Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ycf.exe virus

Started by Slimbo73 , Aug 13 2011 07:06 AM

  • Please log in to reply

#1
Slimbo73
Posted 13 August 2011 - 07:06 AM

Slimbo73

    New Member

  • Member
  • Pip
  • 1 posts
Hi

I have acquired a virus, namely ycf.exe, which first became apparent on starting my computer (windows xp). The initial boot came up with a blue screen stating ' system root/windows/system32/autochk.exe not found, skipping autocheck'. the windows log in page then appears as normal but when i log into my user account it takes a lot longer for the wallpaper to appear and when it does it is blank without any application icons. also there is no 'windows startup' tune, just an annoying beep. the desktop applications then appear as normal , followed by an error message stating 'svchost.exe has encountered a problem and needs to close'. the norton 360 antivirus program does not load (as it usually does automatically on startup). when i try to go into the norton folder and click on the .exe file there it initially starts displaying ' initialising please wait' but after a few seconds shows the error message ' norton security suite has encountered a problem and needs to close'. the cd rom drive is present and working according to the device manager but will not run any cds. also no network connections are showing and i can't connect to the internet. msconfig shows that most of the services are 'stopped' even though all have their check box ticked. system restore cannot be disabled or actioned as an error message is displayed. on rebooting in safe mode (even with network connections) the problems are the same. i managed to perform a full system scan initially when i first entered safe mode (using norton 360 antivirus) which found the virus '....ycf.exe' in 2 locations (windows folder and documents and settings/user/local settings/temp folder). norton removed the virus from windows folder but stated that it was unable to remove it from the local settings/temp folder. i managed to manually delete the file from local settings/temp folder after assigning ownership rights to open the folder. however the virus seems to remain in the startup program as rebooting in safe mode or normal mode presents exactly the same problems. have checked the task manager on startup but can't find any suspicious applications (may be it's a dll virus) and can't find any suspicious registry entries. have run 'chkdsk' from the cmd prompt which detects an error, removes it and then says it can't proceed in 'read only' mode. any ideas?


PS I can use a removable USB memory stick on the E: drive but not all programs will run from it!

OTL logfile created on: 13/08/2011 13:53:14 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.07 Mb Total Physical Memory | 772.46 Mb Available Physical Memory | 75.58% Memory free
2.40 Gb Paging File | 2.31 Gb Available in Paging File | 96.39% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 83.53 Gb Free Space | 57.23% Space Free | Partition Type: NTFS
Drive D: | 554.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.45 Gb Total Space | 7.29 Gb Free Space | 97.86% Space Free | Partition Type: FAT32

Computer Name: EMMA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/13 13:48:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/13 13:48:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/11/23 17:51:04 | 000,192,512 | ---- | M] (MarkAny Cooperation.) -- C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WLSetupSvc)
SRV - File not found [Auto | Stopped] -- -- (ResultDns Service)
SRV - File not found [Auto | Stopped] -- -- (RapportMgmtService)
SRV - File not found [Unknown | Stopped] -- -- (NIS)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [On_Demand | Stopped] -- -- (DSBrokerService)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Auto | Stopped] -- -- (avgfws)
SRV - [2009/09/27 08:12:32 | 000,266,240 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\CSHelper.exe -- (CSHelper)
SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2008/08/29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2007/05/17 14:42:18 | 000,077,312 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe -- (PanelSvc)
SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2006/06/05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/01/10 23:19:19 | 000,217,088 | ---- | M] (Sony DADC Austria AG.) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)


