36.320 Could not open C:\Windows\System32\config\RegBack\SAM
2015-03-24 16:13:36.327 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-03-24 16:13:36.333 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-03-24 16:13:36.339 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-03-24 16:41:23.010 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-24 16:41:23.010 Disinfection not offered
2015-03-24 16:41:27.392 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-24 16:41:27.392 Disinfection not offered
2015-03-24 16:41:34.992 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-24 16:41:34.992 Disinfection not offered
2015-03-24 17:02:26.045 Password protected file E:\toshiba250external\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-24 17:20:35.266 Password protected file E:\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-24 17:37:47.969 Password protected file E:\work pc transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-24 17:52:27.361 Could not open LOGICAL:0007:00000000
2015-03-24 17:52:27.369 Could not open H:\
2015-03-24 17:52:27.372 Could not open LOGICAL:0008:00000000
2015-03-24 17:52:27.381 Could not open I:\
2015-03-24 17:52:27.385 Could not open LOGICAL:0009:00000000
2015-03-24 17:52:27.392 Could not open J:\
2015-03-24 17:52:27.396 Could not open LOGICAL:000A:00000000
2015-03-24 17:52:27.405 Could not open K:\
2015-03-24 17:52:27.655 Could not open PHYSICAL:0082:0000:0000:0001
2015-03-24 17:52:27.659 Could not open PHYSICAL:0083:0000:0000:0001
2015-03-24 17:52:27.663 Could not open PHYSICAL:0084:0000:0000:0001
2015-03-24 17:52:27.668 Could not open PHYSICAL:0085:0000:0000:0001
2015-03-24 17:52:27.668 The following items will be cleaned up:
2015-03-24 17:52:27.668 Mal/Behav-365
2015-03-24 17:52:27.668 Troj/PdfJS-HO
2015-03-24 17:52:27.668 Mal/Behav-365

 

[landonswan]

And once again it said 2 threats were found during cleanup. Here is the log from that:

2015-03-23 18:38:32.998 Sophos Virus Removal Tool version 2.5.4
2015-03-23 18:38:32.998 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-03-23 18:38:32.998 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-03-23 18:38:32.998 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-03-23 18:38:32.998 Checking for updates...
2015-03-23 18:38:36.071 Update progress: proxy server not available
2015-03-23 18:38:41.547 Option all = no
2015-03-23 18:38:41.547 Option recurse = yes
2015-03-23 18:38:41.547 Option archive = no
2015-03-23 18:38:41.547 Option service = yes
2015-03-23 18:38:41.547 Option confirm = yes
2015-03-23 18:38:41.547 Option sxl = yes
2015-03-23 18:38:41.547 Option max-data-age = 35
2015-03-23 18:38:41.547 Option EnableSafeClean = yes
2015-03-23 18:38:42.748 Option vdl-logging = yes
2015-03-23 18:38:42.748 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-23 18:38:42.748 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-23 18:38:42.748 Component SVRTcli.exe version 2.5.4
2015-03-23 18:38:42.748 Component control.dll version 2.5.4
2015-03-23 18:38:42.748 Component SVRTservice.exe version 2.5.4
2015-03-23 18:38:42.748 Component engine\osdp.dll version 1.44.1.2183
2015-03-23 18:38:42.748 Component engine\veex.dll version 3.58.3.2183
2015-03-23 18:38:42.748 Component engine\savi.dll version 8.1.5.2183
2015-03-23 18:38:42.764 Component rkdisk.dll version 1.5.30.0
2015-03-23 18:38:42.764 Version info: Product version 2.5.4
2015-03-23 18:38:42.764 Version info: Detection engine 3.58.3
2015-03-23 18:38:42.764 Version info: Detection data 5.11
2015-03-23 18:38:42.764 Version info: Build date 2/3/2015
2015-03-23 18:38:42.764 Version info: Data files added 452
2015-03-23 18:38:42.764 Version info: Last successful update (not yet updated)
2015-03-23 18:38:54.698 Downloading updates...
2015-03-23 18:38:54.698 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE512 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE513 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE514 LATEST
2015-03-23 18:38:54.698 Update progress: [I49502] Found supplement IDE515 LATEST
2015-03-23 18:38:54.698 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-03-23 18:38:54.698 Update progress: [I19463] Syncing product SAVIW32 51
2015-03-23 18:38:56.648 Update progress: [I19463] Syncing product IDE512 166
2015-03-23 18:38:58.769 Installing updates...
2015-03-23 18:38:59.378 Error level 1
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE513 171
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE514 120
2015-03-23 18:38:59.409 Update progress: [I19463] Syncing product IDE515 1
2015-03-23 18:39:49.360 Update successful
2015-03-23 18:40:13.166 Option all = no
2015-03-23 18:40:13.166 Option recurse = yes
2015-03-23 18:40:13.166 Option archive = no
2015-03-23 18:40:13.166 Option service = yes
2015-03-23 18:40:13.166 Option confirm = yes
2015-03-23 18:40:13.166 Option sxl = yes
2015-03-23 18:40:13.166 Option max-data-age = 35
2015-03-23 18:40:13.166 Option EnableSafeClean = yes
2015-03-23 18:40:13.228 Option vdl-logging = yes
2015-03-23 18:40:13.228 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-23 18:40:13.228 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-23 18:40:13.244 Component SVRTcli.exe version 2.5.4
2015-03-23 18:40:13.244 Component control.dll version 2.5.4
2015-03-23 18:40:13.244 Component SVRTservice.exe version 2.5.4
2015-03-23 18:40:13.244 Component engine\osdp.dll version 1.44.1.2183
2015-03-23 18:40:13.244 Component engine\veex.dll version 3.58.3.2183
2015-03-23 18:40:13.244 Component engine\savi.dll version 8.1.5.2183
2015-03-23 18:40:13.244 Component rkdisk.dll version 1.5.30.0
2015-03-23 18:40:25.802 Version info: Product version 2.5.4
2015-03-23 18:40:25.802 Version info: Detection engine 3.58.3
2015-03-23 18:40:25.802 Version info: Detection data 5.11G
2015-03-23 18:40:25.802 Version info: Build date 2/3/2015
2015-03-23 18:40:25.802 Version info: Data files added 452
2015-03-23 18:40:25.802 Version info: Last successful update 3/23/2015 2:39:49 PM

2015-03-23 19:15:57.639 Could not open C:\hiberfil.sys
2015-03-23 19:16:12.600 Could not open C:\pagefile.sys
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{458c5c74-cf35-11e4-ae89-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.428 Could not open C:\System Volume Information\{67ac7370-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac7374-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac75a3-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{67ac7749-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{bf491a05-ce4d-11e4-b7e5-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 19:32:10.443 Could not open C:\System Volume Information\{f9375a36-d184-11e4-9d4c-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-23 20:27:58.062 >>> Virus 'Mal/PDFEx-H' found in file C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:27:58.063 >>> Virus 'Mal/PDFEx-H' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 20:53:16.429 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-03-23 20:53:16.434 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-03-23 20:53:21.776 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-03-23 20:53:21.795 Could not open C:\Windows\System32\config\RegBack\SAM
2015-03-23 20:53:21.802 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-03-23 20:53:21.808 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-03-23 20:53:21.814 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-03-23 21:17:45.495 >>> Virus 'Mal/EncPk-KY' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe
2015-03-23 21:17:45.495 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:45.496 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:45.496 >>> Virus 'Mal/EncPk-KY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.505 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html
2015-03-23 21:17:57.506 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.506 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:17:57.507 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.714 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html
2015-03-23 21:18:22.715 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.715 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:22.716 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.210 >>> Virus 'Mal/PDFEx-H' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:33.211 >>> Virus 'Mal/PDFEx-H' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.028 >>> Virus 'Mal/ExpJS-AM' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:18:46.029 >>> Virus 'Mal/ExpJS-AM' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.823 >>> Virus 'Mal/Medfos-K' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe
2015-03-23 21:19:09.824 >>> Virus 'Mal/Medfos-K' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.824 >>> Virus 'Mal/Medfos-K' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:09.825 >>> Virus 'Mal/Medfos-K' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.059 >>> Virus 'Mal/EncPk-KY' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe
2015-03-23 21:19:20.060 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.060 >>> Virus 'Mal/EncPk-KY' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:20.061 >>> Virus 'Mal/EncPk-KY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.214 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll
2015-03-23 21:19:37.214 >>> Virus 'Mal/Behav-365' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.215 >>> Virus 'Mal/Behav-365' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.215 >>> Virus 'Mal/Behav-365' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:19:37.487 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-23 21:19:37.487 Disinfection not offered
2015-03-23 21:20:03.212 >>> Virus 'Mal/Krap-D' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:03.213 >>> Virus 'Mal/Krap-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.649 >>> Virus 'Mal/Krap-E' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe
2015-03-23 21:20:37.650 >>> Virus 'Mal/Krap-E' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.650 >>> Virus 'Mal/Krap-E' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:20:37.651 >>> Virus 'Mal/Krap-E' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.296 >>> Virus 'Mal/Krap-A' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe
2015-03-23 21:21:00.297 >>> Virus 'Mal/Krap-A' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.298 >>> Virus 'Mal/Krap-A' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:00.299 >>> Virus 'Mal/Krap-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:01.598 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-23 21:21:01.598 Disinfection not offered
2015-03-23 21:21:24.561 >>> Virus 'Mal/Generic-S' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe
2015-03-23 21:21:24.562 >>> Virus 'Mal/Generic-S' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe
2015-03-23 21:21:24.563 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:24.563 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:24.564 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:21:30.876 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-23 21:21:30.876 Disinfection not offered
2015-03-23 21:22:10.958 >>> Virus 'Mal/TDSSPk-F' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:10.959 >>> Virus 'Mal/TDSSPk-F' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.637 >>> Virus 'Troj/VB-EJV' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e
2015-03-23 21:22:21.638 >>> Virus 'Troj/VB-EJV' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.639 >>> Virus 'Troj/VB-EJV' found in file HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:22:21.640 >>> Virus 'Troj/VB-EJV' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-03-23 21:42:43.433 Password protected file E:\toshiba250external\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:00:20.405 Password protected file E:\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:17:48.036 Password protected file E:\work pc transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-23 22:31:56.051 Could not open LOGICAL:0007:00000000
2015-03-23 22:31:56.051 Could not open H:\
2015-03-23 22:31:56.066 Could not open LOGICAL:0008:00000000
2015-03-23 22:31:56.066 Could not open I:\
2015-03-23 22:31:56.066 Could not open LOGICAL:0009:00000000
2015-03-23 22:31:56.082 Could not open J:\
2015-03-23 22:31:56.082 Could not open LOGICAL:000A:00000000
2015-03-23 22:31:56.097 Could not open K:\
2015-03-23 22:31:56.363 Could not open PHYSICAL:0082:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0083:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0084:0000:0000:0001
2015-03-23 22:31:56.378 Could not open PHYSICAL:0085:0000:0000:0001
2015-03-23 22:31:56.441 The following items will be cleaned up:
2015-03-23 22:31:56.441 Mal/PDFEx-H
2015-03-23 22:31:56.441 Mal/EncPk-KY
2015-03-23 22:31:56.441 Mal/ExpJS-AM
2015-03-23 22:31:56.441 Mal/Medfos-K
2015-03-23 22:31:56.441 Mal/Behav-365
2015-03-23 22:31:56.441 Mal/Krap-D
2015-03-23 22:31:56.441 Mal/Krap-E
2015-03-23 22:31:56.456 Mal/Krap-A
2015-03-23 22:31:56.456 Mal/Generic-S
2015-03-23 22:31:56.456 Mal/TDSSPk-F
2015-03-23 22:31:56.456 Troj/VB-EJV
2015-03-23 22:31:56.456 Mal/Behav-365
2015-03-23 22:31:56.456 Troj/PdfJS-HO
2015-03-23 22:31:56.456 Mal/Behav-365
2015-03-24 13:45:29.797 Threat 'Mal/PDFEx-H' has been cleaned up.
2015-03-24 13:45:29.797 File "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.797 File "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" has been cleaned up.
2015-03-24 13:45:29.797 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\pdf[1].pdf" has been cleaned up.
2015-03-24 13:45:29.798 Registry value "HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 Registry value "HKU\S-1-5-21-3743458305-1307621973-1591530318-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-03-24 13:45:29.798 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" belongs to malware 'Mal/PDFEx-H'.
2015-03-24 13:45:29.798 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect" has been cleaned up.
2015-03-24 13:45:29.798 Removal successful
2015-03-24 13:45:46.052 Threat 'Mal/EncPk-KY' has been cleaned up.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe" belongs to malware 'Mal/EncPk-KY'.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\movie[1].exe" has been cleaned up.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe" belongs to malware 'Mal/EncPk-KY'.
2015-03-24 13:45:46.052 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[2].exe" has been cleaned up.
2015-03-24 13:45:46.052 Removal successful
2015-03-24 13:46:12.175 Threat 'Mal/ExpJS-AM' has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\news[1].html" has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\in[1].html" has been cleaned up.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html" belongs to malware 'Mal/ExpJS-AM'.
2015-03-24 13:46:12.175 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\news[1].html" has been cleaned up.
2015-03-24 13:46:12.175 Removal successful
2015-03-24 13:46:20.451 Threat 'Mal/Medfos-K' has been cleaned up.
2015-03-24 13:46:20.451 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe" belongs to malware 'Mal/Medfos-K'.
2015-03-24 13:46:20.451 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\movie[1].exe" has been cleaned up.
2015-03-24 13:46:20.452 Removal successful
2015-03-24 13:46:29.756 Threat 'Mal/Behav-365' has been cleaned up.
2015-03-24 13:46:29.756 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll" belongs to malware 'Mal/Behav-365'.
2015-03-24 13:46:29.756 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\netsysdev.dll" has been cleaned up.
2015-03-24 13:46:29.756 Removal successful
2015-03-24 13:46:38.997 Threat 'Mal/Krap-D' has been cleaned up.
2015-03-24 13:46:38.997 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe" belongs to malware 'Mal/Krap-D'.
2015-03-24 13:46:38.997 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\c.exe" has been cleaned up.
2015-03-24 13:46:38.997 Removal successful
2015-03-24 13:46:48.406 Threat 'Mal/Krap-E' has been cleaned up.
2015-03-24 13:46:48.406 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe" belongs to malware 'Mal/Krap-E'.
2015-03-24 13:46:48.406 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\e.exe" has been cleaned up.
2015-03-24 13:46:48.406 Removal successful
2015-03-24 13:46:57.565 Threat 'Mal/Krap-A' has been cleaned up.
2015-03-24 13:46:57.565 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe" belongs to malware 'Mal/Krap-A'.
2015-03-24 13:46:57.565 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\f.exe" has been cleaned up.
2015-03-24 13:46:57.565 Removal successful
2015-03-24 13:47:07.262 Threat 'Mal/Generic-S' has been cleaned up.
2015-03-24 13:47:07.262 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe" belongs to malware 'Mal/Generic-S'.
2015-03-24 13:47:07.262 File "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\statx.exe" has been cleaned up.
2015-03-24 13:47:07.262 Removal successful
2015-03-24 13:47:15.344 Threat 'Mal/TDSSPk-F' has been cleaned up.
2015-03-24 13:47:15.344 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950" belongs to malware 'Mal/TDSSPk-F'.
2015-03-24 13:47:15.344 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-6447d950" has been cleaned up.
2015-03-24 13:47:15.344 Removal successful
2015-03-24 13:47:23.373 Threat 'Troj/VB-EJV' has been cleaned up.
2015-03-24 13:47:23.373 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e" belongs to 'Troj/VB-EJV'.
2015-03-24 13:47:23.373 File "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2432330f-5f71242e" has been cleaned up.
2015-03-24 13:47:23.374 Removal successful
2015-03-24 13:47:23.698 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-24 13:47:23.698 Disinfection not offered
2015-03-24 13:47:23.699 Disinfection failed [0xa0040208]
2015-03-24 13:47:23.863 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-24 13:47:23.863 Disinfection not offered
2015-03-24 13:47:23.863 Disinfection failed [0xa0040208]
2015-03-24 13:47:24.051 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-24 13:47:24.051 Disinfection not offered
2015-03-24 13:47:24.051 Disinfection failed [0xa0040208]
2015-03-24 13:47:24.054 Error: cleanup failed.
2015-03-24 13:47:24.087 Contents of SafeClean bin directory:
2015-03-24 13:47:24.087 {
2015-03-24 13:47:24.087 RecordID : "0000000000000001",
2015-03-24 13:47:24.087 ItemType : "1",
2015-03-24 13:47:24.087 Location : "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.087 FileName : "pdf[1].pdf",
2015-03-24 13:47:24.087 ThreatName : "Mal/PDFEx-H",
2015-03-24 13:47:24.087 Checksum : "7553dbbaf582432f962cf53ece5944560ac9e1e72eb61f18d5f7f548baa0bbc1",
2015-03-24 13:47:24.087 TimeStamp : "Tue Mar 24 09:45:12 2015"
2015-03-24 13:47:24.087 }
2015-03-24 13:47:24.087 {
2015-03-24 13:47:24.088 RecordID : "0000000000000002",
2015-03-24 13:47:24.088 ItemType : "1",
2015-03-24 13:47:24.088 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.088 FileName : "pdf[1].pdf",
2015-03-24 13:47:24.088 ThreatName : "Mal/PDFEx-H",
2015-03-24 13:47:24.088 Checksum : "7553dbbaf582432f962cf53ece5944560ac9e1e72eb61f18d5f7f548baa0bbc1",
2015-03-24 13:47:24.088 TimeStamp : "Tue Mar 24 09:45:12 2015"
2015-03-24 13:47:24.088 }
2015-03-24 13:47:24.088 {
2015-03-24 13:47:24.088 RecordID : "0000000000000003",
2015-03-24 13:47:24.088 ItemType : "1",
2015-03-24 13:47:24.088 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\",
2015-03-24 13:47:24.088 FileName : "movie[1].exe",
2015-03-24 13:47:24.088 ThreatName : "Mal/EncPk-KY",
2015-03-24 13:47:24.088 Checksum : "85b81e8f66586321a1fd5e924daf7f4fc17e2237fe6b73a7df15ebefb9b7f34c",
2015-03-24 13:47:24.089 TimeStamp : "Tue Mar 24 09:45:29 2015"
2015-03-24 13:47:24.089 }
2015-03-24 13:47:24.089 {
2015-03-24 13:47:24.089 RecordID : "0000000000000004",
2015-03-24 13:47:24.089 ItemType : "1",
2015-03-24 13:47:24.089 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\",
2015-03-24 13:47:24.089 FileName : "movie[2].exe",
2015-03-24 13:47:24.089 ThreatName : "Mal/EncPk-KY",
2015-03-24 13:47:24.089 Checksum : "b5fbc754148f09fbe35bcdb0578922cb546f846503f095ca8ff6bd62f70c7cc0",
2015-03-24 13:47:24.089 TimeStamp : "Tue Mar 24 09:45:29 2015"
2015-03-24 13:47:24.089 }
2015-03-24 13:47:24.089 {
2015-03-24 13:47:24.089 RecordID : "0000000000000005",
2015-03-24 13:47:24.089 ItemType : "1",
2015-03-24 13:47:24.089 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\",
2015-03-24 13:47:24.090 FileName : "news[1].html",
2015-03-24 13:47:24.090 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.090 Checksum : "50e047a60fe38a30309a0c1692494741b898f65411926710c72a39ffad86e4f0",
2015-03-24 13:47:24.090 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.090 }
2015-03-24 13:47:24.090 {
2015-03-24 13:47:24.090 RecordID : "0000000000000006",
2015-03-24 13:47:24.090 ItemType : "1",
2015-03-24 13:47:24.090 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 13:47:24.090 FileName : "in[1].html",
2015-03-24 13:47:24.090 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.090 Checksum : "f48ab708f0d03b45d7c1311e27164b1d007275d4bf5dac5abc5b122968c6615d",
2015-03-24 13:47:24.090 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.090 }
2015-03-24 13:47:24.090 {
2015-03-24 13:47:24.091 RecordID : "0000000000000007",
2015-03-24 13:47:24.091 ItemType : "1",
2015-03-24 13:47:24.091 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\",
2015-03-24 13:47:24.091 FileName : "news[1].html",
2015-03-24 13:47:24.091 ThreatName : "Mal/ExpJS-AM",
2015-03-24 13:47:24.091 Checksum : "bde0117a4ac26625fff0a9eb2633aafd4555e3acf1f094ea755d2c96667f8501",
2015-03-24 13:47:24.091 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 13:47:24.091 }
2015-03-24 13:47:24.091 {
2015-03-24 13:47:24.091 RecordID : "0000000000000008",
2015-03-24 13:47:24.091 ItemType : "1",
2015-03-24 13:47:24.091 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\",
2015-03-24 13:47:24.091 FileName : "movie[1].exe",
2015-03-24 13:47:24.091 ThreatName : "Mal/Medfos-K",
2015-03-24 13:47:24.091 Checksum : "8e0ba7b4439e2abeb3d697765fe4d2c68ee50ae369a7d8c7fcf227d7076fcb98",
2015-03-24 13:47:24.092 TimeStamp : "Tue Mar 24 09:46:12 2015"
2015-03-24 13:47:24.092 }
2015-03-24 13:47:24.092 {
2015-03-24 13:47:24.092 RecordID : "0000000000000009",
2015-03-24 13:47:24.092 ItemType : "1",
2015-03-24 13:47:24.092 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\",
2015-03-24 13:47:24.092 FileName : "netsysdev.dll",
2015-03-24 13:47:24.092 ThreatName : "Mal/Behav-365",
2015-03-24 13:47:24.092 Checksum : "c5196cf17d335afc5cd4a8ae1e6fb7e1a9c1f63fa12bc26ab98486bf0e9f9fd9",
2015-03-24 13:47:24.092 TimeStamp : "Tue Mar 24 09:46:20 2015"
2015-03-24 13:47:24.092 }
2015-03-24 13:47:24.092 {
2015-03-24 13:47:24.092 RecordID : "000000000000000a",
2015-03-24 13:47:24.092 ItemType : "1",
2015-03-24 13:47:24.093 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.093 FileName : "c.exe",
2015-03-24 13:47:24.093 ThreatName : "Mal/Krap-D",
2015-03-24 13:47:24.093 Checksum : "deac3873d7c0e4f751c6d3b58fe252f18c2101d55bd3e274690d704e451597c0",
2015-03-24 13:47:24.093 TimeStamp : "Tue Mar 24 09:46:29 2015"
2015-03-24 13:47:24.093 }
2015-03-24 13:47:24.093 {
2015-03-24 13:47:24.093 RecordID : "000000000000000b",
2015-03-24 13:47:24.093 ItemType : "1",
2015-03-24 13:47:24.093 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.093 FileName : "e.exe",
2015-03-24 13:47:24.093 ThreatName : "Mal/Krap-E",
2015-03-24 13:47:24.093 Checksum : "fdf08640931ae384eda605faa9951a014b0428c6dffbf6e32e059a811030ed28",
2015-03-24 13:47:24.093 TimeStamp : "Tue Mar 24 09:46:38 2015"
2015-03-24 13:47:24.093 }
2015-03-24 13:47:24.093 {
2015-03-24 13:47:24.094 RecordID : "000000000000000c",
2015-03-24 13:47:24.094 ItemType : "1",
2015-03-24 13:47:24.094 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.094 FileName : "f.exe",
2015-03-24 13:47:24.094 ThreatName : "Mal/Krap-A",
2015-03-24 13:47:24.094 Checksum : "a6d3021dfd8e5951619b39c5fcffdd38d8211006e7f58b7e7bc8f99d4099b5c7",
2015-03-24 13:47:24.094 TimeStamp : "Tue Mar 24 09:46:48 2015"
2015-03-24 13:47:24.094 }
2015-03-24 13:47:24.094 {
2015-03-24 13:47:24.094 RecordID : "000000000000000d",
2015-03-24 13:47:24.094 ItemType : "1",
2015-03-24 13:47:24.094 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 13:47:24.094 FileName : "statx.exe",
2015-03-24 13:47:24.094 ThreatName : "Mal/Generic-S",
2015-03-24 13:47:24.095 Checksum : "de2b7f73b2470533134b6475aa8885f4bd92966dd3059fbd8a6a7f7e15a85c17",
2015-03-24 13:47:24.095 TimeStamp : "Tue Mar 24 09:46:57 2015"
2015-03-24 13:47:24.095 }
2015-03-24 13:47:24.095 {
2015-03-24 13:47:24.095 RecordID : "000000000000000e",
2015-03-24 13:47:24.095 ItemType : "1",
2015-03-24 13:47:24.095 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\",
2015-03-24 13:47:24.095 FileName : "799a240d-6447d950",
2015-03-24 13:47:24.095 ThreatName : "Mal/TDSSPk-F",
2015-03-24 13:47:24.095 Checksum : "99e95a77c554be077c03372e9bd8db4f7a19c08aa3d1956e665a5f259ebd43ec",
2015-03-24 13:47:24.095 TimeStamp : "Tue Mar 24 09:47:07 2015"
2015-03-24 13:47:24.095 }
2015-03-24 13:47:24.095 {
2015-03-24 13:47:24.095 RecordID : "000000000000000f",
2015-03-24 13:47:24.095 ItemType : "1",
2015-03-24 13:47:24.096 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\",
2015-03-24 13:47:24.096 FileName : "2432330f-5f71242e",
2015-03-24 13:47:24.096 ThreatName : "Troj/VB-EJV",
2015-03-24 13:47:24.096 Checksum : "c787a407237496fd940a385733c884ec264d10e140a674e7dbcdb387839a9b23",
2015-03-24 13:47:24.096 TimeStamp : "Tue Mar 24 09:47:15 2015"
2015-03-24 13:47:24.096 }
2015-03-24 13:47:24.980 Error level 0

2015-03-24 13:49:08.063

 

[landonswan]

Continued.....

------------------------------------------------------------

2015-03-24 13:57:29.127 Sophos Virus Removal Tool version 2.5.4
2015-03-24 13:57:29.127 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-03-24 13:57:29.127 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-03-24 13:57:29.127 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2015-03-24 13:57:29.128 Checking for updates...
2015-03-24 13:57:33.143 Update progress: proxy server not available
2015-03-24 13:58:00.738 Option all = no
2015-03-24 13:58:00.738 Option recurse = yes
2015-03-24 13:58:00.738 Option archive = no
2015-03-24 13:58:00.738 Option service = yes
2015-03-24 13:58:00.738 Option confirm = yes
2015-03-24 13:58:00.738 Option sxl = yes
2015-03-24 13:58:00.739 Option max-data-age = 35
2015-03-24 13:58:00.739 Option EnableSafeClean = yes
2015-03-24 13:58:00.807 Option vdl-logging = yes
2015-03-24 13:58:00.814 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-24 13:58:00.814 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-24 13:58:00.816 Component SVRTcli.exe version 2.5.4
2015-03-24 13:58:00.816 Component control.dll version 2.5.4
2015-03-24 13:58:00.817 Component SVRTservice.exe version 2.5.4
2015-03-24 13:58:00.817 Component engine\osdp.dll version 1.44.1.2183
2015-03-24 13:58:00.818 Component engine\veex.dll version 3.58.3.2183
2015-03-24 13:58:00.819 Component engine\savi.dll version 8.1.5.2183
2015-03-24 13:58:00.820 Component rkdisk.dll version 1.5.30.0
2015-03-24 13:58:00.820 Version info: Product version 2.5.4
2015-03-24 13:58:00.821 Version info: Detection engine 3.58.3
2015-03-24 13:58:00.821 Version info: Detection data 5.11G
2015-03-24 13:58:00.821 Version info: Build date 2/3/2015
2015-03-24 13:58:00.821 Version info: Data files added 452
2015-03-24 13:58:00.821 Version info: Last successful update 3/23/2015 2:39:49 PM
2015-03-24 13:58:01.472 Downloading updates...
2015-03-24 13:58:01.473 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-03-24 13:58:01.473 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-03-24 13:58:01.473 Update progress: [I49502] Found supplement IDE512 LATEST
2015-03-24 13:58:01.473 Update progress: [I49502] Found supplement IDE513 LATEST
2015-03-24 13:58:01.474 Update progress: [I49502] Found supplement IDE514 LATEST
2015-03-24 13:58:01.474 Update progress: [I49502] Found supplement IDE515 LATEST
2015-03-24 13:58:01.474 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-03-24 13:58:01.474 Update progress: [I19463] Syncing product SAVIW32 51
2015-03-24 13:58:01.474 Update progress: [I19463] Syncing product IDE512 166
2015-03-24 13:58:01.783 Update progress: [I19463] Syncing product IDE513 171
2015-03-24 13:58:01.783 Update progress: [I19463] Syncing product IDE514 125
2015-03-24 13:58:02.253 Installing updates...
2015-03-24 13:58:02.856 Error level 1
2015-03-24 13:58:03.461 Update progress: [I19463] Syncing product IDE515 1
2015-03-24 13:58:03.699 Update successful
2015-03-24 13:58:12.397 Option all = no
2015-03-24 13:58:12.397 Option recurse = yes
2015-03-24 13:58:12.398 Option archive = no
2015-03-24 13:58:12.398 Option service = yes
2015-03-24 13:58:12.398 Option confirm = yes
2015-03-24 13:58:12.398 Option sxl = yes
2015-03-24 13:58:12.399 Option max-data-age = 35
2015-03-24 13:58:12.399 Option EnableSafeClean = yes
2015-03-24 13:58:12.466 Option vdl-logging = yes
2015-03-24 13:58:12.473 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-03-24 13:58:12.473 Machine ID: 2dd8e96047a54102a62bb0fe42326e59
2015-03-24 13:58:12.475 Component SVRTcli.exe version 2.5.4
2015-03-24 13:58:12.476 Component control.dll version 2.5.4
2015-03-24 13:58:12.476 Component SVRTservice.exe version 2.5.4
2015-03-24 13:58:12.477 Component engine\osdp.dll version 1.44.1.2183
2015-03-24 13:58:12.477 Component engine\veex.dll version 3.58.3.2183
2015-03-24 13:58:12.478 Component engine\savi.dll version 8.1.5.2183
2015-03-24 13:58:12.479 Component rkdisk.dll version 1.5.30.0
2015-03-24 13:58:12.479 Version info: Product version 2.5.4
2015-03-24 13:58:12.480 Version info: Detection engine 3.58.3
2015-03-24 13:58:12.480 Version info: Detection data 5.11G
2015-03-24 13:58:12.480 Version info: Build date 2/3/2015
2015-03-24 13:58:12.480 Version info: Data files added 457
2015-03-24 13:58:12.480 Version info: Last successful update 3/24/2015 9:58:03 AM

2015-03-24 14:34:29.353 Could not open C:\hiberfil.sys
2015-03-24 14:34:43.529 Could not open C:\pagefile.sys
2015-03-24 14:51:05.205 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.207 Could not open C:\System Volume Information\{458c5c74-cf35-11e4-ae89-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.209 Could not open C:\System Volume Information\{67ac7749-cbed-11e4-89b1-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.211 Could not open C:\System Volume Information\{bf491a05-ce4d-11e4-b7e5-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.213 Could not open C:\System Volume Information\{f9375a36-d184-11e4-9d4c-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:51:05.214 Could not open C:\System Volume Information\{f9375b16-d184-11e4-9d4c-50e549d0b530}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-03-24 14:52:06.373 Could not open C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-03-24 14:52:06.375 Could not open C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-03-24 14:52:06.597 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-03-24 14:52:06.626 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-03-24 14:52:10.200 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2015-03-24 14:52:10.782 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-03-24 14:52:22.871 Could not check C:\Users\Landon\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-03-24 16:13:30.523 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-03-24 16:13:30.528 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-03-24 16:13:36.303 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-03-24 16:13:36.320 Could not open C:\Windows\System32\config\RegBack\SAM
2015-03-24 16:13:36.327 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-03-24 16:13:36.333 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-03-24 16:13:36.339 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-03-24 16:41:23.010 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-24 16:41:23.010 Disinfection not offered
2015-03-24 16:41:27.392 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-24 16:41:27.392 Disinfection not offered
2015-03-24 16:41:34.992 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-24 16:41:34.992 Disinfection not offered
2015-03-24 17:02:26.045 Password protected file E:\toshiba250external\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-24 17:20:35.266 Password protected file E:\work computer transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-24 17:37:47.969 Password protected file E:\work pc transfer feb 2012\landon\Downloads\The Dream Factory version 11c.xlsm
2015-03-24 17:52:27.361 Could not open LOGICAL:0007:00000000
2015-03-24 17:52:27.369 Could not open H:\
2015-03-24 17:52:27.372 Could not open LOGICAL:0008:00000000
2015-03-24 17:52:27.381 Could not open I:\
2015-03-24 17:52:27.385 Could not open LOGICAL:0009:00000000
2015-03-24 17:52:27.392 Could not open J:\
2015-03-24 17:52:27.396 Could not open LOGICAL:000A:00000000
2015-03-24 17:52:27.405 Could not open K:\
2015-03-24 17:52:27.655 Could not open PHYSICAL:0082:0000:0000:0001
2015-03-24 17:52:27.659 Could not open PHYSICAL:0083:0000:0000:0001
2015-03-24 17:52:27.663 Could not open PHYSICAL:0084:0000:0000:0001
2015-03-24 17:52:27.668 Could not open PHYSICAL:0085:0000:0000:0001
2015-03-24 17:52:27.668 The following items will be cleaned up:
2015-03-24 17:52:27.668 Mal/Behav-365
2015-03-24 17:52:27.668 Troj/PdfJS-HO
2015-03-24 17:52:27.668 Mal/Behav-365
2015-03-24 19:15:39.322 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\0.3630201462885142.exe\FILE:0001
2015-03-24 19:15:39.322 Disinfection not offered
2015-03-24 19:15:39.323 Disinfection failed [0xa0040208]
2015-03-24 19:15:39.469 >>> Virus 'Troj/PdfJS-HO' found in file E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\plugtmp-17\plugin-newplayer.pdf
2015-03-24 19:15:39.469 Disinfection not offered
2015-03-24 19:15:39.469 Disinfection failed [0xa0040208]
2015-03-24 19:15:39.747 >>> Virus 'Mal/Behav-365' found in file E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2cc13bc1-3ee9b729\FILE:0001
2015-03-24 19:15:39.747 Disinfection not offered
2015-03-24 19:15:39.747 Disinfection failed [0xa0040208]
2015-03-24 19:15:39.750 Error: cleanup failed.
2015-03-24 19:15:39.823 Contents of SafeClean bin directory:
2015-03-24 19:15:39.823 {
2015-03-24 19:15:39.823 RecordID : "0000000000000001",
2015-03-24 19:15:39.823 ItemType : "1",
2015-03-24 19:15:39.823 Location : "C:\Users\Landon\Dropbox (Landon Swan)\data\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 19:15:39.823 FileName : "pdf[1].pdf",
2015-03-24 19:15:39.823 ThreatName : "Mal/PDFEx-H",
2015-03-24 19:15:39.823 Checksum : "7553dbbaf582432f962cf53ece5944560ac9e1e72eb61f18d5f7f548baa0bbc1",
2015-03-24 19:15:39.824 TimeStamp : "Tue Mar 24 09:45:12 2015"
2015-03-24 19:15:39.824 }
2015-03-24 19:15:39.824 {
2015-03-24 19:15:39.824 RecordID : "0000000000000002",
2015-03-24 19:15:39.824 ItemType : "1",
2015-03-24 19:15:39.824 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 19:15:39.824 FileName : "pdf[1].pdf",
2015-03-24 19:15:39.824 ThreatName : "Mal/PDFEx-H",
2015-03-24 19:15:39.824 Checksum : "7553dbbaf582432f962cf53ece5944560ac9e1e72eb61f18d5f7f548baa0bbc1",
2015-03-24 19:15:39.824 TimeStamp : "Tue Mar 24 09:45:12 2015"
2015-03-24 19:15:39.824 }
2015-03-24 19:15:39.824 {
2015-03-24 19:15:39.824 RecordID : "0000000000000003",
2015-03-24 19:15:39.824 ItemType : "1",
2015-03-24 19:15:39.824 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\",
2015-03-24 19:15:39.824 FileName : "movie[1].exe",
2015-03-24 19:15:39.825 ThreatName : "Mal/EncPk-KY",
2015-03-24 19:15:39.825 Checksum : "85b81e8f66586321a1fd5e924daf7f4fc17e2237fe6b73a7df15ebefb9b7f34c",
2015-03-24 19:15:39.825 TimeStamp : "Tue Mar 24 09:45:29 2015"
2015-03-24 19:15:39.825 }
2015-03-24 19:15:39.825 {
2015-03-24 19:15:39.825 RecordID : "0000000000000004",
2015-03-24 19:15:39.825 ItemType : "1",
2015-03-24 19:15:39.825 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\",
2015-03-24 19:15:39.825 FileName : "movie[2].exe",
2015-03-24 19:15:39.825 ThreatName : "Mal/EncPk-KY",
2015-03-24 19:15:39.825 Checksum : "b5fbc754148f09fbe35bcdb0578922cb546f846503f095ca8ff6bd62f70c7cc0",
2015-03-24 19:15:39.825 TimeStamp : "Tue Mar 24 09:45:29 2015"
2015-03-24 19:15:39.825 }
2015-03-24 19:15:39.825 {
2015-03-24 19:15:39.825 RecordID : "0000000000000005",
2015-03-24 19:15:39.826 ItemType : "1",
2015-03-24 19:15:39.826 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8T5NI0DM\",
2015-03-24 19:15:39.826 FileName : "news[1].html",
2015-03-24 19:15:39.826 ThreatName : "Mal/ExpJS-AM",
2015-03-24 19:15:39.826 Checksum : "50e047a60fe38a30309a0c1692494741b898f65411926710c72a39ffad86e4f0",
2015-03-24 19:15:39.826 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 19:15:39.826 }
2015-03-24 19:15:39.826 {
2015-03-24 19:15:39.826 RecordID : "0000000000000006",
2015-03-24 19:15:39.826 ItemType : "1",
2015-03-24 19:15:39.826 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AB40JJVW\",
2015-03-24 19:15:39.826 FileName : "in[1].html",
2015-03-24 19:15:39.826 ThreatName : "Mal/ExpJS-AM",
2015-03-24 19:15:39.826 Checksum : "f48ab708f0d03b45d7c1311e27164b1d007275d4bf5dac5abc5b122968c6615d",
2015-03-24 19:15:39.826 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 19:15:39.826 }
2015-03-24 19:15:39.827 {
2015-03-24 19:15:39.827 RecordID : "0000000000000007",
2015-03-24 19:15:39.827 ItemType : "1",
2015-03-24 19:15:39.827 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2QE60P1\",
2015-03-24 19:15:39.827 FileName : "news[1].html",
2015-03-24 19:15:39.827 ThreatName : "Mal/ExpJS-AM",
2015-03-24 19:15:39.827 Checksum : "bde0117a4ac26625fff0a9eb2633aafd4555e3acf1f094ea755d2c96667f8501",
2015-03-24 19:15:39.827 TimeStamp : "Tue Mar 24 09:45:46 2015"
2015-03-24 19:15:39.827 }
2015-03-24 19:15:39.827 {
2015-03-24 19:15:39.827 RecordID : "0000000000000008",
2015-03-24 19:15:39.827 ItemType : "1",
2015-03-24 19:15:39.827 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLXDGJ97\",
2015-03-24 19:15:39.827 FileName : "movie[1].exe",
2015-03-24 19:15:39.827 ThreatName : "Mal/Medfos-K",
2015-03-24 19:15:39.828 Checksum : "8e0ba7b4439e2abeb3d697765fe4d2c68ee50ae369a7d8c7fcf227d7076fcb98",
2015-03-24 19:15:39.828 TimeStamp : "Tue Mar 24 09:46:12 2015"
2015-03-24 19:15:39.828 }
2015-03-24 19:15:39.828 {
2015-03-24 19:15:39.828 RecordID : "0000000000000009",
2015-03-24 19:15:39.828 ItemType : "1",
2015-03-24 19:15:39.828 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\netsysdev\",
2015-03-24 19:15:39.828 FileName : "netsysdev.dll",
2015-03-24 19:15:39.828 ThreatName : "Mal/Behav-365",
2015-03-24 19:15:39.828 Checksum : "c5196cf17d335afc5cd4a8ae1e6fb7e1a9c1f63fa12bc26ab98486bf0e9f9fd9",
2015-03-24 19:15:39.828 TimeStamp : "Tue Mar 24 09:46:20 2015"
2015-03-24 19:15:39.828 }
2015-03-24 19:15:39.828 {
2015-03-24 19:15:39.828 RecordID : "000000000000000a",
2015-03-24 19:15:39.828 ItemType : "1",
2015-03-24 19:15:39.828 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 19:15:39.828 FileName : "c.exe",
2015-03-24 19:15:39.829 ThreatName : "Mal/Krap-D",
2015-03-24 19:15:39.829 Checksum : "deac3873d7c0e4f751c6d3b58fe252f18c2101d55bd3e274690d704e451597c0",
2015-03-24 19:15:39.829 TimeStamp : "Tue Mar 24 09:46:29 2015"
2015-03-24 19:15:39.829 }
2015-03-24 19:15:39.829 {
2015-03-24 19:15:39.829 RecordID : "000000000000000b",
2015-03-24 19:15:39.829 ItemType : "1",
2015-03-24 19:15:39.829 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 19:15:39.829 FileName : "e.exe",
2015-03-24 19:15:39.829 ThreatName : "Mal/Krap-E",
2015-03-24 19:15:39.829 Checksum : "fdf08640931ae384eda605faa9951a014b0428c6dffbf6e32e059a811030ed28",
2015-03-24 19:15:39.829 TimeStamp : "Tue Mar 24 09:46:38 2015"
2015-03-24 19:15:39.829 }
2015-03-24 19:15:39.829 {
2015-03-24 19:15:39.830 RecordID : "000000000000000c",
2015-03-24 19:15:39.830 ItemType : "1",
2015-03-24 19:15:39.830 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 19:15:39.830 FileName : "f.exe",
2015-03-24 19:15:39.830 ThreatName : "Mal/Krap-A",
2015-03-24 19:15:39.830 Checksum : "a6d3021dfd8e5951619b39c5fcffdd38d8211006e7f58b7e7bc8f99d4099b5c7",
2015-03-24 19:15:39.830 TimeStamp : "Tue Mar 24 09:46:48 2015"
2015-03-24 19:15:39.830 }
2015-03-24 19:15:39.830 {
2015-03-24 19:15:39.830 RecordID : "000000000000000d",
2015-03-24 19:15:39.830 ItemType : "1",
2015-03-24 19:15:39.830 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\Local\Temp\",
2015-03-24 19:15:39.830 FileName : "statx.exe",
2015-03-24 19:15:39.830 ThreatName : "Mal/Generic-S",
2015-03-24 19:15:39.830 Checksum : "de2b7f73b2470533134b6475aa8885f4bd92966dd3059fbd8a6a7f7e15a85c17",
2015-03-24 19:15:39.830 TimeStamp : "Tue Mar 24 09:46:57 2015"
2015-03-24 19:15:39.830 }
2015-03-24 19:15:39.831 {
2015-03-24 19:15:39.831 RecordID : "000000000000000e",
2015-03-24 19:15:39.831 ItemType : "1",
2015-03-24 19:15:39.831 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\",
2015-03-24 19:15:39.831 FileName : "799a240d-6447d950",
2015-03-24 19:15:39.831 ThreatName : "Mal/TDSSPk-F",
2015-03-24 19:15:39.831 Checksum : "99e95a77c554be077c03372e9bd8db4f7a19c08aa3d1956e665a5f259ebd43ec",
2015-03-24 19:15:39.831 TimeStamp : "Tue Mar 24 09:47:07 2015"
2015-03-24 19:15:39.831 }
2015-03-24 19:15:39.831 {
2015-03-24 19:15:39.831 RecordID : "000000000000000f",
2015-03-24 19:15:39.831 ItemType : "1",
2015-03-24 19:15:39.831 Location : "E:\toshiba250external\laptop\Landon Swan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\",
2015-03-24 19:15:39.831 FileName : "2432330f-5f71242e",
2015-03-24 19:15:39.831 ThreatName : "Troj/VB-EJV",
2015-03-24 19:15:39.831 Checksum : "c787a407237496fd940a385733c884ec264d10e140a674e7dbcdb387839a9b23",
2015-03-24 19:15:39.831 TimeStamp : "Tue Mar 24 09:47:15 2015"
2015-03-24 19:15:39.832 }
2015-03-24 19:15:40.674 Error level 0

 

[landonswan]

To be clear. The "Ads by Sasa" malware seems to be 100% gone. So I am thrilled! If you think I should continue and worry about these last 2 things, please let me know. Thanks and how can I donate?

 

[Broni]

I think Sophos keeps detecting some false positives.
Don't worry about it if the computer behaves normally.

Donation link is in my signature at the end of my post.

Update Firefox to the current version.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Uninstall:
Java(TM) 6 Update 22
Java(TM) 6 Update 31

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved.