1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved found win32/Agent SZW Trojan on my system

Discussion in 'Malware and Virus Removal' started by GRAHAM WESTON, 2016/01/19.

Page 2 of 2
  1. 2016/02/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok....
     
    broni,
    #21
  2. 2016/02/02
    GRAHAM WESTON

    GRAHAM WESTON Well-Known Member Thread Starter

    Joined:
    2002/07/30
    Messages:
    371
    Likes Received:
    0
    Sorry for delay Broni, txt's as follows.

    ' Results of screen317's Security Check version 1.009
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    OutlookTempCleaner
    Java version 32-bit out of Date!
    Adobe Flash Player 19.0.0.207
    Adobe Reader XI
    Mozilla Firefox (44.0)
    Google Chrome (48.0.2564.82)
    Google Chrome (48.0.2564.97)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````

    2015-01-06 08:20:14.643 Sophos Virus Removal Tool version 2.5.4
    2015-01-06 08:20:14.643 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-06 08:20:14.643 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-06 08:20:14.643 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-01-06 08:20:14.643 Checking for updates...
    2015-01-06 08:20:17.888 Update progress: proxy server not available
    2015-01-06 08:20:17.888 Update error: failed to read remote metadata (error 4)
    Cannot locate server for http://dci.sophosupd.com/update/b/bc/bbcef2551cd45c789b4a74bb6417cfb3.xml
    2015-01-06 08:20:20.976 Option all = no
    2015-01-06 08:20:20.976 Option recurse = yes
    2015-01-06 08:20:20.976 Option archive = no
    2015-01-06 08:20:20.976 Option service = yes
    2015-01-06 08:20:20.976 Option confirm = yes
    2015-01-06 08:20:20.976 Option sxl = yes
    2015-01-06 08:20:20.976 Option max-data-age = 35
    2015-01-06 08:20:20.976 Option EnableSafeClean = yes
    2015-01-06 08:20:22.365 Option vdl-logging = yes
    2015-01-06 08:20:22.365 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-06 08:20:22.365 Machine ID: a2422a306ed6490ab1c89943fde64fb7
    2015-01-06 08:20:22.380 Component SVRTcli.exe version 2.5.4
    2015-01-06 08:20:22.380 Component control.dll version 2.5.4
    2015-01-06 08:20:22.380 Component SVRTservice.exe version 2.5.4
    2015-01-06 08:20:22.380 Component engine\osdp.dll version 1.44.1.2183
    2015-01-06 08:20:22.380 Component engine\veex.dll version 3.58.3.2183
    2015-01-06 08:20:22.380 Component engine\savi.dll version 8.1.5.2183
    2015-01-06 08:20:22.380 Component rkdisk.dll version 1.5.30.0
    2015-01-06 08:20:22.380 Version info: Product version 2.5.4
    2015-01-06 08:20:22.380 Version info: Detection engine 3.58.3
    2015-01-06 08:20:22.380 Version info: Detection data 5.08
    2015-01-06 08:20:22.380 Version info: Build date 11/11/2014
    2015-01-06 08:20:22.380 Version info: Data files added 521
    2015-01-06 08:20:22.380 Version info: Last successful update (not yet updated)
    2015-01-06 08:21:41.738 Error level 1

    2015-01-06 08:21:41.738 Scan completed.
    2015-01-06 08:21:41.738

    ------------------------------------------------------------

    2015-01-06 08:24:49.072 Sophos Virus Removal Tool version 2.5.4
    2015-01-06 08:24:49.072 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-06 08:24:49.072 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-06 08:24:49.072 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-01-06 08:24:49.072 Checking for updates...
    2015-01-06 08:25:56.573 Option all = no
    2015-01-06 08:25:56.573 Option recurse = yes
    2015-01-06 08:25:56.573 Option archive = no
    2015-01-06 08:25:56.573 Option service = yes
    2015-01-06 08:25:56.573 Option confirm = yes
    2015-01-06 08:25:56.573 Option sxl = yes
    2015-01-06 08:25:56.573 Option max-data-age = 35
    2015-01-06 08:25:56.573 Option EnableSafeClean = yes
    2015-01-06 08:25:56.620 Option vdl-logging = yes
    2015-01-06 08:25:56.620 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-06 08:25:56.620 Machine ID: a2422a306ed6490ab1c89943fde64fb7
    2015-01-06 08:25:56.620 Component SVRTcli.exe version 2.5.4
    2015-01-06 08:25:56.620 Component control.dll version 2.5.4
    2015-01-06 08:25:56.620 Component SVRTservice.exe version 2.5.4
    2015-01-06 08:25:56.620 Component engine\osdp.dll version 1.44.1.2183
    2015-01-06 08:25:56.620 Component engine\veex.dll version 3.58.3.2183
    2015-01-06 08:25:56.620 Component engine\savi.dll version 8.1.5.2183
    2015-01-06 08:25:56.620 Component rkdisk.dll version 1.5.30.0
    2015-01-06 08:25:56.620 Version info: Product version 2.5.4
    2015-01-06 08:25:56.620 Version info: Detection engine 3.58.3
    2015-01-06 08:25:56.620 Version info: Detection data 5.08
    2015-01-06 08:25:56.620 Version info: Build date 11/11/2014
    2015-01-06 08:25:56.620 Version info: Data files added 521
    2015-01-06 08:25:56.620 Version info: Last successful update (not yet updated)
    2015-01-07 01:46:51.123 Sophos Virus Removal Tool version 2.5.4
    2015-01-07 01:46:51.123 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-07 01:46:51.123 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-07 01:46:51.123 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-01-07 01:46:51.123 Checking for updates...
    2015-01-07 01:46:54.102 Update progress: proxy server not available
    2015-01-07 01:46:54.133 Update error: failed to read remote metadata (error 4)
    Cannot locate server for http://dci.sophosupd.com/update/b/bc/bbcef2551cd45c789b4a74bb6417cfb3.xml
    2015-01-07 01:47:03.462 Option all = no
    2015-01-07 01:47:03.462 Option recurse = yes
    2015-01-07 01:47:03.462 Option archive = no
    2015-01-07 01:47:03.462 Option service = yes
    2015-01-07 01:47:03.462 Option confirm = yes
    2015-01-07 01:47:03.462 Option sxl = yes
    2015-01-07 01:47:03.462 Option max-data-age = 35
    2015-01-07 01:47:03.462 Option EnableSafeClean = yes
    2015-01-07 01:47:03.493 Option vdl-logging = yes
    2015-01-07 01:47:03.493 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-07 01:47:03.493 Machine ID: a2422a306ed6490ab1c89943fde64fb7
    2015-01-07 01:47:03.509 Component SVRTcli.exe version 2.5.4
    2015-01-07 01:47:03.509 Component control.dll version 2.5.4
    2015-01-07 01:47:03.509 Component SVRTservice.exe version 2.5.4
    2015-01-07 01:47:03.509 Component engine\osdp.dll version 1.44.1.2183
    2015-01-07 01:47:03.509 Component engine\veex.dll version 3.58.3.2183
    2015-01-07 01:47:03.509 Component engine\savi.dll version 8.1.5.2183
    2015-01-07 01:47:03.509 Component rkdisk.dll version 1.5.30.0
    2015-01-07 01:47:03.509 Version info: Product version 2.5.4
    2015-01-07 01:47:03.509 Version info: Detection engine 3.58.3
    2015-01-07 01:47:03.509 Version info: Detection data 5.08
    2015-01-07 01:47:03.509 Version info: Build date 11/11/2014
    2015-01-07 01:47:03.509 Version info: Data files added 521
    2015-01-07 01:47:03.509 Version info: Last successful update (not yet updated)
    2015-01-07 01:47:12.713 Error level 1

    2015-01-07 01:47:12.713 Scan completed.
    2015-01-07 01:47:12.713

    ------------------------------------------------------------

    2015-01-07 01:48:13.759 Sophos Virus Removal Tool version 2.5.4
    2015-01-07 01:48:13.759 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-07 01:48:13.759 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-07 01:48:13.759 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-01-07 01:48:13.759 Checking for updates...
    2015-01-07 01:49:46.579 Error: failed to start service (1053: The service did not respond to the start or control request in a timely fashion.)
    2015-01-07 03:03:07.465 Sophos Virus Removal Tool version 2.5.4
    2015-01-07 03:03:07.465 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-07 03:03:07.465 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-07 03:03:07.465 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-01-07 03:03:07.465 Checking for updates...
    2015-01-07 03:05:01.002 Option all = no
    2015-01-07 03:05:01.002 Option recurse = yes
    2015-01-07 03:05:01.002 Option archive = no
    2015-01-07 03:05:01.002 Option service = yes
    2015-01-07 03:05:01.002 Option confirm = yes
    2015-01-07 03:05:01.002 Option sxl = yes
    2015-01-07 03:05:01.002 Option max-data-age = 35
    2015-01-07 03:05:01.002 Option EnableSafeClean = yes
    2015-01-07 03:05:01.033 Option vdl-logging = yes
    2015-01-07 03:05:03.092 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-07 03:05:03.092 Machine ID: a2422a306ed6490ab1c89943fde64fb7
    2015-01-07 03:05:03.092 Component SVRTcli.exe version 2.5.4
    2015-01-07 03:05:03.092 Component control.dll version 2.5.4
    2015-01-07 03:05:03.092 Component SVRTservice.exe version 2.5.4
    2015-01-07 03:05:03.108 Component engine\osdp.dll version 1.44.1.2183
    2015-01-07 03:05:03.108 Component engine\veex.dll version 3.58.3.2183
    2015-01-07 03:05:03.108 Component engine\savi.dll version 8.1.5.2183
    2015-01-07 03:05:03.108 Component rkdisk.dll version 1.5.30.0
    2015-01-07 03:05:03.108 Version info: Product version 2.5.4
    2015-01-07 03:05:03.108 Version info: Detection engine 3.58.3
    2015-01-07 03:05:03.108 Version info: Detection data 5.08
    2015-01-07 03:05:03.108 Version info: Build date 11/11/2014
    2015-01-07 03:05:03.108 Version info: Data files added 521
    2015-01-07 03:05:03.108 Version info: Last successful update (not yet updated)
    2015-01-07 03:14:15.193 Update progress: proxy server not available
    2015-01-07 03:17:10.537 Update error: failed to read remote metadata (error 4)
    Cannot locate server for http://dci.sophosupd.com/update/b/bc/bbcef2551cd45c789b4a74bb6417cfb3.xml

    2015-01-07 06:00:48.949 Sophos Virus Removal Tool version 2.5.4
    2015-01-07 06:00:48.949 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-07 06:00:48.949 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-07 06:00:48.949 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-01-07 06:00:48.949 Checking for updates...
    2015-01-07 06:03:29.816 Error: failed to start service (1053: The service did not respond to the start or control request in a timely fashion.)
    2015-01-08 01:39:42.929 Sophos Virus Removal Tool version 2.5.4
    2015-01-08 01:39:42.929 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-08 01:39:42.929 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-08 01:39:42.929 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-01-08 01:39:42.929 Checking for updates...
    2015-01-08 01:59:15.849 Update progress: proxy server not available
    2015-01-08 02:06:44.989 Update error: failed to read remote metadata (error 4)
    Cannot locate server for http://dci.sophosupd.com/update/b/bc/bbcef2551cd45c789b4a74bb6417cfb3.xml
    2015-01-08 02:28:44.237 Option all = no
    2015-01-08 02:28:44.237 Option recurse = yes
    2015-01-08 02:28:44.237 Option archive = no
    2015-01-08 02:28:44.237 Option service = yes
    2015-01-08 02:28:44.237 Option confirm = yes
    2015-01-08 02:28:44.237 Option sxl = yes
    2015-01-08 02:28:44.237 Option max-data-age = 35
    2015-01-08 02:28:44.237 Option EnableSafeClean = yes
    2015-01-08 02:29:42.206 Option vdl-logging = yes
    2015-01-08 02:29:42.393 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-08 02:29:42.393 Machine ID: a2422a306ed6490ab1c89943fde64fb7
    2015-01-08 02:29:48.852 Component SVRTcli.exe version 2.5.4
    2015-01-08 02:29:48.852 Component control.dll version 2.5.4
    2015-01-08 02:29:48.852 Component SVRTservice.exe version 2.5.4
    2015-01-08 02:29:48.852 Component engine\osdp.dll version 1.44.1.2183
    2015-01-08 02:29:48.852 Component engine\veex.dll version 3.58.3.2183
    2015-01-08 02:29:48.852 Component engine\savi.dll version 8.1.5.2183
    2015-01-08 02:30:01.581 Component rkdisk.dll version 1.5.30.0
    2015-01-08 02:30:01.581 Version info: Product version 2.5.4
    2015-01-08 02:30:01.581 Version info: Detection engine 3.58.3
    2015-01-08 02:30:01.581 Version info: Detection data 5.08
    2015-01-08 02:30:01.581 Version info: Build date 11/11/2014
    2015-01-08 02:30:01.581 Version info: Data files added 521
    2015-01-08 02:30:01.581 Version info: Last successful update (not yet updated)

    2015-01-08 05:46:42.425 Could not open C:\hiberfil.sys

    2015-01-08 05:55:34.454 Scan cancelled by user.
    2015-01-08 05:55:34.454

    ------------------------------------------------------------

    2015-01-08 08:04:34.483 Sophos Virus Removal Tool version 2.5.4
    2015-01-08 08:04:34.483 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-08 08:04:34.483 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-08 08:04:34.483 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-01-08 08:04:34.483 Checking for updates...
    2015-01-08 08:04:38.695 Update progress: proxy server not available
    2015-01-08 08:04:48.788 Option all = no
    2015-01-08 08:04:48.788 Option recurse = yes
    2015-01-08 08:04:48.788 Option archive = no
    2015-01-08 08:04:48.788 Option service = yes
    2015-01-08 08:04:48.788 Option confirm = yes
    2015-01-08 08:04:48.788 Option sxl = yes
    2015-01-08 08:04:48.788 Option max-data-age = 35
    2015-01-08 08:04:48.788 Option EnableSafeClean = yes
    2015-01-08 08:04:48.851 Option vdl-logging = yes
    2015-01-08 08:04:48.851 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-08 08:04:48.851 Machine ID: a2422a306ed6490ab1c89943fde64fb7
    2015-01-08 08:04:48.851 Component SVRTcli.exe version 2.5.4
    2015-01-08 08:04:48.851 Component control.dll version 2.5.4
    2015-01-08 08:04:48.851 Component SVRTservice.exe version 2.5.4
    2015-01-08 08:04:48.851 Component engine\osdp.dll version 1.44.1.2183
    2015-01-08 08:04:48.851 Component engine\veex.dll version 3.58.3.2183
    2015-01-08 08:04:48.851 Component engine\savi.dll version 8.1.5.2183
    2015-01-08 08:04:48.866 Component rkdisk.dll version 1.5.30.0
    2015-01-08 08:04:48.882 Version info: Product version 2.5.4
    2015-01-08 08:04:48.882 Version info: Detection engine 3.58.3
    2015-01-08 08:04:48.882 Version info: Detection data 5.08
    2015-01-08 08:04:48.882 Version info: Build date 11/11/2014
    2015-01-08 08:04:48.882 Version info: Data files added 521
    2015-01-08 08:04:48.882 Version info: Last successful update (not yet updated)
    2015-01-08 08:05:19.146 Downloading updates...
    2015-01-08 08:05:19.146 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-01-08 08:05:19.146 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-01-08 08:05:19.146 Update progress: [I49502] Found supplement IDE509 LATEST
    2015-01-08 08:05:19.146 Update progress: [I49502] Found supplement IDE510 LATEST
    2015-01-08 08:05:19.146 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-01-08 08:05:19.146 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-01-08 08:05:19.146 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-01-08 08:05:19.146 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-01-08 08:05:19.146 Update progress: [I19463] Syncing product SAVIW32 48
    2015-01-08 08:05:24.091 Update progress: [I19463] Syncing product IDE509 177
    2015-01-08 08:05:24.481 Update progress: [I19463] Syncing product IDE510 179
    2015-01-08 08:05:24.481 Update progress: [I19463] Syncing product IDE511 170
    2015-01-08 08:05:26.556 Update progress: [I19463] Syncing product IDE512 16
    2015-01-08 08:05:27.960 Installing updates...
    2015-01-08 08:05:28.771 Error level 1
    2015-01-08 08:05:28.771 Update progress: [I19463] Syncing product IDE513 1
    2015-01-08 08:05:49.176 Update successful
    2015-01-08 08:06:05.681 Option all = no
    2015-01-08 08:06:05.681 Option recurse = yes
    2015-01-08 08:06:05.681 Option archive = no
    2015-01-08 08:06:05.681 Option service = yes
    2015-01-08 08:06:05.681 Option confirm = yes
    2015-01-08 08:06:05.681 Option sxl = yes
    2015-01-08 08:06:05.681 Option max-data-age = 35
    2015-01-08 08:06:05.681 Option EnableSafeClean = yes
    2015-01-08 08:06:05.712 Option vdl-logging = yes
    2015-01-08 08:06:05.774 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-08 08:06:05.774 Machine ID: a2422a306ed6490ab1c89943fde64fb7
    2015-01-08 08:06:05.774 Component SVRTcli.exe version 2.5.4
    2015-01-08 08:06:05.774 Component control.dll version 2.5.4
    2015-01-08 08:06:05.774 Component SVRTservice.exe version 2.5.4
    2015-01-08 08:06:05.774 Component engine\osdp.dll version 1.44.1.2183
    2015-01-08 08:06:05.774 Component engine\veex.dll version 3.58.3.2183
    2015-01-08 08:06:05.774 Component engine\savi.dll version 8.1.5.2183
    2015-01-08 08:06:05.774 Component rkdisk.dll version 1.5.30.0
    2015-01-08 08:06:05.774 Version info: Product version 2.5.4
    2015-01-08 08:06:05.774 Version info: Detection engine 3.58.3
    2015-01-08 08:06:05.774 Version info: Detection data 5.08G
    2015-01-08 08:06:05.774 Version info: Build date 11/11/2014
    2015-01-08 08:06:05.774 Version info: Data files added 537
    2015-01-08 08:06:05.774 Version info: Last successful update 8/01/2015 6:05:49 PM

    2015-01-08 08:14:24.094 Could not open C:\hiberfil.sys
    2015-01-08 08:16:33.400 Could not open C:\pagefile.sys
    2015-01-08 08:27:56.100 Could not open C:\System Volume Information\{1d927f94-8ee0-11e4-ab07-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-08 08:27:56.100 Could not open C:\System Volume Information\{1d92827a-8ee0-11e4-ab07-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-08 08:27:56.100 Could not open C:\System Volume Information\{334137de-924b-11e4-a812-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-08 08:27:56.100 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-08 08:27:56.100 Could not open C:\System Volume Information\{5d87e5ee-94b5-11e4-9dd0-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-08 08:27:56.100 Could not open C:\System Volume Information\{6eaad41f-9579-11e4-80df-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-08 08:27:56.100 Could not open C:\System Volume Information\{f89c7e52-870a-11e4-985c-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-08 08:32:15.186 Could not check C:\Users\User\Desktop\Bits and Pieces\Sentinar 2\Sentinar new docs\Lifelink- New supplier request form.doc (corrupt)
    2015-01-08 08:48:16.880 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-01-08 08:48:16.880 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-01-08 08:48:25.694 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-01-08 08:48:25.694 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-01-08 08:48:25.694 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-01-08 08:48:25.694 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-01-08 08:48:25.710 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-01-08 09:01:44.665 SafeClean bin directory is empty.
    2015-01-08 09:01:46.912 Error level 0

    2015-01-09 00:36:22.848 Scan completed.
    2015-01-09 00:36:22.848

    ------------------------------------------------------------

    2016-01-20 01:18:25.141 Sophos Virus Removal Tool version 2.5.4
    2016-01-20 01:18:25.141 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-01-20 01:18:25.141 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-01-20 01:18:25.141 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2016-01-20 01:18:25.141 Checking for updates...
    2016-01-20 01:18:25.203 Update progress: proxy server not available
    2016-01-20 01:18:26.014 Update error: invalid login credentials (error 5)
    Couldn't authenticate user for resource with host server. URL was: http://dci.sophosupd.com/update
    2016-01-20 01:18:31.209 Option all = no
    2016-01-20 01:18:31.209 Option recurse = yes
    2016-01-20 01:18:31.209 Option archive = no
    2016-01-20 01:18:31.209 Option service = yes
    2016-01-20 01:18:31.209 Option confirm = yes
    2016-01-20 01:18:31.209 Option sxl = yes
    2016-01-20 01:18:31.209 Option max-data-age = 35
    2016-01-20 01:18:31.209 Option EnableSafeClean = yes
    2016-01-20 01:18:31.240 Option vdl-logging = yes
    2016-01-20 01:18:31.240 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2016-01-20 01:18:31.240 Machine ID: a2422a306ed6490ab1c89943fde64fb7
    2016-01-20 01:18:31.256 Component SVRTcli.exe version 2.5.4
    2016-01-20 01:18:31.256 Component control.dll version 2.5.4
    2016-01-20 01:18:31.256 Component SVRTservice.exe version 2.5.4
    2016-01-20 01:18:31.256 Component engine\osdp.dll version 1.44.1.2183
    2016-01-20 01:18:31.256 Component engine\veex.dll version 3.58.3.2183
    2016-01-20 01:18:31.256 Component engine\savi.dll version 8.1.5.2183
    2016-01-20 01:18:31.256 Component rkdisk.dll version 1.5.30.0
    2016-01-20 01:18:31.256 Version info: Product version 2.5.4
    2016-01-20 01:18:31.256 Version info: Detection engine 3.58.3
    2016-01-20 01:18:31.256 Version info: Detection data 5.08G
    2016-01-20 01:18:31.256 Version info: Build date 11/11/2014
    2016-01-20 01:18:31.256 Version info: Data files added 537
    2016-01-20 01:18:31.256 Version info: Last successful update 8/01/2015 6:05:49 PM
    2016-01-20 01:19:10.274 Error level 1

    2016-01-20 01:19:10.274 Scan completed.
    2016-01-20 01:19:10.274

    ------------------------------------------------------------

    2016-02-03 02:21:27.112 Sophos Virus Removal Tool version 2.5.4
    2016-02-03 02:21:27.112 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-02-03 02:21:27.112 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-02-03 02:21:27.112 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2016-02-03 02:21:27.642 Removed SafeClean bin directory.


    2016-02-03 02:21:27.642 Scan completed.
    2016-02-03 02:21:27.642

    ------------------------------------------------------------

    2016-02-03 02:23:46.625 Sophos Virus Removal Tool version 2.5.5
    2016-02-03 02:23:46.625 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-02-03 02:23:46.625 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-02-03 02:23:46.625 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2016-02-03 02:23:46.625 Checking for updates...
    2016-02-03 02:23:48.949 Update progress: proxy server not available
    2016-02-03 02:23:52.506 Option all = no
    2016-02-03 02:23:52.506 Option recurse = yes
    2016-02-03 02:23:52.506 Option archive = no
    2016-02-03 02:23:52.506 Option service = yes
    2016-02-03 02:23:52.506 Option confirm = yes
    2016-02-03 02:23:52.506 Option sxl = yes
    2016-02-03 02:23:52.506 Option max-data-age = 35
    2016-02-03 02:23:52.506 Option EnableSafeClean = yes
    2016-02-03 02:23:53.551 Option vdl-logging = yes
    2016-02-03 02:23:53.567 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2016-02-03 02:23:53.567 Machine ID: ef7e64751d104b34b0b302987ea953bf
    2016-02-03 02:23:53.567 Component SVRTcli.exe version 2.5.5
    2016-02-03 02:23:53.567 Component control.dll version 2.5.5
    2016-02-03 02:23:53.567 Component SVRTservice.exe version 2.5.5
    2016-02-03 02:23:53.567 Component engine\osdp.dll version 1.44.1.2230
    2016-02-03 02:23:53.567 Component engine\veex.dll version 3.63.0.2230
    2016-02-03 02:23:53.567 Component engine\savi.dll version 9.0.0.2230
    2016-02-03 02:23:53.567 Component rkdisk.dll version 1.5.30.0
    2016-02-03 02:23:53.567 Version info: Product version 2.5.5
    2016-02-03 02:23:53.567 Version info: Detection engine 3.63.0
    2016-02-03 02:23:53.567 Version info: Detection data 5.22
    2016-02-03 02:23:53.567 Version info: Build date 8/12/2015
    2016-02-03 02:23:53.567 Version info: Data files added 383
    2016-02-03 02:23:53.567 Version info: Last successful update (not yet updated)
    2016-02-03 02:24:01.694 Downloading updates...
    2016-02-03 02:24:01.694 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2016-02-03 02:24:01.694 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2016-02-03 02:24:01.694 Update progress: [I49502] Found supplement IDE524 LATEST
    2016-02-03 02:24:01.694 Update progress: [I49502] Found supplement IDE525 LATEST
    2016-02-03 02:24:01.694 Update progress: [I49502] Found supplement IDE526 LATEST
    2016-02-03 02:24:01.694 Update progress: [I49502] Found supplement IDE527 LATEST
    2016-02-03 02:24:01.694 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2016-02-03 02:24:01.694 Update progress: [I19463] Syncing product SAVIW32 65
    2016-02-03 02:24:13.551 Update progress: [I19463] Syncing product IDE524 131
    2016-02-03 02:24:13.863 Update progress: [I19463] Syncing product IDE525 137
    2016-02-03 02:24:14.362 Installing updates...
    2016-02-03 02:24:14.970 Error level 1
    2016-02-03 02:24:14.970 Update progress: [I19463] Syncing product IDE526 1
    2016-02-03 02:24:14.970 Update progress: [I19463] Syncing product IDE527 1
    2016-02-03 02:24:19.042 Update successful
    2016-02-03 02:24:25.563 Option all = no
    2016-02-03 02:24:25.563 Option recurse = yes
    2016-02-03 02:24:25.563 Option archive = no
    2016-02-03 02:24:25.563 Option service = yes
    2016-02-03 02:24:25.563 Option confirm = yes
    2016-02-03 02:24:25.563 Option sxl = yes
    2016-02-03 02:24:25.563 Option max-data-age = 35
    2016-02-03 02:24:25.563 Option EnableSafeClean = yes
    2016-02-03 02:24:25.594 Option vdl-logging = yes
    2016-02-03 02:24:25.594 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2016-02-03 02:24:25.594 Machine ID: ef7e64751d104b34b0b302987ea953bf
    2016-02-03 02:24:25.594 Component SVRTcli.exe version 2.5.5
    2016-02-03 02:24:25.594 Component control.dll version 2.5.5
    2016-02-03 02:24:25.594 Component SVRTservice.exe version 2.5.5
    2016-02-03 02:24:25.594 Component engine\osdp.dll version 1.44.1.2240
    2016-02-03 02:24:25.594 Component engine\veex.dll version 3.64.0.2240
    2016-02-03 02:24:25.594 Component engine\savi.dll version 9.0.0.2240
    2016-02-03 02:24:25.594 Component rkdisk.dll version 1.5.30.0
    2016-02-03 02:24:25.594 Version info: Product version 2.5.5
    2016-02-03 02:24:25.594 Version info: Detection engine 3.64.0
    2016-02-03 02:24:25.594 Version info: Detection data 5.23
    2016-02-03 02:24:25.594 Version info: Build date 12/01/2016
    2016-02-03 02:24:25.594 Version info: Data files added 266
    2016-02-03 02:24:25.594 Version info: Last successful update 3/02/2016 12:24:19 PM

    2016-02-03 03:02:23.260 Could not open C:\hiberfil.sys
    2016-02-03 03:03:24.662 Could not open C:\pagefile.sys
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{3a1f4a3c-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{3a1f4d01-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{3a1f52c3-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{3a1f56ba-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{3a1f5a0e-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{3a1f5a16-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{c7f2ee6c-c182-11e5-8404-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{c7f2ef78-c182-11e5-8404-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{c7f2f1a5-c182-11e5-8404-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:16:08.158 Could not open C:\System Volume Information\{c7f2f858-c182-11e5-8404-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:18:25.127 Could not check C:\Users\User\Desktop\Bits and Pieces\Sentinar 2\Sentinar new docs\Lifelink- New supplier request form.doc (corrupt)
    2016-02-03 03:19:02.816 >>> Virus 'Troj/Dyreza-FQ' found in file C:\Users\User\Desktop\emails\invoice.zip
    2016-02-03 03:19:02.816 >>> Virus 'Troj/Dyreza-FQ' found in file HKU\S-1-5-21-3378409544-1394426512-3382030840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2016-02-03 03:19:02.816 >>> Virus 'Troj/Dyreza-FQ' found in file HKU\S-1-5-21-3378409544-1394426512-3382030840-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2016-02-03 03:19:02.816 >>> Virus 'Troj/Dyreza-FQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2016-02-03 03:19:03.237 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\dd.exe
    2016-02-03 03:19:03.237 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\gzip.exe
    2016-02-03 03:19:03.237 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\libgcc_s_dw2-1.dll
    2016-02-03 03:19:03.237 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\libstdc++-6.dll
    2016-02-03 03:19:03.237 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\mingwm10.dll
    2016-02-03 03:19:03.237 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\QtCore4.dll
    2016-02-03 03:19:03.253 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\QtGui4.dll
    2016-02-03 03:19:03.253 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\step-1-decompress.bat
    2016-02-03 03:19:03.253 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\rc2-recovery\step-2-write-image.exe
    2016-02-03 03:19:03.253 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._dd.exe
    2016-02-03 03:19:03.253 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._gzip.exe
    2016-02-03 03:19:03.253 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._libgcc_s_dw2-1.dll
    2016-02-03 03:19:03.253 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._libstdc++-6.dll
    2016-02-03 03:19:03.269 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._mingwm10.dll
    2016-02-03 03:19:03.269 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._QtCore4.dll
    2016-02-03 03:19:03.269 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._QtGui4.dll
    2016-02-03 03:19:03.269 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._step-1-decompress.bat
    2016-02-03 03:19:03.269 Could not open C:\Users\User\Desktop\FLTRAD24\rc2-recovery\__MACOSX\rc2-recovery\._step-2-write-image.exe
    2016-02-03 03:26:43.220 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2016-02-03 03:26:43.220 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2016-02-03 03:26:44.171 Could not open C:\Windows\System32\config\components
    2016-02-03 03:26:44.187 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2016-02-03 03:26:44.187 Could not open C:\Windows\System32\config\RegBack\SAM
    2016-02-03 03:26:44.187 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2016-02-03 03:26:44.187 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2016-02-03 03:26:44.187 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2016-02-03 03:29:17.520 Could not open C:\Windows\temp\TMP000019F7D4EEDDCED2357C45
    2016-02-03 03:37:37.263 Password protected file E:\Lifelink Computer Files\Desktop\old excel documents\T'End-Backup.XLS
    2016-02-03 03:38:27.122 Password protected file E:\Lifelink Computer Files\Excel\Chris-Old\From Mike\T'End.XLS
    2016-02-03 03:38:27.419 Password protected file E:\Lifelink Computer Files\Excel\LIFELINKSPDSHT.XLS
    2016-02-03 03:41:25.680 Password protected file E:\Lifelink Computer Files\Old Computer Files\Mike\Desktop\old excel documents\T'End-Backup.XLS
    2016-02-03 03:43:06.690 Password protected file E:\Lifelink Computer Files\Old Computer Files\old excel documents\T'End-Backup.XLS
    2016-02-03 03:43:51.011 Password protected file E:\Lifelink Computer Files\Old Drive Documents\Excel\Chris-Old\From Mike\T'End.XLS
    2016-02-03 03:43:51.307 Password protected file E:\Lifelink Computer Files\Old Drive Documents\Excel\LIFELINKSPDSHT.XLS
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{16458b1b-bf02-11e5-8431-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{39e64b7f-8a2a-11e5-9ca7-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{39e653f3-8a2a-11e5-9ca7-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{39e65c96-8a2a-11e5-9ca7-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{39e664f1-8a2a-11e5-9ca7-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{3a1f4a3b-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{3a1f4d00-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{3a1f52c1-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{3a1f56b9-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{3a1f5a0d-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{3a1f5a15-c48f-11e5-8430-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{459f4a9a-9e1c-11e5-ac7b-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{459f4b0e-9e1c-11e5-ac7b-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{459f4ca1-9e1c-11e5-ac7b-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{5b63fcdb-8899-11e5-9bb6-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{8cc41e35-ae6b-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{8cc41f94-ae6b-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{8cc4272c-ae6b-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{8cc42db5-ae6b-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{8cc42e77-ae6b-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{8cc436b6-ae6b-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{99609e32-876b-11e5-841a-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{99609f6e-876b-11e5-841a-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{a3c434ce-98fe-11e5-9ca7-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{afff33c9-ba1a-11e5-9ba6-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{afff3491-ba1a-11e5-9ba6-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{b2619570-9b0c-11e5-9b8b-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{b261957c-9b0c-11e5-9b8b-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{b2619a3f-9b0c-11e5-9b8b-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{c7f2ee6b-c182-11e5-8404-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{c7f2ef77-c182-11e5-8404-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{c7f2f1a3-c182-11e5-8404-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{c7f2f857-c182-11e5-8404-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d71bb3-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d71d66-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d722b4-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d725c5-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d72883-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d72bd5-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d733ab-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d73778-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{d2d73c11-9e99-11e5-8401-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 03:50:59.603 Could not open E:\System Volume Information\{e3ad25d7-8668-11e5-85e3-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{077463f4-4117-11e5-9a01-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{0b673f63-0767-11e5-8ac0-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{0d3758a9-e395-11e4-aeb2-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{349dfceb-1bc5-11e5-9dc1-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{48f7bca0-2fcc-11e5-8ca0-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{48f7c51a-2fcc-11e5-8ca0-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{48f7cbb9-2fcc-11e5-8ca0-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{75c503e4-2b16-11e5-8f8e-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{a8bf3011-ec64-11e4-9761-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{af5e55d1-4df6-11e5-b2fb-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{b26195b2-9b0c-11e5-9b8b-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{c4295d09-0f95-11e5-912d-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{c4296636-0f95-11e5-912d-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{d7693dc5-21ed-11e5-88af-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{d76944ff-21ed-11e5-88af-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{eec54ff9-4bff-11e5-9b40-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:30.436 Could not open F:\System Volume Information\{fe206b1e-ea5e-11e4-b1bc-6cf049e44832}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2016-02-03 04:08:31.138 The following items will be cleaned up:
    2016-02-03 04:08:31.138 Troj/Dyreza-FQ
     
    GRAHAM WESTON,
    #22


  3. to hide this advert.

  4. 2016/02/02
    GRAHAM WESTON

    GRAHAM WESTON Well-Known Member Thread Starter

    Joined:
    2002/07/30
    Messages:
    371
    Likes Received:
    0
    Farbar Service Scanner Version: 27-01-2016
    Ran by User (administrator) on 03-02-2016 at 09:46:34
    Running from "C:\Users\User\Desktop\WINDOWS BBS January "
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware "=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
    GRAHAM WESTON,
    #23
  5. 2016/02/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    =============================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now ")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
    broni,
    #24
  6. 2016/02/05
    GRAHAM WESTON

    GRAHAM WESTON Well-Known Member Thread Starter

    Joined:
    2002/07/30
    Messages:
    371
    Likes Received:
    0
    Broni,
    Many thanks, it all seems to be running well now. Many thanks forall your help, greatly appreciated.
     
    GRAHAM WESTON,
    #25
  7. 2016/02/05
    GRAHAM WESTON

    GRAHAM WESTON Well-Known Member Thread Starter

    Joined:
    2002/07/30
    Messages:
    371
    Likes Received:
    0
    Broni,
    The Thread Solved button is not showing in my thread tools, how can i mark it as solved.
     
    GRAHAM WESTON,
    #26
  8. 2016/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    In this forum only I can do it.

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
    broni,
    #27
  9. 2016/02/06
    GRAHAM WESTON

    GRAHAM WESTON Well-Known Member Thread Starter

    Joined:
    2002/07/30
    Messages:
    371
    Likes Received:
    0
    Many thanks Broni.
     
    GRAHAM WESTON,
    #28
  10. 2016/02/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome [​IMG]
     
    broni,
    #29
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...