========== Driver Services (SafeList) ==========

DRV - [2011/08/05 18:56:03 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/06/13 18:04:17 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/04/24 23:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys -- (KeyScrambler)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 05:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 05:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
DRV - [2007/11/12 18:41:40 | 000,406,528 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\arusb.sys -- (arusb(Atheros)) Atheros Wireless Network Adapter Service(Atheros)
DRV - [2007/06/15 03:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/05/29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006/03/20 10:21:58 | 000,045,056 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dptrackerd.sys -- (dptrackerd)
DRV - [2005/06/24 18:55:08 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/17 13:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/10 11:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 11:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/22 12:58:14 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2004/10/15 03:41:24 | 000,285,216 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wg11tnd5.sys -- (AR5523)
DRV - [2004/10/08 12:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/21 20:16:49 | 000,245,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CamDrL20.sys -- (PhilCam8116_XP) Logitech QuickCam Pro 3000(PID_08B1)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/01/30 14:29:37 | 000,055,808 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiH0464.sys -- (SaiH0464)
DRV - [2004/01/28 10:09:36 | 000,026,624 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiNtBus.sys -- (SaiNtBus)
DRV - [2004/01/28 10:09:34 | 000,015,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SaiMini.sys -- (SaiMini)
DRV - [2003/09/26 10:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosear...om/?useie5=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@camfrogweb.com/Camfrog Web Plugin,version=2,0: C:\Program Files\CFWebAdvancedU2\npcamfrogweb.dll (Camshare Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_0_8
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/03 00:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/03 00:21:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SearchHook Class) - {00000000-0593-4356-9CF7-1D8C2B3343C0} - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - File not found
O2 - BHO: (Groove Folder Synchronization) - {633E5479-46DA-30D0-7BF5-506C5DF30ADC} - C:\WINDOWS\SYSTEM32\MSRECR400.DLL (ipaMvOJI )
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found
O2 - BHO: (Baidu Toolbar BHO) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Baidu Toolbar) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [Norton Download Manager{NIS_Production_94_136_NUC}] File not found
O4 - HKCU..\Run: [PanelApp] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfr..._instmodule.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} http://gamingzone.ub...s/GSManager.cab (CoGSManager Class)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrad...raderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Installation Support)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec....ta/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.safe...lscbase8460.cab (Windows Live Safety Center Base Module)
O16 - DPF: {62D90588-609E-4208-A260-A6CEC45BB92C} http://watcherswebcl..._instmodule.exe (AXCamfrogWebCtrl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1154674860046 (MUWebControl Class)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Reg Error: Key error.)
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab (Yahoo! Webcam Upload Wrapper)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.wrexham.g...sCamControl.bin (CamImage Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game14.zylomg...gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/...nagerPlugin.CAB (MSN Music Mediabar)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} http://chat.yahoo.com/cab/yvwrctl.cab (Yahoo! Webcam Viewer Wrapper)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/...s/msnchat45.cab (MSN Chat Control 4.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/04 21:24:37 | 000,000,183 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\START.EXE -- [2010/08/17 04:38:16 | 002,927,472 | R--- | M] (Symantec Corporation)
O33 - MountPoints2\D\Shell\Install\Command - "" = D:\START.EXE -- [2010/08/17 04:38:16 | 002,927,472 | R--- | M] (Symantec Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 13:24:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/08/13 13:24:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/08/12 20:16:27 | 000,000,000 | ---D | C] -- C:\NPE
[2011/08/12 19:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\NortonInstaller
[2011/08/12 19:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Norton Internet Security
[2011/08/10 20:21:43 | 002,558,968 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Desktop\NPE.exe
[2011/08/06 01:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bitcollider
[2011/08/05 19:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix
[2011/08/04 23:23:42 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/04 23:23:42 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/04 23:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/04 23:23:32 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.sys
[2011/08/04 23:23:32 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011/08/04 23:23:32 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdi.sys
[2011/08/04 23:23:32 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.sys
[2011/08/04 23:23:32 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symtdiv.sys
[2011/08/04 23:23:32 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnets.sys
[2011/08/04 23:23:32 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Ironx86.sys
[2011/08/04 23:23:32 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011/08/04 23:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2011/08/04 23:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1205000.07D
[2011/08/04 23:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/08/02 22:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
[2011/08/02 21:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Cyberlink
[2011/08/02 21:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
[2011/08/02 21:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD
[2011/08/02 20:59:08 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAME.DLL
[2011/08/02 20:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AddressBar
[2011/08/01 21:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Repair Doctor
[2011/07/31 21:27:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Svchost
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 00:00:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/13 13:16:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/08/13 12:45:18 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2011/08/12 19:41:50 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/08/12 18:43:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/08/09 22:56:42 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/08/09 22:56:42 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/08/09 20:07:55 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AML Free Registry Cleaner.lnk
[2011/08/09 20:05:52 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2011/08/08 19:01:52 | 000,000,157 | ---- | M] () -- C:\WINDOWS\wwwbatch.ini
[2011/08/06 10:08:13 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/08/06 01:07:08 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitcollider.lnk
[2011/08/05 20:35:20 | 000,000,299 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\logs.dat
[2011/08/05 18:56:03 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/08/05 18:56:03 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/08/05 18:56:03 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/05 18:56:03 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/04 23:24:14 | 000,720,478 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/08/04 22:42:30 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security.job
[2011/08/02 21:39:12 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CD Drive.lnk
[2011/08/02 21:19:42 | 002,558,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Desktop\NPE.exe
[2011/08/01 19:58:06 | 000,000,074 | -HS- | M] () -- C:\WINDOWS\System32\logg.dat
[2011/07/29 21:58:02 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011/07/25 19:58:46 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/12 19:41:50 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/08/09 20:05:52 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2011/08/08 18:59:48 | 000,000,157 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2011/08/06 10:08:02 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/08/06 01:07:08 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitcollider.lnk
[2011/08/04 23:24:02 | 000,720,478 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Cat.DB
[2011/08/04 23:23:42 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/08/04 23:23:42 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/08/04 23:23:14 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.inf
[2011/08/04 23:23:14 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.inf
[2011/08/04 23:23:14 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNetV.inf
[2011/08/04 23:23:14 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNet.inf
[2011/08/04 23:23:14 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011/08/04 23:23:14 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011/08/04 23:23:14 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\Iron.inf
[2011/08/04 23:23:11 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\symnetv.cat
[2011/08/04 23:23:11 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\iron.cat
[2011/08/04 23:23:11 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymNet.cat
[2011/08/04 23:23:11 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymEFA.cat
[2011/08/04 23:23:11 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011/08/04 23:23:11 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\SymDS.cat
[2011/08/04 23:23:11 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011/08/04 23:23:11 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1205000.07D\isolate.ini
[2011/08/04 22:42:30 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security.job
[2011/08/02 21:39:12 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CD Drive.lnk
[2011/08/02 20:59:09 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AML Free Registry Cleaner.lnk
[2011/08/01 19:06:12 | 000,000,074 | -HS- | C] () -- C:\WINDOWS\System32\logg.dat
[2010/05/25 22:49:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/05/25 21:50:53 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/05/25 21:50:53 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/05/25 21:50:53 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/05/25 21:50:53 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/05/25 21:50:53 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/05/25 21:50:53 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/05/25 21:50:53 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/05/25 21:50:53 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/05/25 21:50:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/05/25 21:50:53 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/05/25 21:50:53 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/05/25 21:50:53 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/05/25 21:50:53 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/05/25 21:50:53 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/05/25 21:50:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/05/25 21:50:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/05/25 21:50:53 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/05/25 21:50:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/25 21:50:52 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/09/27 08:12:32 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/07/31 11:23:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\bcshellext.dll
[2009/05/04 22:01:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/06/02 19:40:40 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/02/23 14:12:01 | 000,143,944 | R--- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2007/12/07 11:41:25 | 000,675,579 | ---- | C] () -- C:\WINDOWS\PROGRAM.exe
[2007/11/28 17:46:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sys
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/05/10 15:18:41 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/05/10 15:18:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\IFinst26.exe
[2007/05/10 09:13:34 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/04/29 23:53:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\taskkill.exe
[2007/03/04 19:20:24 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007/01/26 18:24:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/12/23 20:52:20 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/23 20:52:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/23 20:52:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/05/06 00:11:00 | 000,001,516 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/04/07 23:39:08 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/03/08 14:35:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SAICFG.dll
[2006/03/08 14:35:41 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nx.exe
[2006/03/04 15:11:58 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2006/02/10 18:13:24 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/12 19:25:53 | 000,000,581 | ---- | C] () -- C:\WINDOWS\LuckyStreakPoker.ini
[2005/11/30 22:28:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/14 17:41:27 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2005/11/14 17:41:23 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005/11/14 17:40:23 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/11/14 17:40:01 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2005/09/25 14:08:30 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\zbq_Q1swg.ini
[2005/07/17 19:52:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/17 19:02:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/06/24 18:54:55 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/06/18 18:23:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2005/06/16 07:26:41 | 000,000,618 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/06/08 22:38:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/08 22:31:06 | 000,000,803 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/08 22:27:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/06/08 22:25:31 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/06/08 22:25:31 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/06/08 22:25:22 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/06/08 22:25:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/06/08 22:25:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/06/08 22:15:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/06/08 22:13:54 | 000,442,894 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/06/08 22:13:54 | 000,072,160 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/06/08 21:55:36 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/08 03:16:43 | 000,000,299 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\logs.dat
[2005/03/28 16:45:46 | 000,000,430 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2005/02/23 14:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 13:08:08 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 10:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 10:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 05:00:00 | 000,056,868 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 05:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mssiexec.exe
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 00:00:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 00:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== LOP Check ==========

[2011/08/02 20:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AddressBar
[2011/08/13 13:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Repair Doctor
[2009/06/21 16:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA3DeployClient
[2011/01/06 22:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2007/09/10 13:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2008/10/14 13:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/01/06 22:15:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/05/16 08:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2009/10/08 22:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2006/06/08 12:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2010/05/25 22:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/11/25 20:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/07/26 22:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HMRC
[2008/12/05 21:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/02/17 15:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/07/31 21:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/01/08 15:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/07/11 21:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/02/11 15:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/06/05 15:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/11/16 18:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/01/06 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2011/04/29 17:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/02/11 23:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultDns
[2011/03/18 18:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TalkTalk Labs
[2010/06/24 21:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/05 20:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/05/25 21:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/12/27 23:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/09/24 19:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/07/25 19:58:46 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/07/29 21:58:02 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
[2005/06/10 20:16:55 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50823280
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8AD7B8D

< End of report >

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP