Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Severe Problems [Solved]

Started by y2kfroguy , Mar 26 2009 04:08 PM

  • This topic is locked This topic is locked

#1
y2kfroguy
Posted 26 March 2009 - 04:08 PM

y2kfroguy

    Member

  • Member
  • PipPip
  • 64 posts
My computer has been acting very screwy lately and it has gotten much much worse over the last hour. Among other random names, there are about 40 processes running called mb3wsk43.exe. Also a message has popped up titled "Windows File Protection" it says "Files that are required for windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Home Edition CD-ROM now." I don't have the CD anymore. Malwarebytes began to run and found 62 problem files before crashing. It will no longer run and neither with HiJack this! or OTListIt2. Please help me! Thank you in advance!


Edit: Firefox and Internet Explorer crash when trying to access online virus scanners
Edit: I cannot view hidden files, use system restore, or boot in safe mode
Edit:Computer is running very very slow but OTListIt finally ran



OTListIt logfile created on: 3/26/2009 5:11:19 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 47.78% Memory free
2.98 Gb Paging File | 2.13 Gb Available in Paging File | 71.45% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 40.87 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Realtek AC97\SoundMan.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\WINDOWS\TEMP\mb3wsk43.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Chris\Local Settings\Temp\649.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\reader_s.exe (Adobe Systems Incorporated)
PRC - C:\Documents and Settings\Chris\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXSENS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Beep [System | Running]) -- C:\WINDOWS\System32\drivers\beep.sys ()
DRV - (FETND5BV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (NDIS [Boot | Running]) -- C:\WINDOWS\System32\drivers\ndis.sys ()
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (w810bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w810bus.sys (MCCI)
DRV - (w810mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w810mdfl.sys (MCCI)
DRV - (w810mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w810mdm.sys (MCCI)
DRV - (w810mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w810mgmt.sys (MCCI)
DRV - (w810obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w810obex.sys (MCCI)
DRV - (W8335XP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys (Marvell Semiconductor, Inc)
DRV - (WUSB54GPV4SRV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (2024fcf31d0740a7028508243f2df1a5 [Unknown | Running]) -- File not found

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {542E8C34-91FB-4086-90C7-7A521C3BC593}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {87456963-764B-496B-A84A-9542AEC52E23}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{87456963-764B-496B-A84A-9542AEC52E23}: C:\DOCUMENTS AND SETTINGS\CHRIS\LOCAL SETTINGS\APPLICATION DATA\{87456963-764B-496B-A84A-9542AEC52E23} [2009/03/25 13:52:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/09 18:48:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/06 17:45:37 | 00,000,000 | ---D | M]

[2009/03/06 15:08:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Extensions
[2008/07/07 12:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/06 15:08:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Extensions\[email protected]
[2009/03/26 16:57:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Firefox\Profiles\4aegzqea.default\extensions
[2008/02/09 20:11:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Firefox\Profiles\4aegzqea.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008/11/20 15:01:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\mozilla\Firefox\Profiles\4aegzqea.default\extensions\[email protected]
[2008/02/28 15:57:13 | 00,001,878 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\FireFox\Profiles\4aegzqea.default\searchplugins\aolsearch.xml
[2009/03/15 01:20:36 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\FireFox\Profiles\4aegzqea.default\searchplugins\dictionarycom.xml
[2009/03/15 01:20:36 | 00,002,246 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\FireFox\Profiles\4aegzqea.default\searchplugins\espn.xml
[2008/06/23 23:03:29 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\FireFox\Profiles\4aegzqea.default\searchplugins\IMDB.xml
[2008/06/23 23:03:28 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\FireFox\Profiles\4aegzqea.default\searchplugins\wikipedia.xml
[2008/05/27 19:12:47 | 00,001,628 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\FireFox\Profiles\4aegzqea.default\searchplugins\youtube.xml
[2009/03/26 11:32:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/25 13:24:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{542E8C34-91FB-4086-90C7-7A521C3BC593}
[2009/03/06 17:45:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/28 15:32:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/03/06 17:45:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/06 17:45:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 09:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 09:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 09:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 17:20:48 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 09:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 09:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 09:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (MMklkl) - {1428a472-5260-404e-9977-7ecdf1daf936} - C:\WINDOWS\system32\mukmil.dll (Winfi)
O2 - BHO: (no name) - {4dad0437-4160-4e28-beab-6861dce9839d} - C:\WINDOWS\system32\hqqfov.dll ()
O2 - BHO: (no name) - {bc8263ea-4208-4941-a5f5-136c3478631e} - C:\WINDOWS\system32\jihedefe.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [CPMfb51402f] Rundll32.exe "c:\windows\system32\biteketi.dll",a ()
O4 - HKLM..\Run: [f86273b3] rundll32.exe "C:\WINDOWS\system32\vikefuto.dll",b ()
O4 - HKLM..\Run: [Jkayatepinuk] rundll32.exe "C:\WINDOWS\egexunakamika.dll",e (Mozilla Foundation)
O4 - HKLM..\Run: [pedumizabu] Rundll32.exe "C:\WINDOWS\system32\fotidifa.dll",s ()
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Vfolaliyunolif] rundll32.exe "C:\WINDOWS\Dgewunika.dll",e ()
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [] C:\WINDOWS\TEMP\mb3wsk43.exe ()
O4 - HKCU..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe ()
O4 - HKCU..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-2556568936-5712208690-718292969-7734\service.exe ()
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\387933018.exe ()
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKCU..\Run: [reader_s] C:\Documents and Settings\Chris\reader_s.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Windows Resurections] C:\WINDOWS\TEMP\mb3wsk43.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (mbpxpa.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\tawubepi.dll) - C:\WINDOWS\system32\tawubepi.dll ()
O20 - AppInit_DLLs: (hqqfov.dll) - C:\WINDOWS\system32\hqqfov.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\nayirima.dll) - c:\windows\system32\nayirima.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\biteketi.dll) - c:\windows\system32\biteketi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\nopasisi.dll) - c:\windows\system32\nopasisi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\mosidiwe.dll) - c:\windows\system32\mosidiwe.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\heweluwi.dll) - c:\windows\system32\heweluwi.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\hodujifa.dll) - c:\windows\system32\hodujifa.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\pefedamu.dll) - c:\windows\system32\pefedamu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\zojahira.dll) - c:\windows\system32\zojahira.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\eeddedeecabed: DllName - C:\WINDOWS\system32\eeddedeecabed.dll - C:\WINDOWS\system32\eeddedeecabed.dll ()
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zojahira.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\hodujifa.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - C:\AUTOEXEC.OLD () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Chris\My Documents\*.tmp files]
[2009/03/26 17:06:41 | 00,043,008 | ---- | C] () -- C:\dxxrp.exe
[2009/03/26 17:06:36 | 00,027,136 | ---- | C] () -- C:\vaybq.exe
[2009/03/26 17:05:53 | 00,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/03/26 17:05:25 | 00,010,240 | ---- | C] () -- C:\dcowt.exe
[2009/03/26 17:05:22 | 00,040,448 | ---- | C] () -- C:\liymwuq.exe
[2009/03/26 16:59:39 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTListIt2.exe
[2009/03/26 16:13:29 | 00,200,720 | ---- | C] (Winfi) -- C:\WINDOWS\System32\mukmil.dll
[2009/03/26 16:09:01 | 00,000,121 | -HS- | C] () -- C:\WINDOWS\System32\ogawibep.ini
[2009/03/26 15:48:57 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/26 15:47:34 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Rooter.exe
[2009/03/26 15:45:48 | 00,000,121 | -HS- | C] () -- C:\WINDOWS\System32\otufekiv.ini
[2009/03/26 15:42:21 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Chris\Desktop\SysRestorePoint.exe
[2009/03/26 15:41:33 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\SysRestorePoint_v13.zip
[2009/03/26 15:24:38 | 00,106,094 | ---- | C] () -- C:\WINDOWS\System32\drivers\c2124b54.sys
[2009/03/26 15:24:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/03/26 15:24:32 | 00,213,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/03/26 15:23:06 | 00,000,002 | ---- | C] () -- C:\-127765732
[2009/03/26 15:22:37 | 00,009,216 | ---- | C] () -- C:\WINDOWS\instsp2.exe
[2009/03/26 15:22:34 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\hqqfov.dll
[2009/03/26 15:00:00 | 03,291,160 | -HS- | C] () -- C:\WINDOWS\System32\iyagewov.ini
[2009/03/26 14:59:51 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\puuycl.dll
[2009/03/26 14:46:38 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\1000.exe
[2009/03/26 14:38:00 | 03,291,160 | -HS- | C] () -- C:\WINDOWS\System32\ujagukuv.ini
[2009/03/26 14:37:14 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\saxlpc.dll
[2009/03/26 14:31:33 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\998.exe
[2009/03/26 14:14:41 | 03,291,160 | -HS- | C] () -- C:\WINDOWS\System32\owapasaw.ini
[2009/03/26 14:14:34 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\jmcsti.dll
[2009/03/26 13:52:00 | 03,291,160 | -HS- | C] () -- C:\WINDOWS\System32\ufodidih.ini
[2009/03/26 13:51:07 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\ovmlop.dll
[2009/03/26 01:45:33 | 03,291,126 | -HS- | C] () -- C:\WINDOWS\System32\ojorolog.ini
[2009/03/26 01:45:13 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\tkbvxo.dll
[2009/03/25 14:37:30 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\sprint.doc
[2009/03/25 14:16:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/25 13:54:46 | 00,040,448 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\KuzSmall.exe
[2009/03/25 13:52:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\{87456963-764B-496B-A84A-9542AEC52E23}
[2009/03/25 13:51:54 | 00,135,680 | ---- | C] (Mozilla Foundation) -- C:\WINDOWS\egexunakamika.dll
[2009/03/25 13:39:45 | 00,042,496 | ---- | C] () -- C:\WINDOWS\Dgewunika.dll
[2009/03/25 13:39:43 | 00,042,496 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\kuzSniper.exe
[2009/03/25 13:25:21 | 03,291,108 | -HS- | C] () -- C:\WINDOWS\System32\ozahuvor.ini
[2009/03/25 13:25:03 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\culmxl.dll
[2009/03/25 13:24:12 | 00,059,801 | ---- | C] (PRIVAT) -- C:\WINDOWS\System32\prunnet.exe
[2009/03/24 12:52:04 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\interview.doc
[2009/03/24 12:52:04 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Chris\Desktop\~$terview.doc
[2009/03/23 17:48:53 | 00,171,252 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\CreditReport.pdf
[2009/03/18 18:54:20 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\My Computer.lnk
[2009/03/08 19:08:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\FullTiltPoker
[2009/03/06 14:10:41 | 01,024,841 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\vehicle_barrier_test.wmv
[2009/03/06 08:20:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\New Folder
[2009/03/02 16:32:46 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\interviews.doc
[2009/02/26 15:39:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\New Folder
[2009/02/26 01:32:48 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\AJRESUME.doc
[2009/02/25 00:42:44 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[3 C:\Documents and Settings\Chris\My Documents\*.tmp files]
[2009/03/26 17:20:11 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\pisilaye
[2009/03/26 17:20:07 | 00,106,094 | ---- | M] () -- C:\WINDOWS\System32\drivers\c2124b54.sys
[2009/03/26 17:13:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/03/26 17:07:01 | 00,043,008 | ---- | M] () -- C:\dxxrp.exe
[2009/03/26 17:06:38 | 00,027,136 | ---- | M] () -- C:\vaybq.exe
[2009/03/26 17:06:28 | 00,000,002 | ---- | M] () -- C:\-127765732
[2009/03/26 17:05:53 | 00,074,240 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2009/03/26 17:05:25 | 00,010,240 | ---- | M] () -- C:\dcowt.exe
[2009/03/26 17:05:22 | 00,040,448 | ---- | M] () -- C:\liymwuq.exe
[2009/03/26 16:59:51 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTListIt2.exe
[2009/03/26 16:13:29 | 00,200,720 | ---- | M] (Winfi) -- C:\WINDOWS\System32\mukmil.dll
[2009/03/26 16:09:13 | 00,000,121 | -HS- | M] () -- C:\WINDOWS\System32\ogawibep.ini
[2009/03/26 16:09:00 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\hodujifa.dll
[2009/03/26 16:08:50 | 00,079,872 | -HS- | M] () -- C:\WINDOWS\System32\pebiwago.dll
[2009/03/26 16:08:29 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\hejivole.exe
[2009/03/26 15:48:34 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Rooter.exe
[2009/03/26 15:45:52 | 00,000,121 | -HS- | M] () -- C:\WINDOWS\System32\otufekiv.ini
[2009/03/26 15:45:36 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\heweluwi.dll
[2009/03/26 15:45:32 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\vikefuto.dll
[2009/03/26 15:41:39 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\SysRestorePoint_v13.zip
[2009/03/26 15:38:17 | 03,291,160 | -HS- | M] () -- C:\WINDOWS\System32\iyagewov.ini
[2009/03/26 15:24:35 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/03/26 15:24:32 | 00,213,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/03/26 15:24:32 | 00,213,376 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/03/26 15:22:37 | 00,079,872 | -HS- | M] () -- C:\WINDOWS\System32\tevinuki.dll
[2009/03/26 15:22:37 | 00,009,216 | ---- | M] () -- C:\WINDOWS\instsp2.exe
[2009/03/26 15:22:34 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\nayirima.dll
[2009/03/26 15:22:33 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\hqqfov.dll
[2009/03/26 15:22:33 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\fiseziju.dll
[2009/03/26 14:59:53 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\vowegayi.dll
[2009/03/26 14:59:52 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\mosidiwe.dll
[2009/03/26 14:59:51 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\puuycl.dll
[2009/03/26 14:59:51 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\domunazi.dll
[2009/03/26 14:59:04 | 03,291,160 | -HS- | M] () -- C:\WINDOWS\System32\ujagukuv.ini
[2009/03/26 14:50:49 | 03,291,126 | -HS- | M] () -- C:\WINDOWS\System32\ojorolog.ini
[2009/03/26 14:46:39 | 00,027,136 | ---- | M] () -- C:\WINDOWS\System32\1000.exe
[2009/03/26 14:37:13 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\saxlpc.dll
[2009/03/26 14:37:13 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\reharaka.dll
[2009/03/26 14:37:12 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\vukugaju.dll
[2009/03/26 14:37:10 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\zojahira.dll
[2009/03/26 14:35:45 | 03,291,160 | -HS- | M] () -- C:\WINDOWS\System32\owapasaw.ini
[2009/03/26 14:31:38 | 00,027,136 | ---- | M] () -- C:\WINDOWS\System32\998.exe
[2009/03/26 14:14:37 | 03,291,160 | -HS- | M] () -- C:\WINDOWS\System32\ufodidih.ini
[2009/03/26 14:14:34 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\jmcsti.dll
[2009/03/26 14:14:34 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\dihajunu.dll
[2009/03/26 14:14:34 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\wasapawo.dll
[2009/03/26 14:14:30 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\nopasisi.dll
[2009/03/26 13:51:50 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\hididofu.dll
[2009/03/26 13:51:07 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\ovmlop.dll
[2009/03/26 13:51:07 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\gubewabe.dll
[2009/03/26 13:51:05 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\biteketi.dll
[2009/03/26 12:48:06 | 00,247,808 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 01:45:33 | 03,291,108 | -HS- | M] () -- C:\WINDOWS\System32\ozahuvor.ini
[2009/03/26 01:45:13 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\golorojo.dll
[2009/03/26 01:45:12 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\wimigiro.dll
[2009/03/26 01:45:12 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\tkbvxo.dll
[2009/03/26 01:45:09 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\pefedamu.dll
[2009/03/25 14:37:31 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\sprint.doc
[2009/03/25 14:17:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/25 14:16:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/25 14:16:35 | 13,417,06240 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/25 13:54:46 | 00,040,448 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\KuzSmall.exe
[2009/03/25 13:51:58 | 00,135,680 | ---- | M] (Mozilla Foundation) -- C:\WINDOWS\egexunakamika.dll
[2009/03/25 13:39:45 | 00,042,496 | ---- | M] () -- C:\WINDOWS\Dgewunika.dll
[2009/03/25 13:39:44 | 00,042,496 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\kuzSniper.exe
[2009/03/25 13:25:05 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\rovuhazo.dll
[2009/03/25 13:25:02 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\pojomila.dll
[2009/03/25 13:25:00 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\zumumozu.dll
[2009/03/25 13:25:00 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\culmxl.dll
[2009/03/25 13:24:12 | 00,059,801 | ---- | M] (PRIVAT) -- C:\WINDOWS\System32\prunnet.exe
[2009/03/24 12:52:04 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\interview.doc
[2009/03/24 12:52:04 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Chris\Desktop\~$terview.doc
[2009/03/23 17:48:55 | 00,171,252 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\CreditReport.pdf
[2009/03/18 18:54:20 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\My Computer.lnk
[2009/03/14 20:14:38 | 03,703,764 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2009/03/13 15:24:56 | 00,006,983 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\Resume.doc
[2009/03/13 14:38:03 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\interviews.doc
[2009/03/11 00:38:58 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/11 00:38:58 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/11 00:38:58 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/06 14:10:51 | 01,024,841 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\vehicle_barrier_test.wmv
[2009/03/01 15:49:45 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\McAlistersDeli.doc
[2009/02/26 13:44:57 | 00,000,698 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/26 01:32:48 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\AJRESUME.doc
[2009/02/25 20:53:57 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/02/25 02:24:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
< End of report >



and the extras file:

OTListIt Extras logfile created on: 3/26/2009 5:11:19 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 47.78% Memory free
2.98 Gb Paging File | 2.13 Gb Available in Paging File | 71.45% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 40.87 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger (America Online, Inc.)
C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell File not found
C:\Program Files\Pando Networks\Pando\pando.exe:*:Disabled:pando (Pando Networks)
C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Documents and Settings\Chris\Local Settings\Temp\~osFCD.tmp\ossproxy.exe:*:Enabled:ossproxy.exe File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module (Camshare LLC)
C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb (Orb Networks, Inc.)
C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray (Orb Networks)
C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client (Orb Networks)
C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player (Apple Inc.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe File not found
C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService (Apple Inc.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04302E9D-9EF9-70AC-BB4B-F38C6BC87F47}" = Catalyst Control Center Localization Thai
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{088C9BEE-CB92-5879-5E38-174426D1F8E6}" = ccc-core-preinstall
"{10B23720-AB24-D8B0-F881-27C85243A1F5}" = CCC Help Korean
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D44C5C7-FCB6-8732-A960-3E3486661B02}" = Catalyst Control Center Graphics Full Existing
"{212B3742-5B29-B7C3-3973-69EE036E574E}" = Catalyst Control Center Graphics Previews Common
"{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"{2DBB8878-9A6C-D992-E9A1-F83B8B110CCF}" = ccc-core-static
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34770A96-B7B2-4436-A50F-F783BF6F30AC}" = EasyScreenCaptureVideo
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35279851-031F-67BB-FAF0-D75783BDE296}" = Catalyst Control Center Localization Japanese
"{38040B3C-D2AF-4BCB-B612-502701A67C9B}" = Pando
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{54E6AC92-E270-5FA1-22AC-A43650098986}" = Skins
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FDD0A02-A328-BEF2-E2B4-A62965620D09}" = ccc-utility
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600
"{971EB438-C938-BD97-7AE7-CB0164E8E2E6}" = Catalyst Control Center Localization Chinese Standard
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{97ECD9CC-E6EC-996C-03B9-6B44CF2AEFA7}" = Catalyst Control Center Localization Chinese Traditional
"{989EC86B-6D10-F330-54C6-352322D8D077}" = Catalyst Control Center Core Implementation
"{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"{98F394A4-DC7F-1156-DBD6-3220390AAAAA}" = CCC Help Japanese
"{9DF0D039-BAD2-254D-F54D-99537E86115B}" = CCC Help English
"{A1E345E8-C3EA-F1BC-1F56-9E79C575E2F8}" = CCC Help Chinese Traditional
"{A29468E4-C799-472A-B7A1-4445B009B378}" = Free eXPert PDF Reader
"{A9F265E1-7804-FEE2-0A91-29BFB6CC9D1C}" = CCC Help Thai
"{AC1635BC-63CC-DF13-63BD-3C11B78EC40C}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8035D53-49FB-D8D1-1604-7CD016FE81B5}" = Catalyst Control Center Graphics Full New
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B2A44C-C17A-9112-059E-39A7163B7177}" = CCC Help Chinese Standard
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D91E5373-8D42-9182-01D5-C7C5758DF4D3}" = Catalyst Control Center Localization Korean
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E97107BE-0AB9-AC9A-4446-77807A7438C9}" = Search Assistant Mysidesearch
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM_6" = AIM 6
"AOL Instant Messenger" = AOL Instant Messenger
"Apollo DivX to DVD Creator_is1" = Apollo DivX to DVD Creator 3.8.0
"Artisan DVD/DivX Player_is1" = Artisan DVD/DivX Player
"Audacity_is1" = Audacity 1.2.6
"BlackBerry_{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"Burn4Free" = Burn4Free CD and DVD
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Camfrog 5.1" = Camfrog Video Chat 5.1
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"DivX Content Uploader" = DivX Content Uploader
"EOS Utility" = Canon Utilities EOS Utility
"EphPod" = EphPod
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HijackThis" = HijackThis 2.0.2
"Indeo® Software" = Indeo® Software
"InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}" = IEEE 802.11g Wireless Cardbus/PCI Adapter
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.84 Full
"LimeWire" = LimeWire 5.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Orb" = Winamp Remote
"Panda ActiveScan" = Panda ActiveScan
"PhotoStitch" = Canon Utilities PhotoStitch
"PicViewer3_is1" = PicViewer 3.0.2
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S3" = VIA/S3G Display Driver
"uTorrent" = µTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2009 1:24:07 AM | Computer Name = CHRIS | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2009 1:24:26 AM | Computer Name = CHRIS | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2009 10:00:28 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.0, faulting module
ffdshow.ax, version 1.0.3.851, fault address 0x0012bd5d.

Error - 1/20/2009 10:01:44 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.0, faulting module
ffdshow.ax, version 1.0.3.851, fault address 0x0012bd5d.

Error - 1/20/2009 10:01:49 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.0, faulting module
ffdshow.ax, version 1.0.3.851, fault address 0x0012bd5d.

Error - 1/20/2009 10:01:55 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.0, faulting module
ffdshow.ax, version 1.0.3.851, fault address 0x0012bd5d.

Error - 1/20/2009 10:02:21 PM | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.0, faulting module
ffdshow.ax, version 1.0.3.851, fault address 0x0012bd5d.

Error - 1/27/2009 11:41:30 PM | Computer Name = CHRIS | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/15/2009 7:10:17 PM | Computer Name = CHRIS | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/15/2009 7:10:33 PM | Computer Name = CHRIS | Source = Application Hang | ID = 1002
Description = Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/26/2009 6:10:35 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:12:35 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:12:37 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:13:42 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:15:36 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:15:40 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:17:01 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:19:07 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:19:07 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.

Error - 3/26/2009 6:19:56 PM | Computer Name = CHRIS | Source = Service Control Manager | ID = 7028
Description = The wuauserv Registry key denied access to SYSTEM account programs
so the Service Control Manager took ownership of the Registry key.


< End of report >



Rooter log:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:194470 Mo/Free:889 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)

Thu 03/26/2009|17:47

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Program Files\Canon\CAL\CALMAIN.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
---------- C:\WINDOWS\system32\VTTimer.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
---------- C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Realtek AC97\SoundMan.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\system32\taskmgr.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\WINDOWS\TEMP\mb3wsk43.exe
---------- C:\DOCUME~1\Chris\LOCALS~1\Temp\649.exe
---------- C:\WINDOWS\System32\reader_s.exe
---------- C:\Documents and Settings\Chris\Desktop\OTListIt2.exe
---------- C:\DOCUME~1\Chris\LOCALS~1\Temp\221.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\DOCUME~1\Chris\LOCALS~1\Temp\436.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\instsp2.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Documents and Settings\Chris\reader_s.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- c:\wicnin.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
--Hidden-- C:\WINDOWS\system32\.f862731c\f862731c.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

HKLM\SYSTEM\ControlSet001\Services\seneka
HKLM\SYSTEM\ControlSet003\Services\seneka
HKLM\SYSTEM\CurrentControlSet\Services\seneka

----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Chris\Application Data\uTorrent\Camfrog.Video.Chat.Pro.v3.93.22921.WiNALL.CRACKED-D34THC0R3.rar.torrent
C:\DOCUME~1\Chris\Application Data\uTorrent\ConvertXtoDVD 2.2.3.258f And Keygen (25th October 2007).torrent
C:\DOCUME~1\Chris\My Documents\Downloads\ConvertXtoDVD 2.2.3.258f And Keygen (25th October 2007)
C:\DOCUME~1\Chris\My Documents\Downloads\ConvertXtoDVD 2.2.3.258f And Keygen (25th October 2007)\Enjoy The Program And Please Seed As Much As You Can.txt
C:\DOCUME~1\Chris\My Documents\Downloads\ConvertXtoDVD 2.2.3.258f And Keygen (25th October 2007)\keygen.exe
C:\DOCUME~1\Chris\My Documents\Downloads\ConvertXtoDVD 2.2.3.258f And Keygen (25th October 2007)\vsoConvertXtoDVD2_setup.exe


1 - "C:\Rooter$\Rooter_1.txt" - Thu 03/26/2009|17:50

----------------------\\ Scan completed at 17:50

Edited by y2kfroguy, 27 March 2009 - 02:33 PM.

  • 0

Advertisements

#2
heir
Posted 30 March 2009 - 09:22 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello y2kfroguy !

:) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


Your computer is severely infected for sure. I'll try to help you clean it.

The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Step 1.
SDFix:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum

Step 2.
ComboFix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Step 3.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


Step 4.
Things I would like to see in your reply:

  • The content of C:\SDFix\report.txt from step 1.
  • The content of C:\ComboFix.txt from step 2.
  • The content of C:\lopR.txt from step 3.

  • 0

#3
heir
Posted 30 March 2009 - 10:27 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I've taken a closer look at your logs and it seems that you have a nasty file-infecter, Virut.
Sorry I missed it :).

File-infecters are very very difficult to remove, I recommend you to back up your important data, like documents and pictures (NOT any programs nor any .exe .html .scr .zip or any other archive files as those are most likely infected)

After that You need to completely wipe out your hard drive (remove all partitions, create new ones) then format and install the system again.

Again I'm so sorry :)
heir
  • 0

#4
y2kfroguy
Posted 30 March 2009 - 12:04 PM

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Do you have any advice or a guide for wiping the hard drive, removing and creating new partitions, formatting and installing again? Also, I don't have the original Windows XP disc, is there a way to create a new one?
  • 0

#5
heir
Posted 30 March 2009 - 11:39 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
If you got a recovery CD a long with the Computer when you bought it you can use that one to restore it.

You need to find your original Windows disc or borrow an original disc with the same OS (XP Home) and language and use your own product key when installing it. You can find the product key on a document that followed the computer when you bought it or there is a sticker attached somewhere on the chassis with the product key printed on it.

When you boot from the CD to install windows and you get to the point where you select the location to install it you should remove all present partitions and create new ones. Then format the partitions and proceed with the installation.

If you need help with that please go here and start a new topic asking for help. Please also post a link to this topic letting the ones helping you know that you been here and been directed there.

Edited by heir, 30 March 2009 - 11:40 PM.

  • 0

#6
y2kfroguy
Posted 30 March 2009 - 11:54 PM

y2kfroguy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I can't find the disc but will try to figure out a solution. Thank you so much for your help!
  • 0

#7
heir
Posted 31 March 2009 - 12:06 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Your welcome!

Remember to only back up documents and images not any executable files as they most likely are infected. Restoring such files will immediately infect your system again and you'll need to reinstall again

Good luck building your system again.

Edited by heir, 31 March 2009 - 12:08 AM.

  • 0

#8
heir
Posted 02 April 2009 - 02:56 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP