Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Bithumb Hacked Second Time in a Year. Hackers Steal $31 Million

Featured Deal: Get 95% off The Complete Adobe CC Training Bundle Deal

Photo

Malware Infection, Possibly trojan.vx

Started by eurosamurai , Jun 21 2009 11:27 AM

  • This topic is locked This topic is locked
22 replies to this topic

#1 eurosamurai

eurosamurai

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 21 June 2009 - 11:27 AM

Hi, yesterday I installed a program from a friend and I saw my antivirus go crazy. After using MalwareBytes and a few other scanners, it looks like I was infected by a Trojan. I am at a loss at how to remove it, as most scanners don't show I'm infected. Attached is my log file for dds.



DDS (Ver_09-05-14.01) - NTFSx86
Run by XXX at 12:14:45.97 on Sun 06/21/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.760 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Route1\MobiNETAgent\MobiHostService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Route1\MobiNETAgent\mobi_ui.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\xxx\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTxfiHlp] CTXFIHLP.EXE
StartupFolder: c:\users\xxx~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mobine~1.lnk - c:\windows\installer\{43740021-58e6-4c82-a626-3026d350ac6d}\mobi_ui.exe2_AF8E4DA433B4474DAB06F867AAFC5607.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} - hxxp://comics.yahoo.co.jp/component/ToonsXYJ.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\xxx~1\appdata\roaming\mozilla\firefox\profiles\0r1f20mr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

============= SERVICES / DRIVERS ===============

R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2009-3-8 654480]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090618.001\IDSvix86.sys [2009-6-19 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-28 176128]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-11-1 149352]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-14 195856]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-4-24 95544]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2009-1-9 1464672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-14 19096]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
R3 SX2KDriver;SX2KDriver;c:\windows\system32\drivers\SX2KDriver.sys [2008-9-22 3328]
R3 SX2KKeyBD;SX2KKeyBD;c:\windows\system32\drivers\SX2KKeyBD.sys [2009-3-26 5632]
R3 SX2KMntr;SX2KMntr;c:\windows\system32\drivers\SX2KMntr.sys [2009-3-26 6400]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-1-20 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]

=============== Created Last 30 ================

2009-06-21 11:22 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-21 10:56 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-19 21:23 155,136 a------- c:\windows\PEV.exe
2009-06-19 21:20 33,280 a------- c:\windows\system32\drivers\rootrepeal.sys
2009-06-19 06:38 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-06-19 06:38 1,080 a------- c:\windows\system32\settings.sfm
2009-06-15 19:46 55,084 a------- c:\windows\system32\BMXStateBkp-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
2009-06-15 19:46 55,084 a------- c:\windows\system32\BMXState-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
2009-06-15 19:46 788 a------- c:\windows\system32\DVCState-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
2009-06-15 19:42 144,896 a------- c:\windows\system32\APOMngr.DLL
2009-06-09 18:13 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-06 19:24 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-06 19:24 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-06 19:24 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-06 19:13 72,728 a------- c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.DLL
2009-06-06 19:04 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-06 19:02 502,272 a------- c:\windows\system32\usp10.dll
2009-06-06 19:01 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-06-06 19:01 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-06-06 19:01 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-06-06 19:01 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-06-06 19:01 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-06-06 19:01 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-06-06 19:01 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-06-06 19:01 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-06-06 19:01 218,624 a------- c:\windows\system32\wdscore.dll
2009-06-06 19:01 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-06-06 19:01 247,808 a------- c:\windows\system32\drvstore.dll
2009-06-06 18:40 <DIR> --d----- c:\programdata\ATI
2009-06-06 17:02 <DIR> --d----- c:\windows\system32\RTCOM
2009-06-06 17:01 <DIR> --d-h--- c:\program files\Temp
2009-06-06 16:54 72,704 a------- c:\windows\system32\admparse.dll
2009-06-05 20:35 <DIR> --d----- c:\users\xxx~1\appdata\roaming\LimeWire
2009-06-05 19:25 <DIR> --d----- c:\programdata\eMule
2009-06-05 19:25 <DIR> --d----- c:\progra~2\eMule
2009-06-02 19:54 48,640 a------- C:\Iexploreiosg.exe

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-15 19:42 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-06-15 19:42 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-06-15 19:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-15 19:41 51,200 a------- c:\windows\inf\infpub.dat
2009-06-06 19:31 86,016 a------- c:\windows\inf\infstor.dat
2009-06-06 19:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-06 17:01 319,456 a------- c:\windows\DIFxAPI.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-28 23:31 4,491,776 a------- c:\windows\system32\drivers\atikmdag.sys
2009-04-28 22:08 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-04-28 22:08 303,104 a------- c:\windows\system32\atieclxx.exe
2009-04-28 22:07 176,128 a------- c:\windows\system32\atiesrxx.exe
2009-04-28 22:06 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-04-28 22:06 356,352 a------- c:\windows\system32\atipdlxx.dll
2009-04-28 22:05 278,528 a------- c:\windows\system32\Oemdspif.dll
2009-04-28 22:05 11,776 a------- c:\windows\system32\atimuixx.dll
2009-04-28 22:05 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-04-28 22:02 2,428,928 a------- c:\windows\system32\atidxx32.dll
2009-04-28 21:52 3,082,752 a------- c:\windows\system32\atiumdag.dll
2009-04-28 21:41 11,559,424 a------- c:\windows\system32\atioglxx.dll
2009-04-28 21:37 4,963,840 a------- c:\windows\system32\atiumdva.dll
2009-04-28 21:25 51,712 a------- c:\windows\system32\atimpc32.dll
2009-04-28 21:25 51,712 a------- c:\windows\system32\amdpcom32.dll
2009-04-28 21:24 163,840 a------- c:\windows\system32\atiadlxx.dll
2009-04-28 21:22 53,248 a------- c:\windows\system32\aticalrt.dll
2009-04-28 21:22 53,248 a------- c:\windows\system32\aticalcl.dll
2009-04-28 21:20 3,293,184 a------- c:\windows\system32\aticaldd.dll
2009-04-28 21:11 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-04-24 01:43 95,544 a------- c:\windows\system32\drivers\AtiHdmi.sys
2009-04-23 08:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-17 18:52 249,856 a------- c:\windows\system32\pdfmona.dll
2009-04-17 18:52 51,716 a------- c:\windows\system32\pdf995mon.dll
2009-04-11 02:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 02:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 02:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 02:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 02:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 02:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 02:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 02:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 02:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 02:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 02:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 02:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 02:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 02:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 02:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 02:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 01:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 01:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 00:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 00:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 00:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 00:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 00:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-11 00:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 21:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-04-03 17:16 3,616 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-30 00:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-30 00:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-30 00:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-30 00:42 80,720 a------- c:\windows\system32\mscories.dll
2009-03-24 19:10 1,003,040 a------- c:\windows\system32\RtkPgExt.dll
2009-03-24 19:10 46,112 a------- c:\windows\system32\RtkCoInst.dll
2009-03-24 19:10 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-03-24 19:10 2,525,216 a------- c:\windows\system32\RtkAPO.dll
2009-01-04 15:39 49,024 a------- c:\windows\inf\gsiata.sys
2008-11-03 17:39 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:15:32.09 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:04:36 AM

Posted 26 June 2009 - 06:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
All Other Things Being Equal, The Simplest Solution Is The Best.
Anti-Spyware Scanners - Anti-Virus Scanners - Online Scanners - Firewalls
Protect Yourself and Surf More Secure

#3 eurosamurai

eurosamurai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 27 June 2009 - 12:38 PM

Hi,

Thanks for your response. Since posting I've loaded ad aware and it additionally found a trojan and a key logger that it removed. My concerns are that I originally had Norton 360 and MBAM on my system running fully updated. The only thing that made me aware that anything was going on was a quick hit from Norton saying it was processing threats, but then nothing was logged as being a virus or trojan. I then did a full scan with MBAM that found a trojan file and removed it, but I wasn't sure it got everything after looking at the DDS file and process listing. So then I installed ad aware as noted above.

At this point I'm still wondering if there might be something else on my machine that these things have missed. This whole situation has put my anti-virus software into perspective, as it hasn't found or removed any of it and I paid some good money for it. Not next year... Anyway, I've included the new dds and attach files for your review and would appreciate any input on if you see things still going on with my computer.

By the way, I'm eagerly looking forward to an opening in your malware class, after this situation, I'd love to help others out in getting their computers back in order.

DDS (Ver_09-06-26.01) - NTFSx86
Run by xxx at 13:22:11.51 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.853 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Route1\MobiNETAgent\MobiHostService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Route1\MobiNETAgent\mobi_ui.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\xxx\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [VMware hqtray] "c:\program files\vmware\vmware workstation\hqtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\users\xxx~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mobine~1.lnk - c:\windows\installer\{43740021-58e6-4c82-a626-3026d350ac6d}\mobi_ui.exe2_AF8E4DA433B4474DAB06F867AAFC5607.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} - hxxp://comics.yahoo.co.jp/component/ToonsXYJ.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\xxx~1\appdata\roaming\mozilla\firefox\profiles\0r1f20mr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-21 64160]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2009-3-8 654480]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090618.001\IDSvix86.sys [2009-6-19 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-28 176128]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-11-1 149352]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-14 195856]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R2 Route1 Mobi Host;Mobi Host Service;c:\program files\route1\mobinetagent\MobiHostService.exe [2008-9-25 24576]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-4-24 95544]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2009-1-9 1464672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-14 19096]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
R3 SX2KDriver;SX2KDriver;c:\windows\system32\drivers\SX2KDriver.sys [2008-9-22 3328]
R3 SX2KKeyBD;SX2KKeyBD;c:\windows\system32\drivers\SX2KKeyBD.sys [2009-3-26 5632]
R3 SX2KMntr;SX2KMntr;c:\windows\system32\drivers\SX2KMntr.sys [2009-3-26 6400]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-25 1153368]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-1-20 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]

=============== Created Last 30 ================

2009-06-25 23:37 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-25 23:37 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-25 23:37 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-23 09:23 <DIR> --d----- c:\program files\Safer Networking
2009-06-23 08:58 114,688 a------- C:\Fport.exe
2009-06-21 17:57 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-21 14:50 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-21 14:45 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-21 14:45 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-21 14:45 <DIR> --d----- c:\programdata\Lavasoft
2009-06-21 14:45 <DIR> --d----- c:\program files\Lavasoft
2009-06-21 11:22 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-21 10:56 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-19 21:23 155,136 a------- c:\windows\PEV.exe
2009-06-19 21:20 33,280 a------- c:\windows\system32\drivers\rootrepeal.sys
2009-06-19 06:38 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-06-19 06:38 1,080 a------- c:\windows\system32\settings.sfm
2009-06-15 19:46 55,084 a------- c:\windows\system32\BMXStateBkp-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
2009-06-15 19:46 55,084 a------- c:\windows\system32\BMXState-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
2009-06-15 19:46 788 a------- c:\windows\system32\DVCState-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
2009-06-15 19:42 144,896 a------- c:\windows\system32\APOMngr.DLL
2009-06-09 18:13 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-06 19:24 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-06 19:24 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-06 19:24 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-06 19:13 72,728 a------- c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.DLL
2009-06-06 19:04 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-06 19:02 502,272 a------- c:\windows\system32\usp10.dll
2009-06-06 19:01 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-06-06 19:01 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-06-06 19:01 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-06-06 19:01 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-06-06 19:01 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-06-06 19:01 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-06-06 19:01 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-06-06 19:01 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-06-06 19:01 218,624 a------- c:\windows\system32\wdscore.dll
2009-06-06 19:01 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-06-06 19:01 247,808 a------- c:\windows\system32\drvstore.dll
2009-06-06 18:40 <DIR> --d----- c:\programdata\ATI
2009-06-06 17:02 <DIR> --d----- c:\windows\system32\RTCOM
2009-06-06 17:01 <DIR> --d-h--- c:\program files\Temp
2009-06-06 16:54 72,704 a------- c:\windows\system32\admparse.dll
2009-06-05 20:35 <DIR> --d----- c:\users\xxx~1\appdata\roaming\LimeWire
2009-06-05 19:25 <DIR> --d----- c:\programdata\eMule
2009-06-05 19:25 <DIR> --d----- c:\progra~2\eMule

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-15 19:42 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-06-15 19:42 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-06-15 19:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-15 19:41 51,200 a------- c:\windows\inf\infpub.dat
2009-06-06 19:31 86,016 a------- c:\windows\inf\infstor.dat
2009-06-06 19:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-06 17:01 319,456 a------- c:\windows\DIFxAPI.dll
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-28 23:31 4,491,776 a------- c:\windows\system32\drivers\atikmdag.sys
2009-04-28 22:08 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-04-28 22:08 303,104 a------- c:\windows\system32\atieclxx.exe
2009-04-28 22:07 176,128 a------- c:\windows\system32\atiesrxx.exe
2009-04-28 22:06 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-04-28 22:06 356,352 a------- c:\windows\system32\atipdlxx.dll
2009-04-28 22:05 278,528 a------- c:\windows\system32\Oemdspif.dll
2009-04-28 22:05 11,776 a------- c:\windows\system32\atimuixx.dll
2009-04-28 22:05 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-04-28 22:02 2,428,928 a------- c:\windows\system32\atidxx32.dll
2009-04-28 21:52 3,082,752 a------- c:\windows\system32\atiumdag.dll
2009-04-28 21:41 11,559,424 a------- c:\windows\system32\atioglxx.dll
2009-04-28 21:37 4,963,840 a------- c:\windows\system32\atiumdva.dll
2009-04-28 21:25 51,712 a------- c:\windows\system32\atimpc32.dll
2009-04-28 21:25 51,712 a------- c:\windows\system32\amdpcom32.dll
2009-04-28 21:24 163,840 a------- c:\windows\system32\atiadlxx.dll
2009-04-28 21:22 53,248 a------- c:\windows\system32\aticalrt.dll
2009-04-28 21:22 53,248 a------- c:\windows\system32\aticalcl.dll
2009-04-28 21:20 3,293,184 a------- c:\windows\system32\aticaldd.dll
2009-04-28 21:11 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-04-23 08:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-17 18:52 249,856 a------- c:\windows\system32\pdfmona.dll
2009-04-17 18:52 51,716 a------- c:\windows\system32\pdf995mon.dll
2009-04-11 02:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 02:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 02:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 02:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 02:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 02:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 02:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 02:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 02:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 02:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 02:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 02:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 02:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 02:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 02:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 02:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 01:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 01:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 00:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 00:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 00:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 00:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 00:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-11 00:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 21:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-04-03 17:16 3,616 a------- c:\windows\system32\ealregsnapshot1.reg
2009-03-30 00:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-30 00:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-30 00:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-30 00:42 80,720 a------- c:\windows\system32\mscories.dll
2009-01-04 15:39 49,024 a------- c:\windows\inf\gsiata.sys
2008-11-03 17:39 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:22:35.88 ===============

Attached Files


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:36 AM

Posted 29 June 2009 - 05:51 AM

Hi eurosamurai,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

--------------------------------------------------------------------------------------------------------------

Can you post the MBAM log that your last scan produced.

Then

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


And finally

Please download
OTS
and save it to your desktop:
- Double click Posted Image and run
If you are running on Vista then right-click the program and choose Run as Administrator.

- Please check Posted Image & Posted Image
- Next press
Posted Image
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
- Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit)
- The log will be located in the OTS folder and named OTS.txt.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 eurosamurai

eurosamurai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 29 June 2009 - 08:43 PM

Hi,

Thanks for the directions you provided. It took a few tries at GMER to get it to finish without crashing my computer, but I've included the new scan below. I've also included the OTS scanned attached as well as a new full scan log for MBAM. Please let me know if you need any further information. One item of interest is the SKYNET entries in the GMER output. I looked and the system32 files are gone, but the registry entries are still there.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-29 20:39:58
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 87B4ADC8 ZwAlertResumeThread
SSDT 87B4AEA8 ZwAlertThread
SSDT 900E6FC0 ZwAllocateVirtualMemory
SSDT 90046A78 ZwAlpcConnectPort
SSDT 87B4AB18 ZwCreateMutant
SSDT 8F73DAB8 ZwCreateThread
SSDT 87B4A878 ZwDebugActiveProcess
SSDT 8F79BA08 ZwFreeVirtualMemory
SSDT 87B4AC08 ZwImpersonateAnonymousToken
SSDT 87B4ACE8 ZwImpersonateThread
SSDT 8F79B968 ZwMapViewOfSection
SSDT 87B4AA38 ZwOpenEvent
SSDT 900E6138 ZwOpenProcessToken
SSDT 8F73D568 ZwOpenThreadToken
SSDT 90091038 ZwResumeThread
SSDT 8F73D488 ZwSetContextThread
SSDT 8F73D638 ZwSetInformationProcess
SSDT 8F73D398 ZwSetInformationThread
SSDT 87B4A958 ZwSuspendProcess
SSDT 87B4AFD0 ZwSuspendThread
SSDT \??\C:\Windows\system32\drivers\CO_Mon.sys ZwTerminateProcess [0x9E750760]
SSDT 8F73D2B8 ZwTerminateThread
SSDT 90091280 ZwUnmapViewOfSection
SSDT 900E6EF0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 82CB4860 8 Bytes [C8, AD, B4, 87, A8, AE, B4, ...] {ENTER 0xb4ad, 0x87; TEST AL, 0xae; MOV AH, 0x87}
.text ntkrnlpa.exe!KeSetEvent + 131 82CB4874 4 Bytes [C0, 6F, 0E, 90] {SHR BYTE [EDI+0xe], 0x90}
.text ntkrnlpa.exe!KeSetEvent + 13D 82CB4880 4 Bytes [78, 6A, 04, 90] {JS 0x6c; ADD AL, 0x90}
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CB4938 4 Bytes [18, AB, B4, 87]
.text ntkrnlpa.exe!KeSetEvent + 221 82CB4964 4 Bytes [B8, DA, 73, 8F]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00352F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00352D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00352CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00352CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\CTXFISPI.EXE[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\CTXFISPI.EXE[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00F22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\CTXFISPI.EXE[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\CTXFISPI.EXE[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Eurosamurai\Desktop\3tkkuh5b.exe[4188] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Eurosamurai\Desktop\3tkkuh5b.exe[4188] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Eurosamurai\Desktop\3tkkuh5b.exe[4188] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Eurosamurai\Desktop\3tkkuh5b.exe[4188] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[4440] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00162F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[4440] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00162D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[4440] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00162CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[4440] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00162CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[4456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[4456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[4456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[4456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WerFault.exe[4716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01762F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WerFault.exe[4716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01762D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WerFault.exe[4716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01762CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\WerFault.exe[4716] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01762CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4892] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4932] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4932] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4932] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4932] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4948] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4948] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4948] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4948] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4968] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [018D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4968] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [018D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4968] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [018D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4968] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [018D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[5016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[5016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [010B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[5016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[5016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[5068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[5068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[5068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[5068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[5284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[5284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[5284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[5284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[5300] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[5300] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[5300] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[5300] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[5328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\Ctxfihlp.exe[5404] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\Ctxfihlp.exe[5404] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\Ctxfihlp.exe[5404] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\Ctxfihlp.exe[5404] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5468] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00622F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5468] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [00622D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5468] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00622CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5468] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00622CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[5500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00242F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00242D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00242CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00242CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00272F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00272D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00272CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5672] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00272CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5804] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00092F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5804] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00092D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5804] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00092CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5804] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00092CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbhub \Device\00000083 hcmon.sys
Device \Driver\usbhub \Device\00000084 hcmon.sys
Device \Driver\usbhub \Device\00000085 hcmon.sys
Device \Driver\usbhub \Device\00000086 hcmon.sys
Device \Driver\usbhub \Device\00000087 hcmon.sys
Device \Driver\usbhub \Device\00000088 hcmon.sys

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@imagepath \systemroot\system32\drivers\SKYNETggfyvndy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@aid 10099
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\delete
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\injector
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\tasks
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETggfyvndy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETwbkbyjra.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETlog.dat \systemroot\system32\SKYNETskkxkcbv.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmjuykbci.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNET.dat \systemroot\system32\SKYNETrdgbmqjc.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xD7 0x0F 0x7E 0x6D ...

---- EOF - GMER 1.0.15 ----

Attached Files


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:36 AM

Posted 30 June 2009 - 03:05 PM

Hi eurosamurai,

SKYNET has to go. :)

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 eurosamurai

eurosamurai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 30 June 2009 - 03:39 PM

Hi,

I have included the CF output below:

ComboFix 09-06-29.07 - Eurosamurai 06/30/2009 16:26.7 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1117 [GMT -4:00]
Running from: c:\users\Eurosamurai\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 14:25 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.002\EECTRL.SYS
2009-06-30 14:25 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.002\CCERASER.DLL
2009-06-30 14:25 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.002\ERASER.SYS
2009-06-30 14:25 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.002\NAVENG.SYS
2009-06-30 14:25 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.002\NAVEX15.SYS
2009-06-30 14:25 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.002\NAVENG32.DLL
2009-06-30 14:25 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.002\NAVEX32A.DLL
2009-06-30 14:25 . 2008-11-11 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.002\ECMSVR32.DLL
2009-06-30 10:30 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.049\EECTRL.SYS
2009-06-30 10:30 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.049\CCERASER.DLL
2009-06-30 10:30 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.049\ERASER.SYS
2009-06-30 10:30 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.049\NAVENG.SYS
2009-06-30 10:30 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.049\NAVEX15.SYS
2009-06-30 10:30 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.049\NAVENG32.DLL
2009-06-30 10:30 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.049\NAVEX32A.DLL
2009-06-30 10:30 . 2008-11-11 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.049\ECMSVR32.DLL
2009-06-30 01:36 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.034\EECTRL.SYS
2009-06-30 01:36 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.034\ERASER.SYS
2009-06-30 01:36 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.034\NAVENG.SYS
2009-06-30 01:36 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.034\NAVEX15.SYS
2009-06-30 01:36 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.034\NAVENG32.DLL
2009-06-30 01:36 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.034\NAVEX32A.DLL
2009-06-30 01:36 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.034\CCERASER.DLL
2009-06-30 01:36 . 2008-11-11 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.034\ECMSVR32.DLL
2009-06-29 20:48 . 2009-06-29 23:08 600 ----a-w- c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\tmp14d0.tmp\cur.scr
2009-06-29 16:33 . 2009-06-29 17:16 -------- d-----w- C:\ebook
2009-06-29 14:32 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\NAVEX32A.DLL
2009-06-29 14:32 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\EECTRL.SYS
2009-06-29 14:32 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\CCERASER.DLL
2009-06-29 14:32 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\ERASER.SYS
2009-06-29 14:32 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\NAVENG.SYS
2009-06-29 14:32 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\NAVEX15.SYS
2009-06-29 14:32 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\NAVENG32.DLL
2009-06-29 14:32 . 2008-11-11 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\ECMSVR32.DLL
2009-06-26 03:37 . 2009-06-26 03:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-26 03:37 . 2009-06-26 03:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-23 13:23 . 2009-06-26 10:17 -------- d-----w- c:\program files\Safer Networking
2009-06-23 12:58 . 2009-06-23 12:50 114688 ----a-w- C:\Fport.exe
2009-06-21 21:57 . 2009-06-21 18:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-21 18:50 . 2009-06-21 18:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-21 18:45 . 2009-06-21 18:45 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-21 18:45 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-21 18:45 . 2009-06-21 18:50 -------- d-----w- c:\programdata\Lavasoft
2009-06-21 18:45 . 2009-06-21 18:45 -------- d-----w- c:\program files\Lavasoft
2009-06-21 15:23 . 2009-06-29 22:16 117760 ----a-w- c:\users\Eurosamurai\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-21 15:22 . 2009-06-21 15:22 65024 ----a-r- c:\users\Eurosamurai\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-06-21 15:22 . 2009-06-21 15:22 18944 ----a-r- c:\users\Eurosamurai\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-06-21 15:22 . 2009-06-21 15:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 01:20 . 2009-06-20 01:20 33280 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-06-20 01:08 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\Scxpx86.dll
2009-06-20 01:08 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSvix86.sys
2009-06-20 01:08 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSco.sys
2009-06-20 01:08 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSxpx86.dll
2009-06-20 01:08 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSI.dll
2009-06-20 01:08 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSviA64.sys
2009-06-20 01:08 . 2008-10-03 20:21 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDS9xx86.dll
2009-06-15 23:42 . 2008-07-17 18:32 144896 ----a-w- c:\windows\system32\APOMngr.DLL
2009-06-12 22:27 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\Scxpx86.dll
2009-06-12 22:27 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSvix86.sys
2009-06-12 22:27 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSco.sys
2009-06-12 22:27 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSxpx86.dll
2009-06-12 22:27 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSI.dll
2009-06-12 22:27 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSviA64.sys
2009-06-12 22:27 . 2008-10-03 20:21 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDS9xx86.dll
2009-06-06 23:24 . 2009-06-06 23:24 -------- d-----w- c:\windows\system32\ca-ES
2009-06-06 23:24 . 2009-06-06 23:24 -------- d-----w- c:\windows\system32\eu-ES
2009-06-06 23:24 . 2009-06-06 23:24 -------- d-----w- c:\windows\system32\vi-VN
2009-06-06 23:13 . 2008-07-15 21:23 72728 ----a-w- c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.DLL
2009-06-06 23:04 . 2009-06-06 23:04 -------- d-----w- c:\windows\system32\EventProviders
2009-06-06 23:02 . 2009-04-11 06:28 502272 ----a-w- c:\windows\system32\usp10.dll
2009-06-06 23:01 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-06-06 23:01 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-06-06 23:01 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-06-06 23:01 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-06-06 23:01 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-06-06 23:01 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-06 23:01 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-06-06 23:01 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-06-06 23:01 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-06-06 23:01 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-06-06 23:01 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-06 22:40 . 2009-06-06 22:40 -------- d-----w- c:\programdata\ATI
2009-06-06 21:02 . 2009-06-06 23:19 -------- d-----w- c:\windows\system32\RTCOM
2009-06-06 20:54 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-06 00:35 . 2009-06-06 00:35 98304 ----a-w- c:\users\Eurosamurai\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
2009-06-05 23:25 . 2009-06-06 01:16 -------- d-----w- c:\programdata\eMule
2009-06-05 23:25 . 2009-06-05 23:25 -------- d-----w- c:\users\Eurosamurai\AppData\Local\eMule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 20:22 . 2008-11-02 02:06 -------- d-----w- c:\users\Eurosamurai\AppData\Roaming\GrabIt
2009-06-30 10:32 . 2009-02-08 01:19 -------- d-----w- c:\users\Eurosamurai\AppData\Roaming\VMware
2009-06-30 10:14 . 2009-02-08 01:13 -------- d-----w- c:\programdata\VMware
2009-06-21 18:49 . 2009-06-21 18:49 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-21 18:49 . 2009-06-21 18:49 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-21 15:22 . 2009-03-25 00:36 -------- d-----w- c:\users\Eurosamurai\AppData\Roaming\SUPERAntiSpyware.com
2009-06-21 15:21 . 2008-11-03 21:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-19 10:40 . 2008-12-15 02:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 10:37 . 2009-01-10 19:55 -------- d-----w- c:\program files\%systemdir%
2009-06-18 07:00 . 2009-01-05 08:00 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-12-15 02:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-15 02:02 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 00:12 . 2008-11-02 01:27 -------- d-----w- c:\programdata\Creative
2009-06-15 23:42 . 2008-11-02 01:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 23:42 . 2008-11-02 01:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-15 23:42 . 2008-11-02 01:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-06 23:35 . 2008-11-02 01:34 -------- d-----w- c:\program files\ATI
2009-06-06 23:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-06 23:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-06 23:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-06 23:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-06 23:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-06 23:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-06 23:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-06 23:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-06 21:05 . 2008-11-02 01:34 -------- d-----w- c:\program files\ATI Technologies
2009-06-06 21:04 . 2009-06-06 21:01 -------- d--h--w- c:\program files\Temp
2009-06-06 21:01 . 2009-06-06 21:01 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-06-06 21:01 . 2009-01-20 16:30 -------- d-----w- c:\program files\Realtek
2009-06-06 20:54 . 2009-06-06 20:54 10134 ----a-r- c:\users\Eurosamurai\AppData\Roaming\Microsoft\Installer\{AA3DDA7B-A960-51C2-69C5-86F3AFB3E074}\ARPPRODUCTICON.exe
2009-06-06 01:01 . 2009-06-06 00:35 -------- d-----w- c:\users\Eurosamurai\AppData\Roaming\LimeWire
2009-05-09 05:50 . 2009-06-09 22:13 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-09 22:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-04 17:08 . 2009-05-04 17:08 -------- d-----w- c:\program files\PopCap Games
2009-05-04 17:08 . 2009-05-04 17:08 -------- d-----w- c:\programdata\PopCap Games
2009-05-03 18:00 . 2009-05-03 18:00 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-03 18:00 . 2009-05-03 18:00 -------- d-----w- c:\program files\iTunes
2009-05-03 18:00 . 2009-05-03 18:00 -------- d-----w- c:\program files\iPod
2009-05-03 18:00 . 2008-11-03 02:55 -------- d-----w- c:\program files\Common Files\Apple
2009-05-03 17:57 . 2009-05-03 17:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 03:31 . 2009-04-29 03:31 4491776 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-04-29 02:08 . 2009-04-29 02:08 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-04-29 02:08 . 2009-04-29 02:08 303104 ----a-w- c:\windows\system32\atieclxx.exe
2009-04-29 02:07 . 2009-04-29 02:07 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2009-04-29 02:06 . 2008-06-03 07:35 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-04-29 02:06 . 2008-06-03 07:35 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-04-29 02:05 . 2009-04-29 02:05 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2009-04-29 02:05 . 2009-04-29 02:05 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-04-29 02:05 . 2009-04-29 02:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-04-29 02:02 . 2009-04-29 02:02 2428928 ----a-w- c:\windows\system32\atidxx32.dll
2009-04-29 01:52 . 2008-09-24 02:02 3082752 ----a-w- c:\windows\system32\atiumdag.dll
2009-04-29 01:41 . 2009-04-29 01:41 11559424 ----a-w- c:\windows\system32\atioglxx.dll
2009-04-29 01:37 . 2008-09-24 01:41 4963840 ----a-w- c:\windows\system32\atiumdva.dll
2009-04-29 01:25 . 2009-04-29 01:25 51712 ----a-w- c:\windows\system32\atimpc32.dll
2009-04-29 01:25 . 2009-04-29 01:25 51712 ----a-w- c:\windows\system32\amdpcom32.dll
2009-04-29 01:24 . 2009-04-29 01:24 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-04-29 01:22 . 2009-04-29 01:22 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-04-29 01:22 . 2009-04-29 01:22 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-04-29 01:20 . 2009-04-29 01:20 3293184 ----a-w- c:\windows\system32\aticaldd.dll
2009-04-29 01:11 . 2009-04-29 01:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-04-24 05:43 . 2009-04-24 05:43 95544 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-04-23 12:15 . 2009-06-09 22:13 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-09 22:13 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-09 22:13 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 22:52 . 2009-04-17 22:52 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-04-17 22:52 . 2009-04-17 22:52 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-04-11 21:07 . 2009-04-11 21:06 29813256 ----a-w- c:\programdata\TaxCut\2008\Update\US68017101cupd.exe
2009-04-11 06:33 . 2009-06-06 23:03 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-06 23:03 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-06 23:02 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-06 23:03 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-06 23:03 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-06 23:03 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-06 23:03 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-06 23:02 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-06 23:02 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-06 23:02 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-06 23:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-06 23:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-06 23:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-06 23:02 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-06 23:02 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-06 23:02 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-06 23:02 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-06 23:02 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-06 23:02 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-06 23:02 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-06 23:02 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-06 23:02 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-06-06 23:02 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-06 23:02 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-06 23:02 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-06 23:02 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-06 23:02 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-06 23:02 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-06 23:02 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-06 23:03 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-06-06 23:02 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:43 . 2009-06-06 23:02 236544 ----a-w- c:\windows\system32\drivers\HdAudio.sys
2009-04-11 04:42 . 2009-06-06 23:02 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-01 02:47 . 2009-04-17 16:25 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 55856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-24 1833504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-29 61440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-07-11 19968]

c:\users\Eurosamurai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-1-10 575488]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-1-9 110647]
MobiNET Agent.lnk - c:\windows\Installer\{43740021-58E6-4C82-A626-3026D350AC6D}\mobi_ui.exe2_AF8E4DA433B4474DAB06F867AAFC5607.exe [2009-3-26 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::fb,65,21,08,ff,e6,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{951D3564-12A8-4DC9-8C3C-67A2EBC0C3B9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB983BA4-C447-40E7-90DB-D0AA8F923F1F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D7F4430-2A4C-4679-9050-00337D490EE5}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{86A05F72-A1A8-4799-96EA-E85A568E39B7}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{545F4C5C-9802-4860-8F85-899A68E30AEA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2F011569-87A7-44C0-BD63-B6C6B6FC29B5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7DB64105-9066-4C4A-A01C-E2638CF2DEFF}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{14779C18-09D3-4BDF-A744-73631988EB70}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{6863F2B7-3C9B-4F8B-987E-78A911296B5D}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{F1CC9C45-D3DD-485E-9E59-1911E820FE23}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{8B351864-D7EB-4000-BE19-6A03CE7ACBC5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{AD58BC7A-181D-40C1-BC5B-A2482B176835}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BD48EAC4-8259-4BC9-BC69-CB6111F5B15E}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{F6EBE61A-3255-403E-ABE5-DF2585613566}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{D46C7E16-BEAD-47D1-8D73-9D9923E681B0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{64CFD358-6DCF-4785-A602-5F0EB4983BD9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5081FF43-F4C3-4B01-9520-C0161CB0ECB4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{82ED2CF8-36EE-46E2-8223-C7962C9887BA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CF922A18-62D5-4332-9D50-A24F7E3756B9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B344611D-F3EE-4080-8248-204061DEFD22}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8B4D0042-428F-4F0F-97F5-BFB378F40A74}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15985D9A-8022-481D-B919-225AEEE0448E}"= UDP:c:\program files\IDA\idag.exe:Interactive Disassembler (32-bit)
"{7A26EFF5-06C5-4112-B520-0648A206B9D0}"= TCP:c:\program files\IDA\idag.exe:Interactive Disassembler (32-bit)
"{DE8B3A51-4537-4896-B1F6-0B1CA80ED0FC}"= UDP:c:\program files\IDA\idag64.exe:Interactive Disassembler (64-bit)
"{C55F2E44-724C-4DC8-A1AF-72536CC25428}"= TCP:c:\program files\IDA\idag64.exe:Interactive Disassembler (64-bit)
"{6AFFE414-C433-4F9E-855E-05B0D1378D71}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F1A1C0DB-22A2-4076-8F7C-F3C50CF27B8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{C4FBABC5-9F54-4282-B46F-C602FF34DFB7}c:\\users\\eurosamurai\\desktop\\720_starcraft2gameplayvideo_englishus.avi-downloader.exe"= UDP:c:\users\eurosamurai\desktop\720_starcraft2gameplayvideo_englishus.avi-downloader.exe:720_starcraft2gameplayvideo_englishus.avi-downloader.exe
"UDP Query User{A6181DA4-54AA-4AF9-8B43-5F1625A0814C}c:\\users\\eurosamurai\\desktop\\720_starcraft2gameplayvideo_englishus.avi-downloader.exe"= TCP:c:\users\eurosamurai\desktop\720_starcraft2gameplayvideo_englishus.avi-downloader.exe:720_starcraft2gameplayvideo_englishus.avi-downloader.exe
"{7C2F52C2-356E-4F16-9129-6605FFD9679B}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{41C77F41-2D76-4CC0-9AB4-4223462DE889}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{4310CF55-C0E5-4167-99F6-920AC1AA5B2B}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:Sins of a Solar Empire - Entrenchment
"{54E54183-EEF6-4C87-A218-D9976D1C1B6F}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:Sins of a Solar Empire - Entrenchment
"{C3A80FC6-478F-4867-8BFC-CB01104E8C43}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{03465FB7-80E5-4E19-B821-053E7F0B318C}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{3E31F336-8924-4700-B5B7-E2845CF23D15}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7BAC8B30-D654-4EC2-B509-8B61FC340DDB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F7C8897E-AEAC-49AE-A17B-23603CF8B259}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{3737DA55-6A4D-4993-A087-0AE97067C567}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"{498C828D-C4A6-4368-BBAB-845A3EBE6FEA}"= UDP:h:\bin\MobiKEY.exe:MobiKEY
"{6D84B7D2-2651-4295-A330-B105C1B21B6D}"= TCP:h:\bin\MobiKEY.exe:MobiKEY
"TCP Query User{6D344322-BD39-4E28-8920-CA596862FED6}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1135D47D-FE66-4D06-A274-5BB399B776A4}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{4CB7D16A-C1EF-40AD-8CEC-F8F227741163}e:\\program files\\limewire\\limewire.exe"= UDP:e:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D56D0802-A40E-461B-8EDD-DE7F191C5BB7}e:\\program files\\limewire\\limewire.exe"= TCP:e:\program files\limewire\limewire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/21/2009 2:50 PM 64160]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [3/8/2009 11:29 PM 654480]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090618.001\IDSvix86.sys [6/19/2009 9:08 PM 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [4/28/2009 10:07 PM 176128]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [11/1/2008 9:17 PM 149352]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/14/2008 10:02 PM 195856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
R2 Route1 Mobi Host;Mobi Host Service;c:\program files\Route1\MobiNETAgent\MobiHostService.exe [9/25/2008 10:22 PM 24576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [6/25/2009 11:37 PM 1153368]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [4/24/2009 1:43 AM 95544]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 9:54 PM 101936]
R3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\System32\drivers\HCWUSB2.sys [1/9/2009 10:00 PM 1464672]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/14/2008 10:02 PM 19096]
R3 SX2KDriver;SX2KDriver;c:\windows\System32\drivers\SX2KDriver.sys [9/22/2008 1:31 PM 3328]
R3 SX2KKeyBD;SX2KKeyBD;c:\windows\System32\drivers\SX2KKeyBD.sys [3/26/2009 10:18 PM 5632]
R3 SX2KMntr;SX2KMntr;c:\windows\System32\drivers\SX2KMntr.sys [3/26/2009 10:18 PM 6400]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 12:31 PM 41008]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/20/2009 12:48 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:50]

2009-06-27 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Eurosamurai.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-15 15:27]

2009-06-27 c:\windows\Tasks\Malwarebytes' Scheduled Update for Eurosamurai.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-15 15:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} - hxxp://comics.yahoo.co.jp/component/ToonsXYJ.cab
FF - ProfilePath - c:\users\Eurosamurai\AppData\Roaming\Mozilla\Firefox\Profiles\0r1f20mr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 16:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3402650624-1413319452-2117040649-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\SecuROM\License information*]
"datasecu"=hex:b1,28,a0,c6,c6,31,2e,bd,26,a0,13,d6,32,2d,38,5c,75,0b,40,82,64,
d0,02,35,30,46,4d,d0,74,14,e2,ef,22,d4,fb,4f,c0,ee,3c,04,af,b9,11,91,0b,6a,\
"rkeysecu"=hex:be,8c,30,ca,5f,a4,3a,f9,25,9b,bf,6f,f5,cd,7a,86
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4264)
c:\windows\System32\SyncCenter.dll
c:\windows\system32\bthprops.cpl
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\windows\system32\RASDLG.dll
.
Completion time: 2009-06-30 16:35
ComboFix-quarantined-files.txt 2009-06-30 20:35

Pre-Run: 330,045,140,992 bytes free
Post-Run: 329,993,216,000 bytes free

672 --- E O F --- 2009-06-30 10:18

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:36 AM

Posted 30 June 2009 - 05:29 PM

SKYNET has already gone according to Combofix.

Please rerun Gmer to see if that is the case. If necessary we will run a script with Combofix just to clear the registry entries.

Apart from this the PC looks good. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 eurosamurai

eurosamurai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 30 June 2009 - 10:02 PM

Thanks, attached is the new GMER log you requested.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-30 23:00:57
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 903DCFD0 ZwAlertResumeThread
SSDT 903DD0E8 ZwAlertThread
SSDT 903DD8F8 ZwAllocateVirtualMemory
SSDT 9038D978 ZwAlpcConnectPort
SSDT 903DCD80 ZwCreateMutant
SSDT 903DD9D0 ZwCreateThread
SSDT 903DCA80 ZwDebugActiveProcess
SSDT 903DD798 ZwFreeVirtualMemory
SSDT 903DCE50 ZwImpersonateAnonymousToken
SSDT 903DCF10 ZwImpersonateThread
SSDT 903DD6B8 ZwMapViewOfSection
SSDT 903DCCC0 ZwOpenEvent
SSDT 8FF9A560 ZwOpenProcessToken
SSDT 903DCB40 ZwOpenSection
SSDT 903DD490 ZwOpenThreadToken
SSDT 9036AA28 ZwResumeThread
SSDT 903959A0 ZwSetContextThread
SSDT 903DD560 ZwSetInformationProcess
SSDT 903DD338 ZwSetInformationThread
SSDT 903DCC00 ZwSuspendProcess
SSDT 903DD1F0 ZwSuspendThread
SSDT \??\C:\Windows\system32\drivers\CO_Mon.sys ZwTerminateProcess [0x9F556760]
SSDT 903811E8 ZwTerminateThread
SSDT 903E1640 ZwUnmapViewOfSection
SSDT 903DD868 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 82CFB860 8 Bytes [D0, CF, 3D, 90, E8, D0, 3D, ...] {ROR BH, 0x1; CMP EAX, 0x3dd0e890; NOP }
.text ntkrnlpa.exe!KeSetEvent + 131 82CFB874 4 Bytes [F8, D8, 3D, 90]
.text ntkrnlpa.exe!KeSetEvent + 13D 82CFB880 4 Bytes [78, D9, 38, 90]
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CFB938 4 Bytes [80, CD, 3D, 90] {OR CH, 0x3d; NOP }
.text ntkrnlpa.exe!KeSetEvent + 221 82CFB964 4 Bytes [D0, D9, 3D, 90]
.text ...
? C:\Windows\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\Users\EUROSA~1\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!CreateWindowExW 75821305 5 Bytes JMP 6973D2D4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DialogBoxParamW 758410B0 5 Bytes JMP 696651D5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DialogBoxIndirectParamW 75842EF5 5 Bytes JMP 6985B6FB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DialogBoxParamA 75858152 5 Bytes JMP 6985B698 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!DialogBoxIndirectParamA 7585847D 5 Bytes JMP 6985B75E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!MessageBoxIndirectA 7586D4D9 5 Bytes JMP 6985B62D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!MessageBoxIndirectW 7586D5D3 5 Bytes JMP 6985B5C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!MessageBoxExA 7586D639 5 Bytes JMP 6985B560 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5748] USER32.dll!MessageBoxExW 7586D65D 5 Bytes JMP 6985B4FE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!CreateDialogParamW 758172A2 5 Bytes JMP 6973D660 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!GetAsyncKeyState 7581863C 5 Bytes JMP 69658E62 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!SetWindowsHookExW 758187AD 5 Bytes JMP 69739271 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!CallNextHookEx 75818E3B 5 Bytes JMP 6972C8B9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!UnhookWindowsHookEx 758198DB 5 Bytes JMP 696A4284 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!EnableWindow 7581CD8B 5 Bytes JMP 6973D4ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!CreateWindowExW 75821305 5 Bytes JMP 6973D2D4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!GetKeyState 75828CB1 5 Bytes JMP 6973CA9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!IsDialogMessageW 75830745 5 Bytes JMP 696656E7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!CreateDialogParamA 758317AA 5 Bytes JMP 6985C018 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!IsDialogMessage 75831847 5 Bytes JMP 6985BA1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!CreateDialogIndirectParamA 758326F1 5 Bytes JMP 6985C04F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!CreateDialogIndirectParamW 75839A62 5 Bytes JMP 6985C086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!SetKeyboardState 75840987 5 Bytes JMP 6985BD8E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!DialogBoxParamW 758410B0 5 Bytes JMP 696651D5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!DialogBoxIndirectParamW 75842EF5 5 Bytes JMP 6985B6FB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!SendInput 75842F75 5 Bytes JMP 6985C703 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!EndDialog 7584326E 5 Bytes JMP 69667B8E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!DialogBoxParamA 75858152 5 Bytes JMP 6985B698 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!DialogBoxIndirectParamA 7585847D 5 Bytes JMP 6985B75E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!MessageBoxIndirectA 7586D4D9 5 Bytes JMP 6985B62D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!MessageBoxIndirectW 7586D5D3 5 Bytes JMP 6985B5C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!MessageBoxExA 7586D639 5 Bytes JMP 6985B560 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!MessageBoxExW 7586D65D 5 Bytes JMP 6985B4FE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] USER32.dll!keybd_event 7586D972 5 Bytes JMP 6985C92F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] SHELL32.dll!SHRestricted + D95 75CD8988 4 Bytes [5D, 30, AA, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] SHELL32.dll!SHRestricted + D9D 75CD8990 8 Bytes [67, 2F, AA, 70, 49, 5C, A9, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6260] ole32.dll!CoCreateInstance 76F89EA6 5 Bytes JMP 6973D330 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!CreateDialogParamW 758172A2 5 Bytes JMP 6973D660 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!GetAsyncKeyState 7581863C 5 Bytes JMP 69658E62 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!SetWindowsHookExW 758187AD 5 Bytes JMP 69739271 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!CallNextHookEx 75818E3B 5 Bytes JMP 6972C8B9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!UnhookWindowsHookEx 758198DB 5 Bytes JMP 696A4284 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!EnableWindow 7581CD8B 5 Bytes JMP 6973D4ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!CreateWindowExW 75821305 5 Bytes JMP 6973D2D4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!GetKeyState 75828CB1 5 Bytes JMP 6973CA9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!IsDialogMessageW 75830745 5 Bytes JMP 696656E7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!CreateDialogParamA 758317AA 5 Bytes JMP 6985C018 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!IsDialogMessage 75831847 5 Bytes JMP 6985BA1F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!CreateDialogIndirectParamA 758326F1 5 Bytes JMP 6985C04F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!CreateDialogIndirectParamW 75839A62 5 Bytes JMP 6985C086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!SetKeyboardState 75840987 5 Bytes JMP 6985BD8E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!DialogBoxParamW 758410B0 5 Bytes JMP 696651D5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!DialogBoxIndirectParamW 75842EF5 5 Bytes JMP 6985B6FB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!SendInput 75842F75 5 Bytes JMP 6985C703 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!EndDialog 7584326E 5 Bytes JMP 69667B8E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!DialogBoxParamA 75858152 5 Bytes JMP 6985B698 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!DialogBoxIndirectParamA 7585847D 5 Bytes JMP 6985B75E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!MessageBoxIndirectA 7586D4D9 5 Bytes JMP 6985B62D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!MessageBoxIndirectW 7586D5D3 5 Bytes JMP 6985B5C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!MessageBoxExA 7586D639 5 Bytes JMP 6985B560 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!MessageBoxExW 7586D65D 5 Bytes JMP 6985B4FE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] USER32.dll!keybd_event 7586D972 5 Bytes JMP 6985C92F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] SHELL32.dll!SHRestricted + D95 75CD8988 4 Bytes [5D, 30, AA, 70]
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] SHELL32.dll!SHRestricted + D9D 75CD8990 8 Bytes [67, 2F, AA, 70, 49, 5C, A9, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6888] ole32.dll!CoCreateInstance 76F89EA6 5 Bytes JMP 6973D330 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2468] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00062F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2468] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [00062D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2468] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00062CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2468] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00062CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3700] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3700] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3700] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3700] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00902F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00902D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00902CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3704] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00902CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00832F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00832D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00832CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00832CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4000] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00322F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4000] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [00322D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4000] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00322CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4000] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00322CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[4832] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00082F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[4832] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00082D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[4832] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00082CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[4832] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00082CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[4972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00312F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[4972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00312D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[4972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00312CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[4972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00312CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[5032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[5032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[5032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[5032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5312] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[5348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[5348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[5348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[5348] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[5840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[5840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [011B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[5840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[5840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[6004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[6004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[6004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[6004] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [70A8E28D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [70A90A38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [70A8A3EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70A91DFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [70A92A3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [70A8DD00] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [70A8D55C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [70A9FCAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [70AA0615] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [70A9EC35] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [70A9F90F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [70A9F029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [70A9E6BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [70A9EE8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [70A8E28D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [70A92DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [70A929CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [70A92A3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [70A8BE1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [70A917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [70A8C071] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [70A90FB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [70A9158D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [70A8EDBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [70A8BF46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [70A91DFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [70A8C19F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [70A910E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [70A90A38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [70A916B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [70A909C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [70A8A063] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [70A8A3EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [70A8E7BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [70A90D39] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [70A8DD00] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [70A8D55C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [70A8D405] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [70A8C19F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [70A92A3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [70A8BF46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [70A8C071] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [70A8E7BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [70A92DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [70A929CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [70A92449] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [70A8BE1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [70A8FB4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [70A8FA17] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [70A9EE8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [70A9E535] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [70A9EEE0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [70A9FAAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [70A9EABD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [70A9E6BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [70A9EC35] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [70AA0305] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [70A9F5D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [70A9F029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [70A9FCAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [70A9F90F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [70AA0615] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [70AA0011] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [70AA017D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [70AA048D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [70A9FEA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [70A9F76F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [70A8D04C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [70A92A3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [70A90D39] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [70A8D2CE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [70A8DA7E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [70A8DD00] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [70A8EC0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70A91DFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [70A8E28D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [70A8CB4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [70A8A3EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [70A90A38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [70A8C7AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [70A8BE1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [70A8CDC4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [70A8D55C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [70A916B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [70A910E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [70A8C19F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [70A8BF46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [70A90A5D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [70A8C8EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [70A8C40C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [70A8C67C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [70A8F174] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [70A8FB4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [70A8F669] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [70A966B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [70A962E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [70A97670] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [70A96189] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [70A96236] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [70A976C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [70A9660E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [70A97A75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [70A9692A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [70A96F20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [70A96BD6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [70A96C22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [70A9735C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [70A967F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [70A972C8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [70A970FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [70A98099] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [70A97234] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [70A969C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [70A96CBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [70A968DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [70A9705C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [70A96480] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [70A98198] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [70A985EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [70A98251] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [70A97C7F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [70A98310] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [70A96A5A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [70A96E88] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [70A96DF0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [70A973FA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [70A96FB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [70A96D58] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [70A96B8A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [70A979C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [70A964CF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [70A977B2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [70A9880D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [70A97859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [70A9790C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [70A96756] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [70A97711] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [70A8BBDC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [70A8A3EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [70A8C8EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [70A8C40C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [70A8BF46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [70A98310] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [70A982B2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [70A973A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [70A976C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [70A977B2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [70A966B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [70A9796A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [70A987B2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [70A979C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [70A9880D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [70A9660E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6260] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [70A8E28D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [70A90A38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [70A8A3EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70A91DFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [70A92A3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [70A8DD00] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [70A8D55C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [70A9FCAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [70AA0615] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [70A9EC35] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [70A9F90F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [70A9F029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [70A9E6BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [70A9EE8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [70A8E28D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [70A92DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [70A929CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [70A92A3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [70A8BE1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [70A917E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [70A8C071] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [70A90FB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [70A9158D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [70A8EDBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [70A8BF46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [70A91DFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [70A8C19F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [70A910E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [70A90A38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [70A916B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [70A909C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [70A8A063] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [70A8A3EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [70A8E7BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [70A90D39] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [70A8DD00] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [70A8D55C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [70A8D405] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [70A8C19F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [70A92A3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [70A8BF46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [70A8C071] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [70A8E7BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [70A92DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [70A929CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [70A92449] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [70A8BE1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [70A8FB4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [70A8FA17] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [70A9EE8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [70A9E535] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [70A9EEE0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [70A9FAAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [70A9EABD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [70A9E6BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [70A9EC35] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [70AA0305] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [70A9F5D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [70A9F029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [70A9FCAB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [70A9F90F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [70AA0615] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [70AA0011] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [70AA017D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [70AA048D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [70A9FEA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [70A9F76F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [70A8D04C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [70A92A3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [70A90D39] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [70A8D2CE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [70A8DA7E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [70A8DD00] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [70A8EC0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70A91DFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [70A8E28D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [70A8CB4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [70A8A3EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [70A90A38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [70A8C7AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [70A8BE1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [70A8CDC4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [70A8D55C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [70A916B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [70A910E1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [70A8C19F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [70A8BF46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [70A90A5D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [70A8C8EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [70A8C40C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [70A8C67C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [70A8F174] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [70A8FB4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [70A8F669] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [70A966B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [70A962E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [70A97670] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [70A96189] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [70A96236] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [70A976C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [70A9660E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [70A97A75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [70A9692A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [70A96F20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [70A96BD6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [70A96C22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [70A9735C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [70A967F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [70A972C8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [70A970FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [70A98099] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [70A97234] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [70A969C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [70A96CBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [70A968DE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [70A9705C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [70A96480] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [70A98198] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [70A985EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [70A98251] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [70A97C7F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [70A98310] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [70A96A5A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [70A96E88] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [70A96DF0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [70A973FA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [70A96FB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [70A96D58] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [70A96B8A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [70A979C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [70A964CF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [70A977B2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [70A9880D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [70A97859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [70A9790C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [70A96756] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [70A97711] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [70A8BBDC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [70A93BB7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [70A93110] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [70A90120] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [70A91B90] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [70A8A3EB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [70A8EEEA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [70A8C8EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [70A8C40C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [70A8E904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [70A8FE0A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [70A8BF46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [70A8FC85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [70A98310] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [70A982B2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [70A973A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [70A976C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [70A977B2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [70A966B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [70A9796A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [70A987B2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [70A979C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [70A9880D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [70A9660E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6888] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [70A882E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbhub \Device\00000083 hcmon.sys
Device \Driver\usbhub \Device\00000084 hcmon.sys
Device \Driver\usbhub \Device\00000085 hcmon.sys
Device \Driver\usbhub \Device\00000086 hcmon.sys
Device \Driver\usbhub \Device\00000087 hcmon.sys
Device \Driver\usbhub \Device\00000088 hcmon.sys

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbhub \Device\00000089 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@imagepath \systemroot\system32\drivers\SKYNETggfyvndy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@aid 10099
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\delete
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\injector
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\tasks
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETggfyvndy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETwbkbyjra.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETlog.dat \systemroot\system32\SKYNETskkxkcbv.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmjuykbci.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNET.dat \systemroot\system32\SKYNETrdgbmqjc.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x54 0xB8 0x85 0x5B ...

---- EOF - GMER 1.0.15 ----

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:36 AM

Posted 01 July 2009 - 06:42 AM

Skynet is still present.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
C:\windows\SKYNETwbkbyjra.dll
C:\windows\system32\SKYNETskkxkcbv.dat
C:\windows\system32\SKYNETmjuykbci.dll
C:\windows\system32\SKYNETrdgbmqjc.dat

Driver::
SKYNETggfyvndy

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please rerun Gmer after you have done this and post the log.

Let's see where that leaves us. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 eurosamurai

eurosamurai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 01 July 2009 - 09:39 AM

Hi, attached is the new combofix log with the script run as above. I am currently running GMER and will attach it in the next post.

ComboFix 09-06-29.07 - Eurosamurai 07/01/2009 10:13.8 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.939 [GMT -4:00]
Running from: c:\users\Eurosamurai\Desktop\ComboFix.exe
Command switches used :: c:\users\Eurosamurai\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 10:15 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.055\EECTRL.SYS
2009-07-01 10:15 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.055\CCERASER.DLL
2009-07-01 10:15 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.055\ERASER.SYS
2009-07-01 10:15 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.055\NAVENG.SYS
2009-07-01 10:15 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.055\NAVEX15.SYS
2009-07-01 10:15 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.055\NAVENG32.DLL
2009-07-01 10:15 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.055\NAVEX32A.DLL
2009-07-01 10:15 . 2008-11-11 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.055\ECMSVR32.DLL
2009-06-30 22:42 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.032\EECTRL.SYS
2009-06-30 22:42 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.032\CCERASER.DLL
2009-06-30 22:42 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.032\ERASER.SYS
2009-06-30 22:42 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.032\NAVENG.SYS
2009-06-30 22:42 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.032\NAVEX15.SYS
2009-06-30 22:42 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.032\NAVENG32.DLL
2009-06-30 22:42 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.032\NAVEX32A.DLL
2009-06-30 22:42 . 2008-11-11 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090630.032\ECMSVR32.DLL
2009-06-29 20:48 . 2009-06-29 23:08 600 ----a-w- c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\tmp14d0.tmp\cur.scr
2009-06-29 16:33 . 2009-06-29 17:16 -------- d-----w- C:\ebook
2009-06-29 14:32 . 2009-02-19 09:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\NAVEX32A.DLL
2009-06-29 14:32 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\EECTRL.SYS
2009-06-29 14:32 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\CCERASER.DLL
2009-06-29 14:32 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\ERASER.SYS
2009-06-29 14:32 . 2009-02-19 09:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\NAVENG.SYS
2009-06-29 14:32 . 2009-02-19 09:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\NAVEX15.SYS
2009-06-29 14:32 . 2009-02-19 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\NAVENG32.DLL
2009-06-29 14:32 . 2008-11-11 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090629.003\ECMSVR32.DLL
2009-06-26 03:37 . 2009-06-26 03:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-26 03:37 . 2009-06-26 03:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-23 13:23 . 2009-06-26 10:17 -------- d-----w- c:\program files\Safer Networking
2009-06-23 12:58 . 2009-06-23 12:50 114688 ----a-w- C:\Fport.exe
2009-06-21 21:57 . 2009-06-21 18:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-21 18:50 . 2009-06-21 18:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-21 18:45 . 2009-06-21 18:45 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-21 18:45 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-21 18:45 . 2009-06-21 18:50 -------- d-----w- c:\programdata\Lavasoft
2009-06-21 18:45 . 2009-06-21 18:45 -------- d-----w- c:\program files\Lavasoft
2009-06-21 15:23 . 2009-06-29 22:16 117760 ----a-w- c:\users\Eurosamurai\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-21 15:22 . 2009-06-21 15:22 65024 ----a-r- c:\users\Eurosamurai\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-06-21 15:22 . 2009-06-21 15:22 18944 ----a-r- c:\users\Eurosamurai\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-06-21 15:22 . 2009-06-21 15:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 01:20 . 2009-06-20 01:20 33280 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-06-20 01:08 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\Scxpx86.dll
2009-06-20 01:08 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSvix86.sys
2009-06-20 01:08 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSco.sys
2009-06-20 01:08 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSxpx86.dll
2009-06-20 01:08 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSI.dll
2009-06-20 01:08 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSviA64.sys
2009-06-20 01:08 . 2008-10-03 20:21 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDS9xx86.dll
2009-06-15 23:42 . 2008-07-17 18:32 144896 ----a-w- c:\windows\system32\APOMngr.DLL
2009-06-12 22:27 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\Scxpx86.dll
2009-06-12 22:27 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSvix86.sys
2009-06-12 22:27 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSco.sys
2009-06-12 22:27 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSxpx86.dll
2009-06-12 22:27 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSI.dll
2009-06-12 22:27 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSviA64.sys
2009-06-12 22:27 . 2008-10-03 20:21 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDS9xx86.dll
2009-06-06 23:24 . 2009-06-06 23:24 -------- d-----w- c:\windows\system32\ca-ES
2009-06-06 23:24 . 2009-06-06 23:24 -------- d-----w- c:\windows\system32\eu-ES
2009-06-06 23:24 . 2009-06-06 23:24 -------- d-----w- c:\windows\system32\vi-VN
2009-06-06 23:13 . 2008-07-15 21:23 72728 ----a-w- c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.DLL
2009-06-06 23:04 . 2009-06-06 23:04 -------- d-----w- c:\windows\system32\EventProviders
2009-06-06 23:02 . 2009-04-11 06:28 502272 ----a-w- c:\windows\system32\usp10.dll
2009-06-06 23:01 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-06-06 23:01 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-06-06 23:01 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-06-06 23:01 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-06-06 23:01 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-06-06 23:01 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-06 23:01 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-06-06 23:01 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-06-06 23:01 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-06-06 23:01 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-06-06 23:01 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-06 22:40 . 2009-06-06 22:40 -------- d-----w- c:\programdata\ATI
2009-06-06 21:02 . 2009-06-06 23:19 -------- d-----w- c:\windows\system32\RTCOM
2009-06-06 20:54 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-06 00:35 . 2009-06-06 00:35 98304 ----a-w- c:\users\Eurosamurai\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
2009-06-05 23:25 . 2009-06-06 01:16 -------- d-----w- c:\programdata\eMule
2009-06-05 23:25 . 2009-06-05 23:25 -------- d-----w- c:\users\Eurosamurai\AppData\Local\eMule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 14:27 . 2009-02-08 01:19 -------- d-----w- c:\users\Eurosamurai\AppData\Roaming\VMware
2009-07-01 14:22 . 2009-02-08 01:13 -------- d-----w- c:\programdata\VMware
2009-07-01 03:14 . 2008-11-02 02:06 -------- d-----w- c:\users\Eurosamurai\AppData\Roaming\GrabIt
2009-06-21 18:49 . 2009-06-21 18:49 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-21 18:49 . 2009-06-21 18:49 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-21 15:22 . 2009-03-25 00:36 -------- d-----w- c:\users\Eurosamurai\AppData\Roaming\SUPERAntiSpyware.com
2009-06-21 15:21 . 2008-11-03 21:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-19 10:40 . 2008-12-15 02:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 10:37 . 2009-01-10 19:55 -------- d-----w- c:\program files\%systemdir%
2009-06-18 07:00 . 2009-01-05 08:00 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 15:27 . 2008-12-15 02:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-15 02:02 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 00:12 . 2008-11-02 01:27 -------- d-----w- c:\programdata\Creative
2009-06-15 23:42 . 2008-11-02 01:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 23:42 . 2008-11-02 01:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-15 23:42 . 2008-11-02 01:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-06 23:35 . 2008-11-02 01:34 -------- d-----w- c:\program files\ATI
2009-06-06 23:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-06 23:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-06 23:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-06 23:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-06 23:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-06 23:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-06 23:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-06 23:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-06 21:05 . 2008-11-02 01:34 -------- d-----w- c:\program files\ATI Technologies
2009-06-06 21:04 . 2009-06-06 21:01 -------- d--h--w- c:\program files\Temp
2009-06-06 21:01 . 2009-06-06 21:01 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-06-06 21:01 . 2009-01-20 16:30 -------- d-----w- c:\program files\Realtek
2009-06-06 20:54 . 2009-06-06 20:54 10134 ----a-r- c:\users\Eurosamurai\AppData\Roaming\Microsoft\Installer\{AA3DDA7B-A960-51C2-69C5-86F3AFB3E074}\ARPPRODUCTICON.exe
2009-06-06 01:01 . 2009-06-06 00:35 -------- d-----w- c:\users\Eurosamurai\AppData\Roaming\LimeWire
2009-05-09 05:50 . 2009-06-09 22:13 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-09 22:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-04 17:08 . 2009-05-04 17:08 -------- d-----w- c:\program files\PopCap Games
2009-05-04 17:08 . 2009-05-04 17:08 -------- d-----w- c:\programdata\PopCap Games
2009-05-03 18:00 . 2009-05-03 18:00 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-03 18:00 . 2009-05-03 18:00 -------- d-----w- c:\program files\iTunes
2009-05-03 18:00 . 2009-05-03 18:00 -------- d-----w- c:\program files\iPod
2009-05-03 18:00 . 2008-11-03 02:55 -------- d-----w- c:\program files\Common Files\Apple
2009-05-03 17:57 . 2009-05-03 17:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 03:31 . 2009-04-29 03:31 4491776 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-04-29 02:08 . 2009-04-29 02:08 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-04-29 02:08 . 2009-04-29 02:08 303104 ----a-w- c:\windows\system32\atieclxx.exe
2009-04-29 02:07 . 2009-04-29 02:07 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2009-04-29 02:06 . 2008-06-03 07:35 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-04-29 02:06 . 2008-06-03 07:35 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-04-29 02:05 . 2009-04-29 02:05 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2009-04-29 02:05 . 2009-04-29 02:05 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-04-29 02:05 . 2009-04-29 02:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-04-29 02:02 . 2009-04-29 02:02 2428928 ----a-w- c:\windows\system32\atidxx32.dll
2009-04-29 01:52 . 2008-09-24 02:02 3082752 ----a-w- c:\windows\system32\atiumdag.dll
2009-04-29 01:41 . 2009-04-29 01:41 11559424 ----a-w- c:\windows\system32\atioglxx.dll
2009-04-29 01:37 . 2008-09-24 01:41 4963840 ----a-w- c:\windows\system32\atiumdva.dll
2009-04-29 01:25 . 2009-04-29 01:25 51712 ----a-w- c:\windows\system32\atimpc32.dll
2009-04-29 01:25 . 2009-04-29 01:25 51712 ----a-w- c:\windows\system32\amdpcom32.dll
2009-04-29 01:24 . 2009-04-29 01:24 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-04-29 01:22 . 2009-04-29 01:22 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-04-29 01:22 . 2009-04-29 01:22 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-04-29 01:20 . 2009-04-29 01:20 3293184 ----a-w- c:\windows\system32\aticaldd.dll
2009-04-29 01:11 . 2009-04-29 01:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-04-24 05:43 . 2009-04-24 05:43 95544 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-04-23 12:15 . 2009-06-09 22:13 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-09 22:13 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-09 22:13 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 22:52 . 2009-04-17 22:52 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-04-17 22:52 . 2009-04-17 22:52 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-04-11 21:07 . 2009-04-11 21:06 29813256 ----a-w- c:\programdata\TaxCut\2008\Update\US68017101cupd.exe
2009-04-11 06:33 . 2009-06-06 23:03 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-06 23:03 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-06 23:02 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-06 23:03 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-06 23:03 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-06 23:03 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-06 23:03 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-06 23:02 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-06 23:02 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-06 23:02 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-06 23:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-06 23:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-06 23:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-06 23:02 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-06 23:02 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-06 23:02 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-06 23:02 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-06 23:02 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-06 23:02 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-06 23:02 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-06 23:02 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-06 23:02 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-06-06 23:02 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-06 23:02 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-06 23:02 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-06 23:02 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-06 23:02 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-06 23:02 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-06 23:02 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-06 23:03 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-06-06 23:02 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:43 . 2009-06-06 23:02 236544 ----a-w- c:\windows\system32\drivers\HdAudio.sys
2009-04-11 04:42 . 2009-06-06 23:02 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-01 02:47 . 2009-04-17 16:25 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_20.34.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:02 . 2009-07-01 14:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-06-30 20:15 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-06-30 20:15 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-01 14:22 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-01 08:04 . 2009-06-30 10:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009070120090702\index.dat
+ 2009-07-01 08:04 . 2009-06-30 10:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009062220090629\index.dat
+ 2009-06-22 14:02 . 2009-06-30 10:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009061520090622\index.dat
- 2009-06-22 14:02 . 2009-06-22 02:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009061520090622\index.dat
+ 2006-11-02 13:02 . 2009-07-01 14:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-06-30 20:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-02 01:29 . 2009-07-01 14:19 2730 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-11-02 01:29 . 2009-06-29 04:26 2730 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-07-01 14:22 . 2009-07-01 14:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-30 10:14 . 2009-06-30 10:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-30 10:14 . 2009-06-30 10:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-01 14:22 . 2009-07-01 14:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-06-30 21:18 683242 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-30 10:19 683242 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-30 10:19 135890 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-30 21:18 135890 c:\windows\System32\perfc009.dat
- 2009-06-06 21:28 . 2009-06-30 19:36 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-06 21:28 . 2009-07-01 14:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 55856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-24 1833504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-29 61440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-07-11 19968]

c:\users\Eurosamurai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-1-10 575488]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-1-9 110647]
MobiNET Agent.lnk - c:\windows\Installer\{43740021-58E6-4C82-A626-3026D350AC6D}\mobi_ui.exe2_AF8E4DA433B4474DAB06F867AAFC5607.exe [2009-3-26 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::fb,65,21,08,ff,e6,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{951D3564-12A8-4DC9-8C3C-67A2EBC0C3B9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB983BA4-C447-40E7-90DB-D0AA8F923F1F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D7F4430-2A4C-4679-9050-00337D490EE5}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{86A05F72-A1A8-4799-96EA-E85A568E39B7}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{545F4C5C-9802-4860-8F85-899A68E30AEA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2F011569-87A7-44C0-BD63-B6C6B6FC29B5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7DB64105-9066-4C4A-A01C-E2638CF2DEFF}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{14779C18-09D3-4BDF-A744-73631988EB70}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{6863F2B7-3C9B-4F8B-987E-78A911296B5D}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{F1CC9C45-D3DD-485E-9E59-1911E820FE23}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{8B351864-D7EB-4000-BE19-6A03CE7ACBC5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{AD58BC7A-181D-40C1-BC5B-A2482B176835}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BD48EAC4-8259-4BC9-BC69-CB6111F5B15E}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{F6EBE61A-3255-403E-ABE5-DF2585613566}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{D46C7E16-BEAD-47D1-8D73-9D9923E681B0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{64CFD358-6DCF-4785-A602-5F0EB4983BD9}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5081FF43-F4C3-4B01-9520-C0161CB0ECB4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{82ED2CF8-36EE-46E2-8223-C7962C9887BA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CF922A18-62D5-4332-9D50-A24F7E3756B9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B344611D-F3EE-4080-8248-204061DEFD22}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8B4D0042-428F-4F0F-97F5-BFB378F40A74}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15985D9A-8022-481D-B919-225AEEE0448E}"= UDP:c:\program files\IDA\idag.exe:Interactive Disassembler (32-bit)
"{7A26EFF5-06C5-4112-B520-0648A206B9D0}"= TCP:c:\program files\IDA\idag.exe:Interactive Disassembler (32-bit)
"{DE8B3A51-4537-4896-B1F6-0B1CA80ED0FC}"= UDP:c:\program files\IDA\idag64.exe:Interactive Disassembler (64-bit)
"{C55F2E44-724C-4DC8-A1AF-72536CC25428}"= TCP:c:\program files\IDA\idag64.exe:Interactive Disassembler (64-bit)
"{6AFFE414-C433-4F9E-855E-05B0D1378D71}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F1A1C0DB-22A2-4076-8F7C-F3C50CF27B8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{C4FBABC5-9F54-4282-B46F-C602FF34DFB7}c:\\users\\eurosamurai\\desktop\\720_starcraft2gameplayvideo_englishus.avi-downloader.exe"= UDP:c:\users\eurosamurai\desktop\720_starcraft2gameplayvideo_englishus.avi-downloader.exe:720_starcraft2gameplayvideo_englishus.avi-downloader.exe
"UDP Query User{A6181DA4-54AA-4AF9-8B43-5F1625A0814C}c:\\users\\eurosamurai\\desktop\\720_starcraft2gameplayvideo_englishus.avi-downloader.exe"= TCP:c:\users\eurosamurai\desktop\720_starcraft2gameplayvideo_englishus.avi-downloader.exe:720_starcraft2gameplayvideo_englishus.avi-downloader.exe
"{7C2F52C2-356E-4F16-9129-6605FFD9679B}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{41C77F41-2D76-4CC0-9AB4-4223462DE889}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{4310CF55-C0E5-4167-99F6-920AC1AA5B2B}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:Sins of a Solar Empire - Entrenchment
"{54E54183-EEF6-4C87-A218-D9976D1C1B6F}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:Sins of a Solar Empire - Entrenchment
"{C3A80FC6-478F-4867-8BFC-CB01104E8C43}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{03465FB7-80E5-4E19-B821-053E7F0B318C}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{3E31F336-8924-4700-B5B7-E2845CF23D15}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7BAC8B30-D654-4EC2-B509-8B61FC340DDB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F7C8897E-AEAC-49AE-A17B-23603CF8B259}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{3737DA55-6A4D-4993-A087-0AE97067C567}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"TCP Query User{6D344322-BD39-4E28-8920-CA596862FED6}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1135D47D-FE66-4D06-A274-5BB399B776A4}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{4CB7D16A-C1EF-40AD-8CEC-F8F227741163}e:\\program files\\limewire\\limewire.exe"= UDP:e:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D56D0802-A40E-461B-8EDD-DE7F191C5BB7}e:\\program files\\limewire\\limewire.exe"= TCP:e:\program files\limewire\limewire.exe:LimeWire
"{498C828D-C4A6-4368-BBAB-845A3EBE6FEA}"= UDP:h:\bin\MobiKEY.exe:MobiKEY
"{6D84B7D2-2651-4295-A330-B105C1B21B6D}"= TCP:h:\bin\MobiKEY.exe:MobiKEY

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/21/2009 2:50 PM 64160]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\System32\drivers\ext2fsd.sys [3/8/2009 11:29 PM 654480]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090618.001\IDSvix86.sys [6/19/2009 9:08 PM 272432]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [4/28/2009 10:07 PM 176128]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [11/1/2008 9:17 PM 149352]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/14/2008 10:02 PM 195856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
R2 Route1 Mobi Host;Mobi Host Service;c:\program files\Route1\MobiNETAgent\MobiHostService.exe [9/25/2008 10:22 PM 24576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [6/25/2009 11:37 PM 1153368]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [4/24/2009 1:43 AM 95544]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 9:54 PM 101936]
R3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\System32\drivers\HCWUSB2.sys [1/9/2009 10:00 PM 1464672]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [12/14/2008 10:02 PM 19096]
R3 SX2KDriver;SX2KDriver;c:\windows\System32\drivers\SX2KDriver.sys [9/22/2008 1:31 PM 3328]
R3 SX2KKeyBD;SX2KKeyBD;c:\windows\System32\drivers\SX2KKeyBD.sys [3/26/2009 10:18 PM 5632]
R3 SX2KMntr;SX2KMntr;c:\windows\System32\drivers\SX2KMntr.sys [3/26/2009 10:18 PM 6400]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 12:31 PM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/20/2009 12:48 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [10/8/2008 2:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [10/8/2008 2:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [10/8/2008 2:21 AM 72728]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:50]

2009-07-01 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Eurosamurai.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-15 15:27]

2009-07-01 c:\windows\Tasks\Malwarebytes' Scheduled Update for Eurosamurai.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-15 15:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} - hxxp://comics.yahoo.co.jp/component/ToonsXYJ.cab
FF - ProfilePath - c:\users\Eurosamurai\AppData\Roaming\Mozilla\Firefox\Profiles\0r1f20mr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 10:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3402650624-1413319452-2117040649-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_USERS\S-1-5-21-3402650624-1413319452-2117040649-1000\Software\SecuROM\License information*]
"datasecu"=hex:b1,28,a0,c6,c6,31,2e,bd,26,a0,13,d6,32,2d,38,5c,75,0b,40,82,64,
d0,02,35,30,46,4d,d0,74,14,e2,ef,22,d4,fb,4f,c0,ee,3c,04,af,b9,11,91,0b,6a,\
"rkeysecu"=hex:be,8c,30,ca,5f,a4,3a,f9,25,9b,bf,6f,f5,cd,7a,86
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(10904)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\System32\NLSLexicons0009.dll
c:\windows\system32\imapi2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\System32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\System32\vmnetdhcp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Route1\MobiNETAgent\MobiHostSession.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Route1\MobiNETAgent\mobi_ui.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\CTxfispi.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-07-01 10:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-01 14:30
ComboFix2.txt 2009-06-30 20:35

Pre-Run: 346,915,180,544 bytes free
Post-Run: 347,477,696,512 bytes free

723 --- E O F --- 2009-06-30 10:18

#12 eurosamurai

eurosamurai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 01 July 2009 - 04:13 PM

Here is the latest GMER log. It still shows the SKYNET registry entries. Also I could not get GMER to run without crashing unless I de-selected hardware. The program would always crash upon scanning the shadowvolume.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-01 17:06:42
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 8FBA0C48 ZwAlertResumeThread
SSDT 8FBA0D28 ZwAlertThread
SSDT 8FBB1CD0 ZwAllocateVirtualMemory
SSDT 8FAF8868 ZwAlpcConnectPort
SSDT 8FBA0998 ZwCreateMutant
SSDT 872184E8 ZwCreateThread
SSDT 8FB9BEB0 ZwDebugActiveProcess
SSDT 8FBB0160 ZwFreeVirtualMemory
SSDT 8FBA0A88 ZwImpersonateAnonymousToken
SSDT 8FBA0B68 ZwImpersonateThread
SSDT 8FBB0080 ZwMapViewOfSection
SSDT 8FBA08B8 ZwOpenEvent
SSDT 8FBB0598 ZwOpenProcessToken
SSDT 8FA0F258 ZwOpenThreadToken
SSDT 8FA109F0 ZwResumeThread
SSDT 8FA13F90 ZwSetContextThread
SSDT 8FA0F348 ZwSetInformationProcess
SSDT 8FA13EA0 ZwSetInformationThread
SSDT 8FB9BF90 ZwSuspendProcess
SSDT 8FA13CE0 ZwSuspendThread
SSDT 84AA62C0 ZwTerminateProcess
SSDT 8FA13DC0 ZwTerminateThread
SSDT 8FBB0BA8 ZwUnmapViewOfSection
SSDT 8FBB0008 ZwWriteVirtualMemory

INT 0xB0 ? 92913CD0

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 82CE6860 8 Bytes [48, 0C, BA, 8F, 28, 0D, BA, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 82CE6874 4 Bytes [D0, 1C, BB, 8F]
.text ntkrnlpa.exe!KeSetEvent + 13D 82CE6880 4 Bytes [68, 88, AF, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CE6938 4 Bytes [98, 09, BA, 8F]
.text ntkrnlpa.exe!KeSetEvent + 2B9 82CE69FC 4 Bytes [B0, BE, B9, 8F]
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01D02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01D02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01D02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01D02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[4364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] 00A22F30
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] 00A22D00
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] 00A22CA0
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[4412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] 00A22CD0
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [019D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [019D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [019D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [019D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[4436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] 010C2F30
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[4436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] 010C2D00
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[4436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] 010C2CA0
IAT C:\Program Files\VMware\VMware Workstation\vmware-tray.exe[4436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] 010C2CD0
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[4448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[4448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[4448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\VMware\VMware Workstation\hqtray.exe[4448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[4460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00272F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[4460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00272D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[4460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00272CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe[4460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00272CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4472] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00812F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4472] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00812D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4472] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00812CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[4472] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00812CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[4752] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00332F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[4752] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00332D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[4752] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00332CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[4752] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00332CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4816] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4816] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4816] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4816] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\Ctxfihlp.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] 00812F30
IAT C:\Windows\System32\Ctxfihlp.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] 00812D00
IAT C:\Windows\System32\Ctxfihlp.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] 00812CA0
IAT C:\Windows\System32\Ctxfihlp.exe[4896] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] 00812CD0
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[5016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] 00362F30
IAT C:\Program Files\WinTV\Ir.exe[5016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] 00362D00
IAT C:\Program Files\WinTV\Ir.exe[5016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] 00362CA0
IAT C:\Program Files\WinTV\Ir.exe[5016] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] 00362CD0
IAT C:\Windows\system32\wbem\unsecapp.exe[5136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00092F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00092D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00092CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5136] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00092CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MagicDisc\MagicDisc.exe[5164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5332] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [001C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5332] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [001C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5332] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [001C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5332] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [001C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Eurosamurai\Desktop\3tkkuh5b.exe[5736] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Eurosamurai\Desktop\3tkkuh5b.exe[5736] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Eurosamurai\Desktop\3tkkuh5b.exe[5736] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Eurosamurai\Desktop\3tkkuh5b.exe[5736] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq@imagepath \systemroot\system32\drivers\SKYNETggfyvndy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@aid 10099
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\delete
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\injector
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\main\tasks
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETggfyvndy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETwbkbyjra.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETlog.dat \systemroot\system32\SKYNETskkxkcbv.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmjuykbci.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETpuilpqdq\modules@SKYNET.dat \systemroot\system32\SKYNETrdgbmqjc.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@ProductFiles 987824345
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage@GrooveFiles 987824224
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109AB0090400000000000F01FEC\Usage@GrooveFilesIntl_1033 987824223
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x16 0x03 0x60 0x57 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F18BBDCB-F08A-4FBC-A0BC-2B25B7E8F5DC}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F18BBDCB-F08A-4FBC-A0BC-2B25B7E8F5DC}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F18BBDCB-F08A-4FBC-A0BC-2B25B7E8F5DC}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F18BBDCB-F08A-4FBC-A0BC-2B25B7E8F5DC}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F18BBDCB-F08A-4FBC-A0BC-2B25B7E8F5DC}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {F18BBDCB-F08A-4FBC-A0BC-2B25B7E8F5DC}

---- EOF - GMER 1.0.15 ----

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:36 AM

Posted 01 July 2009 - 04:44 PM

Let's try another tool to see what we can do.

How is the PC running by the way?

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
SKYNET*
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post the OTM log.

After that please do this

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 eurosamurai

eurosamurai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 01 July 2009 - 05:41 PM

Hi, the PC is running fairly well. Nothing out of the ordinary on a wireshark capture. I did a quick look with regedit and I should note I'm on control set 002. There is a SKYNET entry under control set 001, but it does not allow me to delete it. There is no SKYNET entry under control set 002.

I'm running the bitdefender scan now.

Here is the OTM log

========== SERVICES/DRIVERS ==========
Service\Driver SKYNET* not found.


OTM by OldTimer - Version 3.0.0.2 log created on 07012009_183214

#15 eurosamurai

eurosamurai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:04:36 AM

Posted 02 July 2009 - 11:16 AM

Attached is the BitDefender scan in HTML format. It came out clean.

Attached Files

  • Attached File  log.html   16.76KB   1 downloads

Back to Virus, Trojan, Spyware, and Malware Removal Assistance


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Assistance
  4. Privacy Policy
  5. Rules ·