Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

onpay inc [Solved]

Started by swest100 , Nov 22 2012 12:22 AM

  • This topic is locked This topic is locked

#1
swest100
Posted 22 November 2012 - 12:22 AM

swest100

    Member

  • Member
  • PipPip
  • 11 posts
Downloaded hijackthis but I do not recognize the infected file. Any suggestions?
  • 0

Advertisements

#2
maliprog
Posted 22 November 2012 - 12:40 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello swest100 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
swest100
Posted 29 November 2012 - 11:40 AM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello,
Unfortunately I had to leave town for a few days. Back now. Could you still help me?
Thank you,

SWest
  • 0

#4
swest100
Posted 29 November 2012 - 09:46 PM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-29 17:46:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541040G9AT00 rev.MB2OA60A
Running: GMER.exe; Driver: C:\DOCUME~1\SEANWE~1\LOCALS~1\Temp\pwldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0xA7B3AF60]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xA7B3AAF0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xA7B3AB40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0xA7B3AF10]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xA7B3A810]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xA7B3A8D0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDuplicateObject [0xA7B3B180]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xA7B3B490]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0xA7B3ACD0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xA7B3B320]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xA7B3ABE0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xA7B3AAA0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xA7B3A9B0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0xA7B3AE80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xA7B3B630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xA7B3AC80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xA7B3B000]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[2668] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01AF7B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[2668] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 01AF7090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[2668] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 01AF7800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] explorer.exe 01FD1986 2 Bytes [03, 01] {ADD EAX, [ECX]}
.text C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] explorer.exe 01FD198A 1 Byte [00]
.text C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] explorer.exe 01FD198E 1 Byte [01]
.text C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] explorer.exe 01FD1992 1 Byte [00]
.text C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] explorer.exe 01FD1996 1 Byte [00]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegSetValueW] [77E360EE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegEnumKeyExW] [77DD7BC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!GetUserNameW] [77DE494D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8EE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegEnumValueW] [77DD7EDD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegQueryValueExA] [77DD7AAB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegOpenKeyExA] [77DD7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegEnumKeyW] [77DDD5D4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegCloseKey] [77DD6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegCreateKeyW] [77DFBA25] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegOpenKeyExW] [77DD6A9F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6FEF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegCreateKeyExW] [77DD775C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegSetValueExW] [77DDD757] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegDeleteValueW] [77DDEDE1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ADVAPI32.dll!RegQueryValueW] [77DDD86A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!CreatePatternBrush] [77F1ACB8] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!OffsetViewportOrgEx] [77F1C006] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!CombineRgn] [77F195D8] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!CreateDIBSection] [77F19E09] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!StretchBlt] [77F1B6C0] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!GetBkColor] [77F18F4C] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!CreateFontIndirectW] [77F1938F] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!GetDeviceCaps] [77F15A69] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [GDI32.dll!TranslateCharsetInfo] [77F1A8CB] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetSystemDirectoryW] [7C831DD3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CreateThread] [7C8106C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CreateJobObjectW] [7C82CAFB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!ExitProcess] [7C81CAFA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!SetProcessShutdownParameters] [7C82C8E5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CreateMutexW] [7C80E947] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!SetPriorityClass] [7C82C330] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetCurrentProcess] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetCommandLineW] [7C817013] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!SetErrorMode] [7C80AC9F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!ResetEvent] [7C80A0CB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CompareFileTime] [7C810B69] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!SetThreadPriority] [7C80C198] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetCurrentThreadId] [7C8097B8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetThreadPriority] [7C80A823] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetCurrentThread] [7C80997B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetUserDefaultLangID] [7C80BFF4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetBinaryTypeW] [7C868BAC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetModuleHandleExW] [7C81FCA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!SystemTimeToFileTime] [7C810BAC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetLocalTime] [7C80A864] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetCurrentProcessId] [7C8099B0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetEnvironmentVariableW] [7C80F184] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!UnregisterWait] [7C82BFF0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GlobalGetAtomNameW] [7C82C3B6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetFileAttributesW] [7C80B7DC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!MoveFileW] [7C821249] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!lstrcmpW] [7C80AA5C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!FindClose] [7C80EE67] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!FindNextFileW] [7C80EFCA] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!FindFirstFileW] [7C80EF71] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!lstrcmpiA] [7C80BB31] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!SetEvent] [7C80A0A7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!AssignProcessToJobObject] [7C82E442] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetDateFormatW] [7C83378D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetTimeFormatW] [7C833FEB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!FlushInstructionCache] [7C8355D4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!lstrcpynW] [7C80BA7F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetSystemWindowsDirectoryW] [7C80ADB9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetProcessHeap] [7C80AC51] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetUserDefaultLCID] [7C809FA0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!OpenProcess] [7C8309D1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809832] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80A4B7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C863E6A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C8449FD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!VirtualFree] [7C809B74] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!VirtualAlloc] [7C809AE1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!ResumeThread] [7C83290F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!TerminateThread] [7C81CB23] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetSystemDefaultLCID] [7C80BFCD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetLocaleInfoW] [7C8115F2] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CreateEventW] [7C80A739] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!OpenEventW] [7C8131D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!DelayLoadFailureHook] [7C87EECD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetTickCount] [7C80932E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C8305E6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetModuleFileNameW] [7C80B465] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetPrivateProfileStringW] [7C80F9ED] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!lstrcmpiW] [7C80AA26] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!FreeLibrary] [7C80AC6E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetWindowsDirectoryW] [7C80AE0B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!LocalAlloc] [7C809A1D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CreateFileW] [7C8107F0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!LocalFree] [7C8099BF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetQueuedCompletionStatus] [7C80A7AD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CreateIoCompletionPort] [7C831375] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!SetInformationJobObject] [7C82CA97] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CloseHandle] [7C809BD7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!LoadLibraryW] [7C80AEDB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetModuleHandleW] [7C80E4CD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!ActivateActCtx] [7C80A6D4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!DeactivateActCtx] [7C80A705] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetFileAttributesExW] [7C811185] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetProcAddress] [7C80AE30] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!CreateEventA] [7C83089D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!HeapDestroy] [7C810F88] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!InitializeCriticalSection] [7C809F81] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!MulDiv] [7C809856] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!InitializeCriticalSectionAndSpinCount] [7C80B8B9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!lstrlenW] [7C809A99] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!InterlockedDecrement] [7C80980A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!InterlockedIncrement] [7C8097F6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GlobalAlloc] [7C80FDBD] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!InterlockedExchange] [7C80981E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetModuleHandleA] [7C80B731] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetVersionExA] [7C812B6E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GlobalFree] [7C80FCBF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetProcessTimes] [7C8352F1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!lstrcpyW] [7C80BAF4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!GetLongPathNameW] [7C8133E3] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C8211B5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [msvcrt.dll!_itow] 4DC0C392
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [msvcrt.dll!free] 4DC1C21B
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [msvcrt.dll!memmove] 4DC372B0
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [msvcrt.dll!realloc] 4DC1C437
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [msvcrt.dll!_except_handler3] 4DC25C94
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [msvcrt.dll!malloc] 4DC1C407
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [msvcrt.dll!_ftol] 4DC3FA30
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [msvcrt.dll!_vsnwprintf] 4DC2FFE7
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ntdll.dll!RtlNtStatusToDosError] [7C90F60D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ntdll.dll!NtQueryInformationProcess] [7C90D7E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!CoFreeUnusedLibraries] [775300AC] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!RegisterDragDrop] [774FF62A] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!CreateBindCtx] [774FE54C] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!RevokeDragDrop] [77532B55] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!CoInitializeEx] [774FEF7B] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!CoUninitialize] [774FEE46] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!OleInitialize] [774FF6EA] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!CoRevokeClassObject] [7752A2F3] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!CoRegisterClassObject] [77517E90] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!CoMarshalInterThreadInterfaceInStream] [77556EC6] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!CoCreateInstance] [7750057E] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!OleUninitialize] [775331E7] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [ole32.dll!DoDragDrop] [775D0B6D] C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHGetFolderPathW] [7C9EED76] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!ExtractIconExW] [7C9FE1B7] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHGetSpecialFolderLocation] [7C9EF2E3] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!ShellExecuteExW] [7CA02F03] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHGetSpecialFolderPathW] [7C9EF778] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHBindToParent] [7C9F3E90] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHParseDisplayName] [7C9EDB70] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHChangeNotify] [7CA24909] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHGetDesktopFolder] [7C9EB768] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHAddToRecentDocs] [7CA2FD22] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!DuplicateIcon] [7CA72A57] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHUpdateRecycleBinIcon] [7CA0BCE0] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHGetFolderLocation] [7C9EF261] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHGetPathFromIDListA] [7CA34C31] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHELL32.dll!SHGetPathFromIDListW] [7C9F1024] C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrCpyNW] [77F66753] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrRetToBufW] [77F66D2F] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrRetToStrW] [77F72613] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHQueryValueExW] [77F66F2E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathIsNetworkPathW] [77F67DC3] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!AssocCreate] [77F69E69] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrCatW] [77F70486] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrCpyW] [77F6682A] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHGetValueW] [77F64587] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrCmpNIW] [77F66F84] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathRemoveBlanksW] [77F6B01C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathRemoveArgsW] [77F7420B] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathFindFileNameW] [77F67077] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrStrIW] [77F67E7C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathGetArgsW] [77F741D1] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrToIntW] [77F6AF74] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHRegGetBoolUSValueW] [77F68F94] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHRegWriteUSValueW] [77F74F7D] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHRegCloseUSKey] [77F68AD8] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHRegCreateUSKeyW] [77F77687] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHRegGetUSValueW] [77F68CF2] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHSetValueW] [77F6975F] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathAppendW] [77F67ACD] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathUnquoteSpacesW] [77F6AFBF] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathQuoteSpacesW] [77FB1067] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHSetThreadRef] [77F77C86] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHCreateThreadRef] [77F77CC0] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathCombineW] [77F679C9] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHStrDupW] [77F66C63] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathIsPrefixW] [77F7430C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathParseIconLocationW] [77F6B09D] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!AssocQueryKeyW] [77F6A5AE] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!AssocQueryStringW] [77F7A78E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrCmpW] [77F67126] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHRegQueryUSValueW] [77F68E75] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHRegOpenUSKeyW] [77F68C8A] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHRegSetUSValueW] [77F78A8B] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathIsDirectoryW] [77F7AE59] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathFileExistsW] [77F67D89] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathGetDriveNumberW] [77F66BDA] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrChrW] [77F666BD] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathFindExtensionW] [77F66859] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathRemoveFileSpecW] [77F67C56] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!PathStripToRootW] [77F683F5] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHOpenRegStream2W] [77F724BA] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrDupW] [77F66772] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHDeleteValueW] [77F7C341] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrCatBuffW] [77F66B50] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!SHDeleteKeyW] [77F76F94] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrCmpIW] [77F66A8E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!wnsprintfW] [77F693E6] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
IAT C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe[3844] @ C:\WINDOWS\explorer.exe [SHLWAPI.dll!StrCmpNW] [77F66DE8] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
  • 0

#5
swest100
Posted 29 November 2012 - 09:49 PM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 11/29/2012 11:03:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.15% Memory free
3.83 Gb Paging File | 3.24 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 3.42 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive E: | 62.04 Mb Total Space | 61.23 Mb Free Space | 98.69% Space Free | Partition Type: FAT

Computer Name: BIGDUDE | User Name: Sean West | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/29 09:41:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/11/20 20:54:33 | 000,261,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe
PRC - [2012/11/20 20:41:35 | 000,353,792 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe
PRC - [2012/10/18 11:35:51 | 000,161,768 | -H-- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/20 17:08:05 | 000,212,432 | -H-- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/14 19:24:06 | 000,212,432 | -H-- | M] (Google Inc.) -- C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2011/10/25 13:44:42 | 000,793,048 | -H-- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/06/08 19:19:24 | 001,583,960 | -H-- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2010/11/27 17:17:05 | 006,416,120 | -H-- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2010/01/07 13:38:10 | 000,058,592 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/03/08 03:31:54 | 000,013,312 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/06 09:35:02 | 000,198,168 | -H-- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 12:48:28 | 000,067,056 | -H-- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/06/21 14:09:58 | 000,090,112 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/11/02 20:24:46 | 000,032,768 | -H-- | M] (Cyberlink Corp.) -- C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
PRC - [2004/10/15 11:31:32 | 000,356,352 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2004/10/15 11:30:52 | 000,098,304 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
PRC - [2004/10/15 11:27:56 | 000,385,024 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 11:27:38 | 000,389,120 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 11:23:12 | 000,245,760 | -H-- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2002/12/17 16:26:22 | 007,520,337 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
PRC - [2000/11/17 00:02:00 | 000,114,688 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/20 20:54:33 | 000,261,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe
MOD - [2012/11/20 20:41:35 | 000,353,792 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe
MOD - [2011/11/03 07:28:36 | 001,292,288 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/03 07:28:36 | 000,386,048 | -H-- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2011/06/16 17:54:28 | 000,047,960 | -H-- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 16:12:03 | 000,192,512 | -H-- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/07/12 21:33:58 | 000,087,552 | -H-- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2004/10/15 11:23:18 | 000,073,728 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL
MOD - [2004/08/04 04:00:00 | 000,040,448 | -H-- | M] () -- C:\WINDOWS\system32\wiasf.ax
MOD - [2004/03/18 11:35:42 | 000,876,544 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\libeay32.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- f:\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - File not found [Auto | Stopped] -- F:\personal\Videos\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2012/11/15 08:33:44 | 000,250,808 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/27 20:11:34 | 000,115,168 | -H-- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/18 11:35:51 | 000,161,768 | -H-- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/29 19:54:26 | 000,676,936 | -H-- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | -H-- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | RH-- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/25 13:44:42 | 000,793,048 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/11/27 17:17:05 | 006,416,120 | -H-- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/01/07 13:38:18 | 000,447,216 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 13:38:10 | 000,058,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/11/20 21:07:42 | 000,113,152 | -H-- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2007/03/06 09:35:02 | 000,198,168 | -H-- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 12:48:28 | 000,067,056 | -H-- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/12/19 18:23:20 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2004/10/15 11:30:52 | 000,098,304 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe -- (OwnershipProtocol)
SRV - [2004/03/18 15:55:48 | 000,065,536 | -H-- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/12/17 16:26:22 | 007,520,337 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 16:23:30 | 000,311,872 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [2000/11/17 00:02:00 | 000,114,688 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/29 19:54:26 | 000,022,856 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/01 17:46:11 | 000,026,096 | -H-- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2011/11/14 17:04:44 | 000,032,008 | -H-- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pxscan.sys -- (pxscan)
DRV - [2011/02/23 16:04:32 | 000,013,496 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/27 17:17:08 | 000,076,696 | -H-- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/02/11 04:02:15 | 000,226,880 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/11/20 21:02:48 | 000,018,816 | -H-- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/11/20 20:59:02 | 000,032,408 | -H-- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/11/20 20:59:02 | 000,027,072 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 09:05:42 | 000,026,760 | RH-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/13 10:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/10 16:59:44 | 000,142,976 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx80.sys -- (SWUMX80)
DRV - [2008/01/10 16:58:48 | 000,165,248 | -H-- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u80.sys -- (SWNC8U80)
DRV - [2007/03/19 17:51:04 | 000,022,768 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/11/02 06:00:08 | 000,039,368 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/13 04:20:00 | 000,094,460 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 04:20:00 | 000,088,476 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 04:20:00 | 000,086,844 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 04:20:00 | 000,025,724 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 04:20:00 | 000,014,716 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 04:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 04:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 07:35:24 | 000,005,660 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 07:34:46 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/13 16:26:52 | 003,851,264 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/04/22 16:34:10 | 000,702,326 | -H-- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)
DRV - [2005/04/19 15:16:40 | 000,004,790 | -H-- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)
DRV - [2005/04/18 22:21:08 | 000,027,136 | -H-- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2005/02/23 14:58:56 | 000,011,776 | -H-- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/17 07:07:48 | 000,005,632 | RH-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005/01/17 06:43:00 | 001,036,928 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/01/17 06:43:00 | 000,702,592 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/01/17 06:43:00 | 000,163,328 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/01/07 17:07:16 | 000,145,920 | -H-- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/12/06 15:51:10 | 000,051,328 | -H-- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/10/29 18:48:10 | 003,222,784 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004/10/15 11:20:04 | 000,011,354 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 08:44:04 | 000,234,496 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 04:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 14:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2002/07/17 07:53:02 | 000,016,877 | -H-- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2001/08/17 05:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/09 18:03:00 | 000,070,084 | -H-- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.co...en-au/prov2.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{31532151-F236-4A15-AF7E-982BF8FD77E3}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes\{47EB2D50-CE8C-440F-9685-16B883BEDBB8}: "URL" = http://freekeywords....=remove_dubious
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GFRC_enUS206
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=2: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 20:11:36 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 20:10:58 | 000,000,000 | -H-D | M]

[2008/11/08 17:06:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Sean West\Application Data\Mozilla\Extensions
[2012/10/22 20:04:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Sean West\Application Data\Mozilla\Firefox\Profiles\rhq3kvt9.default\extensions
[2012/10/27 20:10:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 20:10:50 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/27 20:11:36 | 000,261,600 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 13:24:26 | 000,002,465 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 16:22:29 | 000,002,058 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Sean West\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (del.icio.us Toolbar Helper) - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKCU\..\Toolbar\WebBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [pmkbBsdfMHFBS.exe] C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Corel TW Corp.)
O4 - HKCU..\Run: [IBP] File not found
O4 - HKCU..\Run: [JEHbHvhPFJQ3WW] C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe ()
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\Sean West\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: fnismls.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: getmedianow.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: virtualearth.net ([]* in Trusted sites)
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} https://content.ilin...ad/ilinci86.dll (ILINCInstall86 Class)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1135992065553 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1234827724484 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} https://209.66.69.22...odTelnetDLX.cab (wodTelnetDLX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} http://www.clickloan...PtClickLoan.cab (PtClickLoan Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://buydomains.w...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O16 - DPF: Photobucket Publisher http://pic.photobuck...t_publisher.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\qoMFYpmn: DllName - (qoMFYpmn.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\tuvWnnOi) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/30 11:44:17 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{81218e3d-4e4d-11df-b6f1-0015f222053b}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\Shell - "" = AutoRun
O33 - MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{d339e823-2636-11df-b6aa-00a0d5ffffa9}\Shell - "" = AutoRun
O33 - MountPoints2\{d339e823-2636-11df-b6aa-00a0d5ffffa9}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/29 11:07:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sean West\Recent
[2012/11/21 22:36:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sean West\Application Data\Malwarebytes
[2012/11/21 22:35:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/21 22:35:46 | 000,022,856 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/21 22:35:46 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/20 20:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sean West\Start Menu\Programs\File Restore
[2009/09/01 19:01:33 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Sean West\Application Data\pcouffin.sys
[2009/07/02 11:46:28 | 002,032,936 | -H-- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2008/02/19 08:46:49 | 006,494,751 | -H-- | C] (Axandra GmbH ) -- C:\Program Files\IBP-Installer.exe
[2007/08/11 14:27:22 | 053,285,640 | -H-- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoTools.exe
[2007/03/19 17:51:04 | 000,024,192 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\Sean West\usbsermptxp.sys
[2007/03/19 17:51:04 | 000,022,768 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\Sean West\usbsermpt.sys
[2006/10/18 21:19:23 | 002,021,162 | -H-- | C] (Fengtao Software Inc. ) -- C:\Program Files\DVDFabDecrypter3025.exe
[2006/07/29 13:06:59 | 003,838,056 | -H-- | C] (j2 Global Communications, Inc.) -- C:\Program Files\msgrplus.exe
[2003/12/11 14:45:08 | 004,508,478 | -H-- | C] (Ipswitch) -- C:\Program Files\wsftp802.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\juwozitu.dll
[2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\jiwirido.dll
[2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\degijebu.dll
[2012/11/29 11:16:21 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/29 10:32:05 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/29 10:29:37 | 000,000,994 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2220356642-3317312799-3096113596-1005UA.job
[2012/11/29 10:08:01 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{521A4049-0C09-49EB-B9B6-0F0703FE0F1C}.job
[2012/11/29 10:05:02 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/29 10:04:11 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/11/29 10:04:00 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/29 10:03:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/21 23:09:19 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012/11/21 22:38:17 | 000,000,802 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/20 20:54:54 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WWr
[2012/11/20 20:54:54 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WW
[2012/11/20 20:54:47 | 000,000,859 | -H-- | M] () -- C:\Documents and Settings\Sean West\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/11/20 20:54:47 | 000,000,841 | -H-- | M] () -- C:\Documents and Settings\Sean West\Desktop\File_Restore.lnk
[2012/11/20 20:54:46 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW
[2012/11/20 20:54:33 | 000,261,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe
[2012/11/20 20:41:35 | 000,353,792 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe
[2012/11/20 20:29:00 | 000,000,942 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2220356642-3317312799-3096113596-1005Core.job
[2012/11/20 19:00:14 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/11/15 20:39:10 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/15 17:44:16 | 000,000,792 | -H-- | M] () -- C:\Documents and Settings\Sean West\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/11/15 17:44:15 | 000,462,912 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/15 17:44:15 | 000,080,476 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/15 17:07:27 | 000,387,200 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/15 11:47:53 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/08 08:37:09 | 000,002,316 | -H-- | M] () -- C:\Documents and Settings\Sean West\Desktop\Google Chrome.lnk
[2012/11/08 08:37:09 | 000,002,294 | -H-- | M] () -- C:\Documents and Settings\Sean West\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\juwozitu.dll
[2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\jiwirido.dll
[2099/01/01 12:00:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\degijebu.dll
[2012/11/21 22:35:48 | 000,000,802 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/20 20:54:54 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WWr
[2012/11/20 20:54:54 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WW
[2012/11/20 20:54:47 | 000,000,859 | -H-- | C] () -- C:\Documents and Settings\Sean West\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/11/20 20:54:47 | 000,000,841 | -H-- | C] () -- C:\Documents and Settings\Sean West\Desktop\File_Restore.lnk
[2012/11/20 20:54:42 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW
[2012/11/20 20:54:33 | 000,261,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe
[2012/11/20 20:43:50 | 000,353,792 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe
[2012/02/18 13:27:09 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/18 12:09:28 | 000,029,520 | -H-- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/08/18 12:09:28 | 000,013,496 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/18 14:00:17 | 009,252,864 | -H-- | C] () -- C:\Documents and Settings\Sean West\s-1-5-21-2220356642-3317312799-3096113596-1005.rrr
[2010/12/11 15:12:01 | 000,003,072 | -H-- | C] () -- C:\Documents and Settings\Sean West\Cache.db
[2010/12/04 13:09:05 | 000,037,336 | -H-- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2009/11/11 10:19:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Sean West\Local Settings\Application Data\prvlcl.dat
[2009/09/01 19:01:33 | 000,087,608 | -H-- | C] () -- C:\Documents and Settings\Sean West\Application Data\inst.exe
[2009/09/01 19:01:33 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Sean West\Application Data\pcouffin.cat
[2009/09/01 19:01:33 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Sean West\Application Data\pcouffin.inf
[2008/02/04 20:58:35 | 000,001,751 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/29 00:59:14 | 037,364,736 | -H-- | C] () -- C:\Program Files\camtasia.msi
[2007/12/12 20:22:15 | 000,565,560 | -H-- | C] () -- C:\Program Files\polml32-Label.exe
[2007/08/16 17:51:13 | 000,038,483 | -H-- | C] () -- C:\Documents and Settings\Sean West\Application Data\Comma Separated Values (Windows).ADR
[2007/03/19 17:51:04 | 000,007,195 | -H-- | C] () -- C:\Documents and Settings\Sean West\USBMOT2000.INF
[2007/03/19 17:51:04 | 000,005,891 | -H-- | C] () -- C:\Documents and Settings\Sean West\USBMOT2000XP.INF
[2007/03/19 17:51:04 | 000,005,877 | -H-- | C] () -- C:\Documents and Settings\Sean West\USB_CMCS_2000.INF
[2007/03/05 21:31:00 | 000,000,058 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2007/01/11 18:05:02 | 000,060,304 | -H-- | C] () -- C:\Documents and Settings\Sean West\g2mdlhlpx.exe
[2006/12/19 00:20:48 | 000,031,744 | -H-- | C] () -- C:\Documents and Settings\Sean West\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/06 17:07:59 | 000,132,583 | -H-- | C] () -- C:\Program Files\Cliprexdsfree.exe
[2006/07/29 17:33:28 | 002,855,080 | -H-- | C] () -- C:\Program Files\aawsepersonal.exe
[2006/07/29 16:44:40 | 017,344,752 | -H-- | C] () -- C:\Program Files\avg71free_394a763.exe
[2006/01/09 20:45:08 | 000,000,132 | -H-- | C] () -- C:\Documents and Settings\Sean West\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/01/09 20:42:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\SHDOCVW.DLL -- [2008/04/13 16:12:05 | 001,499,136 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/09/04 08:19:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2012/08/06 08:06:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2007/08/02 14:26:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bryxen Software
[2010/04/04 17:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.2 Setup
[2010/02/15 12:22:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/10/22 09:05:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2007/08/28 18:50:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/02/06 21:39:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/08/18 13:39:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
[2008/08/18 13:23:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
[2008/05/26 21:51:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/11/20 21:32:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2007/03/24 18:20:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/12/18 10:00:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/03/10 14:17:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/11/29 10:06:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/19 11:36:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/12/03 20:12:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/19 18:35:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/23 23:56:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2010/04/02 08:57:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\360se
[2009/09/04 09:27:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Acoustica
[2009/04/26 15:41:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Amazon
[2008/11/04 17:02:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\AT&T
[2010/11/06 17:19:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Audacity
[2007/08/11 14:45:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\AVSMedia
[2010/04/05 14:14:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Bytemobile
[2008/11/04 16:58:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\DBUpdater
[2007/06/04 10:26:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\DelTel, Inc
[2008/12/07 14:49:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\EBookSys
[2006/07/29 13:07:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\eFax Messenger
[2010/02/15 15:39:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Epson
[2010/09/27 16:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\FreeFLVConverter
[2010/04/04 17:31:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\IBP
[2011/05/15 06:01:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\IObit
[2007/09/29 18:54:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Jasc
[2010/08/22 20:03:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\KompoZer
[2008/03/26 14:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\LinkedIn
[2009/02/20 13:31:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\muvee Technologies
[2008/06/12 18:45:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Nitro PDF
[2008/06/04 10:36:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Nvu
[2008/08/18 13:45:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Palo Alto Software
[2011/12/02 09:31:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Product_RM
[2008/06/10 12:29:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Publish Providers
[2011/12/04 16:46:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Registry Mechanic
[2008/11/04 16:51:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Sierra Wireless
[2008/05/27 22:12:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Sony
[2010/10/19 11:38:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Ulead Systems
[2008/05/26 21:26:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Uniblue
[2010/11/23 23:36:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Vso
[2008/06/03 22:31:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Web Page Maker
[2010/04/04 17:31:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\webex
[2007/08/12 20:41:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\Xara
[2010/04/09 16:57:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Sean West\Application Data\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 03:06:24 | 000,110,592 | -H-- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 16:12:34 | 000,108,544 | -H-- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 16:12:34 | 000,108,544 | -H-- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 03:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 04:00:00 | 000,108,032 | -H-- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 16:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | -H-- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | -H-- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4E393D
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD

< End of report >
  • 0

#6
swest100
Posted 29 November 2012 - 09:49 PM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Extras logfile created on: 11/29/2012 11:03:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.15% Memory free
3.83 Gb Paging File | 3.24 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 3.42 Gb Free Space | 9.18% Space Free | Partition Type: NTFS
Drive E: | 62.04 Mb Total Space | 61.23 Mb Free Space | 98.69% Space Free | Partition Type: FAT

Computer Name: BIGDUDE | User Name: Sean West | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\IBP 9\IBP.exe" = C:\Program Files\IBP 9\IBP.exe:*:Enabled:Internet Business Promoter (IBP)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\IBP 10\IBP.exe" = C:\Program Files\IBP 10\IBP.exe:*:Enabled:Internet Business Promoter (IBP)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\QuickTime\QTTask.exe" = C:\Program Files\QuickTime\QTTask.exe:*:Enabled:QTTask -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgrsx.exe" = C:\Program Files\AVG\AVG8\avgrsx.exe:*:Enabled:avgrsx
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe:*:Enabled:HPWuSchd2
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" = C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe:*:Enabled:S24EvMon -- (Intel Corporation )
"C:\WINDOWS\system32\lsass.exe" = C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass -- (Microsoft Corporation)
"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)
"C:\WINDOWS\system32\HPZipm12.exe" = C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12 -- (HP)
"C:\WINDOWS\system32\wuauclt.exe" = C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\DOCUME~1\SEANWE~1\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe" = C:\DOCUME~1\SEANWE~1\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Disabled:Audio/Video Conference -- (©2002-2007 Audio/Video Conference Software)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Disabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Disabled:rundll32 -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\AT&T\Communication Manager\ATTCM.exe" = C:\Program Files\AT&T\Communication Manager\ATTCM.exe:*:Enabled:ATTCM -- (ATT)
"C:\Program Files\AT&T\Communication Manager\bmctl.exe" = C:\Program Files\AT&T\Communication Manager\bmctl.exe:*:Enabled:bmctl -- (Bytemobile, Inc.)
"C:\Program Files\AT&T\Communication Manager\bmop.exe" = C:\Program Files\AT&T\Communication Manager\bmop.exe:*:Enabled:bmop -- (Bytemobile, Inc.)
"C:\Program Files\WS_FTP Pro\wsftppro.exe" = C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004F0409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08F7CCA6-8590-4401-8B44-CEB09A909AAB}" = del.icio.us Buttons for Internet Explorer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357F75A5-CADA-42E3-8B16-3F3EDD431141}" = Point
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}" = Sony Media Manager 2.2
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{6450335D-D87C-4003-812F-7E879866A74E}" = Business Plan Pro 2006
"{675F65BF-F58A-44DD-9555-6F439759C4E4}" = SOAP3 and XML4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6CD08FEA-D8C4-4543-B50C-CB3D4D34E4B0}" = VideoWebWizard
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{703C4409-D597-433A-9B17-E411D9236451}" = Button Manager v1.874
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{81B9F4E7-57C5-4B41-B4C8-9B1E227FE93B}" = Xara Dreamweaver Extension 1.01
"{85A52A89-81D8-4736-BF5D-032AC2CD61E5}" = eFax Messenger 4.2
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{9A1802EE-2A82-C645-B49C-4C8484F3A17A}" = muvee Adrenaline Rush stylePack
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A2C82F57-F312-4525-A19C-40E228E09939}" = Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D358D7-5D7B-BF04-16A7-2A86D0385698}" = Miller's Albums and Books
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AF64F216-D859-43FC-9068-0005A41AEBA3}" = AT&T Communication Manager
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU.msi
"{B6FFFD7B-8057-4B50-9DD6-8256EC314486}" = Media Menu Producer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C35F0E-D09D-4177-BAEE-4D412D749A96}" = Point
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DA652575-2F85-4D4D-97D2-3CA9F40DE22E}" = Xara Webstyle 4
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E59A9109-EC2B-45D1-B1EE-BE6C9511F94B}" = TrafficGeyser AutoSignup
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EAC8A01C-9F01-4C03-9C18-9E79E979880C}" = Palo Alto Software's Application Manager 8.2
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}" = CutePDF Professional 3.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F2E0640D-BEB8-4E14-8C97-71D5C7A29844}" = Point
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7ADA0E7-2828-4904-8024-B2614B7B5190}" = USB2.0 1.3M Web Cam
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEBD8252-B3B4-48AF-8DAC-64A1B47403DD}" = Video Piggy
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Affiliate Link Cloaker_is1" = Affiliate Link Cloaker
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 4.7.1202
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AoA DVD Ripper_is1" = AoA DVD Ripper
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Blaze Media Pro" = Blaze Media Pro
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Cute CD DVD Burner V3.8" = Cute CD DVD Burner V3.8
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Directory Submitter_is1" = Directory Submitter 1.0.24
"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)
"DVDFab 8_is1" = DVDFab 8.0.5.0 (18/11/2010)
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.2.5
"DVDx_is1" = DVDx
"EmailStripper_is1" = EmailStripper 2.2
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Printer and Utilities" = EPSON Printer Software
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Google Video Uploader" = Google Video Uploader
"GoogleVideoPlayer" = Google Video Player
"Groove Mechanic_is1" = Groove Mechanic 2.6
"IBP9_is1" = IBP & ARELIS 9.7.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Ink Monitor" = Ink Monitor
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MillersRemoteSuiteAlbums" = Miller's Albums and Books
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nvu_is1" = Nvu 1.0
"PCSI" = Prevx
"ProInst" = Intel® PROSet/Wireless Software
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Smart Defrag 2_is1" = Smart Defrag 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"t@b ZS4 Video Editor_is1" = t@b ZS4 Video Editor v0.958-686
"Tee Support Client_is1" = Tee Support Client v5.4
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"Wisdom-soft ScreenHunter 5.0 Free" = Wisdom-soft ScreenHunter 5.0 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YTdetect" = Yahoo! Detect
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Audio/Video Conference" = Audio/Video Conference 4.2+
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Miller's Remote Suite (PLUS)" = Miller's Remote Suite (PLUS)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2012 9:52:40 PM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4875

Error - 11/5/2012 1:07:25 AM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/5/2012 1:07:25 AM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3078

Error - 11/5/2012 1:07:25 AM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3078

Error - 11/6/2012 1:44:59 PM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/6/2012 1:44:59 PM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2175610

Error - 11/6/2012 1:44:59 PM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2175610

Error - 11/11/2012 1:28:58 PM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/11/2012 1:28:58 PM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3938

Error - 11/11/2012 1:28:58 PM | Computer Name = BIGDUDE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3938

[ System Events ]
Error - 11/6/2012 10:08:14 PM | Computer Name = BIGDUDE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 001500104F06 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/7/2012 12:19:55 PM | Computer Name = BIGDUDE | Source = Dhcp | ID = 1002
Description = The IP address lease 32.176.42.235 for the Network Card with network
address 00A0D5FFFFA9 has been denied by the DHCP server 166.183.37.253 (The DHCP
Server sent a DHCPNACK message).

Error - 11/9/2012 9:22:38 PM | Computer Name = BIGDUDE | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/11/2012 1:40:16 AM | Computer Name = BIGDUDE | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001500104F06. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 11/11/2012 2:38:06 AM | Computer Name = BIGDUDE | Source = Dhcp | ID = 1002
Description = The IP address lease 32.176.133.7 for the Network Card with network
address 00A0D5FFFFA9 has been denied by the DHCP server 166.128.243.253 (The DHCP
Server sent a DHCPNACK message).

Error - 11/12/2012 1:10:42 PM | Computer Name = BIGDUDE | Source = Dhcp | ID = 1002
Description = The IP address lease 166.128.243.235 for the Network Card with network
address 00A0D5FFFFA9 has been denied by the DHCP server 166.183.178.253 (The DHCP
Server sent a DHCPNACK message).

Error - 11/16/2012 12:51:22 PM | Computer Name = BIGDUDE | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/16/2012 10:54:32 PM | Computer Name = BIGDUDE | Source = Dhcp | ID = 1002
Description = The IP address lease 166.128.13.179 for the Network Card with network
address 00A0D5FFFFA9 has been denied by the DHCP server 166.183.157.253 (The DHCP
Server sent a DHCPNACK message).

Error - 11/22/2012 4:46:03 AM | Computer Name = BIGDUDE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/29/2012 2:11:44 PM | Computer Name = BIGDUDE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

#7
maliprog
Posted 30 November 2012 - 12:13 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi swest100,

Of course I can. Let's start with the fix

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2012/11/20 20:54:33 | 000,261,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe
    PRC - [2012/11/20 20:41:35 | 000,353,792 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe
    MOD - [2012/11/20 20:54:33 | 000,261,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe
    MOD - [2012/11/20 20:41:35 | 000,353,792 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe
    O4 - HKLM..\Run: [pmkbBsdfMHFBS.exe] C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe ()
    O4 - HKCU..\Run: [JEHbHvhPFJQ3WW] C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe ()
    O20 - Winlogon\Notify\qoMFYpmn: DllName - (qoMFYpmn.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\tuvWnnOi) - File not found
    O33 - MountPoints2\{81218e3d-4e4d-11df-b6f1-0015f222053b}\Shell\AutoRun\command - "" = setupSNK.exe
    O33 - MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\Shell - "" = AutoRun
    O33 - MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
    O33 - MountPoints2\{d339e823-2636-11df-b6aa-00a0d5ffffa9}\Shell - "" = AutoRun
    O33 - MountPoints2\{d339e823-2636-11df-b6aa-00a0d5ffffa9}\Shell\AutoRun - "" = Auto&Play
    [2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\juwozitu.dll
    [2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\jiwirido.dll
    [2099/01/01 12:00:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\degijebu.dll
    [2012/11/20 20:54:54 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WWr
    [2012/11/20 20:54:54 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WW
    [2012/11/20 20:54:46 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW
    [2012/11/20 20:54:33 | 000,261,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe
    [2012/11/20 20:41:35 | 000,353,792 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe

    :Files
    C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe
    C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe
    C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WWr
    C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WW
    C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW

    :Commands
    [purity]
    [emptyjava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Update your Malwarebytes and do Quick Scan. Remove all findings and post log here for me after the scan.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#8
swest100
Posted 30 November 2012 - 01:16 PM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.09.29.05

Windows XP Service Pack 3 x86 FAT
Internet Explorer 8.0.6001.18702
Sean West :: BIGDUDE [administrator]

Protection: Disabled

11/30/2012 9:31:30 AM
mbam-log-2012-11-30 (11-02-17).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317537
Time elapsed: 1 hour(s), 25 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
swest100
Posted 30 November 2012 - 01:18 PM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
========== OTL ==========
Process JEHbHvhPFJQ3WW.exe killed successfully!
Process pmkbBsdfMHFBS.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pmkbBsdfMHFBS.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JEHbHvhPFJQ3WW deleted successfully.
C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMFYpmn\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\tuvWnnOi deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81218e3d-4e4d-11df-b6f1-0015f222053b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81218e3d-4e4d-11df-b6f1-0015f222053b}\ not found.
File setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb152c32-aad3-11dd-8a4a-001500104f06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb152c32-aad3-11dd-8a4a-001500104f06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb152c32-aad3-11dd-8a4a-001500104f06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb152c32-aad3-11dd-8a4a-001500104f06}\ not found.
File E:\WIN\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d339e823-2636-11df-b6aa-00a0d5ffffa9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d339e823-2636-11df-b6aa-00a0d5ffffa9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d339e823-2636-11df-b6aa-00a0d5ffffa9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d339e823-2636-11df-b6aa-00a0d5ffffa9}\ not found.
C:\WINDOWS\system32\juwozitu.dll moved successfully.
C:\WINDOWS\system32\jiwirido.dll moved successfully.
C:\WINDOWS\system32\degijebu.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WWr moved successfully.
C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WW moved successfully.
C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW moved successfully.
File C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe not found.
File C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\pmkbBsdfMHFBS.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WWr not found.
File\Folder C:\Documents and Settings\All Users\Application Data\-JEHbHvhPFJQ3WW not found.
File\Folder C:\Documents and Settings\All Users\Application Data\JEHbHvhPFJQ3WW not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Sean West
->Java cache emptied: 65327516 bytes

Total Java Files Cleaned = 62.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11302012_090955
  • 0

#10
swest100
Posted 30 November 2012 - 01:20 PM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Wow! My trusty little laptop is happy again.
  • 0

Advertisements

#11
maliprog
Posted 30 November 2012 - 03:00 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi swest100,

Yes... Sometimes we do miracles :lol:

But we still have work to do. Let's role...

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#12
swest100
Posted 30 November 2012 - 10:21 PM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello,
Kapersky was to big for memory stick so I downloaded to an attached hard drive (E).

Looks like there was virus in E also.

This was result of entire scan.



Status: Deleted (events: 3)
11/30/2012 7:16:25 PM Deleted virus Worm.Win32.FlyStudio.bf e:\Recycled.exe High
11/30/2012 7:16:25 PM Deleted virus Worm.Win32.FlyStudio.bf e:\Recycled.exe//PE-Crypt.CF High
11/30/2012 7:16:25 PM Deleted virus Worm.Win32.FlyStudio.bf e:\Recycled.exe//PE-Crypt.CF//script.fly High
  • 0

#13
swest100
Posted 02 December 2012 - 02:26 PM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Did a quick scan:
-------------------------------

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.01.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sean West :: BIGDUDE [administrator]

Protection: Enabled

12/2/2012 11:45:10 AM
mbam-log-2012-12-02 (11-45-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222977
Time elapsed: 23 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
maliprog
Posted 03 December 2012 - 12:08 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job. How is your system now? Any problems?
  • 0

#15
swest100
Posted 05 December 2012 - 12:01 AM

swest100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
System working good. Thank You!!!

Some small issues, but I don't think they are related to the infection.

Please feel free to comment if you wish, or just let it go. I'm happy either way.

1. Can't get rid of ZuneBusEnum.exe
2. Sometimes I have to start machine by using reset button.
3. AT&T Communications antenna 3.6 mbps.
4. Prevx doesn't recognize machine and I can't get any assistance from MyPrevx.com even though I have 43 days remaining on my license.

Merry Christmas.

Sean
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP