Inactive Multiple instances of explorer.exe, rundll and in task manager.

SisterWicked · Nov 15, 2014

Here's the log:

Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01
Ran by Avalon at 2014-11-15 15:20:16
Running from C:\Documents and Settings\Avalon\Desktop
Boot Mode: Normal

================== Search: "volsnap.sys" ===================

C:\Documents and Settings\Avalon\My Documents\drivers\volsnap.sys
[2009-07-13 18:11][2009-07-13 20:19] 0245328 ____A (Microsoft Corporation) 58df9d2481a56edde167e51b334d44fd [File is signed]

=== End Of Search ===

Broni · Nov 15, 2014

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

SisterWicked · Nov 15, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-11-2014 01
Ran by Avalon at 2014-11-15 15:41:35 Run:1
Running from C:\Documents and Settings\Avalon\Desktop
Loaded Profile: Avalon (Available profiles: Avalon)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\...\Run: [MediaFire Tray] => [X]
HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKCU - DefaultScope {41F19F7E-A640-4C34-BCFD-12FADF52473B} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [X]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 catchme; \??\C:\DOCUME~1\Avalon\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; No ImagePath
S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
U3 TlntSvr; No ImagePath
U3 VSS; No ImagePath
2014-11-09 14:49 - 2014-11-09 14:49 - 00008516 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:49 - 2014-11-09 14:49 - 00004198 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:49 - 2014-11-09 14:49 - 00000268 _____ () C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.URL
2014-11-09 14:31 - 2014-11-09 14:31 - 00008516 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:31 - 2014-11-09 14:31 - 00004198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:31 - 2014-11-09 14:31 - 00000268 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-11-09 14:29 - 2014-11-09 14:29 - 00008516 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:29 - 2014-11-09 14:29 - 00004198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:29 - 2014-11-09 14:29 - 00000268 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:01 - 2014-11-09 14:01 - 00008516 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:01 - 2014-11-09 14:01 - 00004198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-11-09 14:01 - 2014-11-09 14:01 - 00000268 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
C:\Documents and Settings\Avalon\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Avalon\Local Settings\temp\sqlite3.dll
Replace: C:\Documents and Settings\Avalon\My Documents\drivers\volsnap.sys C:\WINDOWS\system32\Drivers\volsnap.sys
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter" => Key deleted successfully.
HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Run\\MediaFire Tray => value deleted successfully.
"HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
"HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}" => Key not found.
DragonUpdater => Service deleted successfully.
anvsnddrv => Service deleted successfully.
catchme => Service deleted successfully.
cpuz132 => Service deleted successfully.
IntelIde => Service deleted successfully.
SABKUTIL => Service deleted successfully.
SABProcEnum => Service deleted successfully.
TlntSvr => Service deleted successfully.
VSS => Service deleted successfully.
C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Documents and Settings\Avalon\Application Data\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Documents and Settings\Avalon\Local Settings\temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Avalon\Local Settings\temp\sqlite3.dll => Moved successfully.
Could not find C:\WINDOWS\system32\Drivers\volsnap.sys
C:\Documents and Settings\Avalon\My Documents\drivers\volsnap.sys copied successfully to C:\WINDOWS\system32\Drivers\volsnap.sys

==== End of Fixlog ====

Broni · Nov 15, 2014

Good

How is computer doing?

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Internet Explorer users - Click on this link to open ESET OnlineScan.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
- Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
  [/LIST]
  [*]Check [I]"YES, I accept the Terms of Use."[/I]
  [*]Click the [b]Start[/b] button.
  [*]Accept any security warnings from your browser.
  [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
  [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
  Do NOT checkmark [I]"Use custom proxy settings"[/I]
  [*]Click the [b]Start[/b] button.
  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  [*]When the scan completes, click [b]List Threats[/b]
  [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  [*]Click the [b]Back[/b] button.
  [*]Click the [b]Finish[/b] button.
  [/LIST]

SisterWicked · Nov 15, 2014

Aggravated as heck, the online scan tool has been running over 6 hours and is sitting at 7%.
Since I HAVE to use my computer I don't know how much longer I can leave that running.
In any case, here are the other logs.

Computer is fine, not popping open the explorer.exe anymore, but the rundll still comes up 2-3 times in task manager every time I restart. I had gotten a windows error a while back about running dll as an app, but that stopped.
Only thing now is how slow it is, even after thorough defragging and deleting files, but I believe its just because this computer is old and CPU is small.

Here are the logs:
Log 1:

Results of screen317's Security Check version 0.99.89
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 67
Java 8 Update 25
Adobe Flash Player 15.0.0.223
Adobe Reader XI
Mozilla Firefox 32.0.3 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

I just reverted my FF back to 32, I will not update it to 33 because it broke all my custom settings, killed 90% of my addons and generally ran bad for me.

Next log:

Farbar Service Scanner Version: 21-07-2014
Ran by Avalon (administrator) on 15-11-2014 at 16:20:52
Running from "C:\Documents and Settings\Avalon\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A00000004000000010000000200000003000000570000005600000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

Broni · Nov 16, 2014

You can't expect that much from a XP machine. It's simply old.

If you want you can stop Eset and run this instead...

Download Sophos Free Virus Removal Tool and save it to your desktop
Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

SisterWicked · Nov 16, 2014

Well, that one was much faster, but unfortunately, a great deal of the files it detected are not malware, according to the roommate who uses the computer. According to her, deleting said files will disable about 75% of the programs installed.
Not sure what to do at this point, as I could find no way to select which files would be deleted.

2014-11-16 05:25:53.921 Sophos Virus Removal Tool version 2.5.3
2014-11-16 05:25:53.921 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2014-11-16 05:25:53.921 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2014-11-16 05:25:53.921 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2014-11-16 05:25:53.921 Checking for updates...
2014-11-16 05:25:55.000 Update progress: proxy server not available
2014-11-16 05:26:21.890 Option all = no
2014-11-16 05:26:21.890 Option recurse = yes
2014-11-16 05:26:21.890 Option archive = no
2014-11-16 05:26:21.890 Option service = yes
2014-11-16 05:26:21.890 Option confirm = yes
2014-11-16 05:26:21.890 Option sxl = yes
2014-11-16 05:26:21.890 Option max-data-age = 35
2014-11-16 05:26:21.890 Option EnableSafeClean = yes
2014-11-16 05:26:23.671 Option vdl-logging = yes
2014-11-16 05:26:23.671 Component SVRTcli.exe version 2.5
2014-11-16 05:26:23.671 Component control.dll version 2.5
2014-11-16 05:26:23.671 Component SVRTservice.exe version 2.5
2014-11-16 05:26:23.671 Component engine\osdp.dll version 1.44.1.2171
2014-11-16 05:26:23.671 Component engine\veex.dll version 3.56.0.2171
2014-11-16 05:26:23.671 Component engine\savi.dll version 8.1.4.2171
2014-11-16 05:26:23.671 Component rkdisk.dll version 1.5.30.0
2014-11-16 05:26:23.671 Version info: Product version 2.5
2014-11-16 05:26:23.671 Version info: Detection engine 3.56.0
2014-11-16 05:26:23.671 Version info: Detection data 5.04
2014-11-16 05:26:23.671 Version info: Build date 7/29/2014
2014-11-16 05:26:23.671 Version info: Data files added 933
2014-11-16 05:26:23.671 Version info: Last successful update (not yet updated)
2014-11-16 05:26:32.656 Downloading updates...
2014-11-16 05:26:32.671 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-11-16 05:26:32.671 Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-11-16 05:26:32.671 Update progress: [I49502] Found supplement IDE505 LATEST
2014-11-16 05:26:32.671 Update progress: [I49502] Found supplement IDE506 LATEST
2014-11-16 05:26:32.671 Update progress: [I49502] Found supplement IDE507 LATEST
2014-11-16 05:26:32.671 Update progress: [I49502] Found supplement IDE508 LATEST
2014-11-16 05:26:32.671 Update progress: [I49502] Found supplement IDE509 LATEST
2014-11-16 05:26:32.671 Update progress: [I49502] Found supplement IDE510 LATEST
2014-11-16 05:26:32.671 Update progress: [I49502] Found supplement IDE511 LATEST
2014-11-16 05:26:32.671 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-11-16 05:26:32.671 Update progress: [I19463] Syncing product SAVIW32 46
2014-11-16 05:26:39.296 Update progress: [I19463] Syncing product IDE505 175
2014-11-16 05:26:51.218 Installing updates...
2014-11-16 05:26:54.093 Update progress: [I19463] Syncing product IDE506 201
2014-11-16 05:26:54.093 Update progress: [I19463] Syncing product IDE507 162
2014-11-16 05:26:54.093 Update progress: [I19463] Syncing product IDE508 184
2014-11-16 05:26:54.093 Update progress: [I19463] Syncing product IDE509 177
2014-11-16 05:26:54.093 Update progress: [I19463] Syncing product IDE510 36
2014-11-16 05:26:54.093 Update progress: [I19463] Syncing product IDE511 1
2014-11-16 05:27:24.062 Update successful
2014-11-16 05:27:49.609 Option all = no
2014-11-16 05:27:49.609 Option recurse = yes
2014-11-16 05:27:49.609 Option archive = no
2014-11-16 05:27:49.609 Option service = yes
2014-11-16 05:27:49.609 Option confirm = yes
2014-11-16 05:27:49.609 Option sxl = yes
2014-11-16 05:27:49.609 Option max-data-age = 35
2014-11-16 05:27:49.609 Option EnableSafeClean = yes
2014-11-16 05:27:49.875 Option vdl-logging = yes
2014-11-16 05:27:49.875 Component SVRTcli.exe version 2.5
2014-11-16 05:27:49.875 Component control.dll version 2.5
2014-11-16 05:27:49.875 Component SVRTservice.exe version 2.5
2014-11-16 05:27:49.875 Component engine\osdp.dll version 1.44.1.2171
2014-11-16 05:27:49.875 Component engine\veex.dll version 3.56.0.2171
2014-11-16 05:27:49.875 Component engine\savi.dll version 8.1.4.2171
2014-11-16 05:27:49.890 Component rkdisk.dll version 1.5.30.0
2014-11-16 05:27:49.890 Version info: Product version 2.5
2014-11-16 05:27:49.890 Version info: Detection engine 3.56.0
2014-11-16 05:27:49.890 Version info: Detection data 5.04G
2014-11-16 05:27:49.890 Version info: Build date 7/29/2014
2014-11-16 05:27:49.890 Version info: Data files added 933
2014-11-16 05:27:49.890 Version info: Last successful update 11/16/2014 12:27:24 AM

2014-11-16 05:44:30.406 >>> Virus 'Troj/Zbot-DIQ' found in file C:\Documents and Settings\Avalon\Desktop\Desktop Text Files\accelerator_seraphimlabs__ahparchive.exe
2014-11-16 05:44:30.437 >>> Virus 'Troj/Zbot-DIQ' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 05:44:30.437 >>> Virus 'Troj/Zbot-DIQ' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 05:44:30.453 >>> Virus 'Troj/Zbot-DIQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 05:44:30.453 >>> Virus 'Troj/Zbot-DIQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 05:44:30.453 >>> Virus 'Troj/Zbot-DIQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 05:44:30.468 >>> Virus 'Troj/Zbot-DIQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 05:44:30.484 >>> Virus 'Troj/Zbot-DIQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 05:48:04.156 >>> Virus 'Mal/Generic-S' found in file C:\Documents and Settings\Avalon\Local Settings\Application Data\NSManager\manager.exe
2014-11-16 05:48:04.156 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 05:48:04.156 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 05:48:04.156 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 05:48:04.156 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 05:48:04.156 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 05:48:04.156 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 05:48:04.156 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 05:57:40.515 >>> Virus 'Troj/Agent-WFN' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\mIRC\mirc.7.x-patch.exe
2014-11-16 05:57:40.531 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 05:57:40.531 >>> Virus 'Troj/Agent-WFN' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 05:57:40.531 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 05:57:40.531 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 05:57:40.531 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 05:57:40.531 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 05:57:40.531 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 05:57:48.062 >>> Virus 'Troj/Agent-WFN' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\mIRC.V7.32.Incl.Patch-Xenocoder\mirc.7.x-patch.exe
2014-11-16 05:57:48.062 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 05:57:48.078 >>> Virus 'Troj/Agent-WFN' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 05:57:48.078 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 05:57:48.078 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 05:57:48.078 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 05:57:48.078 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 05:57:48.078 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:00:13.031 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Crack\trillian.exe
2014-11-16 06:00:13.031 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:00:13.031 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:00:13.046 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:00:13.046 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:00:13.046 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:00:13.046 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:00:13.046 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:00:34.734 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian\Crack\trillian.exe
2014-11-16 06:00:34.734 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:00:34.734 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:00:34.734 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:00:34.734 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:00:34.734 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:00:34.734 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:00:34.734 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:01:11.265 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian\Trillian.Astra.Pro.v4.1.0.24.Incl.Crack-[HB]\Crack\trillian.exe
2014-11-16 06:01:11.265 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:01:11.265 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:11.265 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:11.265 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:01:11.265 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:01:11.265 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:01:11.265 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:01:19.859 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian\trillian.exe
2014-11-16 06:01:19.875 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:01:19.875 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:19.875 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:19.875 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:01:19.875 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:01:19.875 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:01:19.875 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:01:28.437 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian\Trillian_Astra_4.2_Build_22_Final\trillian.exe
2014-11-16 06:01:28.437 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:01:28.437 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:28.453 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:28.453 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:01:28.453 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:01:28.453 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:01:28.453 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:01:31.812 >>> Virus 'Troj/Bdoor-AZC' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian\Trillian_Astra_4.2_Build_22_Final\trillian_astra_beta_pro_patcher_4_beta_tester_v5.exe
2014-11-16 06:01:31.812 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:01:31.812 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:31.828 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:31.828 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:01:31.828 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:01:31.828 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:01:31.828 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:01:35.093 >>> Virus 'Troj/Bdoor-AZC' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian\trillian_astra_beta_pro_patcher_4_beta_tester_v5.exe
2014-11-16 06:01:35.093 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:01:35.109 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:35.109 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:01:35.109 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:01:35.109 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:01:35.109 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:01:35.109 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:02:14.484 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian.Astra.Pro.v4.1.0.24.Incl.Crack-[HB]\Crack\trillian.exe
2014-11-16 06:02:14.484 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:02:14.484 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:14.484 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:14.484 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:02:14.484 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:02:14.484 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:02:14.500 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:02:26.281 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian_Astra_4.2_Build_22_Final\trillian.exe
2014-11-16 06:02:26.281 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:02:26.281 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:26.281 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:26.281 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:02:26.281 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:02:26.281 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:02:26.281 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:02:29.515 >>> Virus 'Troj/Bdoor-AZC' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\Trillian_Astra_4.2_Build_22_Final\trillian_astra_beta_pro_patcher_4_beta_tester_v5.exe
2014-11-16 06:02:29.531 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:02:29.531 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:29.531 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:29.531 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:02:29.531 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:02:29.531 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:02:29.531 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:02:32.781 >>> Virus 'Troj/Bdoor-AZC' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian\trillian_astra_beta_pro_patcher_4_beta_tester_v5.exe
2014-11-16 06:02:32.781 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:02:32.781 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:32.781 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:32.781 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:02:32.781 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:02:32.781 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:02:32.781 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:02:57.687 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian2\Crack\trillian.exe
2014-11-16 06:02:57.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:02:57.687 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:57.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:02:57.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500

SisterWicked · Nov 16, 2014

2014-11-16 06:02:57.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:02:57.703 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:02:57.703 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:03:22.406 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian2\Trillian\trillian.exe
2014-11-16 06:03:22.406 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:03:22.406 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:03:22.406 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:03:22.406 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:03:22.406 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:03:22.421 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:03:22.421 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:03:41.781 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian2\Trillian.Astra.Pro.v4.1.0.24.Incl.Crack-[HB]\Crack\trillian.exe
2014-11-16 06:03:41.781 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:03:41.796 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:03:41.796 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:03:41.796 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:03:41.796 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:03:41.796 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:03:41.796 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:03:53.515 >>> Virus 'Mal/IRCBot-C' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian2\Trillian_Astra_4.2_Build_22_Final\trillian.exe
2014-11-16 06:03:53.515 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:03:53.515 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:03:53.515 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:03:53.531 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:03:53.531 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:03:53.531 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:03:53.531 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:03:56.796 >>> Virus 'Troj/Bdoor-AZC' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian2\Trillian_Astra_4.2_Build_22_Final\trillian_astra_beta_pro_patcher_4_beta_tester_v5.exe
2014-11-16 06:03:56.796 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:03:56.812 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:03:56.812 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:03:56.812 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:03:56.812 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:03:56.812 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:03:56.812 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 06:04:00.031 >>> Virus 'Troj/Bdoor-AZC' found in file C:\Documents and Settings\Avalon\My Documents\Downloads\Trillian2\trillian_astra_beta_pro_patcher_4_beta_tester_v5.exe
2014-11-16 06:04:00.031 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 06:04:00.031 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:04:00.031 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 06:04:00.046 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 06:04:00.046 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 06:04:00.046 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 06:04:00.046 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 08:33:15.484 >>> Virus 'Troj/Agent-WFN' found in file C:\Program Files\Condusiv Technologies\Diskeeper\diskeeper.12.pro.(v16.0.1017.0)-MPT.exe
2014-11-16 08:33:15.578 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 08:33:15.578 >>> Virus 'Troj/Agent-WFN' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:33:15.578 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:33:15.578 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 08:33:15.578 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 08:33:15.578 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 08:33:15.593 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 08:40:25.359 >>> Virus 'Troj/Agent-AJJO' found in file C:\System Volume Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP410\A0136568.exe
2014-11-16 08:40:25.375 >>> Virus 'Troj/Agent-AJJO' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 08:40:25.375 >>> Virus 'Troj/Agent-AJJO' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:40:25.375 >>> Virus 'Troj/Agent-AJJO' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:40:25.375 >>> Virus 'Troj/Agent-AJJO' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 08:40:25.375 >>> Virus 'Troj/Agent-AJJO' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 08:40:25.375 >>> Virus 'Troj/Agent-AJJO' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 08:40:25.375 >>> Virus 'Troj/Agent-AJJO' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 08:41:49.125 >>> Virus 'Mal/Wonton-Z' found in file C:\System Volume Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP421\A0137360.exe
2014-11-16 08:41:49.125 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 08:41:49.125 >>> Virus 'Mal/Wonton-Z' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:41:49.125 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:41:51.015 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 08:41:51.015 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 08:41:51.015 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 08:41:51.015 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 08:41:52.234 >>> Virus 'Mal/Wonton-Z' found in file C:\System Volume Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP421\A0137361.exe
2014-11-16 08:41:52.234 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 08:41:52.234 >>> Virus 'Mal/Wonton-Z' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:41:52.234 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:41:52.234 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 08:41:52.234 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 08:41:52.234 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 08:41:52.234 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 08:42:00.187 >>> Virus 'Mal/Wonton-Z' found in file C:\System Volume Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP421\A0137371.exe
2014-11-16 08:42:00.187 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 08:42:00.187 >>> Virus 'Mal/Wonton-Z' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:42:00.187 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:42:00.187 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 08:42:00.187 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 08:42:00.187 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 08:42:00.187 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 08:42:03.296 >>> Virus 'Mal/Wonton-Z' found in file C:\System Volume Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP421\A0137372.exe
2014-11-16 08:42:03.296 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 08:42:03.296 >>> Virus 'Mal/Wonton-Z' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:42:03.296 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:42:03.296 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 08:42:03.296 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 08:42:03.296 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 08:42:03.296 >>> Virus 'Mal/Wonton-Z' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 08:42:11.890 >>> Virus 'Mal/Generic-S' found in file C:\System Volume Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP421\A0137374.exe
2014-11-16 08:42:11.890 >>> Virus 'Mal/Generic-S' found in file C:\System Volume Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP421\A0137374.exe
2014-11-16 08:42:11.890 >>> Virus 'Mal/Generic-S' found in file C:\System Volume Information\_restore{7302D456-D148-4F8E-917F-57EFCBD1F495}\RP421\A0137374.exe
2014-11-16 08:42:11.890 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 08:42:11.906 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:42:11.906 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 08:42:11.906 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 08:42:11.906 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 08:42:11.906 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 08:42:11.906 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:05:06.640 >>> Virus 'Mal/IRCBot-C' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0264745.exe
2014-11-16 09:05:06.656 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:05:06.656 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:05:06.656 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:05:06.671 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:05:06.671 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:05:06.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:05:06.750 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:05:50.687 >>> Virus 'Mal/IRCBot-C' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0265145.exe
2014-11-16 09:05:50.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:05:50.687 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:05:50.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:05:50.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:05:50.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:05:50.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:05:50.687 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:06:01.453 >>> Virus 'Troj/Bdoor-AZC' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0265208.exe
2014-11-16 09:06:01.453 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:06:01.453 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:06:01.453 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:06:01.453 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:06:01.453 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:06:01.453 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:06:01.453 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:06:04.343 >>> Virus 'Troj/Bdoor-AZC' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0265209.exe
2014-11-16 09:06:04.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:06:04.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:06:04.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:06:04.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:06:04.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:06:04.359 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:06:04.359 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:09:15.093 >>> Virus 'W32/Patched-AL' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0267009.exe
2014-11-16 09:09:40.390 >>> Virus 'Mal/Generic-L' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0267202.exe
2014-11-16 09:09:40.390 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:09:40.390 >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:09:40.390 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:09:40.390 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:09:40.390 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:09:40.406 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:09:40.406 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:09:44.031 >>> Virus 'Mal/Generic-S' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0267204.exe
2014-11-16 09:09:44.046 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:09:44.046 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:09:44.046 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:09:44.046 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:09:44.046 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:09:44.046 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:09:44.046 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:12:35.718 >>> Virus 'Troj/LCKeyGen-A' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0268739.exe
2014-11-16 09:12:35.718 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:12:35.718 >>> Virus 'Troj/LCKeyGen-A' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:12:35.734 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:12:35.734 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:12:35.734 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:12:35.734 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:12:35.734 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:12:38.625 >>> Virus 'Troj/LCKeyGen-A' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0268740.exe
2014-11-16 09:12:38.625 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

SisterWicked · Nov 16, 2014

2014-11-16 09:12:38.625 >>> Virus 'Troj/LCKeyGen-A' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:12:38.625 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:12:38.625 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:12:38.625 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:12:38.625 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:12:38.625 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:12:44.515 >>> Virus 'Troj/LCKeyGen-A' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0268778.exe
2014-11-16 09:12:44.515 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:12:44.515 >>> Virus 'Troj/LCKeyGen-A' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:12:44.515 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:12:44.515 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:12:44.515 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:12:44.515 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:12:44.515 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:14:39.593 >>> Virus 'Mal/Dropper-O' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0268960.exe
2014-11-16 09:14:39.593 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:14:39.593 >>> Virus 'Mal/Dropper-O' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:14:39.593 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:14:39.593 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:14:39.593 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:14:39.593 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:14:39.593 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:15:54.875 >>> Virus 'Mal/Behav-381' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0269838.exe
2014-11-16 09:15:54.875 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:15:54.875 >>> Virus 'Mal/Behav-381' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:15:54.890 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:15:54.890 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:15:54.890 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:15:54.890 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:15:54.890 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:15:59.468 >>> Virus 'Mal/KeyGen-M' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0269876.exe
2014-11-16 09:15:59.468 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:15:59.468 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:15:59.468 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:15:59.468 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:15:59.468 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:15:59.468 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:15:59.484 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:17:41.453 >>> Virus 'W32/Patched-AL' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0271220.exe
2014-11-16 09:18:33.781 >>> Virus 'Troj/Agent-URZ' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0271773.sys
2014-11-16 09:18:33.781 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:18:33.781 >>> Virus 'Troj/Agent-URZ' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:18:33.781 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:18:33.781 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:18:33.781 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:18:33.796 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:18:33.796 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:18:41.687 >>> Virus 'Troj/KeyGen-Gen' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0271776.exe
2014-11-16 09:18:41.687 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:18:41.687 >>> Virus 'Troj/KeyGen-Gen' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:18:41.687 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:18:41.687 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:18:41.687 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:18:41.687 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:18:41.703 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:18:44.484 >>> Virus 'Troj/Agent-URZ' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0271777.sys
2014-11-16 09:18:44.484 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:18:44.484 >>> Virus 'Troj/Agent-URZ' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:18:44.484 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:18:44.484 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:18:44.484 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:18:44.500 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:18:44.500 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:18:54.250 >>> Virus 'Troj/KeyGen-Gen' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2321\A0271783.exe
2014-11-16 09:18:54.250 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:18:54.250 >>> Virus 'Troj/KeyGen-Gen' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:18:54.250 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:18:54.250 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:18:54.265 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:18:54.265 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:18:54.265 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:22:29.828 >>> Virus 'Mal/Dropper-O' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0277450.exe
2014-11-16 09:22:29.828 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:22:29.828 >>> Virus 'Mal/Dropper-O' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:22:29.828 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:22:29.843 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:22:29.843 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:22:29.843 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:22:29.843 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:24:29.312 >>> Virus 'Mal/Generic-L' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0278507.exe
2014-11-16 09:24:29.312 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:24:29.328 >>> Virus 'Mal/Generic-L' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:24:29.328 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:24:29.328 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:24:29.328 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:24:29.328 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:24:29.328 >>> Virus 'Mal/Generic-L' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:24:32.546 >>> Virus 'Mal/Generic-S' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0278508.exe
2014-11-16 09:24:32.546 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:24:32.578 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:24:32.609 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:24:32.609 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:24:32.640 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:24:32.640 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:24:32.640 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:26:11.343 >>> Virus 'Troj/Bdoor-AZC' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0279280.exe
2014-11-16 09:26:11.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:26:11.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:26:11.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:26:11.343 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:26:11.359 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:26:11.359 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:26:11.359 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:26:16.109 >>> Virus 'Troj/Bdoor-AZC' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0279353.exe
2014-11-16 09:26:16.109 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:26:16.125 >>> Virus 'Troj/Bdoor-AZC' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:26:16.125 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:26:16.125 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:26:16.125 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:26:16.125 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:26:16.125 >>> Virus 'Troj/Bdoor-AZC' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:26:22.609 >>> Virus 'Mal/IRCBot-C' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0279355.exe
2014-11-16 09:26:22.609 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:26:22.609 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:26:22.625 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:26:22.625 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:26:22.625 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:26:22.625 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:26:22.625 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:26:43.468 >>> Virus 'Mal/IRCBot-C' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0279523.exe
2014-11-16 09:26:43.484 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:26:43.515 >>> Virus 'Mal/IRCBot-C' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:26:43.531 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:26:43.546 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:26:43.546 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:26:43.546 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:26:43.562 >>> Virus 'Mal/IRCBot-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:29:58.031 >>> Virus 'Troj/Agent-URZ' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0281725.sys
2014-11-16 09:29:58.031 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:29:58.031 >>> Virus 'Troj/Agent-URZ' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:29:58.031 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:29:58.031 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:29:58.031 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:29:58.046 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:29:58.046 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:30:05.859 >>> Virus 'Troj/KeyGen-Gen' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0281728.exe
2014-11-16 09:30:05.859 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:30:05.859 >>> Virus 'Troj/KeyGen-Gen' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:30:05.859 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:30:05.859 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:30:05.859 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:30:05.859 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:30:05.859 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:30:14.218 >>> Virus 'Troj/KeyGen-Gen' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0281732.exe
2014-11-16 09:30:14.218 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:30:14.218 >>> Virus 'Troj/KeyGen-Gen' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:30:14.218 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:30:14.218 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:30:14.218 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:30:14.218 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:30:14.218 >>> Virus 'Troj/KeyGen-Gen' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:30:17.343 >>> Virus 'Troj/Agent-URZ' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0281733.sys
2014-11-16 09:30:17.343 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:30:17.343 >>> Virus 'Troj/Agent-URZ' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:30:17.343 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:30:17.343 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:30:17.343 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:30:17.343 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:30:17.359 >>> Virus 'Troj/Agent-URZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:31:09.562 >>> Virus 'W32/Patched-AL' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0282295.exe
2014-11-16 09:32:57.000 >>> Virus 'Mal/Behav-381' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0283623.exe
2014-11-16 09:32:57.000 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:32:57.015 >>> Virus 'Mal/Behav-381' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:32:57.015 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:32:57.015 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:32:57.015 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:32:57.015 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:32:57.015 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:33:01.484 >>> Virus 'Mal/KeyGen-M' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0283631.exe
2014-11-16 09:33:01.500 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:33:01.500 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:33:01.500 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:33:01.500 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:33:01.500 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:33:01.500 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:33:01.500 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:34:17.546 >>> Virus 'Mal/Dropper-O' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0284560.exe
2014-11-16 09:34:17.546 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:34:17.546 >>> Virus 'Mal/Dropper-O' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:34:17.546 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:34:17.546 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:34:17.546 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:34:17.546 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:34:17.562 >>> Virus 'Mal/Dropper-O' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:36:11.687 >>> Virus 'Troj/LCKeyGen-A' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0284737.exe
2014-11-16 09:36:11.687 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:36:11.687 >>> Virus 'Troj/LCKeyGen-A' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:36:11.687 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:36:11.687 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:36:11.687 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:36:11.687 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:36:11.687 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:36:18.812 >>> Virus 'Troj/LCKeyGen-A' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0284765.exe
2014-11-16 09:36:18.812 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:36:18.812 >>> Virus 'Troj/LCKeyGen-A' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:36:18.812 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:36:18.812 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:36:18.828 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:36:18.828 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:36:18.828 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:36:24.125 >>> Virus 'Troj/LCKeyGen-A' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0284799.exe
2014-11-16 09:36:24.125 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:36:24.125 >>> Virus 'Troj/LCKeyGen-A' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:36:24.125 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:36:24.125 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:36:24.125 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:36:24.125 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:36:24.140 >>> Virus 'Troj/LCKeyGen-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:37:19.687 >>> Virus 'W32/Patched-AL' found in file G:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2336\A0285370.exe
2014-11-16 09:41:06.406 >>> Virus 'Troj/Agent-WFN' found in file K:\New desktop moved Folder\Diskeeper 12 Pro 16.0.1017.0 [Patch MPT]\diskeeper.12.pro.(v16.0.1017.0)-MPT.exe
2014-11-16 09:41:06.421 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:41:06.421 >>> Virus 'Troj/Agent-WFN' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:41:06.421 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:41:06.421 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:41:06.421 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:41:06.437 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:41:06.437 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:41:25.015 >>> Virus 'Mal/Behav-381' found in file K:\New desktop moved Folder\LeapFTP\Keygen.exe
2014-11-16 09:41:25.015 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:41:25.015 >>> Virus 'Mal/Behav-381' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:41:25.015 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:41:25.015 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:41:25.031 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:41:25.031 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:41:25.031 >>> Virus 'Mal/Behav-381' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:41:59.046 >>> Virus 'Mal/KeyGen-M' found in file K:\New desktop moved Folder\LeapFTP\store\Keygen.exe
2014-11-16 09:41:59.046 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:41:59.578 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:41:59.578 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:41:59.578 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:41:59.593 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:41:59.593 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:41:59.593 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:41:59.609 >>> Virus 'Mal/KeyGen-M' found in file K:\New desktop moved Folder\LeapFTP\store\leapftpv2.7.5.610keygenorion.zip\Keygen.exe
2014-11-16 09:43:00.953 >>> Virus 'Mal/EncPk-MR' found in file K:\New desktop moved Folder\Setup Files\Paint Shop Pro 8\Paint_Shop_Pro_v8.00.zip\pspcrk.exe
2014-11-16 09:43:04.781 >>> Virus 'Mal/EncPk-MR' found in file K:\New desktop moved Folder\Setup Files\Paint Shop Pro 8\pspcrk.exe
2014-11-16 09:43:04.781 >>> Virus 'Mal/EncPk-MR' found in file HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
2014-11-16 09:43:04.781 >>> Virus 'Mal/EncPk-MR' found in file HKU\S-1-5-21-1715567821-1004336348-1801674531-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:43:04.781 >>> Virus 'Mal/EncPk-MR' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-11-16 09:43:04.781 >>> Virus 'Mal/EncPk-MR' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2014-11-16 09:43:04.796 >>> Virus 'Mal/EncPk-MR' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2014-11-16 09:43:04.796 >>> Virus 'Mal/EncPk-MR' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2014-11-16 09:43:04.796 >>> Virus 'Mal/EncPk-MR' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2014-11-16 09:43:42.984 The following items will be cleaned up:
2014-11-16 09:43:42.984 Troj/Zbot-DIQ
2014-11-16 09:43:42.984 Mal/Generic-S
2014-11-16 09:43:42.984 Troj/Agent-WFN
2014-11-16 09:43:42.984 Mal/IRCBot-C
2014-11-16 09:43:42.984 Troj/Bdoor-AZC
2014-11-16 09:43:42.984 Troj/Agent-AJJO
2014-11-16 09:43:42.984 Mal/Wonton-Z
2014-11-16 09:43:42.984 Mal/Generic-L
2014-11-16 09:43:42.984 Troj/LCKeyGen-A
2014-11-16 09:43:42.984 Mal/Dropper-O
2014-11-16 09:43:42.984 Mal/Behav-381
2014-11-16 09:43:42.984 Mal/KeyGen-M
2014-11-16 09:43:42.984 Troj/Agent-URZ
2014-11-16 09:43:42.984 Troj/KeyGen-Gen
2014-11-16 09:43:42.984 Mal/EncPk-MR
2014-11-16 09:43:42.984 W32/Patched-AL
2014-11-16 09:43:42.984 W32/Patched-AL
2014-11-16 09:43:42.984 W32/Patched-AL
2014-11-16 09:43:42.984 W32/Patched-AL
2014-11-16 09:43:42.984 Mal/KeyGen-M
2014-11-16 09:43:42.984 Mal/EncPk-MR

Broni · Nov 16, 2014

Unfortunately from what I can see most of those programs are illegal (cracked) copies and those infections are very serious.
Just to mention one of them, Trojan.Zbot, see here: http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99
It's up to you.

SisterWicked · Nov 16, 2014

Ok. Thanks for your help.

Broni · Nov 16, 2014

What's your decision?

SisterWicked · Nov 16, 2014

Nothing as yet. I'm checking some things out because one of the alleged infections is in a zip file, incidentally a backup of my web site that is several years old and I know 100% that it isn't a virus or a malware program. If that is wrong then the rest of the 'detections' may be as well.

Broni · Nov 16, 2014

Let me know.

SisterWicked · Nov 17, 2014

All right, I re-ran the program and let it delete everything it found, restarted and it bricked me. I couldn't get the computer working until I did a system restore, but all restore points failed until I tried the one made by the system the day before I posted here. So I suppose it was for nothing.

Broni · Nov 17, 2014

Not necessarily. System restore doesn't bring back (infected) files.

However I need to know what you want to do with Eset results.

SisterWicked · Nov 17, 2014

I told you, I reran eset and let it clear everything. now I'm getting the same popups, web sites opening and general lag I had before.

Broni · Nov 17, 2014

Start with re-running MBAM, RoqueKiller and MBAR.

SisterWicked · Nov 17, 2014

Already ran MBAM, no results found. Will try the others.

Broni · Nov 17, 2014

When done with others run this one as well...

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

SisterWicked · Nov 17, 2014

Thanks, will do, but lagging computer is making the scans extremely slow, and now I'm getting random webpages whether I'm using the browser or not, further slowing me down

Broni · Nov 17, 2014

Not much of a choice we have there but just to be patient.

SisterWicked · Nov 19, 2014

Sorry, I haven't abandoned the topic. We're just having some nice at-home problems to go along with the computer issues. I'll have those logs for you as soon as I can.

Broni · Nov 19, 2014

Take your time

Broni · Nov 24, 2014

Still with me?

Inactive Multiple instances of explorer.exe, rundll and in task manager.

Posts: 33 +0

Posts: 56,041 +516

Attachments

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 33 +0

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 33 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads