Jump to content

philh

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by philh

  1. philh
    thanks for all your help. i really, really appreciate it.
  2. philh
    OTL Extras logfile created on: 6/8/2010 9:13:46 AM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Phil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43.95 Gb Total Space | 5.74 Gb Free Space | 13.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 49.16 Gb Total Space | 11.80 Gb Free Space | 24.01% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PHILDELLM90 Current User Name: Phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server "50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server "50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated) "C:\3dsmax7\3dsmax.exe" = C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7 -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\monitor.exe" = C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\manager.exe" = C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\server.exe" = C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.) "C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- File not found "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit -- File not found "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25 "{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{2702D099-B2C6-457F-B6A1-E46AD1892FA5}" = iPF8000S Media Configuration Tool "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{318B4F96-9F80-11D8-BD9C-00105A24FEA8}" = WatchGuard Firebox System 7.3 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer "{39F24140-3AA7-4BAC-8D81-70C50563C360}" = iPF8000S Printer Driver Extra Kit "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51 "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry
  3. philh
    I ran the eset and i did find one virus, but it looked to be thae same one as i had before. it may have been in avg's vault. i missed getting the report. i ran it again and then restarted the system and ran it agin. both times it came up clean. i then ran the otl and gmer again and here are the reports. Hibernat now works again. OTL logfile created on: 6/9/2010 9:42:44 AM - Run 3 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Phil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43.95 Gb Total Space | 6.27 Gb Free Space | 14.28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 49.16 Gb Total Space | 12.13 Gb Free Space | 24.67% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PHILDELLM90 Current User Name: Phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/08 09:13:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phil\Desktop\OTL.exe PRC - [2010/05/31 22:30:59 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/05/31 22:30:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/05/31 22:30:56 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe PRC - [2010/05/31 22:30:55 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/05/31 22:30:54 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/03/05 10:26:58 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/03/05 10:26:49 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/03/05 10:26:45 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2010/02/28 22:28:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2010/02/09 16:42:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010/02/07 18:52:50 | 000,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2010/01/28 17:12:12 | 000,220,128 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe PRC - [2008/10/24 10:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/10 16:39:22 | 000,243,008 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe PRC - [2008/04/10 16:39:12 | 000,398,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe PRC - [2007/08/21 12:09:34 | 000,071,504 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe PRC - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe PRC - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe PRC - [2006/11/06 17:24:36 | 003,604,480 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe PRC - [2006/10/23 02:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/06/12 11:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe PRC - [2006/05/16 13:35:08 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe PRC - [2006/05/15 20:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2006/01/30 18:11:48 | 000,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2004/12/17 10:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE PRC - [2004/12/16 16:35:54 | 000,032,768 | ---- | M] () -- C:\Program Files\WatchGuard\controld.exe PRC - [2004/11/12 16:00:12 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe ========== Modules (SafeList) ========== MOD - [2010/06/08 09:13:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phil\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2006/05/16 13:34:22 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll MOD - [2006/05/16 13:33:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll ========== Win32 Services (SafeList) ========== SRV - [2010/05/31 22:30:56 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9) SRV - [2010/03/05 10:26:58 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/03/05 10:26:53 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010/03/05 10:26:49 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/02/28 22:28:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/02/07 18:52:50 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2010/01/28 17:12:12 | 000,220,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService) SRV - [2008/05/14 10:56:28 | 000,879,104 | ---- | M] (SunLync, a Division of JK Products and Services) [Disabled | Stopped] -- C:\Program Files\Sunlync\SunLyncScheduler.exe -- (slservice) Sunlync Scheduler (Main) SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB) SRV - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD) SRV - [2006/11/06 17:24:36 | 003,604,480 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe -- (MySQL) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2006/06/12 11:01:14 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2006/05/15 20:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2) SRV - [2004/12/16 18:51:48 | 000,032,768 | ---- | M] (WatchGuard Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WatchGuard\WBServer\wbserver.exe -- (WBServer) SRV - [2004/12/16 16:35:54 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files\WatchGuard\controld.exe -- (WG Security Event Processor) ========== Driver Services (SafeList) ========== DRV - [2010/05/31 22:30:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/05/31 22:30:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/03/05 10:26:54 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx) DRV - [2010/03/05 10:26:54 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx) DRV - [2010/03/05 10:26:54 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx) DRV - [2010/03/05 10:26:53 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx) DRV - [2010/03/05 10:26:48 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/03/05 10:26:46 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010/02/07 17:28:32 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd) DRV - [2010/02/07 17:28:32 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx) DRV - [2010/01/28 17:12:32 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap) DRV - [2010/01/28 17:12:22 | 000,032,736 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psmounter.sys -- (PSMounter) DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5) DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL) DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI) DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2) DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort) DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/03/21 21:03:00 | 003,652,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/12/09 16:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV) DRV - [2005/12/01 02:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2005/12/01 02:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2005/12/01 02:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2005/11/02 14:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005/07/14 19:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/07/14 18:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/07/12 20:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/30 10:24:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/30 10:24:45 | 000,000,000 | ---D | M] [2010/03/30 10:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phil\Application Data\Mozilla\Extensions [2010/03/30 10:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\sslqmotc.default\extensions [2010/03/30 10:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/06/08 12:35:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [DellNSCST] C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.) O4 - HKLM..\Run: [DLQLU] C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Dell Inc.) O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.) O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\imagePROGRAF Status Monitor.lnk = C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe (CANON INC.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKCU\..Trusted Domains: garmin.com ([my] https in Trusted sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1265524334437 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {7CD7C63F-A958-4E85-B21B-5157234F9BD8} http://10.8.0.55/client.cab (KWClient Control) O16 - DPF: {824645EB-4D36-4FE3-A8F4-53DC72E815B8} http://10.12.0.55/Project1.cab (ActiveFormX Control) O16 - DPF: {824FA5F8-26B6-455F-9CAF-BE376A2A2E87} http://76.222.36.82/INetViewProj1_01020716.cab (INetViewX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {9282A3AA-4954-46B4-B4AE-F086CE3F1110} http://10.100.0.82/regtrustsite.cab (TrustSiteAddMgr Class) O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://remote.argo-networks.com/inc/kaxRemote.dll (kasRmtHlp Class) O16 - DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} http://www.wildpockets.com/common/WildPock...oader-15079.cab (Wild Pockets Loader Plugin Control Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (C:\WINDOWS\system32\wxvault.dll) - C:\WINDOWS\system32\wxvault.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/02/28 19:45:29 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2010/02/07 01:52:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk E:\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/06/09 00:43:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/06/08 14:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/06/08 11:01:23 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/06/08 10:59:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/06/08 10:59:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/06/08 10:59:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/06/08 10:59:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/06/08 10:58:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/06/08 10:58:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/08 10:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phil\My Documents\Downloads [2010/06/08 09:12:59 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Phil\Desktop\OTL.exe [2010/06/07 15:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phil\Local Settings\Application Data\PCHealth [2010/06/07 09:14:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/06/07 09:14:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/06/05 00:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/06/05 00:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/05 00:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phil\Application Data\Malwarebytes [2010/06/05 00:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/06/05 00:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/05/17 14:37:21 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/05/14 12:05:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010/05/14 11:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Phil\My Documents\elyria new [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/09 09:41:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/09 09:41:04 | 000,017,882 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010/06/09 09:39:24 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2010/06/09 09:39:06 | 000,063,783 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010/06/09 09:38:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/09 09:38:37 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/09 09:38:36 | 2145,533,952 | -HS- | M] () -- C:\hiberfil.sys [2010/06/09 00:47:47 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Phil\ntuser.dat [2010/06/09 00:47:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Phil\ntuser.ini [2010/06/08 23:01:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/06/08 18:40:18 | 060,836,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/06/08 12:46:42 | 000,527,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/08 12:46:42 | 000,445,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/08 12:46:42 | 000,072,824 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/08 12:35:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/06/08 12:35:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/06/08 11:01:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/06/08 10:52:10 | 003,704,374 | R--- | M] () -- C:\Documents and Settings\Phil\Desktop\ComboFix.exe [2010/06/08 09:13:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phil\Desktop\OTL.exe [2010/06/07 16:03:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Phil\Desktop\etkptsd8.exe [2010/06/07 09:14:43 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/05 12:34:12 | 000,594,556 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm [2010/06/04 11:48:57 | 000,000,452 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010/06/03 22:56:13 | 000,138,240 | ---- | M] () -- C:\wick day camp.doc [2010/06/03 20:43:23 | 000,001,772 | -H-- | M] () -- C:\Documents and Settings\Phil\My Documents\Default.rdp [2010/06/03 17:47:53 | 001,605,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/02 14:34:43 | 000,573,081 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\sunset tan 6-2-2010.pdf [2010/06/02 14:34:31 | 004,850,176 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\sunset tan 6-2-2010.xls [2010/06/02 14:20:58 | 000,090,560 | ---- | M] () -- C:\Documents and Settings\Phil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/06/02 11:39:12 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Phil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/01 11:18:24 | 000,179,181 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100601111737.pdf [2010/05/31 22:30:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/05/31 22:30:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/05/31 01:20:41 | 000,017,882 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010/05/19 15:48:01 | 000,002,201 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\ping.bat [2010/05/19 09:41:13 | 000,090,933 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100519094033.pdf [2010/05/18 12:56:54 | 008,060,416 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\mems 5-17-2010.xls [2010/05/18 12:47:38 | 008,611,328 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\memberships.xls [2010/05/18 09:59:46 | 000,151,037 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100518095859.pdf [2010/05/17 16:19:31 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2010/05/17 14:37:36 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk [2010/05/17 09:20:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/15 01:07:00 | 000,000,000 | ---- | M] () -- C:\s58g.5 [2010/05/13 10:47:49 | 000,000,058 | ---- | M] () -- C:\s4s8.2 [2010/05/13 10:36:02 | 000,000,058 | ---- | M] () -- C:\s6eo [2010/05/11 15:26:58 | 000,018,709 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100511152646.pdf [2010/05/11 15:26:38 | 000,011,973 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100511152628.pdf [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/08 11:01:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/06/08 11:01:26 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/06/08 10:59:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/06/08 10:59:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/06/08 10:59:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/06/08 10:59:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/06/08 10:59:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/06/08 10:52:04 | 003,704,374 | R--- | C] () -- C:\Documents and Settings\Phil\Desktop\ComboFix.exe [2010/06/08 10:20:13 | 2145,533,952 | -HS- | C] () -- C:\hiberfil.sys [2010/06/07 16:03:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Phil\Desktop\etkptsd8.exe [2010/06/07 09:14:43 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/04 13:39:15 | 005,505,024 | ---- | C] () -- C:\Documents and Settings\Phil\ntuser.dat [2010/06/03 22:56:12 | 000,138,240 | ---- | C] () -- C:\wick day camp.doc [2010/06/02 14:22:39 | 000,573,081 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\sunset tan 6-2-2010.pdf [2010/06/02 14:20:42 | 004,850,176 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\sunset tan 6-2-2010.xls [2010/06/01 11:17:37 | 000,179,181 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100601111737.pdf [2010/05/19 15:45:11 | 000,002,201 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\ping.bat [2010/05/19 09:40:33 | 000,090,933 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100519094033.pdf [2010/05/18 12:52:15 | 008,060,416 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\mems 5-17-2010.xls [2010/05/18 12:47:14 | 008,611,328 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\memberships.xls [2010/05/18 09:58:59 | 000,151,037 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100518095859.pdf [2010/05/17 14:37:36 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk [2010/05/15 01:07:00 | 000,000,000 | ---- | C] () -- C:\s58g.5 [2010/05/13 10:47:47 | 000,000,058 | ---- | C] () -- C:\s4s8.2 [2010/05/13 10:35:59 | 000,000,058 | ---- | C] () -- C:\s6eo [2010/05/11 15:26:46 | 000,018,709 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100511152646.pdf [2010/05/11 15:26:28 | 000,011,973 | ---- | C] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100511152628.pdf [2010/03/09 11:06:00 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\vcmimm4.dll [2010/02/07 18:29:03 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2010/02/07 17:57:34 | 000,000,452 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/02/07 02:29:12 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/02/07 02:16:44 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll [2010/02/07 02:16:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll [2010/02/07 02:06:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2010/02/07 02:06:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2010/02/07 02:06:51 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2010/02/07 02:06:47 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2010/02/07 02:06:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2010/02/07 02:03:57 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2010/02/07 02:03:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2010/02/07 02:01:45 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2008/01/31 23:49:04 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\qtclient.dll [2007/10/10 11:05:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\qtstr.dll [2007/09/13 14:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qtregula.dll [2007/09/13 14:08:08 | 000,851,968 | ---- | C] () -- C:\WINDOWS\System32\qtbmpres.dll [2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll [2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll [2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll [2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll [2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll [2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll [2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll [2006/06/12 11:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll [2006/05/22 09:37:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll [2006/05/22 09:32:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll [2006/05/22 09:32:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll [2006/05/22 09:32:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll [2006/05/22 09:31:52 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll [2006/05/22 09:31:46 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll [2006/05/22 09:31:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll [2006/05/22 09:31:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll [2006/05/22 09:31:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll [2006/05/22 09:31:18 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll [2006/05/22 09:31:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll [2006/05/16 13:34:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll [2006/05/16 13:33:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll [2006/05/15 20:08:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll [2006/05/15 19:52:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll [2006/05/15 19:52:02 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll [2006/05/15 19:51:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll [2006/05/15 19:51:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll [2006/05/15 19:51:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll [2006/05/15 19:51:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll [2006/05/15 19:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll [2006/05/15 19:51:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll [2006/05/15 19:50:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll [2006/05/15 19:50:46 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll [2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll [2005/11/18 14:47:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll [2004/07/21 16:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll [2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll [2004/03/18 19:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/02/27 10:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2002/02/27 10:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2002/02/27 10:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE @Alternate Data Stream - 1191 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:yke6cubrCT5oaLIchok2 @Alternate Data Stream - 1183 bytes -> C:\Documents and Settings\Phil\Cookies:cKifQm9o66TBx7dm @Alternate Data Stream - 1114 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:GWJCH5hjyAsUoQaa2DDcwn8uGr @Alternate Data Stream - 1076 bytes -> C:\Program Files\Common Files\Microsoft Shared:gOj1Z8FvEXRIkWfx1KobO < End of report > [2010/06/09 09:45:53 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Phil\ntuser.dat.LOG [2010/06/09 09:45:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Phil\Cookies [2010/06/09 09:41:59 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Phil\Recent [2010/06/09 09:41:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/09 09:41:04 | 000,017,882 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010/06/09 09:39:24 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2010/06/09 09:39:06 | 000,063,783 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010/06/09 09:38:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/09 09:38:37 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/09 00:47:47 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Phil\ntuser.dat [2010/06/09 00:47:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Phil\ntuser.ini [2010/06/08 23:01:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/06/08 18:40:18 | 060,836,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/06/08 14:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\ESET [2010/06/08 12:46:42 | 000,527,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/08 12:46:42 | 000,445,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/08 12:46:42 | 000,072,824 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/08 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phil\Desktop [2010/06/08 12:37:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Phil\Local Settings [2010/06/08 12:35:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/06/08 12:35:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/06/08 12:34:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Phil\Application Data [2010/06/08 12:29:55 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2010/06/08 10:52:10 | 003,704,374 | R--- | M] () -- C:\Documents and Settings\Phil\Desktop\ComboFix.exe [2010/06/08 10:52:04 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Phil\My Documents [2010/06/08 10:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010/06/08 09:13:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phil\Desktop\OTL.exe [2010/06/07 16:03:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Phil\Desktop\etkptsd8.exe [2010/06/07 15:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phil\Local Settings\Application Data\PCHealth [2010/06/07 09:14:43 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/07 09:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/06/07 09:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop [2010/06/05 12:34:12 | 000,594,556 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm [2010/06/05 00:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/06/05 00:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/06/05 00:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phil\Application Data\Malwarebytes [2010/06/05 00:14:45 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2010/06/05 00:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/06/04 14:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\Sunlync [2010/06/04 11:48:57 | 000,000,452 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010/06/04 11:12:32 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Phil\Favorites [2010/06/03 23:00:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Phil\NetHood [2010/06/03 20:43:23 | 000,001,772 | -H-- | M] () -- C:\Documents and Settings\Phil\My Documents\Default.rdp [2010/06/03 17:47:53 | 001,605,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/03 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2010/06/02 14:34:43 | 000,573,081 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\sunset tan 6-2-2010.pdf [2010/06/02 14:34:31 | 004,850,176 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\sunset tan 6-2-2010.xls [2010/06/02 14:20:58 | 000,090,560 | ---- | M] () -- C:\Documents and Settings\Phil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/06/02 11:39:12 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Phil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/01 11:18:24 | 000,179,181 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100601111737.pdf [2010/05/31 22:30:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/05/31 22:30:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/05/31 01:20:41 | 000,017,882 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010/05/31 01:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2010/05/20 14:12:55 | 000,000,000 | ---D | M] -- C:\Program Files\WatchGuard [2010/05/19 15:48:01 | 000,002,201 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\ping.bat [2010/05/19 09:41:13 | 000,090,933 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100519094033.pdf [2010/05/18 12:56:54 | 008,060,416 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\mems 5-17-2010.xls [2010/05/18 12:47:38 | 008,611,328 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\memberships.xls [2010/05/18 09:59:46 | 000,151,037 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100518095859.pdf [2010/05/17 16:19:31 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2010/05/17 14:37:36 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk [2010/05/17 14:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion [2010/05/17 14:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2010/05/17 11:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless [2010/05/17 09:20:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/11 15:26:58 | 000,018,709 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100511152646.pdf [2010/05/11 15:26:38 | 000,011,973 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100511152628.pdf [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/09 09:41:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/09 09:41:04 | 000,017,882 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010/06/09 09:39:24 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2010/06/09 09:39:06 | 000,063,783 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010/06/09 09:38:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/09 09:38:37 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/09 09:38:36 | 2145,533,952 | -HS- | M] () -- C:\hiberfil.sys [2010/06/09 00:47:47 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Phil\ntuser.dat [2010/06/09 00:47:39 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Phil\ntuser.ini [2010/06/08 23:01:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/06/08 18:40:18 | 060,836,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/06/08 12:46:42 | 000,527,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/08 12:46:42 | 000,445,472 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/08 12:46:42 | 000,072,824 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/08 12:35:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/06/08 12:35:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/06/08 11:01:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/06/08 10:52:10 | 003,704,374 | R--- | M] () -- C:\Documents and Settings\Phil\Desktop\ComboFix.exe [2010/06/08 09:13:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phil\Desktop\OTL.exe [2010/06/07 16:03:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Phil\Desktop\etkptsd8.exe [2010/06/07 09:14:43 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/05 12:34:12 | 000,594,556 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm [2010/06/04 11:48:57 | 000,000,452 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2010/06/03 22:56:13 | 000,138,240 | ---- | M] () -- C:\wick day camp.doc [2010/06/03 20:43:23 | 000,001,772 | -H-- | M] () -- C:\Documents and Settings\Phil\My Documents\Default.rdp [2010/06/03 17:47:53 | 001,605,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/02 14:34:43 | 000,573,081 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\sunset tan 6-2-2010.pdf [2010/06/02 14:34:31 | 004,850,176 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\sunset tan 6-2-2010.xls [2010/06/02 14:20:58 | 000,090,560 | ---- | M] () -- C:\Documents and Settings\Phil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/06/02 11:39:12 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Phil\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/01 11:18:24 | 000,179,181 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100601111737.pdf [2010/05/31 22:30:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010/05/31 22:30:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010/05/31 01:20:41 | 000,017,882 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010/05/19 15:48:01 | 000,002,201 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\ping.bat [2010/05/19 09:41:13 | 000,090,933 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100519094033.pdf [2010/05/18 12:56:54 | 008,060,416 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\mems 5-17-2010.xls [2010/05/18 12:47:38 | 008,611,328 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\memberships.xls [2010/05/18 09:59:46 | 000,151,037 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100518095859.pdf [2010/05/17 16:19:31 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2010/05/17 14:37:36 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Media Sync.lnk [2010/05/17 09:20:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/15 01:07:00 | 000,000,000 | ---- | M] () -- C:\s58g.5 [2010/05/13 10:47:49 | 000,000,058 | ---- | M] () -- C:\s4s8.2 [2010/05/13 10:36:02 | 000,000,058 | ---- | M] () -- C:\s6eo [2010/05/11 15:26:58 | 000,018,709 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100511152646.pdf [2010/05/11 15:26:38 | 000,011,973 | ---- | M] () -- C:\Documents and Settings\Phil\My Documents\Dell Laser MFP 1600n_20100511152628.pdf [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE @Alternate Data Stream - 1191 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:yke6cubrCT5oaLIchok2 @Alternate Data Stream - 1183 bytes -> C:\Documents and Settings\Phil\Cookies:cKifQm9o66TBx7dm @Alternate Data Stream - 1114 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:GWJCH5hjyAsUoQaa2DDcwn8uGr @Alternate Data Stream - 1076 bytes -> C:\Program Files\Common Files\Microsoft Shared:gOj1Z8FvEXRIkWfx1KobO < End of report >
  4. philh
    Here is my report Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4175 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/8/2010 2:15:58 PM mbam-log-2010-06-08 (14-15-58).txt Scan type: Full scan (C:\|E:\|) Objects scanned: 262949 Time elapsed: 1 hour(s), 14 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  5. philh
    I'm in the process of running a full scan. so after it is all cleaned, i will put everything to dvd and then format and reinstall. any chance that anything can be left on the dvd's after i burn them?
  6. philh
    Thanks for your quick responses and all of the help. if i choose to do the format, will i need to format both partitions or do you think i can get away with just formating one partition? and can i trust anything that i put on a dvd/cd? i have some data that i would like to not loose so was going to put onto a dvd. thanks Phil
  7. philh
    ComboFix 10-06-07.04 - Phil 06/08/2010 12:24:34.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1523 [GMT -4:00] Running from: c:\documents and settings\Phil\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Phil\Application Data\EurekaLog c:\documents and settings\Phil\Local Settings\Temporary Internet Files\83n6Mo.jpg c:\documents and settings\Phil\Local Settings\Temporary Internet Files\BMnBo5mx.jpg c:\documents and settings\Phil\Local Settings\Temporary Internet Files\bn0bP8Y.jpg c:\documents and settings\Phil\Local Settings\Temporary Internet Files\XPMm3p7O.jpg C:\Thumbs.db Infected copy of c:\windows\system32\drivers\APPDRV.SYS was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 ))))))))))))))))))))))))))))))) . 2010-06-07 19:50 . 2010-06-07 19:50 -------- d-----w- c:\documents and settings\Phil\Local Settings\Application Data\PCHealth 2010-06-07 13:14 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-07 13:14 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-05 16:26 . 2010-06-05 16:26 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-05 04:48 . 2010-06-05 04:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-06-05 04:14 . 2010-06-05 04:14 -------- d-----w- c:\documents and settings\Phil\Application Data\Malwarebytes 2010-06-05 04:14 . 2010-06-07 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-05 04:14 . 2010-06-05 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-01 02:31 . 2010-06-01 02:31 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-06-01 02:31 . 2010-06-01 02:31 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-05-31 03:19 . 2010-05-31 03:19 503808 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-36926afb-n\msvcp71.dll 2010-05-31 03:19 . 2010-05-31 03:19 499712 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-36926afb-n\jmc.dll 2010-05-31 03:19 . 2010-05-31 03:19 348160 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-36926afb-n\msvcr71.dll 2010-05-31 03:19 . 2010-05-31 03:19 61440 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-71b11b69-n\decora-sse.dll 2010-05-31 03:19 . 2010-05-31 03:19 12800 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-71b11b69-n\decora-d3d.dll 2010-05-17 18:35 . 2010-05-17 18:36 10827096 ----a-w- c:\documents and settings\Phil\Application Data\Research In Motion\BlackBerry Media Sync\AutoUpdate\Updates\3.0.0.39\BlackBerryMediaSync.exe 2010-05-14 16:05 . 2010-05-14 16:05 -------- d-----w- c:\windows\system32\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-04 18:32 . 2010-02-07 23:18 -------- d-----w- c:\program files\Sunlync 2010-06-03 14:02 . 2010-02-07 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-06-02 18:20 . 2010-02-08 19:28 90560 ----a-w- c:\documents and settings\Phil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-01 14:04 . 2010-04-06 12:07 439816 ----a-w- c:\documents and settings\Phil\Application Data\Real\Update\setup3.10\setup.exe 2010-06-01 02:30 . 2010-02-07 21:29 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-01 02:30 . 2010-02-07 21:28 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-31 05:20 . 2010-02-07 06:07 17882 ----a-w- c:\windows\system32\nvModes.dat 2010-05-31 05:10 . 2010-02-07 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-05-20 18:12 . 2010-05-03 14:40 -------- d-----w- c:\program files\WatchGuard 2010-05-17 20:19 . 2010-02-09 18:22 256 ----a-w- c:\windows\system32\pool.bin 2010-05-17 18:37 . 2010-02-09 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2010-05-17 18:37 . 2010-02-08 17:18 -------- d-----w- c:\program files\Research In Motion 2010-05-17 15:45 . 2010-04-14 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless 2010-05-17 13:20 . 2010-04-04 21:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-03 14:41 . 2010-05-03 14:41 -------- d-----w- c:\program files\Common Files\WatchGuard 2010-05-03 14:40 . 2010-02-07 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-29 14:06 . 2010-04-29 14:07 750054 ----a-w- C:\Copy of TServerWed.zip 2010-04-29 14:06 . 2010-04-29 14:06 750054 ----a-w- C:\TServerWed.zip 2010-04-14 03:39 . 2010-04-14 03:39 -------- d-----w- c:\documents and settings\Phil\Application Data\Verizon Wireless 2010-04-14 03:38 . 2010-04-14 03:38 -------- d-----w- c:\program files\Verizon Wireless 2010-04-14 03:36 . 2010-04-14 03:36 -------- d-----w- c:\program files\Novatel Wireless 2010-04-09 18:19 . 2010-02-10 20:47 -------- d-----w- c:\program files\Video Server E 2010-03-30 14:25 . 2010-03-30 14:25 0 ----a-w- c:\windows\nsreg.dat 2010-03-30 14:13 . 2010-03-30 14:13 503808 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-190ea8c9-n\msvcp71.dll 2010-03-30 14:13 . 2010-03-30 14:13 499712 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-190ea8c9-n\jmc.dll 2010-03-30 14:13 . 2010-03-30 14:13 348160 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-190ea8c9-n\msvcr71.dll 2010-03-30 14:13 . 2010-03-30 14:13 61440 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72087575-n\decora-sse.dll 2010-03-30 14:13 . 2010-03-30 14:13 12800 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-72087575-n\decora-d3d.dll 2010-03-30 14:13 . 2010-03-30 14:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-12 21:31 . 2010-03-12 21:31 439816 ----a-w- c:\documents and settings\Phil\Application Data\Real\Update\temp\~Upg0\setup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-22 7557120] "nwiz"="nwiz.exe" [2006-03-22 1519616] "NVHotkey"="nvHotkey.dll" [2006-03-22 73728] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 102400] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2008-04-10 398648] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2008-04-10 243008] "DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2008-04-23 812272] "DellNSCST"="c:\program files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" [2004-11-12 278528] "CnwiDeviceAgent"="c:\program files\Canon\imagePROGRAFStatusMonitor\cnwida.exe" [2007-08-21 71504] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-2-7 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-1-30 192512] imagePROGRAF Status Monitor.lnk - c:\program files\Canon\imagePROGRAFStatusMonitor\cnwism.exe [2010-2-8 354128] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-2-9 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-05 14:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wxvault.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\3dsmax7\\3dsmax.exe"= "c:\\Program Files\\backburner 2\\monitor.exe"= "c:\\Program Files\\backburner 2\\manager.exe"= "c:\\Program Files\\backburner 2\\server.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/7/2010 5:28 PM 25096] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/7/2010 5:29 PM 52872] R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [1/28/2010 5:12 PM 15328] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/7/2010 5:29 PM 216200] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/7/2010 5:29 PM 242896] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/5/2010 10:26 AM 916760] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/5/2010 10:26 AM 308064] R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [5/31/2010 10:30 PM 2331544] R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2/8/2010 10:36 AM 140184] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [1/28/2010 5:12 PM 220128] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/7/2010 5:28 PM 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/7/2010 5:28 PM 122376] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/7/2010 5:28 PM 30216] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/7/2010 5:28 PM 26120] S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/5/2010 10:26 AM 5888008] S2 WG Security Event Processor;WG Security Event Processor;c:\program files\WatchGuard\controld.exe [5/3/2010 10:41 AM 32768] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/7/2010 5:28 PM 30104] S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336] S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [1/28/2010 5:12 PM 32736] S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408] S4 WBServer;WG WebBlocker Server;c:\program files\WatchGuard\WBServer\wbserver.exe [5/3/2010 10:41 AM 32768] . Contents of the 'Scheduled Tasks' folder 2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: garmin.com\my DPF: {7CD7C63F-A958-4E85-B21B-5157234F9BD8} - hxxp://10.8.0.55/client.cab DPF: {824645EB-4D36-4FE3-A8F4-53DC72E815B8} - hxxp://10.12.0.55/Project1.cab DPF: {824FA5F8-26B6-455F-9CAF-BE376A2A2E87} - hxxp://76.222.36.82/INetViewProj1_01020716.cab DPF: {9282A3AA-4954-46B4-B4AE-F086CE3F1110} - hxxp://10.100.0.82/regtrustsite.cab DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab FF - ProfilePath - c:\documents and settings\Phil\Application Data\Mozilla\Firefox\Profiles\sslqmotc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/ FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\Phil\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-08 12:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "Licence0"="04F0D21-79D8-7A25-D702-433F" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1388) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . Completion time: 2010-06-08 12:37:19 ComboFix-quarantined-files.txt 2010-06-08 16:37 Pre-Run: 6,037,331,968 bytes free Post-Run: 6,994,186,240 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 22D52421EC4EB3B831F83A2DEE7671F9
  8. philh
    Sorry about the double post. when ever i try to post, it comes with a connection error and i have to hit retry several times before it will take the reply. I had to run the GMER in safemode. Now i'm having several problems. Safemode wouldn't shut down. i had to hard boot the computer. hibernate still doesn't work. and the computer seems to be sluggish and has stopped responding a couple of times. i tried to shut down processes and taskmanager wouldn't come up. i had to do a shutdown and then restart the computer. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-08 10:16:45 Windows 5.1.2600 Service Pack 3 Running: etkptsd8.exe; Driver: C:\DOCUME~1\Phil\LOCALS~1\Temp\pxlirkoc.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\Documents and Settings\Phil\Desktop\etkptsd8.exe[128] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\winlogon.exe[1208] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\services.exe[1252] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\lsass.exe[1264] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\Explorer.EXE[1644] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1712] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1912] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9] .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9] .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1940] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \FileSystem\Fastfat \Fat BA0A8D20 ---- EOF - GMER 1.0.15 ----
  9. philh
    OTL Extras logfile created on: 6/8/2010 9:13:46 AM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Phil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43.95 Gb Total Space | 5.74 Gb Free Space | 13.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 49.16 Gb Total Space | 11.80 Gb Free Space | 24.01% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PHILDELLM90 Current User Name: Phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server "50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server "50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated) "C:\3dsmax7\3dsmax.exe" = C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7 -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\monitor.exe" = C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\manager.exe" = C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\server.exe" = C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.) "C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- File not found "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit -- File not found "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25 "{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{2702D099-B2C6-457F-B6A1-E46AD1892FA5}" = iPF8000S Media Configuration Tool "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{318B4F96-9F80-11D8-BD9C-00105A24FEA8}" = WatchGuard Firebox System 7.3 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer "{39F24140-3AA7-4BAC-8D81-70C50563C360}" = iPF8000S Printer Driver Extra Kit "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51 "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry
  10. philh
    OTL Extras logfile created on: 6/8/2010 9:13:46 AM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Phil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43.95 Gb Total Space | 5.74 Gb Free Space | 13.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 49.16 Gb Total Space | 11.80 Gb Free Space | 24.01% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PHILDELLM90 Current User Name: Phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server "50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server "50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated) "C:\3dsmax7\3dsmax.exe" = C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7 -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\monitor.exe" = C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\manager.exe" = C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\backburner 2\server.exe" = C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server -- (Discreet, a division of Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.) "C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.) "C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- File not found "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit -- File not found "C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25 "{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA "{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18 "{2702D099-B2C6-457F-B6A1-E46AD1892FA5}" = iPF8000S Media Configuration Tool "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{318B4F96-9F80-11D8-BD9C-00105A24FEA8}" = WatchGuard Firebox System 7.3 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer "{39F24140-3AA7-4BAC-8D81-70C50563C360}" = iPF8000S Printer Driver Extra Kit "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51 "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry
  11. philh
    OTL logfile created on: 6/8/2010 9:13:46 AM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Phil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 43.95 Gb Total Space | 5.74 Gb Free Space | 13.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 49.16 Gb Total Space | 11.80 Gb Free Space | 24.01% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PHILDELLM90 Current User Name: Phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/08 09:13:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phil\Desktop\OTL.exe PRC - [2010/05/31 22:31:00 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/05/31 22:30:59 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/05/31 22:30:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/05/31 22:30:56 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe PRC - [2010/05/31 22:30:55 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/05/31 22:30:54 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/03/30 09:38:10 | 001,038,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe PRC - [2010/03/05 10:26:58 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/03/05 10:26:49 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/03/05 10:26:45 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2010/02/28 22:28:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2010/02/09 16:42:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010/02/07 18:52:50 | 000,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2010/01/28 17:12:12 | 000,220,128 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe PRC - [2008/10/24 10:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/10 16:39:22 | 000,243,008 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe PRC - [2008/04/10 16:39:12 | 000,398,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe PRC - [2007/08/21 12:09:34 | 000,071,504 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe PRC - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe PRC - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe PRC - [2006/11/06 17:24:36 | 003,604,480 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006/10/23 02:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe PRC - [2006/08/03 19:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/06/12 11:01:14 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe PRC - [2006/05/16 13:35:08 | 000,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe PRC - [2006/05/15 20:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2006/01/30 18:11:48 | 000,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe PRC - [2005/09/08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2004/12/17 10:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE PRC - [2004/12/16 16:35:54 | 000,032,768 | ---- | M] () -- C:\Program Files\WatchGuard\controld.exe PRC - [2004/11/12 16:00:12 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe ========== Modules (SafeList) ========== MOD - [2010/06/08 09:13:11 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phil\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2006/05/16 13:34:22 | 000,286,720 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll MOD - [2006/05/16 13:33:06 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\detoured.dll ========== Win32 Services (SafeList) ========== SRV - [2010/05/31 22:30:56 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9) SRV - [2010/03/05 10:26:58 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/03/05 10:26:53 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010/03/05 10:26:49 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/02/28 22:28:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/02/07 18:52:50 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2010/01/28 17:12:12 | 000,220,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService) SRV - [2008/05/14 10:56:28 | 000,879,104 | ---- | M] (SunLync, a Division of JK Products and Services) [Disabled | Stopped] -- C:\Program Files\Sunlync\SunLyncScheduler.exe -- (slservice) Sunlync Scheduler (Main) SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB) SRV - [2006/12/07 17:52:10 | 000,095,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD) SRV - [2006/11/06 17:24:36 | 003,604,480 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe -- (MySQL) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/08/03 19:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2006/06/12 11:01:14 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2006/05/15 20:19:00 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2) SRV - [2004/12/16 18:51:48 | 000,032,768 | ---- | M] (WatchGuard Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WatchGuard\WBServer\wbserver.exe -- (WBServer) SRV - [2004/12/16 16:35:54 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files\WatchGuard\controld.exe -- (WG Security Event Processor) ========== Driver Services (SafeList) ========== DRV - [2010/05/31 22:30:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/05/31 22:30:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/03/05 10:26:54 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx) DRV - [2010/03/05 10:26:54 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx) DRV - [2010/03/05 10:26:54 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx) DRV - [2010/03/05 10:26:53 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx) DRV - [2010/03/05 10:26:48 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/03/05 10:26:46 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010/02/07 17:28:32 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd) DRV - [2010/02/07 17:28:32 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx) DRV - [2010/01/28 17:12:32 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap) DRV - [2010/01/28 17:12:22 | 000,032,736 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psmounter.sys -- (PSMounter) DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5) DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL) DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI) DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2) DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort) DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/03/21 21:03:00 | 003,652,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/12/09 16:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV) DRV - [2005/12/01 02:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2005/12/01 02:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2005/12/01 02:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2005/11/02 14:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005/10/26 11:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005/07/14 19:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/07/14 18:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/07/12 20:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/30 10:24:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/30 10:24:45 | 000,000,000 | ---D | M] [2010/03/30 10:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phil\Application Data\Mozilla\Extensions [2010/03/30 10:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\sslqmotc.default\extensions [2010/03/30 10:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited) O4 - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [DellNSCST] C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.) O4 - HKLM..\Run: [DLQLU] C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Dell Inc.) O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.) O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\imagePROGRAF Status Monitor.lnk = C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwism.exe (CANON INC.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKCU\..Trusted Domains: garmin.com ([my] https in Trusted sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {4871A87A-BFDD-4106-8153-FFD
  12. philh
    I got a virus the other night and everywhere i looked they recommended using Malwarebytes. It cleared everything up right away. I noticed today though that everytime i open internet explorer i get another window that opens with a "news 11 today" news story about a lady who makes $376 from working from home. I ran malwarebytes again and everything has come up clean. I also have avg and it comes up clean. i googled it and found someone that had a similar pop up as mine. the only other problem that i have is that hybernate doesn't work anymore. i'm concerned that i may have a rootkit problem like the person in this other thread. http://forums.malwarebytes.org/index.php?showtopic=51915 Any help would be appreciated. phil
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.