Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Downloader Win32 Reno.IO infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 wildeblood

wildeblood

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 28 July 2009 - 08:49 AM

Hi , I would really love some help in recovering my laptop from infestation. Ive done the best I can so far but Im really out of my depth here, like most of us here :)

I have tried to explain as comprehesively as i can with my limited knowledge , I hope its not too longwinded but I think its really generous of you all to give your time like this for us poor unfortunate fools, and have tried to help you out as best I can :)

I have Windows Vista Home Premium 32-bit

Last evening 27/07/09 I downloaded a torrent for a movie. When I tried to open the file to play it, a request came up on my windows media screen saying that I need to get a DRM licence to play the file .

I clicked to download the DRM but obviously there was no movie. I found a file pertaining to this called 'Omegaplay'

Shortly after, Windows Defender alerted me that a Trojan Downloader Win32 Reno.IO had been detected

In the Windows Defender history several actions from an unknown source were permitted prior to the detection of this Trojan

WD removed the Trojan but shortly after another action was permitted from an unknown source and 5 minutes later it had detected another Trojan, exactly the same as the one before.

This was removed by WD . This was followed by yet another action being permitted from unknown source , and then another Trojan.

This was removed. Another action permitted by an unknown source took place, then another Trojan .

Then WD detected Tool:Win32 Dnschanger.K. This was removed.

Then 4 actions were permitted by an unknown source all at the same time. Then another 2 Trojans were detected and removed.

Another action from unknown source, and then another Trojan, then 2 more actions from the unknown source.

There has been no more activity since

Ive noticed that the last 6 occasions of activity ( 3 Trojans and 3 unknown source activity) have not been recorded at the correct time, and actually predate all other previous activity to much earlier in the day (not sure if thats relevant, just thought it might indicate something more sinister )

Ok so the symptoms of all this Trojan activity:

Change of homepage, google search results when clicked on open in new window, most of which redirect me to another site, Windows security msg pop ups, could not download anti virus software, then when I did it would not install (Superantispyware) or would not run, even in safemode (Spybot Search and Destroy) On trying to start some applications I get a blue screen and then my laptop restarts.

I managed to install Avira AntiVir Personal and did a scan. This is what it found..

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19BEY22M\default[4].htm'
contained a virus or unwanted program 'HTML/Infected.WebPage.Gen' [virus]
Action(s) taken:
The file was moved to '4f975fee.qua'!

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19BEY22M\default[3].htm'
contained a virus or unwanted program 'HTML/Infected.WebPage.Gen' [virus]
Action(s) taken:
The file was moved to '4f9057a6.qua'!

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19BEY22M\zbcppqhh[1].htm'
contained a virus or unwanted program 'TR/Drop.Agent.xka' [trojan]
Action(s) taken:
The file was moved to '4ad06242.qua'!

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19BEY22M\nqwkxky[1].htm'
contained a virus or unwanted program 'TR/FraudPack.Owr.11' [trojan]
Action(s) taken:
The file was moved to '4ae46251.qua'!

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19BEY22M\bhhiv[1].htm'
contained a virus or unwanted program 'TR/Tiny.705' [trojan]
Action(s) taken:
The file was moved to '4ad56248.qua'!

The file 'C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FXDENRVI\addyn%7C3[1].0%7C327%7C1670766%7C0%7C16%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1226619428277'
contained a virus or unwanted program 'HEUR/HTML.Malware' [heuristic]
Action(s) taken:
The detection was classified as suspicious.
The file was moved to '4ad16244.qua'!

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19BEY22M\default[2].htm'
contained a virus or unwanted program 'HTML/Infected.WebPage.Gen' [virus]
Action(s) taken:
The file was moved to '4f914c5e.qua'!

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19BEY22M\default[1].htm'
contained a virus or unwanted program 'HTML/Infected.WebPage.Gen' [virus]
Action(s) taken:
The file was moved to '4ad36245.qua'!

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DRKVAC38\navbar[1].htm'
contained a virus or unwanted program 'HTML/Infected.WebPage.Gen' [virus]
Action(s) taken:
The file was moved to '4ae36242.qua'!

The file 'C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IU6CQFA1\navbar[1].htm'
contained a virus or unwanted program 'HTML/Infected.WebPage.Gen' [virus]
Action(s) taken:
The file was moved to '4faae6d3.qua'!

The file 'C:\Users\paul\AppData\Local\Temp\tmpF20B.tmp'
contained a virus or unwanted program 'TR/Alureon.CD.5' [trojan]
Action(s) taken:
The file was moved to '4add624e.qua'!

The file 'C:\Windows\Temp\33388765.tmp'
contained a virus or unwanted program 'TR/CryptRedol.16384.3' [trojan]
Action(s) taken:
The file was moved to '4aa06214.qua'!

I also installed Malwarebytes and performed a sytem scan....

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6001 Service Pack 1

27/07/2009 13:32:20
mbam-log-2009-07-27 (13-32-20).txt

Scan type: Quick Scan
Objects scanned: 87304
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\.norton2009Reset (Trojan.Hacktool) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b7c90078-4269-4335-8b36-edad2f1609df}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fcaa74b1-7daa-4246-8eeb-d48030a5ce1a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fcaa74b1-7daa-4246-8eeb-d48030a5ce1a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b7c90078-4269-4335-8b36-edad2f1609df}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fcaa74b1-7daa-4246-8eeb-d48030a5ce1a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fcaa74b1-7daa-4246-8eeb-d48030a5ce1a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.127,85.255.112.196 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.



I did an online scan with Kaspersky too but it didnt find anything, and at the end of the scan the report was empty. Im not sure if thats normal.

I also want to mention that I have disabled System Restore


DSS text log, which was done after all of the above:



DDS (Ver_09-06-26.01) - NTFSx86
Run by paul at 3:44:56.61 on 28/07/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.893.123 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\paul\AppData\Local\Temp\Rar$EX02.141\autoruns.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\paul\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: InlineSearchHandleHotKeys Class: {b6ffe2ae-4d12-451f-b457-fe6125ffb1cf} - c:\program files\ieforge\inline search\InlineSearch.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ALUAlert] "c:\program files\symantec\liveupdate\ALuNotify.exe" "/LOWDISKSPACE C"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-4-1 57320]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-4-1 239336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-27 108289]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-6-3 664808]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2008-11-26 333824]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-6-20 15872]

=============== Created Last 30 ================

2009-07-28 00:59 <DIR> --d----- C:\SDFix
2009-07-28 00:15 <DIR> --d----- c:\users\paul\appdata\roaming\SUPERAntiSpyware.com
2009-07-28 00:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-28 00:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-27 14:43 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-27 14:43 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-27 14:43 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-27 13:25 <DIR> --d----- c:\users\paul\appdata\roaming\Malwarebytes
2009-07-27 13:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 13:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-27 13:04 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-27 13:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 13:04 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-27 05:38 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 05:38 <DIR> --d----- c:\programdata\Avira
2009-07-27 05:38 <DIR> --d----- c:\program files\Avira
2009-07-27 05:38 <DIR> --d----- c:\progra~2\Avira
2009-07-27 03:16 <DIR> --d----- c:\users\paul\appdata\roaming\AVG8
2009-07-22 10:11 <DIR> --d----- c:\program files\iPod
2009-07-15 14:02 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 14:02 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 14:02 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 14:02 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 10:46 <DIR> --d----- c:\program files\AVI MPEG RM WMV Joiner
2009-07-07 09:38 <DIR> --d----- c:\program files\PowerISO

==================== Find3M ====================

2009-07-18 22:10 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-06-25 20:55 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-06-25 19:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-25 19:38 51,200 a------- c:\windows\inf\infpub.dat
2009-06-25 19:38 86,016 a------- c:\windows\inf\infstor.dat
2009-05-09 06:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 06:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-30 13:37 293,376 ac------ c:\windows\system32\psisdecd.dll
2009-04-30 13:37 428,544 ac------ c:\windows\system32\EncDec.dll
2008-12-25 13:26 86 a------- c:\users\paul\appdata\roaming\wklnhst.dat
2008-11-22 03:02 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-22 03:02 56 a---h--- c:\progra~2\ezsidmv.dat
2008-07-10 05:47 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-18 00:13 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:48:09.57 ===============


Thank you to whoever finds me here and decides to help out! :thumbup2:

Attached Files



BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 07 August 2009 - 03:33 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 wildeblood

wildeblood
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 07 August 2009 - 09:58 AM

Hi there.

I understand there are huge demmands on all of you . Thanks for your time.

Here is my new DSS log. I couldnt disable Windows Deffender, the option to turn off real time protection was not there for some reason. I hope that doesnt cause any problems.

DDS (Ver_09-07-30.01) - NTFSx86
Run by paul at 15:28:52.78 on 07/08/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.893.131 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJC710W8\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: InlineSearchHandleHotKeys Class: {b6ffe2ae-4d12-451f-b457-fe6125ffb1cf} - c:\program files\ieforge\inline search\InlineSearch.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ALUAlert] "c:\program files\symantec\liveupdate\ALuNotify.exe" "/LOWDISKSPACE C"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-4-1 57320]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-4-1 239336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-27 108289]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-6-3 664808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-27 1153368]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2008-11-26 333824]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-6-20 15872]

=============== Created Last 30 ================

2009-07-28 00:15 <DIR> --d----- c:\users\paul\appdata\roaming\SUPERAntiSpyware.com
2009-07-28 00:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-28 00:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-27 14:43 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-27 14:43 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-27 14:43 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-27 13:25 <DIR> --d----- c:\users\paul\appdata\roaming\Malwarebytes
2009-07-27 13:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 13:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-27 13:04 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-27 13:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 13:04 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-27 05:38 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 05:38 <DIR> --d----- c:\programdata\Avira
2009-07-27 05:38 <DIR> --d----- c:\program files\Avira
2009-07-27 05:38 <DIR> --d----- c:\progra~2\Avira
2009-07-22 10:11 <DIR> --d----- c:\program files\iPod
2009-07-15 14:02 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 14:02 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 14:02 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 14:02 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 10:46 <DIR> --d----- c:\program files\AVI MPEG RM WMV Joiner

==================== Find3M ====================

2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 22:10 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-06-25 20:55 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-06-25 19:38 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-25 19:38 51,200 a------- c:\windows\inf\infpub.dat
2009-06-25 19:38 86,016 a------- c:\windows\inf\infstor.dat
2008-12-25 13:26 86 a------- c:\users\paul\appdata\roaming\wklnhst.dat
2008-11-22 03:02 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-22 03:02 56 a---h--- c:\progra~2\ezsidmv.dat
2008-07-10 05:47 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-18 00:13 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:31:49.46 ===============


Thank you :thumbup2:

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 09 August 2009 - 08:04 PM

Hi wildeblood,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

------------------------------------------------

MBAM tells us that there is a nice collection of undesirables in the PC.


We need to see if rootkit activity is found

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then we need to run ComboFix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Please also let me know what symptoms (if any) are still showing after they have been run.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 wildeblood

wildeblood
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 09 August 2009 - 10:52 PM

Hey m0le,

Your assistance is greatly appreciated my friend :thumbup2:

Ok here are the logs...

GMER 1.0.15.15020 [gamer.exe] - http://www.gmer.net
Rootkit scan 2009-08-10 02:39:13
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8B908D10]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8B9093FE]
SSDT 9553A714 ZwCreateThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8B909560]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8B90C976]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8B90C9A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8B9094B6]
SSDT 9553A700 ZwOpenProcess
SSDT 9553A705 ZwOpenThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8B90917E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8B90CA7C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8B90C9E6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8B90CA18]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8B90CA4A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8B908CBE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8B9095C0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8B90C916]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8B908C54]
SSDT 9553A70F ZwTerminateProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8B908BEA]

Code 857FD3D8 ZwEnumerateKey
Code 857FD3A0 ZwFlushInstructionCache
Code 857FD40D IofCallDriver
Code 857FD446 IofCompleteRequest
Code 857FD365 ZwSaveKey
Code 857FD32D ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 82682FE2 5 Bytes JMP 857FD44B
.text ntkrnlpa.exe!ZwSaveKey 8269F664 5 Bytes JMP 857FD36A
.text ntkrnlpa.exe!ZwSaveKeyEx 8269F678 5 Bytes JMP 857FD332
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 82701988 4 Bytes [10, 8D, 90, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 40C 827019D0 4 Bytes [FE, 93, 90, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 454 82701A18 4 Bytes [14, A7, 53, 95] {ADC AL, 0xa7; PUSH EBX; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 504 82701AC8 8 Bytes [60, 95, 90, 8B, 76, C9, 90, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 514 82701AD8 4 Bytes [A8, C9, 90, 8B]
.text ...
.text ntkrnlpa.exe!IofCallDriver 82704F6F 5 Bytes JMP 857FD412
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 827FB30B 5 Bytes JMP 857FD3A4
PAGE ntkrnlpa.exe!ZwEnumerateKey 82850BA2 5 Bytes JMP 857FD3DC

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1560] ntdll.dll!KiUserApcDispatcher 778F9938 5 Bytes JMP 0040DC10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1560] USER32.dll!PostQuitMessage + 81F 77A6F802 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1560] WS2_32.dll!getaddrinfo 7758418A 5 Bytes JMP 71640022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1560] WS2_32.dll!gethostbyname 775962D4 5 Bytes JMP 71670022
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] ntdll.dll!KiUserApcDispatcher 778F9938 5 Bytes JMP 00D31580 C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Rooks/Base/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] kernel32.dll!SetUnhandledExceptionFilter 77366E2D 6 Bytes JMP 715C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!DdeInitializeW 77A678E2 6 Bytes JMP 7156000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!SetWindowsHookExW 77A67B69 5 Bytes JMP 6EFC9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!CallNextHookEx 77A68C33 5 Bytes JMP 6EFBCB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!GetAsyncKeyState 77A68DF4 5 Bytes JMP 6EEE8E9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!DialogBoxIndirectParamW 77A6BD25 5 Bytes JMP 6F0C3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!SendInput 77A6BEE7 5 Bytes JMP 6F0C4FE3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!EndDialog 77A6C178 5 Bytes JMP 6EEF7BB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!EnableWindow 77A6DC79 5 Bytes JMP 6EFCD5C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!RegisterClassExW 77A6EC69 6 Bytes JMP 01154B10 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!RegisterClassW 77A6EE3E 6 Bytes JMP 7162000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!RegisterClassA 77A6FD9A 6 Bytes JMP 7165000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!CreateWindowExW 77A73D67 5 Bytes JMP 6EFCD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!GetKeyState 77A787C7 5 Bytes JMP 6EFCCB73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!IsDialogMessageW 77A799AE 5 Bytes JMP 6EEF570F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!TranslateMessage 77A80069 6 Bytes JMP 7150000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!CreateDialogParamA 77A816FD 5 Bytes JMP 6F0C4820 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!IsDialogMessage 77A8179A 5 Bytes JMP 6F0C4118 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!DialogBoxParamW 77A81FD5 5 Bytes JMP 6EEF51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!CreateDialogIndirectParamA 77A827CD 5 Bytes JMP 6F0C4857 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!CreateDialogIndirectParamW 77A89AFA 5 Bytes JMP 6F0C488E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!UnhookWindowsHookEx 77A908BE 5 Bytes JMP 6EF343F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!CreateDialogParamW 77A91C58 5 Bytes JMP 6EFCD738 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!SetKeyboardState 77A91ECE 5 Bytes JMP 6F0C4487 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!GetClipboardData 77AA70B2 6 Bytes JMP 7153000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!DialogBoxParamA 77AA80B2 5 Bytes JMP 6F0C3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!DialogBoxIndirectParamA 77AA83DD 5 Bytes JMP 6F0C3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!MessageBoxIndirectA 77ABD471 5 Bytes JMP 6F0C3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!MessageBoxIndirectW 77ABD56B 5 Bytes JMP 6F0C3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!MessageBoxExA 77ABD5D1 5 Bytes JMP 6F0C3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!MessageBoxExW 77ABD5F5 5 Bytes JMP 6F0C3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] USER32.dll!keybd_event 77ABD93C 5 Bytes JMP 6F0C5287 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] GDI32.dll!BitBlt 762A6CE7 6 Bytes JMP 715F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] SHELL32.dll!SHRestricted + DFD 76598390 4 Bytes [BD, 30, 4E, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] SHELL32.dll!SHRestricted + E05 76598398 8 Bytes [CA, 2F, 4E, 6E, 6A, 5C, 4D, ...] {RETF 0x4e2f; OUTSB ; PUSH 0x5c; DEC EBP; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] ole32.dll!OleLoadFromStream 76309726 5 Bytes JMP 6F0C3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] ole32.dll!CoCreateInstance 7633E188 5 Bytes JMP 6EFCD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] ole32.dll!CoCreateInstanceEx 7633E1CB 6 Bytes JMP 7159000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WS2_32.dll!connect 775840D9 5 Bytes JMP 71190022
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WS2_32.dll!getaddrinfo 7758418A 5 Bytes JMP 71160022
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetCloseHandle 771D9088 6 Bytes JMP 713B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetQueryDataAvailable 771DBF83 6 Bytes JMP 7129000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!HttpAddRequestHeadersA 771DCF40 6 Bytes JMP 714D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!HttpOpenRequestA 771DD508 6 Bytes JMP 714A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetConnectA 771DDEAE 6 Bytes JMP 7138000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetConnectW 771DF862 6 Bytes JMP 7135000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!HttpSendRequestW 771DFABE 6 Bytes JMP 713E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetOpenA 771ED688 6 Bytes JMP 712C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetSetStatusCallback 771EDCC0 6 Bytes JMP 7123000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!HttpSendRequestA 771EEE81 6 Bytes JMP 7147000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetReadFileExA 771F3379 6 Bytes JMP 7126000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetGetCookieExA 771F4BC8 6 Bytes JMP 712F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetWriteFile 7723624E 6 Bytes JMP 7120000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!HttpSendRequestExA 7724A776 6 Bytes JMP 7144000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!HttpSendRequestExW 7724A7CF 6 Bytes JMP 7141000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1640] WININET.dll!InternetGetCookieA 7724BE54 6 Bytes JMP 7132000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2748] ntdll.dll!KiUserApcDispatcher 778F9938 5 Bytes JMP 00431E40 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2748] WS2_32.dll!getaddrinfo 7758418A 5 Bytes JMP 71670022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2748] WS2_32.dll!gethostbyname 775962D4 5 Bytes JMP 716E0022
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] ntdll.dll!KiUserApcDispatcher 778F9938 5 Bytes JMP 01001580 C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Rooks/Base/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] kernel32.dll!SetUnhandledExceptionFilter 77366E2D 6 Bytes JMP 715C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!DdeInitializeW 77A678E2 6 Bytes JMP 7156000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!DialogBoxIndirectParamW 77A6BD25 5 Bytes JMP 6F0C3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!RegisterClassExW 77A6EC69 6 Bytes JMP 02CC4B10 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!RegisterClassW 77A6EE3E 6 Bytes JMP 7162000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!RegisterClassA 77A6FD9A 6 Bytes JMP 7165000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!CreateWindowExW 77A73D67 5 Bytes JMP 6EFCD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!TranslateMessage 77A80069 6 Bytes JMP 7150000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!DialogBoxParamW 77A81FD5 5 Bytes JMP 6EEF51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!GetClipboardData 77AA70B2 6 Bytes JMP 7153000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!DialogBoxParamA 77AA80B2 5 Bytes JMP 6F0C3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!DialogBoxIndirectParamA 77AA83DD 5 Bytes JMP 6F0C3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!MessageBoxIndirectA 77ABD471 5 Bytes JMP 6F0C3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!MessageBoxIndirectW 77ABD56B 5 Bytes JMP 6F0C3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!MessageBoxExA 77ABD5D1 5 Bytes JMP 6F0C3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] USER32.dll!MessageBoxExW 77ABD5F5 5 Bytes JMP 6F0C3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] GDI32.dll!BitBlt 762A6CE7 6 Bytes JMP 715F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] ole32.dll!CoCreateInstance 7633E188 6 Bytes JMP 7168000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] ole32.dll!CoCreateInstanceEx 7633E1CB 6 Bytes JMP 7159000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WS2_32.dll!connect 775840D9 5 Bytes JMP 71190022
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WS2_32.dll!getaddrinfo 7758418A 5 Bytes JMP 71160022
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetCloseHandle 771D9088 6 Bytes JMP 713B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetQueryDataAvailable 771DBF83 6 Bytes JMP 7129000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!HttpAddRequestHeadersA 771DCF40 6 Bytes JMP 714D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!HttpOpenRequestA 771DD508 6 Bytes JMP 714A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetConnectA 771DDEAE 6 Bytes JMP 7138000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetConnectW 771DF862 6 Bytes JMP 7135000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!HttpSendRequestW 771DFABE 6 Bytes JMP 713E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetOpenA 771ED688 6 Bytes JMP 712C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetSetStatusCallback 771EDCC0 6 Bytes JMP 7123000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!HttpSendRequestA 771EEE81 6 Bytes JMP 7147000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetReadFileExA 771F3379 6 Bytes JMP 7126000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetGetCookieExA 771F4BC8 6 Bytes JMP 712F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetWriteFile 7723624E 6 Bytes JMP 7120000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!HttpSendRequestExA 7724A776 6 Bytes JMP 7144000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!HttpSendRequestExW 7724A7CF 6 Bytes JMP 7141000A
.text C:\Program Files\Internet Explorer\iexplore.exe[8388] WININET.dll!InternetGetCookieA 7724BE54 6 Bytes JMP 7132000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00772F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00772D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00772CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00772CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E4D1BE0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E4D016F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E4CE2DF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E4D0A88] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E4CEF3C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E4CA43B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E4D1E4A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E4D3C07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E4D2A8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E4D3160] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6E4CFCD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E4CE956] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E4CDD50] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E4CFE5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E4CD5AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E4DFD07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E4E0675] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E4DEC91] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E4DF96B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E4DF085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E4DE719] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E4DEEE9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E4D016F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E4CFCD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E4CE2DF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E4CFE5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E4CE956] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E4D1BE0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E4CEF3C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E4D3C07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E4D2DFD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E4D2A1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E4D3160] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E4D2A8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E4CBE6B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E4D1833] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E4CC0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E4D1003] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E4D15DD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E4CEE11] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E4CBF96] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E4D1E4A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E4CC1EF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E4D1131] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E4CEF3C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E4D0A88] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E4D1708] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E4D0A15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E4CFCD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6E4CA0B3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6E4CA43B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E4CE80D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E4CE956] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E4CFE5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E4CFE5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E4D0D89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E4CDD50] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E4CD5AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E4CD455] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E4CEF3C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E4D016F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E4CC1EF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E4CE956] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E4D3160] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E4D2A8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E4D1BE0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E4CBF96] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E4CC0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E4CE80D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E4D2DFD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E4D2A1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E4D3C07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E4D2499] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E4CBE6B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E4CFCD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E4CFBA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E4CFA69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E4DEEE9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E4DE591] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E4DEF3C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E4DFB0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E4DEB19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E4DE719] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E4DEC91] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E4E0365] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E4DF62F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E4DF085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E4DFD07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E4DF96B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E4E0675] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E4E0071] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E4E01DD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E4E04ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E4DFF07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E4DF7CB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E4CD09C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E4D2A8D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E4D0D89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E4CD31E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E4CDACE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E4CDD50] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E4CEC5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E4CE2DF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E4CCB9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E4D016F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6E4CA43B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E4D0A88] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E4D3160] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E4D3C07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E4CC7FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E4CBE6B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E4D1BE0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E4CCE14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E4CD5AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E4D1708] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E4D1131] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E4CEF3C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E4CC1EF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E4CBF96] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E4D0AAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E4CC93C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E4CFE5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E4CE956] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E4CC45C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E4CFCD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E4CC6CC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E4D1E4A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E4CF1C6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E4CFBA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E4CF6BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E4D670C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E4D633D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E4D76C7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E4D61E0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E4D628D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E4D7719] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E4D6665] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E4D7ACC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E4D6981] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E4D6F77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E4D6C2D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E4D6C79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E4D73B3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E4D6848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E4D731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E4D7153] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E4D80F0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E4D728B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E4D6A19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6E4D6D14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E4D6935] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E4D70B3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E4D64D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E4D81EF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E4D8645] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E4D82A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E4D7CD6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E4D8367] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E4D6AB1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E4D6EDF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E4D6E47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E4D7451] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E4D700F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E4D6DAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E4D6BE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E4D7A1C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E4D6526] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E4D7809] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E4D8864] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E4D78B0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E4D7963] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E4D67AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E4D7768] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E4CBC2C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6E4D3C07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6E4D3160] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6E4D016F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6E4D1BE0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6E4CA43B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E4CEF3C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6E4CC93C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E4CC45C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E4CE956] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E4CFE5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E4CBF96] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E4CFCD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E4D8367] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E4D8309] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E4D73FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E4D7719] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E4D7809] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E4D670C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E4D79C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E4D8809] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E4D7A1C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E4D8864] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E4D6665] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1640] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6E4C8336] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74767BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747A98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7476D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7475F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74767599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7475E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7479B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7476D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7476012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74760095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747ED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7475DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7475668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74761E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01DB2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01DB2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01DB2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01DB2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\paul\Desktop\gamer.exe[8344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00172F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\paul\Desktop\gamer.exe[8344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00172D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\paul\Desktop\gamer.exe[8344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00172CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\paul\Desktop\gamer.exe[8344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00172CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[8388] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 716B0000
IAT C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe[8876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008A2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe[8876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008A2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe[8876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008A2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe[8876] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008A2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[9072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[9072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[9072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[9072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys (*** hidden *** ) [SYSTEM] ESQULserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULcrpkmdecnnvbrdxvhbiowqxowsrbomjk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULpmmgfuemxxympcnpdxqkpxtfuiqginme.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULcrpkmdecnnvbrdxvhbiowqxowsrbomjk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULpmmgfuemxxympcnpdxqkpxtfuiqginme.dll
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULcrpkmdecnnvbrdxvhbiowqxowsrbomjk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULpmmgfuemxxympcnpdxqkpxtfuiqginme.dll
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULcrpkmdecnnvbrdxvhbiowqxowsrbomjk.dll
Reg HKLM\SYSTEM\ControlSet016\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULpmmgfuemxxympcnpdxqkpxtfuiqginme.dll
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 326122

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05AFD.log 131072 bytes

---- EOF - GMER 1.0.15 ----



















ComboFix 09-08-09.04 - paul 10/08/2009 3:17:36.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.893.354 [GMT 1:00]
Running from: C:\Users\paul\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-2139252429-1018222934-1169608220-500
C:\$RECYCLE.BIN\S-1-5-21-2152478756-3922319563-605102323-500
C:\$RECYCLE.BIN\S-1-5-21-281861387-3508624164-4110567839-500
C:\WINDOWS\Installer\24a851b.msi
C:\WINDOWS\Installer\8bf1bcf.msi
C:\Windows\System32\drivers\ESQULyryborinwxwnedecfdpigttoajvkvqio.sys
C:\Windows\system32\ESQULcrpkmdecnnvbrdxvhbiowqxowsrbomjk.dll
C:\Windows\System32\ESQULpmmgfuemxxympcnpdxqkpxtfuiqginme.dll
C:\Windows\system32\ESQULzcounter
C:\Windows\system32\Ijl11.dll
C:\Windows\system32\tmp.reg
C:\Windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 02:28:34 . 2009-08-10 02:34:02 0 d-----w- C:\Users\paul\AppData\Local\temp
2009-08-10 02:28:34 . 2009-08-10 02:28:34 0 d-----w- C:\Users\Guest\AppData\Local\temp
2009-08-07 16:33:33 . 2009-08-07 16:33:33 0 d-----w- C:\Users\paul\AppData\Local\Mozilla
2009-07-27 23:15:36 . 2009-08-07 03:57:05 0 d-----w- C:\Program Files\SUPERAntiSpyware
2009-07-27 23:15:36 . 2009-07-27 23:15:36 0 d-----w- C:\Users\paul\AppData\Roaming\SUPERAntiSpyware.com
2009-07-27 23:15:10 . 2009-07-27 23:15:10 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-27 13:43:02 . 2009-08-07 03:57:06 0 d-----w- C:\PROGRA~2\Spybot - Search & Destroy
2009-07-27 13:43:02 . 2009-07-28 20:09:32 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-27 12:25:26 . 2009-07-27 12:25:26 0 d-----w- C:\Users\paul\AppData\Roaming\Malwarebytes
2009-07-27 12:04:11 . 2009-07-13 12:36:34 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-07-27 12:04:08 . 2009-07-27 12:24:50 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-27 12:04:08 . 2009-07-27 12:04:08 0 d-----w- C:\PROGRA~2\Malwarebytes
2009-07-27 12:04:08 . 2009-07-13 12:36:12 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-07-27 04:38:50 . 2009-03-30 09:33:07 96104 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2009-07-27 04:38:49 . 2009-03-24 15:08:22 55640 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2009-07-27 04:38:46 . 2009-07-27 04:38:46 0 d-----w- C:\Program Files\Avira
2009-07-27 04:38:46 . 2009-07-27 04:38:46 0 d-----w- C:\PROGRA~2\Avira
2009-07-22 09:11:58 . 2009-07-22 09:11:58 0 d-----w- C:\Program Files\iPod
2009-07-15 13:02:28 . 2009-06-15 15:24:24 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-07-15 13:02:28 . 2009-06-15 15:20:27 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-07-15 13:02:28 . 2009-06-15 15:20:00 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-07-15 13:02:28 . 2009-06-15 12:52:13 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-07-14 09:46:24 . 2009-07-14 09:46:25 0 d-----w- C:\Program Files\AVI MPEG RM WMV Joiner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 03:57:05 . 2009-06-07 16:44:54 0 d-----w- C:\Program Files\QuickTime
2009-08-07 03:54:10 . 2008-05-17 22:36:35 0 d-----w- C:\Users\paul\AppData\Roaming\BitTorrent
2009-08-03 20:47:45 . 2008-02-04 22:19:48 1356 ----a-w- C:\Users\paul\AppData\Local\d3d9caps.dat
2009-07-22 09:12:25 . 2008-07-17 04:41:20 0 d-----w- C:\Program Files\iTunes
2009-07-22 09:11:56 . 2008-03-01 12:52:12 0 d-----w- C:\Program Files\Common Files\Apple
2009-07-21 21:52:28 . 2009-07-28 19:25:51 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-07-21 21:47:28 . 2009-07-28 19:25:49 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-07-21 21:47:27 . 2009-07-28 19:25:49 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-21 20:13:58 . 2009-07-28 19:25:49 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-07-20 01:37:14 . 2008-11-22 01:59:21 0 d-----w- C:\Users\paul\AppData\Roaming\Skype
2009-07-19 23:02:21 . 2008-11-22 02:02:17 0 d-----w- C:\Users\paul\AppData\Roaming\skypePM
2009-07-18 21:10:03 . 2008-12-18 18:58:09 0 ----a-w- C:\Windows\system32\drivers\lvuvc.hs
2009-07-15 20:06:27 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-09 23:05:17 . 2008-01-21 21:38:39 0 d-----w- C:\PROGRA~2\Kontiki
2009-07-07 08:38:17 . 2009-07-07 08:38:17 0 d-----w- C:\Program Files\PowerISO
2009-06-27 19:36:24 . 2008-11-12 22:02:53 0 d-----w- C:\Users\Guest\AppData\Roaming\StumbleUpon
2009-06-27 19:36:18 . 2008-08-10 17:56:35 0 d-----w- C:\Program Files\Winamp
2009-06-27 19:36:18 . 2008-05-18 00:28:29 0 d-----w- C:\Program Files\TrustyFiles
2009-06-27 19:36:18 . 2007-10-05 21:33:34 0 d-----w- C:\Program Files\Google
2009-06-27 19:36:18 . 2007-03-01 08:42:52 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-26 15:31:58 . 2008-03-01 12:56:32 0 d-----w- C:\Users\paul\AppData\Roaming\Apple Computer
2009-06-26 12:56:02 . 2009-04-22 04:02:47 0 d-----w- C:\Users\paul\AppData\Roaming\Spotify
2009-06-25 19:55:41 . 2009-06-25 19:55:40 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2009-06-25 18:53:35 . 2007-09-15 05:47:10 71184 ----a-w- C:\Users\paul\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-25 18:36:56 . 2007-09-15 06:07:41 0 d-----w- C:\PROGRA~2\Microsoft Help
2009-06-25 18:33:39 . 2007-09-15 06:12:27 0 d-----w- C:\Program Files\Microsoft Works
2009-06-24 13:58:09 . 2008-12-18 18:50:30 0 d-----w- C:\Program Files\Logitech
2009-06-21 09:33:27 . 2009-03-24 03:04:19 0 d--h--w- C:\PROGRA~2\~0
2009-06-21 08:56:46 . 2009-03-25 20:27:59 0 d-----w- C:\Users\paul\AppData\Roaming\GlarySoft
2009-06-21 07:11:48 . 2007-09-15 08:56:34 0 d-----w- C:\Program Files\Common Files\Symantec Shared
2009-06-20 02:01:01 . 2009-06-20 02:01:01 0 d-----w- C:\Program Files\BUFFALO
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 19:29:13 39408]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 21:50:52 815104]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 23:02:20 36352]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09:58 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04:34 39792]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 17:15:46 2407184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 05:19:17 148888]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 17:11:48 565008]
"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-25 19:29:06 68592]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2009-03-15 10:15:16 180224]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 13:03:10 292128]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 12:08:47 209153]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2007-02-15 09:07:16 4390912]

C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8A8D72DC-BA9E-4899-B18E-B446FA0D3A0B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{108E3ED0-6817-42A8-9954-337FBA6F1408}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31E7EE08-D871-4A9B-8703-469EBB709774}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{CCDC0B67-BCFC-4C4B-A2A1-37737814AF55}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{D2B11265-C598-448C-A233-BBC66F0A4DB6}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{BCA1AF3D-8962-44F2-8B29-DD87120F9C49}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{F657FC71-618F-409B-8350-2BAB8FD0EA21}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0454462D-5828-4A3B-A9B9-3CAB70FB5170}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4C9CB7AB-2C94-4305-9481-EE74B3FF6D30}C:\\program files\\trustyfiles\\trustyfiles.exe"= UDP:C:\program files\trustyfiles\trustyfiles.exe:TrustyFiles
"UDP Query User{98484C11-FE0E-4C4A-814D-57E898B2A764}C:\\program files\\trustyfiles\\trustyfiles.exe"= TCP:C:\program files\trustyfiles\trustyfiles.exe:TrustyFiles
"{26927379-0CCE-45B1-A884-5A1E9E76A800}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{5B6BE14E-DE8F-4FA2-8E04-B86D2E3086C9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{FC1E654E-47DE-4B8C-A83D-8ED21DD5FE6A}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2DE132BD-3334-4D2B-AB52-C2A5D1F55C0B}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6FBC9E21-F5B8-4CD5-9070-B3B78A49FF70}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AEBC483F-C25C-45E5-B3CF-2FEB99663940}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D47B5158-0F3C-4B51-B252-9E00D0D0D30B}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60DA73B1-AA59-493F-A0AE-C838F3D29A8F}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{446EE40E-EEC8-49A0-AEBA-CB0B51F3215D}"= Profile=Public|C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B9FD46EA-47E3-474B-8CEB-6106CDEB07EF}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{B9B33186-6374-43BA-B6A3-E2311CFF07FE}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{0E78D6D6-356A-4E22-8989-F5B6A3DE490E}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{EC5702BF-F770-4165-B144-4DDDD8890B83}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{55B2CB2D-D4EA-408D-9FF4-7B422CC525BF}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FA7E1869-2DF2-4ED7-A563-76FDBCC83BEA}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{A3FBF687-5EDA-4883-B134-58DC8C7E56CC}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{1CF0F1B2-0968-4FFC-9C93-FF939B47A127}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{1F0476EC-758A-4CEC-BE51-394D1FAEA927}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{DBB44771-DD60-4DBE-B484-DE6E4D84F7E4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"TCP Query User{5CD51577-DD18-4D22-B612-3613D2CB41E0}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{29857BEF-9C87-4894-83FE-DD122374E0CA}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"{9E0FCA4E-21A7-401D-BB0B-7F745D948EFB}"= Disabled:UDP:C:\Program Files\DNA\btdna.exe:DNA
"{9304CC6A-FF9C-40D9-8F5F-F9E814A4E3D9}"= Disabled:TCP:C:\Program Files\DNA\btdna.exe:DNA
"{DFEEA78D-B107-4865-9552-9D79711ED59F}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BB7DB3CA-BFBC-4558-A951-0229747230E0}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{BAED0CC9-EEAE-4820-90EF-6B7E56DBC77E}C:\\program files\\internet explorer\\iexplore.exe"= Disabled:UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FBC74B3C-88CF-4FBC-BE78-CB22993D34DD}C:\\program files\\internet explorer\\iexplore.exe"= Disabled:TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{577CACD4-9A77-48A5-805A-0BBB3B3FF193}C:\\program files\\limewire\\limewire.exe"= Disabled:UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EB6EB996-9719-41F0-8DD7-8BB838E34F17}C:\\program files\\limewire\\limewire.exe"= Disabled:TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{DBB1E3FE-D9DA-4177-9CFB-8ACABCC3325A}C:\\program files\\real\\realplayer\\realplay.exe"= Disabled:UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{CCC88C3E-FD2D-4AE5-AB65-BF07BB7E4FA0}C:\\program files\\real\\realplayer\\realplay.exe"= Disabled:TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{FB49D756-C849-4532-87D8-9BAFA856988F}"= Disabled:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7D243420-330B-4DB9-ABD8-5428E950266B}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E19431C8-54AD-4047-BA67-A4863B1D55D1}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E26F2E1B-0218-48C0-AC15-010E42710088}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4CF8435C-367A-4EAD-92C5-5C5BAA5F2390}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{66FBF2AC-9BB5-4003-BEC6-4C1E251BF875}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65AB0B61-0803-4909-AFB8-4485E5FF960F}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3260DC0B-4E71-4048-9259-CFEB47250971}C:\\program files\\utorrent\\utorrent.exe"= Disabled:UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{CBD5274C-10E5-41E3-BEBD-20A514BA809B}C:\\program files\\utorrent\\utorrent.exe"= Disabled:TCP:C:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{E4AF5256-EC53-4224-8B95-E97E34F4EFD0}C:\\program files\\bitcomet\\bitcomet.exe"= Disabled:UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{738B1C86-591F-4F18-A112-33C19D877B1E}C:\\program files\\bitcomet\\bitcomet.exe"= Disabled:TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{EC828121-88C6-4931-A666-030DFD35C048}C:\\users\\paul\\program files\\dna\\btdna.exe"= Disabled:UDP:C:\users\paul\program files\dna\btdna.exe:btdna.exe
"UDP Query User{334EC2B0-4712-4E64-B195-4A91159FE6AD}C:\\users\\paul\\program files\\dna\\btdna.exe"= Disabled:TCP:C:\users\paul\program files\dna\btdna.exe:btdna.exe
"TCP Query User{45A77444-34CF-424A-A290-F847E19EBFD6}C:\\program files\\mozilla firefox\\firefox.exe"= Disabled:UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{EEAA739A-F4D3-4A7D-8EF7-696C3720FC49}C:\\program files\\mozilla firefox\\firefox.exe"= Disabled:TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{881AE01F-D3E1-422B-B16B-D422DEC4C247}"= Disabled:UDP:C:\Windows\System32\P2P Networking\P2P Networking.exe:P2P Networking
"{B6CA94A9-71AA-4B05-9021-EBB13559BE18}"= Disabled:TCP:C:\Windows\System32\P2P Networking\P2P Networking.exe:P2P Networking
"{B9B33270-931B-4FD0-9C02-8C973CABD2BA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{86300395-A520-41D0-A046-8FDAADC30AB7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"= C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla

R1 RapportKELL;RapportKELL;C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [01/04/2009 13:12:31 57320]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [01/04/2009 13:12:31 239336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [27/07/2009 05:38:49 108289]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [03/06/2009 02:38:11 664808]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [27/07/2009 14:43:06 1153368]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr61.sys [26/11/2008 13:51:02 333824]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;C:\Windows\System32\drivers\bfturboh.sys [20/06/2009 03:01:04 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\paul\AppData\Roaming\Mozilla\Firefox\Profiles\hrttn91a.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.


My laptop seems to be working better now, no redirecting to spam webpages and the advertisements on web pages are no longer all about bleep enlargement! lol , and I am now able to launch Spybot and Superantispyware which i couldnt before.
There are a few things i want to share with you though....

1. When waiting for the Combofix txt file to pop up after the scan and before it did, I got a blue screen and my laptop shut off and restarted itself. I dont know if this is normal when using Combofix.

2. While Combofix was scanning my computer I had warnings from Avira that it had detected Trojans. I wasnt sure what to do so I instructed Avira to send them to quarantine, I wasnt sure how a decision here would affect Combofix's efforts . Anyway, on reading the txt log from Combofix after the scan I noticed that it hadnt deleted those files that were sent to quarantine with Avira, and I cannot delete the files from there, it wont let me, i click on delete and nothing happens.

Ill observe things and let you know if I find anything else


Cheers m0le :)

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 10 August 2009 - 06:53 AM

Hey wildeblood,

We're not quite done here yet.

Firstly, the BSOD is not a problem, Combofix can sometimes cause that.

Secondly, Avira and other antiviruses scan Combofix and its components and often decide they are trojans when they are not. If you sent any of these files to quarantine it may stop Combofix from running. Don't worry because we will not be using Combofix again.

Finally, we need to do a check for infected files that the malware may have left behind.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 wildeblood

wildeblood
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 10 August 2009 - 05:15 PM

Hi m0le,

Thank you mate!


These are the files that are in quarantine with Avira. Im very suspicious of them as they are all ESQUL files and are all on the list of files that Combofix identified and told me to make a note of before it started fully scaning my PC,


C:Windows\System32\Drivers\ESQULlyryborinwxwnedecfdpigttoajvkvqio.sys

C:\Windows\System32\ESQULlpmmgfuemxxympcnpdxqkpxtfuiqginme.dll

C:\Windows\System32\ESQULlcrpkmdecnnvbrdxvhbiowqxowsrbomjk.dll

Avira wont delete them.


Ok so ill see what you think of those

Here is your ESET scan report...


C:\Users\paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6184729b-40893055 a variant of Java/TrojanDownloader.OpenStream.NAD trojan deleted - quarantined

Many thanks! :thumbup2:

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 10 August 2009 - 05:49 PM

ESQUL is a rootkit, a newer one. Aviva has quarantined the problem but may not be able to delete it.

Don't worry about it, the quarantine is good enough.

The ESET is looking quality. The only thing that has been deleted was something in the Java history. This means that nothing "live" exists in the PC.

This means, unless any newer symptoms have appeared, that your PC is clean.

Good stuff! :thumbup2:

Let's do some housekeeping

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.


Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

I recommend that you download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  • Double-click the Downloaded installer and install the tool to a location of your choice
  • Via the Startmenu, navigate to HostsMan and run the program.
    • Click "Hosts" in the menu
    • Click "Manage Updates" in the submenu
    • Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    • Click "Add Update." After that you will only need to click on the following button to retrieve updates:
      Posted Image
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it wildeblood, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#9 wildeblood

wildeblood
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 11 August 2009 - 05:17 AM

Hey m0le,

Everything is fine now, I feel like my laptop is my own again, so huge thank you to you for donating your time and skills to help me, and all the other guys

on here doing the same . I feel quite inspired by the whole experience! I cant say im pleased that I got infected in the first place, especially as it was my

own fault :) but im really chuffed I found this site! Ive felt well looked after, and theres so much great information and advice! :thumbup2:


Before you go though I have a question...

Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option

Could you explain to me why you advised me to do this please mate? Im not sure what the benefit is, ive suddenly got loads of folders and files all over the place that I cant even get into. Its making the place look untidy, lol :)

Cheers m0le

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 11 August 2009 - 06:09 AM

Before you go though I have a question...

Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option

Could you explain to me why you advised me to do this please mate? Im not sure what the benefit is, ive suddenly got loads of folders and files all over the place that I cant even get into. Its making the place look untidy, lol :thumbup2:


Sorry mate. That should have been to hide the folders/files.

Please reverse the instructions. :)
Posted Image
m0le is a proud member of UNITE

#11 wildeblood

wildeblood
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 11 August 2009 - 06:39 AM

Lol , ok mate

Well im all good now! I guess we're done .

Cheers m0le!

All the best

Wildeblood

:thumbup2: clap clap

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:58 AM

Posted 11 August 2009 - 12:07 PM

Cheers, all the best to you too.

:thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 AM

Posted 14 August 2009 - 07:30 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users