Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus or Antivirus problem

Started by madzvhin , Feb 22 2011 04:40 AM

  • Please log in to reply

#1
madzvhin
Posted 22 February 2011 - 04:40 AM

madzvhin

    New Member

  • Member
  • Pip
  • 2 posts
One of the computer in our company has symantec antivirus installed and everytime I start the computer, the auto-protect always pops a list of infected file, usually .tmp file. I already did a full scan of the computer and delete the file infected but still the same. I'm wondering if the computer really has a virus or the symantec has a problem. I run an OTL and below is the log. Please help.

OTL logfile created on: 2/22/2011 12:10:34 PM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = E:\testing\GeekU
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 95.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.58 Gb Free Space | 36.44% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 33.92 Gb Free Space | 91.03% Space Free | Partition Type: NTFS
Drive Z: | 241.60 Gb Total Space | 65.30 Gb Free Space | 27.03% Space Free | Partition Type: NTFS

Computer Name: NETROOM | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\testing\GeekU\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - E:\testing\GeekU\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (vtigercrmMysql510) -- C:\Program Files\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe ()
SRV - (vtigercrmApache510) -- C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe (Apache Software Foundation)
SRV - (APC-Host) -- C:\Program Files\Anyplace Control 4\apc_host.exe (Anyplace Control Software)
SRV - (RDC-Host) -- C:\Program Files\Remote Desktop Control\apc_host.exe (AQUATRA, Inc.)
SRV - (winvnc) -- C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SFUSVC) -- C:\Program Files\Kyocera\FileUtility\SFUSVC.exe (KYOCERA MITA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110221.033\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110221.033\NAVENG.SYS (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys ()
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.qatar.net.qa:8080

========== FireFox ==========



[2011/01/25 17:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/01/25 17:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2011/02/21 10:20:22 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://192.168.1.20...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://192.168.1.20...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://192.168.1.20.../RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} https://192.168.1.20...root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} http://192.168.1.139:10080/MP4DVR.cab (ERViewerOCX Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DARWISH.COM
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/01 03:36:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/23 19:09:50 | 000,000,263 | -H-- | M] () - Z:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\##server2#common folder\Shell - "" = AutoRun
O33 - MountPoints2\##server2#common folder\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##server2#common folder\Shell\AutoRun\command - "" = Z:\~Drivers\~ewytuigj.exe
O33 - MountPoints2\##server2#common folder\Shell\explore\command - "" = Z:\~Drivers\~ewytuigj.exe
O33 - MountPoints2\##server2#common folder\Shell\open\command - "" = Z:\~Drivers\~ewytuigj.exe
O33 - MountPoints2\##server2#common folder\Shell\search\command - "" = Z:\~Drivers\~ewytuigj.exe
O33 - MountPoints2\{5c8502ca-3779-11e0-b59c-c947a60bf939}\Shell\AutoRun\command - "" = F:\~Drivers\GpAlGmAoTh.exe
O33 - MountPoints2\{5c8502ca-3779-11e0-b59c-c947a60bf939}\Shell\explore\command - "" = F:\~Drivers\GpAlGmAoTh.exe
O33 - MountPoints2\{5c8502ca-3779-11e0-b59c-c947a60bf939}\Shell\open\command - "" = F:\~Drivers\GpAlGmAoTh.exe
O33 - MountPoints2\{5c8502ca-3779-11e0-b59c-c947a60bf939}\Shell\search\command - "" = F:\~Drivers\GpAlGmAoTh.exe
O33 - MountPoints2\{9b471a47-1ecb-11e0-b57e-000d8705b98f}\Shell\AutoRun\command - "" = v63enh.exe
O33 - MountPoints2\{9b471a47-1ecb-11e0-b57e-000d8705b98f}\Shell\open\Command - "" = v63enh.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/21 08:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/20 15:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
[2011/02/20 15:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/02/20 15:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/02/20 15:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit PDF Editor
[2011/02/20 08:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD
[2011/02/17 15:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2011/02/17 15:57:50 | 000,000,000 | RHSD | C] -- C:\cwsandbox
[2011/02/15 09:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2011/02/12 07:33:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/31 17:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/31 17:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/31 17:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2011/01/31 17:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2011/01/31 17:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/01/30 07:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/01/30 07:39:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/01/30 07:23:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/01/30 07:18:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/01/30 07:17:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/01/29 17:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Move Networks
[2011/01/27 11:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/27 11:03:28 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/01/27 10:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2011/01/26 08:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2011/01/26 08:14:35 | 000,000,000 | ---D | C] -- C:\My_Outlook_Files
[2011/01/26 08:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\O2M
[2011/01/25 17:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/01/25 17:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
[2011/01/25 17:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2011/01/24 19:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BMExtreme
[2011/01/23 17:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2011/01/23 17:55:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2011/01/23 17:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2011/01/23 17:34:33 | 000,000,000 | ---D | C] -- C:\Inetpub
[2011/01/23 17:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2011/01/23 17:32:01 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2011/01/23 17:30:11 | 000,097,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2011/01/23 17:29:40 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/23 17:29:40 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/23 17:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/01/23 17:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2011/01/23 17:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/01/23 17:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/22 12:15:00 | 000,000,574 | ---- | M] () -- C:\WINDOWS\tasks\vtigerCRM WorkFlow.job
[2011/02/22 12:10:00 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\vtigerCRM Notification Scheduler.job
[2011/02/22 12:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/22 11:37:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/22 11:37:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/21 18:22:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-215294314-1172325415-2996094239-500UA.job
[2011/02/21 17:22:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-215294314-1172325415-2996094239-500Core.job
[2011/02/21 06:00:00 | 000,000,702 | ---- | M] () -- C:\WINDOWS\tasks\vtigerCRM Email Reminder.job
[2011/02/21 05:00:00 | 000,000,602 | ---- | M] () -- C:\WINDOWS\tasks\vtigerCRM Recurring Invoice.job
[2011/02/20 15:02:02 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Foxit PDF Editor.lnk
[2011/02/20 14:43:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/20 12:38:08 | 002,014,211 | ---- | M] () -- C:\doc20110220173938.pdf
[2011/02/20 08:38:54 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/02/20 08:38:54 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/02/20 08:38:54 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/02/20 08:38:54 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/02/17 16:03:49 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Administrator\netsf.inf
[2011/02/17 16:03:49 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Administrator\netsf_m.inf
[2011/02/15 08:13:20 | 000,001,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\check.lnk
[2011/02/14 18:09:09 | 000,001,148 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2011/02/14 16:59:46 | 000,484,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/14 16:59:46 | 000,086,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/12 17:47:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/12 07:38:51 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/12 07:38:50 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/02/07 17:12:58 | 001,287,168 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Personal Folders(1).pst
[2011/02/03 07:18:38 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cd name.xls
[2011/01/31 17:45:23 | 000,051,844 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/31 17:44:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/30 07:54:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/30 07:44:08 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/27 11:57:46 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/27 11:03:30 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/27 10:54:07 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/26 08:14:33 | 000,000,000 | ---- | M] () -- C:\temp.000
[2011/01/25 17:09:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/20 15:02:14 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/20 15:02:02 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Foxit PDF Editor.lnk
[2011/02/20 13:06:26 | 002,014,211 | ---- | C] () -- C:\doc20110220173938.pdf
[2011/02/17 16:03:49 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Administrator\netsf.inf
[2011/02/17 16:03:49 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Administrator\netsf_m.inf
[2011/02/15 09:51:11 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2011/02/15 08:12:09 | 000,001,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\check.lnk
[2011/02/03 07:18:38 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cd name.xls
[2011/02/02 19:42:59 | 001,287,168 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Personal Folders(1).pst
[2011/01/31 17:45:23 | 000,051,844 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/31 17:22:45 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/01/31 17:22:45 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/31 17:17:43 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-215294314-1172325415-2996094239-500UA.job
[2011/01/31 17:17:42 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-215294314-1172325415-2996094239-500Core.job
[2011/01/30 07:17:50 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/01/27 11:03:30 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/27 10:54:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/26 08:14:33 | 000,000,000 | ---- | C] () -- C:\temp.000
[2011/01/25 17:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/23 17:55:07 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/01/23 17:55:07 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2011/01/23 17:55:07 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/01/23 17:55:07 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2011/01/23 17:54:16 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/01/23 17:54:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/01/23 17:54:16 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2011/01/23 17:54:16 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2011/01/23 17:54:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/01/23 17:54:15 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2011/01/23 17:29:40 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/23 17:29:40 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/12/26 19:33:51 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/24 18:29:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\nscatch.ini
[2010/10/24 18:28:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\EZSET_SP.INI
[2010/10/03 17:24:07 | 000,113,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EnvironmentDiagnostics.chm
[2010/01/10 12:13:04 | 000,185,224 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/06/03 12:03:31 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/03/16 14:13:44 | 000,012,547 | ---- | C] () -- C:\WINDOWS\System32\argomon.dll
[2006/05/17 23:28:14 | 000,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2005/10/03 06:16:00 | 000,006,968 | ---- | C] () -- C:\WINDOWS\System32\KPNDLG.INI
[2005/01/13 23:38:00 | 000,003,334 | ---- | C] () -- C:\WINDOWS\System32\KPNMSG.INI
[2004/07/17 21:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/01/01 08:42:59 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2003/01/01 08:42:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/01/01 08:42:34 | 000,028,095 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/01/01 08:42:34 | 000,009,405 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/01/01 08:42:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2003/01/01 08:41:09 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/01/01 08:41:09 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/01/01 08:41:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2003/01/01 08:41:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2003/01/01 08:30:50 | 000,008,683 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2003/01/01 06:08:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/01 04:11:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

========== LOP Check ==========

[2011/01/30 20:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/01/24 19:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BMExtreme
[2010/10/24 18:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kmnv
[2011/01/25 17:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2010/08/29 22:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TKI
[2009/03/14 19:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/08/31 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teklynx
[2011/02/22 12:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/02/21 06:00:00 | 000,000,702 | ---- | M] () -- C:\WINDOWS\Tasks\vtigerCRM Email Reminder.job
[2011/02/22 12:10:00 | 000,000,568 | ---- | M] () -- C:\WINDOWS\Tasks\vtigerCRM Notification Scheduler.job
[2011/02/21 05:00:00 | 000,000,602 | ---- | M] () -- C:\WINDOWS\Tasks\vtigerCRM Recurring Invoice.job
[2011/02/22 12:15:00 | 000,000,574 | ---- | M] () -- C:\WINDOWS\Tasks\vtigerCRM WorkFlow.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP