Virus Help Please.

View previous topic View next topic Go down

Virus Help Please.

Post by sloudon55 on Wed 19 Jan 2011, 3:47 pm

hi so im having some trouble with my computer having random pop up error messages and i believe it is responsible for my usb ports failing not allowing transferring.



OTL logfile created on: 1/18/2011 8:14:43 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\loudon\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.15 Gb Total Space | 1.90 Gb Free Space | 1.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LOUDON-2BD9A00E | User Name: loudon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/18 20:07:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\loudon\My Documents\Downloads\OTL.com
PRC - [2010/04/29 11:30:44 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/29 11:30:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2010/01/07 14:38:08 | 000,209,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\Zune.exe
PRC - [2009/03/08 21:13:26 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2006/11/01 22:15:50 | 000,537,480 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcfcoms.exe
PRC - [2006/09/02 23:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/09/02 15:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/09/01 20:33:40 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


========== Modules (SafeList) ==========

MOD - [2011/01/18 20:07:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\loudon\My Documents\Downloads\OTL.com
MOD - [2006/08/25 07:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HidServ)
SRV - [2010/04/29 11:30:44 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/10 12:52:41 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/03/08 21:13:26 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/03/08 18:20:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/11/13 14:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2006/11/01 22:15:50 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [2006/09/05 17:22:26 | 000,079,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/09/02 23:54:52 | 000,048,272 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/09/02 23:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006/09/02 23:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/09/02 23:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/09/02 23:04:08 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 15:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/09/01 20:33:40 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)


========== Driver Services (SafeList) ==========

DRV - [2010/12/17 09:49:38 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110118.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 09:49:38 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110118.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/15 10:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20110114.003\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/06/17 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/02 05:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/03 19:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 19:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 19:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 19:07:10 | 000,035,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/03 19:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 19:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/03/08 21:14:25 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/16 17:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/12/07 15:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/08/18 05:47:10 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/05/23 22:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/17 11:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/01/07 14:19:26 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/28 21:44:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/18 20:13:14 | 000,000,000 | ---D | M]

[2009/03/15 18:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\loudon\Application Data\Mozilla\Extensions
[2010/08/17 00:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\loudon\Application Data\Mozilla\Firefox\Profiles\a7d7v0i2.default\extensions
[2009/08/11 17:13:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\loudon\Application Data\Mozilla\Firefox\Profiles\a7d7v0i2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/23 16:00:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\loudon\Application Data\Mozilla\Firefox\Profiles\a7d7v0i2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/11/05 00:50:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\loudon\Application Data\Mozilla\Firefox\Profiles\a7d7v0i2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/29 18:53:55 | 000,000,000 | ---D | M] ("AIM Toolbar") -- C:\Documents and Settings\loudon\Application Data\Mozilla\Firefox\Profiles\a7d7v0i2.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/02/28 18:48:57 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Documents and Settings\loudon\Application Data\Mozilla\Firefox\Profiles\a7d7v0i2.default\extensions\radiobar@toolbar
[2009/08/29 18:53:57 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\loudon\Application Data\Mozilla\Firefox\Profiles\a7d7v0i2.default\searchplugins\aim-search.xml
[2009/11/04 20:45:08 | 000,002,238 | ---- | M] () -- C:\Documents and Settings\loudon\Application Data\Mozilla\Firefox\Profiles\a7d7v0i2.default\searchplugins\askcom.xml
[2011/01/18 19:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:59:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/18 19:58:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/10 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6a8301a2-3cc1-4edc-a2bc-42f23ec9fdee} - File not found
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk = File not found
O4 - Startup: C:\Documents and Settings\loudon\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\dopitisu.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\bahegope.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\suwumuwo.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\jikonidi.dll) - File not found
O20 - AppInit_DLLs: (kunobesi.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\vurofope.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\feloviko.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: hosokozun - {50e56ca4-8e72-48bf-acf9-acfd5c8458c2} - File not found
O21 - SSODL: lipagomiz - {3d4692ea-3616-4ec8-9851-8bb7e8a5c516} - File not found
O21 - SSODL: mezofesos - {c6e0ce51-0369-4ade-a1a8-654bc5e80afa} - File not found
O21 - SSODL: mojalijil - {ce4d5002-8f5a-4566-b901-953645c75c91} - File not found
O21 - SSODL: reyoseyek - {6eba135b-0ff5-45a7-a350-230f8260806a} - File not found
O22 - SharedTaskScheduler: {3d4692ea-3616-4ec8-9851-8bb7e8a5c516} - gahurihor - File not found
O22 - SharedTaskScheduler: {50e56ca4-8e72-48bf-acf9-acfd5c8458c2} - jugezatag - File not found
O22 - SharedTaskScheduler: {6eba135b-0ff5-45a7-a350-230f8260806a} - mujuzedij - File not found
O22 - SharedTaskScheduler: {c6e0ce51-0369-4ade-a1a8-654bc5e80afa} - mujuzedij - File not found
O22 - SharedTaskScheduler: {ce4d5002-8f5a-4566-b901-953645c75c91} - jugezatag - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\loudon\My Documents\1287307230300.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\loudon\Application Data\ArcSoft\PhotoViewer\1. 0. 0\PV_SetWallPaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/08 18:06:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{189f372f-1a9d-11de-b999-0019b9507759}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{2163260f-27b3-11de-b9af-0019b9507759}\Shell - "" = AutoRun
O33 - MountPoints2\{2163260f-27b3-11de-b9af-0019b9507759}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\Shell - "" = AutoRun
O33 - MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\Shell\AutoRun\command - "" = E:\MI.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/18 19:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/18 19:59:17 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/18 19:59:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/18 19:59:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/18 19:59:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/15 15:37:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2011/01/15 15:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2011/01/15 15:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Scan
[2011/01/15 15:37:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0300010.008
[2011/01/01 20:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/01/01 20:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/01/01 20:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Motorola Driver Installer
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\loudon\My Documents\*.tmp files -> C:\Documents and Settings\loudon\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/18 20:13:15 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/01/18 19:58:55 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/18 19:58:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/18 19:58:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/18 19:58:54 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/18 19:58:54 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/18 19:55:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/18 18:52:25 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/01/18 18:33:41 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for loudon.job
[2011/01/18 06:53:04 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/01/18 06:53:04 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/18 06:52:41 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/01/18 00:52:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/01/17 21:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/17 16:54:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/17 12:52:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/01/16 12:52:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/01/15 15:37:36 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2011/01/14 22:27:33 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - loudon.job
[2011/01/14 20:00:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - John C Loudon.job
[2011/01/12 16:56:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/01/10 21:39:51 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\loudon\Start Menu\Programs\Startup\ZooskMessenger.lnk
[2011/01/10 21:38:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/03 06:22:16 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0300010.008\isolate.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\loudon\My Documents\*.tmp files -> C:\Documents and Settings\loudon\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\yowobulu
[2011/01/18 20:13:15 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/01/15 15:37:36 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2011/01/15 15:37:22 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0300010.008\isolate.ini
[2011/01/14 06:52:58 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/01/14 06:52:58 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/12/15 20:55:21 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/15 20:55:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/03 19:59:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TMonitor.INI
[2009/03/23 14:20:02 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\loudon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/19 13:57:09 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/03/19 13:57:09 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0C951C51AC.sys
[2009/03/08 18:54:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/03/08 18:54:40 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/03/08 18:21:00 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\loudon\Local Settings\Application Data\fusioncache.dat
[2009/03/08 08:52:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/15 18:51:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/04 16:52:27 | 000,000,209 | ---- | C] () -- C:\WINDOWS\refpt.ini
[2006/10/28 10:31:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcfcoin.dll
[2006/10/20 13:42:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2006/10/20 13:42:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2006/10/20 13:41:46 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2006/10/20 13:37:22 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2006/10/20 13:37:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2006/10/20 13:37:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2006/10/20 13:36:54 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2006/10/20 13:35:36 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2006/09/06 05:27:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2006/06/14 21:18:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/02/23 11:43:10 | 000,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/02/22 19:22:54 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/08 11:09:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/27 18:54:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini
[2004/07/31 20:25:11 | 000,002,232 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/02/03 17:19:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/02/03 17:13:09 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2004/02/03 17:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2004/01/25 20:31:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/25 20:21:50 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/25 20:15:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/25 20:12:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2004/01/25 20:09:08 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/25 19:35:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 20:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/09/30 23:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1998/09/30 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1998/09/30 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1998/09/30 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/03/08 18:05:43 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/21 19:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD97.DLL
[2007/10/21 19:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP97.DLL
[2006/10/20 04:39:34 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcfPP5C.DLL
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/08/21 21:06:45 | 000,001,714 | -H-- | M] () -- C:\Documents and Settings\loudon\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/08 18:06:26 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by sloudon55 on Wed 19 Jan 2011, 3:47 pm

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/08 18:32:27 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\loudon\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/03/08 18:32:26 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\loudon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/08/22 13:46:30 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\loudon\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/02/26 01:32:09 | 000,120,280 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/02/26 01:32:09 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/02/26 01:32:12 | 000,244,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/03/08 18:32:26 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\loudon\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/25 20:20:27 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/03/08 08:50:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/08 08:50:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/08 08:50:14 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/10 03:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) -- C:\WINDOWS\system32\AWINDIS5.SYS
[2004/12/17 12:52:58 | 000,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcm42rly.sys
[2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\CBTNDIS5.sys
[2004/08/10 03:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2005/02/07 18:07:08 | 000,004,608 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI64.sys
[2005/03/13 15:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2005/02/09 12:08:04 | 000,007,168 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DLPT64.sys
[2005/02/08 12:04:46 | 000,005,632 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEn64.sys
[2005/02/08 11:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2005/02/08 14:46:04 | 000,005,120 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMO64.sys
[2004/06/15 14:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2004/08/10 03:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/10 03:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/10 03:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2004/08/10 03:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/10 03:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/10 03:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/10 03:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/10 03:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/10 03:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/10 03:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/10 03:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/10 03:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/10 03:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2004/08/10 03:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 04:19:41 | 001,850,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2006/05/23 21:19:40 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2004/08/03 23:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/10/21 19:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD97.DLL
[2007/10/21 19:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP97.DLL
[2006/10/20 04:39:34 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcfPP5C.DLL
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %SYSTEMDRIVE%\*.* >
[2011/01/10 21:38:00 | 000,033,881 | ---- | M] () -- C:\aaw7boot.log
[2009/03/08 18:06:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/08 17:57:49 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2002/09/03 11:13:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2009/03/08 18:06:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/01/25 19:43:10 | 000,005,170 | RH-- | M] () -- C:\DELL.SDR
[2009/03/08 18:06:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/29 20:58:09 | 000,001,976 | -H-- | M] () -- C:\IPH.PH
[2011/01/18 19:51:23 | 000,017,579 | ---- | M] () -- C:\JavaRa.log
[2009/03/08 18:06:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/11/01 18:39:39 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/11/01 18:39:39 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/04/04 22:33:44 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/04/04 22:33:44 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2011/01/10 21:38:10 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/09/14 19:49:55 | 000,021,885 | ---- | M] () -- C:\pg 51 (Recovered).docx
[2010/07/20 12:57:09 | 000,000,004 | ---- | M] () -- C:\WINDOWSRegDefrag.dat

< %PROGRAMFILES%\*. >
[2009/04/01 17:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\3DO
[2011/01/18 20:12:57 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/08/29 18:45:30 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2009/03/15 22:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/11/04 18:12:32 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/03/13 19:43:38 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/04/03 11:37:07 | 000,000,000 | ---D | M] -- C:\Program Files\BlackIsle
[2009/03/15 22:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/03/08 19:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/03/13 19:43:39 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom Advanced Control Suite
[2010/01/08 03:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Camfrog
[2009/03/08 18:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/01/01 20:00:41 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/01/25 19:33:12 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/03/08 18:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/03/13 19:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/11/05 00:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2009/03/13 19:45:28 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/03/13 19:45:28 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Computer
[2009/03/13 19:45:35 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2010/09/05 12:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/02/07 00:16:38 | 000,000,000 | ---D | M] -- C:\Program Files\dl_Cats
[2009/03/13 19:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\Documents To Go
[2009/03/13 19:45:57 | 000,000,000 | ---D | M] -- C:\Program Files\Encarta
[2009/03/13 19:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/03/13 19:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Funk Software
[2009/03/16 10:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2010/02/28 21:40:41 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/03/13 19:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\Handmark
[2009/03/13 19:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/11/05 15:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\imeem
[2010/11/18 22:43:07 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/03/08 19:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/03/13 19:46:25 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2009/05/21 21:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/13 19:46:32 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2009/11/05 15:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/03/13 19:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2011/01/18 19:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/04/27 13:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2010/01/31 12:40:04 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/03/13 19:48:51 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2009/05/20 13:04:49 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/10 19:29:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/03/13 19:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/16 18:38:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/03/13 19:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Encarta
[2004/01/25 19:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/05/03 18:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/20 07:50:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/05/05 14:29:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Small Business
[2009/05/04 00:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/03/13 19:49:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/06 08:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/13 19:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 2005
[2009/05/04 00:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/03/13 19:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2011/01/01 20:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2009/03/13 19:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/08/17 00:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/07 00:21:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/13 19:50:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/01/25 19:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/15 07:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/05/04 00:24:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/03/13 19:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2004/11/01 18:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/13 19:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2009/03/13 19:50:30 | 000,000,000 | ---D | M] -- C:\Program Files\Norton AntiVirus
[2010/01/08 03:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Internet Security
[2011/01/15 15:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/06/10 04:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2009/03/29 14:07:29 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2004/01/25 19:33:12 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/02/28 19:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/13 19:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2009/03/13 19:50:42 | 000,000,000 | ---D | M] -- C:\Program Files\PERRLA
[2010/02/28 19:02:18 | 000,000,000 | ---D | M] -- C:\Program Files\PowerPoint Viewer
[2009/04/19 03:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/03/13 19:51:05 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/08/07 00:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/13 19:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Point Software
[2009/03/13 19:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2009/03/08 18:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2009/03/13 19:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/03/08 18:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2009/11/09 08:47:17 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/03/13 19:51:38 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/02/17 15:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/08/30 20:07:50 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2010/08/30 20:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/03/13 19:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2008/01/31 20:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/03/13 19:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec Technical Support
[2009/03/13 19:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/03/13 19:51:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/04/24 19:23:37 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/02/28 21:41:00 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/03/13 19:51:47 | 000,000,000 | ---D | M] -- C:\Program Files\WildBlue
[2009/03/16 17:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/16 17:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/03/16 22:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2004/11/01 18:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/03/08 18:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2009/03/13 19:51:48 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/28 18:55:22 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/03/13 19:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 11
[2004/01/25 19:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/03/13 19:52:21 | 000,000,000 | ---D | M] -- C:\Program Files\XM Direct 2
[2009/12/15 20:55:21 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2010/09/05 12:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/03/13 19:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\Your Company Name
[2010/12/19 15:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\ZooskMessenger
[2010/01/26 18:50:13 | 000,000,000 | ---D | M] -- C:\Program Files\Zune

< %appdata%\*.* >
[2009/03/08 08:52:01 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\loudon\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/11/01 18:33:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2001/08/17 11:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[2001/08/17 11:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/11/01 18:33:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2003/04/23 07:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[2003/04/23 07:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2002/08/29 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:disk.sys
[2002/08/29 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/11/01 18:33:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\disk.sys
[2002/08/29 03:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\I386\DISK.SYS
[2002/08/29 03:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/10 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 03:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL
[2002/08/29 03:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 08:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2002/08/29 03:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2002/08/29 03:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 16:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/10 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/08/29 03:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2002/08/29 03:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 10:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< MD5 for: USBSTOR.SYS >
[2002/08/29 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:usbstor.sys
[2002/08/29 03:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/10 03:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/11/01 18:33:31 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2002/08/29 01:32:52 | 000,021,760 | ---- | M] (Microsoft Corporation) MD5=4923C60F9C381EAE679DB04021D26ABB -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2004/08/03 22:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-05-22 05:21:47

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by DragonMaster Jay on Wed 19 Jan 2011, 8:07 pm

Hello, and welcome to GeekPolice.

Before you use our service of malware removal, kindly review the [You must be registered and logged in to see this link.]. By replying once again, you agree to the Terms of Service.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    Code:
    :otl
    O20 - AppInit_DLLs: (c:\windows\system32\dopitisu.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\bahegope.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\suwumuwo.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\jikonidi.dll) - File not found
    O20 - AppInit_DLLs: (kunobesi.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\vurofope.dll) - File not found
    O20 - AppInit_DLLs: (c:\windows\system32\feloviko.dll) - File not found
    O21 - SSODL: hosokozun - {50e56ca4-8e72-48bf-acf9-acfd5c8458c2} - File not found
    O21 - SSODL: lipagomiz - {3d4692ea-3616-4ec8-9851-8bb7e8a5c516} - File not found
    O21 - SSODL: mezofesos - {c6e0ce51-0369-4ade-a1a8-654bc5e80afa} - File not found
    O21 - SSODL: mojalijil - {ce4d5002-8f5a-4566-b901-953645c75c91} - File not found
    O21 - SSODL: reyoseyek - {6eba135b-0ff5-45a7-a350-230f8260806a} - File not found
    O22 - SharedTaskScheduler: {3d4692ea-3616-4ec8-9851-8bb7e8a5c516} - gahurihor - File not found
    O22 - SharedTaskScheduler: {50e56ca4-8e72-48bf-acf9-acfd5c8458c2} - jugezatag - File not found
    O22 - SharedTaskScheduler: {6eba135b-0ff5-45a7-a350-230f8260806a} - mujuzedij - File not found
    O22 - SharedTaskScheduler: {c6e0ce51-0369-4ade-a1a8-654bc5e80afa} - mujuzedij - File not found
    O22 - SharedTaskScheduler: {ce4d5002-8f5a-4566-b901-953645c75c91} - jugezatag - File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\loudon\My Documents\1287307230300.png
    O32 - AutoRun File - [2009/03/08 18:06:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{189f372f-1a9d-11de-b999-0019b9507759}\Shell\AutoRun\command - "" = E:\setupSNK.exe
    O33 - MountPoints2\{2163260f-27b3-11de-b9af-0019b9507759}\Shell - "" = AutoRun
    O33 - MountPoints2\{2163260f-27b3-11de-b9af-0019b9507759}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\Shell - "" = AutoRun
    O33 - MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\Shell\AutoRun\command - "" = E:\MI.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -a
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\yowobulu
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    :commands
    [emptytemp]
    [purity]
    [emptyflash]
    [reboot]

  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)





Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.





ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus Help Please.

Post by sloudon55 on Sun 23 Jan 2011, 5:58 pm

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\dopitisu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\bahegope.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\suwumuwo.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jikonidi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:kunobesi.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\vurofope.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\feloviko.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hosokozun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50e56ca4-8e72-48bf-acf9-acfd5c8458c2}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lipagomiz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4692ea-3616-4ec8-9851-8bb7e8a5c516}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\mezofesos deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6e0ce51-0369-4ade-a1a8-654bc5e80afa}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\mojalijil deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce4d5002-8f5a-4566-b901-953645c75c91}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\reyoseyek deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eba135b-0ff5-45a7-a350-230f8260806a}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3d4692ea-3616-4ec8-9851-8bb7e8a5c516} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4692ea-3616-4ec8-9851-8bb7e8a5c516}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{50e56ca4-8e72-48bf-acf9-acfd5c8458c2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50e56ca4-8e72-48bf-acf9-acfd5c8458c2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{6eba135b-0ff5-45a7-a350-230f8260806a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6eba135b-0ff5-45a7-a350-230f8260806a}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{c6e0ce51-0369-4ade-a1a8-654bc5e80afa} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6e0ce51-0369-4ade-a1a8-654bc5e80afa}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{ce4d5002-8f5a-4566-b901-953645c75c91} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce4d5002-8f5a-4566-b901-953645c75c91}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\\WallPaper deleted successfully.
C:\Documents and Settings\loudon\My Documents\1287307230300.png moved successfully.
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{189f372f-1a9d-11de-b999-0019b9507759}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{189f372f-1a9d-11de-b999-0019b9507759}\ not found.
File E:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2163260f-27b3-11de-b9af-0019b9507759}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2163260f-27b3-11de-b9af-0019b9507759}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2163260f-27b3-11de-b9af-0019b9507759}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2163260f-27b3-11de-b9af-0019b9507759}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{293f2983-501a-11df-bae5-0019b9507759}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{293f2983-501a-11df-bae5-0019b9507759}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{293f2983-501a-11df-bae5-0019b9507759}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{293f2983-501a-11df-bae5-0019b9507759}\ not found.
File E:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\setup.exe -a not found.
C:\WINDOWS\system32\yowobulu moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.LOUDON-2BD9A00E
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 84 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 553978 bytes

User: loudon
->Temp folder emptied: 646095916 bytes
->Temporary Internet Files folder emptied: 145536021 bytes
->Java cache emptied: 78258085 bytes
->FireFox cache emptied: 94874236 bytes
->Google Chrome cache emptied: 228172115 bytes
->Apple Safari cache emptied: 182286336 bytes
->Flash cache emptied: 1410712 bytes

User: NetworkService
->Temp folder emptied: 213440 bytes
->Temporary Internet Files folder emptied: 781319 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3555857 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1606111127 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23944790 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,872.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.LOUDON-2BD9A00E
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: loudon
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01222011_223124

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by sloudon55 on Sun 23 Jan 2011, 6:13 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5576

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

1/22/2011 11:13:03 PM
mbam-log-2011-01-22 (23-13-03).txt

Scan type: Quick scan
Objects scanned: 157583
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by sloudon55 on Sun 23 Jan 2011, 8:15 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=3cb24a91ad78d541a9af0884c2ff201c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-23 09:13:38
# local_time=2011-01-23 01:13:38 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=2560 16777191 100 0 0 0 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=127672
# found=1
# cleaned=1
# scan_time=4682
C:\Documents and Settings\loudon\My Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by DragonMaster Jay on Mon 24 Jan 2011, 11:16 am

Please download SINO

  • Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  • Then please check the following checkboxes:
    Code:
    System Info
    Services
    Boot Check
    Tasklist
    Startup Items
    Event Log
    Ipconfig
    Hosts file
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.

  • A notepad window will pop up. Please copy all of the content into your next reply.

Note: If you try to interact with the program once itís started scanning it might appear to hang. The scan however will continue.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus Help Please.

Post by sloudon55 on Tue 25 Jan 2011, 4:19 am

System Investigator by Olrik
Log Created On: 0918_24-01-2011
SINO Version: 3.1.0.0

Total RAM: 2046 MB | Free RAM: 1162 MB | Pagefile Size: 3938 MB
C: | 3889 MB out of 107669 MB Free | Local Fixed Disk
D: | 0 MB out of 0 MB Free | CD-ROM Disc

<<<< System Information >>>>

Computer Name: LOUDON-2BD9A00E
Username: loudon
Language Setting: ENU
Windows Directory: C:\WINDOWS
Windows Version: Windows XP Service Pack 2
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[C:\WINDOWS\System32\smss.exe] - Process ID: 756
[csrss.exe] - Process ID: 812
[C:\WINDOWS\system32\winlogon.exe] - Process ID: 848
[C:\WINDOWS\system32\services.exe] - Process ID: 892
[C:\WINDOWS\system32\lsass.exe] - Process ID: 904
[C:\WINDOWS\system32\Ati2evxx.exe] - Process ID: 1068
[C:\WINDOWS\system32\svchost.exe] - Process ID: 1108
[svchost.exe] - Process ID: 1192
[C:\WINDOWS\System32\svchost.exe] - Process ID: 1252
[C:\WINDOWS\system32\svchost.exe] - Process ID: 1292
[svchost.exe] - Process ID: 1464
[svchost.exe] - Process ID: 1496
[C:\WINDOWS\System32\WLTRYSVC.EXE] - Process ID: 1656
[C:\WINDOWS\System32\bcmwltry.exe] - Process ID: 1372
[C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe] - Process ID: 1028
[C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe] - Process ID: 1600
[C:\WINDOWS\system32\Ati2evxx.exe] - Process ID: 2020
[C:\WINDOWS\Explorer.EXE] - Process ID: 372
[C:\WINDOWS\system32\spoolsv.exe] - Process ID: 484
[svchost.exe] - Process ID: 1128
[C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe] - Process ID: 1704
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] - Process ID: 276
[C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] - Process ID: 988
[C:\Program Files\Common Files\Java\Java Update\jusched.exe] - Process ID: 572
[C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe] - Process ID: 584
[C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac] - Process ID: 636
[C:\WINDOWS\system32\ctfmon.exe] - Process ID: 1772
[C:\Program Files\Bonjour\mDNSResponder.exe] - Process ID: 1788
[C:\WINDOWS\system32\dlcfcoms.exe] - Process ID: 1836
[C:\WINDOWS\eHome\ehRecvr.exe] - Process ID: 2248
[C:\WINDOWS\eHome\ehSched.exe] - Process ID: 2320
[C:\Program Files\Java\jre6\bin\jqs.exe] - Process ID: 2536
[C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe] - Process ID: 2756
[C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe] - Process ID: 2836
[svchost.exe] - Process ID: 2932
[C:\WINDOWS\system32\svchost.exe] - Process ID: 2944
[c:\WINDOWS\system32\ZuneBusEnum.exe] - Process ID: 3312
[mcrdsvc.exe] - Process ID: 3396
[C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe] - Process ID: 3588
[ZuneNss.exe] - Process ID: 3792
[C:\WINDOWS\system32\dllhost.exe] - Process ID: 2408
[C:\WINDOWS\System32\svchost.exe] - Process ID: 2860
[alg.exe] - Process ID: 2480
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 388
[C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe] - Process ID: 2124
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 504
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 5916
[C:\Program Files\Google\Chrome\Application\chrome.exe] - Process ID: 4708
[wmiprvse.exe] - Process ID: 5160
[C:\DOCUME~1\loudon\LOCALS~1\Temp\SINO\SINO.exe] - Process ID: 5672
[C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE] - Process ID: 3284
[C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE] - Process ID: 3108
[C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe] - Process ID: 5536
[C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe] - Process ID: 4472
[C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe] - Process ID: 5260
[C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe] - Process ID: 2928
[C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe] - Process ID: 5632

<<<< Startup Items >>>>

[ZooskMessenger.lnk] - - C:\Program Files\ZooskMessenger\ZooskMessenger.exe
[Wireless-G Notebook Adapter.lnk] - - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
[ArcSoft Connection Service] - - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[SunJavaUpdateSched] - - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[Adobe Reader Speed Launcher] - - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
[Adobe ARM] - - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[ctfmon.exe] - - C:\WINDOWS\system32\ctfmon.exe

<<<< MS Services >>>>

Application Layer Gateway Service (ALG) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\alg.exe
Ati HotKey Poller (Ati HotKey Poller) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\Ati2evxx.exe
Windows Audio (AudioSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Background Intelligent Transfer Service (BITS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Computer Browser (Browser) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
COM+ System Application (COMSysApp) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Logical Disk Manager (dmserver) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k NetworkService
Media Center Receiver Service (ehRecvr) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\eHome\ehRecvr.exe
Media Center Scheduler Service (ehSched) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\eHome\ehSched.exe
Error Reporting Service (ERSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log (Eventlog) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
COM+ Event System (EventSystem) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Help and Support (helpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL (HTTPFilter) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Server (lanmanserver) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Workstation (lanmanworkstation) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper (LmHosts) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Media Center Extender Service (McrdSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\ehome\mcrdsvc.exe
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) (Nla) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\services.exe
IPSEC Services (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Protected Storage (ProtectedStorage) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Remote Access Connection Manager (RasMan) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
System Event Notification (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\spoolsv.exe
System Restore Service (srservice) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
SSDP Discovery Service (SSDPSRV) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k imgsvc
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Terminal Services (TermService) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost -k DComLaunch
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Universal Plug and Play Device Host (upnphost) - Running [Manual | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Windows Management Instrumentation (winmgmt) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Wireless Zero Configuration (WZCSVC) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Alerter (Alerter) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k LocalService
Application Management (AppMgmt) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service (aspnet_state) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Indexing Service (CiSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\cisvc.exe
ClipBook (ClipSrv) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\clipsrv.exe
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Logical Disk Manager Administrative Service (dmadmin) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\dmadmin.exe /com
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
HID Input Service (HidServ) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
IMAPI CD-Burning COM Service (ImapiService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\imapi.exe
Messenger (Messenger) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
MHN (MHN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
NetMeeting Remote Desktop Sharing (mnmsrvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\mnmsrvc.exe
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\msdtc.exe
Windows Installer (MSIServer) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\msiexec.exe /V
Network DDE (NetDDE) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Network DDE DSDM (NetDDEdsdm) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\netdde.exe
Net Logon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
NT LM Security Support Provider (NtLmSsp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\lsass.exe
Removable Storage (NtmsSvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Microsoft Office Diagnostics Service (odserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager (RDSessMgr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\sessmgr.exe
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\locator.exe
QoS RSVP (RSVP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\rsvp.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\SCardSvr.exe
MS Software Shadow Copy Provider (SwPrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\dllhost.exe /Processid:{C48C4786-EAB9-4440-93F7-E3F9541C8F69}
Performance Logs and Alerts (SysmonLog) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\smlogsvc.exe
Telnet (TlntSvr) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\tlntsvr.exe
Uninterruptible Power Supply (UPS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\ups.exe
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\vssvc.exe
Portable Media Serial Number Service (WmdmPmSN) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation Driver Extensions (Wmi) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
WMI Performance Adapter (WmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Security Center (wscsvc) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Automatic Updates (wuauserv) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\WINDOWS\system32\svchost.exe -k netsvcs
Network Provisioning Service (xmlprov) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs

<<<< Non-MS Services >>>>

ArcSoft Connect Daemon (ACDaemon) - Running [Auto | Stoppable | Pausable] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
Apple Mobile Device (Apple Mobile Device) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Bonjour Service (Bonjour Service) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Bonjour\mDNSResponder.exe"
Symantec Event Manager (ccEvtMgr) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Settings Manager (ccSetMgr) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Symantec Lic NetConnect service (CLTNetCnService) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
dlcf_device (dlcf_device) - Running [Auto | Stoppable | Pausable] - C:\WINDOWS\system32\dlcfcoms.exe -service
Java Quick Starter (JavaQuickStarterService) - Running [Auto | Stoppable | Pausable] - "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LiveUpdate (LiveUpdate) - Running [Manual | Stoppable | Not_Pausable] - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
MgiSvr (MgiSvr) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
MotoConnect Service (MotoConnect Service) - Running [Auto | Stoppable | Pausable] - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
Symantec Core LC (Symantec Core LC) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Symantec AppCore Service (SymAppCore) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
Dell Wireless WLAN Tray Service (wltrysvc) - Running [Auto | Stoppable | Not_Pausable] - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe
Zune Bus Enumerator (ZuneBusEnum) - Running [Auto | Stoppable | Not_Pausable] - c:\WINDOWS\system32\ZuneBusEnum.exe
Zune Network Sharing Service (ZuneNetworkSvc) - Running [Auto | Stoppable | Not_Pausable] - "c:\Program Files\Zune\ZuneNss.exe"
COM Host (comHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
GoToAssist (GoToAssist) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service
Google Update Service (gupdate1c9a6a56b4fc2ed) (gupdate1c9a6a56b4fc2ed) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
Symantec IS Password Validation (ISPwdSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
LiveUpdate Notice Service (LiveUpdate Notice Service) - Stopped [Auto | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
PC Tools Auxiliary Service (sdAuxService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Spyware Doctor\pctsAuxs.exe
PC Tools Security Service (sdCoreService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Program Files\Spyware Doctor\pctsSvc.exe
User Privilege Service (usprserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\WINDOWS\System32\svchost.exe -k netsvcs
Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - c:\WINDOWS\system32\ZuneWlanCfgSvc.exe

<<<< Boot.ini >>>>

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

<<<< Last 5 Application Errors or Warnings >>>>

Computer Name: LOUDON-2BD9A00E | ID: 1517 | Source: Userenv | Type: Warning | Date: 22-1-11 22:59:54 | Log: Application
Message: Windows saved user LOUDON-2BD9A00E\loudon registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.





This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


Computer Name: LOUDON-2BD9A00E | ID: 1517 | Source: Userenv | Type: Warning | Date: 22-1-11 21:21:6 | Log: Application
Message: Windows saved user LOUDON-2BD9A00E\loudon registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.





This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.


Computer Name: LOUDON-2BD9A00E | ID: 1000 | Source: Application Error | Type: Error | Date: 19-1-11 23:24:1 | Log: Application
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module ieframe.dll, version 7.0.6000.16791, fault address 0x00074403.


Computer Name: LOUDON-2BD9A00E | ID: 1000 | Source: Application Error | Type: Error | Date: 18-1-11 19:51:27 | Log: Application
Message: Faulting application javara.exe, version 1.16.1.1763, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x0000100b.


Computer Name: LOUDON-2BD9A00E | ID: 1000 | Source: Application Error | Type: Error | Date: 14-1-11 23:42:21 | Log: Application
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module ieframe.dll, version 7.0.6000.16791, fault address 0x00074403.


<<<< Last 5 System Errors or Warnings >>>>

Computer Name: LOUDON-2BD9A00E | ID: 4226 | Source: Tcpip | Type: Warning | Date: 24-1-11 0:6:20 | Log: System
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.


Computer Name: LOUDON-2BD9A00E | ID: 1003 | Source: Dhcp | Type: Warning | Date: 23-1-11 23:24:17 | Log: System
Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 00197D30F147. The following

error occurred:

%%1223.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.


Computer Name: LOUDON-2BD9A00E | ID: 10005 | Source: DCOM | Type: Error | Date: 23-1-11 20:56:14 | Log: System
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""

in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Computer Name: LOUDON-2BD9A00E | ID: 32003 | Source: ipnathlp | Type: Error | Date: 23-1-11 20:40:31 | Log: System
Message: The Network Address Translator (NAT) was unable to request an operation

of the kernel-mode translation module.

This may indicate misconfiguration, insufficient resources, or

an internal error.

The data is the error code.


Computer Name: LOUDON-2BD9A00E | ID: 1003 | Source: Dhcp | Type: Warning | Date: 23-1-11 20:40:29 | Log: System
Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 00197D30F147. The following

error occurred:

%%1223.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.


<<<< Special Events >>>>

There were no special events found

<<<< Ipconfig >>>>

Windows IP Configuration

Host Name . . . . . . . . . . . . : loudon-2bd9a00e
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-19-B9-50-77-59

Ethernet adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : hsd1.ca.comcast.net.
Description . . . . . . . . . . . : Dell Wireless 1500 Draft 802.11n WLAN Mini-Card
Physical Address. . . . . . . . . : 00-19-7D-30-F1-47
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 68.87.76.182
68.87.78.134
Lease Obtained. . . . . . . . . . : Monday, January 24, 2011 9:13:17 AM
Lease Expires . . . . . . . . . . : Tuesday, January 25, 2011 9:13:17 AM


<<<< Hosts File >>>>

The HOSTS file is 734 Bytes in size.

There were 0 lines which refer to an external IP address.



------ End of File ------

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by DragonMaster Jay on Tue 25 Jan 2011, 11:16 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.




Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to [You must be registered and logged in to see this link.] If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus Help Please.

Post by sloudon55 on Tue 25 Jan 2011, 12:04 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA779000 ACPI.sys
0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA768000 pci.sys
0xBA8A8000 isapnp.sys
0xBA748000 fltMgr.sys
0xBA8B8000 ohci1394.sys
0xBA8C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBACBC000 compbatt.sys
0xBACC0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA8D8000 MountMgr.sys
0xBA729000 ftdisk.sys
0xBADAC000 dmload.sys
0xBA703000 dmio.sys
0xBAB30000 PartMgr.sys
0xBA8E8000 VolSnap.sys
0xBA6EB000 atapi.sys
0xBAB38000 cercsr6.sys
0xBA6D3000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA8F8000 disk.sys
0xBA908000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA6C1000 sr.sys
0xBA68A000 PCTCore.sys
0xBA918000 Lbd.sys
0xBA928000 PxHelp20.sys
0xBA673000 KSecDD.sys
0xBA65C000 WudfPf.sys
0xBA5CF000 Ntfs.sys
0xBA5A2000 NDIS.sys
0xBA587000 Mup.sys
0xBAA08000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBAD80000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBAD88000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA151000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xBA13D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA118000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA084000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBABB8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA061000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBABC0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBAA58000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xBA050000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBAA68000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBABC8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBABD0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBAA78000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBABD8000 \SystemRoot\system32\drivers\Afc.sys
0xBAA88000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBAA98000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA02D000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA55F000 \SystemRoot\system32\DRIVERS\ArcSoftVirtualCapture.sys
0xBAAA8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBAFB9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBAAB8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA557000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA016000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBAAC8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBAAD8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBAC08000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA005000 \SystemRoot\system32\DRIVERS\psched.sys
0xBAAE8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBAC18000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAC28000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9F34000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBAAF8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBADBE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9EB3000 \SystemRoot\system32\DRIVERS\update.sys
0xBA2FD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBAB08000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xBAB18000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB9E42000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA948000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB1D04000 \SystemRoot\system32\drivers\sthda.sys
0xB1CE2000 \SystemRoot\system32\drivers\portcls.sys
0xBA978000 \SystemRoot\system32\drivers\drmk.sys
0xB1CA8000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xB1BB1000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xB1AFB000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBAC48000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA988000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBADCE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB1A8A000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xB191A000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xBAD7C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA998000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBAC98000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBACA8000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xBAD90000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBAB48000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA9A8000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xBADDA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAEC0000 \SystemRoot\System32\Drivers\Null.SYS
0xBADDE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBAB78000 \SystemRoot\System32\drivers\vga.sys
0xBADE6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBADEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBAB88000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAB98000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBAD9C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1833000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB17DB000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1786000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB1765000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA9B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBABE0000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xBADF2000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xBABE8000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
0xB1743000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xBA9C8000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xB16FC000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20110118.001\SymIDSCo.sys
0xB16D4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB16B2000 \SystemRoot\System32\drivers\afd.sys
0xBA9D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB164C000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xB1621000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB15B2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9E8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1554000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB1537000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xBAA18000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB151F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBAE00000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB1AEB000 \SystemRoot\System32\drivers\Dxapi.sys
0xBAC60000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xBAF54000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
0xBFA19000 \SystemRoot\System32\ati2cqag.dll
0xBFA5E000 \SystemRoot\System32\atikvmag.dll
0xBFAA0000 \SystemRoot\System32\ati3duag.dll
0xBFD41000 \SystemRoot\System32\ativvaxx.dll
0xAF3B7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAEE02000 \SystemRoot\system32\drivers\wdmaud.sys
0xAEEAF000 \SystemRoot\system32\drivers\sysaudio.sys
0xAEB28000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xAE817000 \SystemRoot\System32\Drivers\HTTP.sys
0xAE868000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE6D5000 \SystemRoot\system32\DRIVERS\srv.sys
0xAD76D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110124.003\NAVEX15.SYS
0xAD759000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110124.003\NAVENG.SYS
0xAD72E000
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
756 C:\WINDOWS\system32\smss.exe
812 csrss.exe
848 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1068 C:\WINDOWS\system32\ati2evxx.exe
1108 C:\WINDOWS\system32\svchost.exe
1192 svchost.exe
1252 C:\WINDOWS\system32\svchost.exe
1292 C:\WINDOWS\system32\svchost.exe
1464 svchost.exe
1496 svchost.exe
1656 C:\WINDOWS\system32\WLTRYSVC.EXE
1372 C:\WINDOWS\system32\BCMWLTRY.EXE
1028 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1600 C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
2020 C:\WINDOWS\system32\ati2evxx.exe
484 C:\WINDOWS\system32\spoolsv.exe
1128 svchost.exe
1704 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
276 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
988 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
572 C:\Program Files\Common Files\Java\Java Update\jusched.exe
584 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
636 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
1772 C:\WINDOWS\system32\ctfmon.exe
1788 C:\Program Files\Bonjour\mDNSResponder.exe
1836 C:\WINDOWS\system32\dlcfcoms.exe
2248 C:\WINDOWS\ehome\ehrecvr.exe
2320 C:\WINDOWS\ehome\ehSched.exe
2536 C:\Program Files\Java\jre6\bin\jqs.exe
2756 C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
2836 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
2932 svchost.exe
2944 C:\WINDOWS\system32\svchost.exe
3312 C:\WINDOWS\system32\ZuneBusEnum.exe
3396 mcrdsvc.exe
3588 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
3792 ZuneNss.exe
2408 C:\WINDOWS\system32\dllhost.exe
2860 C:\WINDOWS\system32\svchost.exe
2480 alg.exe
2124 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
5260 C:\Program Files\Google\Chrome\Application\chrome.exe
2912 C:\Program Files\Google\Chrome\Application\chrome.exe
5500 C:\Program Files\Google\Chrome\Application\chrome.exe
5004 C:\Program Files\Google\Chrome\Application\chrome.exe
4648 C:\Program Files\Google\Chrome\Application\chrome.exe
5624 C:\Program Files\Google\Chrome\Application\chrome.exe
2604 C:\Program Files\Google\Chrome\Application\chrome.exe
1780 C:\Program Files\Google\Chrome\Application\chrome.exe
5088 C:\Program Files\Google\Chrome\Application\chrome.exe
3112 C:\Program Files\Google\Chrome\Application\chrome.exe
3692 C:\Program Files\Google\Chrome\Application\chrome.exe
5384 C:\Program Files\Google\Chrome\Application\chrome.exe
1304 C:\Program Files\Google\Chrome\Application\chrome.exe
5564 C:\WINDOWS\explorer.exe
6092 C:\Program Files\Google\Chrome\Application\chrome.exe
4272 C:\Documents and Settings\loudon\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHW2120BH, Rev: 00850012

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by DragonMaster Jay on Tue 25 Jan 2011, 12:08 pm

Good. Now just waiting on report 2


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus Help Please.

Post by sloudon55 on Tue 25 Jan 2011, 12:30 pm

[You must be registered and logged in to see this link.]




there ya are thanks again

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by sloudon55 on Tue 25 Jan 2011, 12:40 pm

btw here is a pic of my usb error message [img] [/img]

sloudon55

Newbie Surfer
Newbie Surfer

Posts : 9
Joined : 2011-01-19
Operating System : xp

View user profile

Back to top Go down

Re: Virus Help Please.

Post by DragonMaster Jay on Wed 26 Jan 2011, 2:32 pm

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



Please run the F-Secure Online Scanner

  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Virus Help Please.

Post by Sponsored content Today at 9:39 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum