Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidserv C Malware, HJT Log attached...


  • This topic is locked This topic is locked
8 replies to this topic

#1 bjswift

bjswift

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 04 January 2010 - 04:46 PM

Please see below log generated as per yout instructions:

Thanks,
BJ

DDS (Ver_09-12-01.01) - NTFSx86
Run by Brad at 18:03:10.50 on 04/01/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1982.828 [GMT -3.5:30]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Brad\Program Files\DNA\btdna.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Brad\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/webhp?rls=ig
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyServer = 212.125.176.132:8080
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.1.0.19\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [BitTorrent DNA] "c:\users\brad\program files\dna\btdna.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} - hxxps://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-25 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1101000.013\SymDS.sys [2009-12-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1101000.013\SymEFA.sys [2009-12-25 171056]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20091205.001\BHDrvx86.sys [2009-12-5 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1101000.013\cchpx86.sys [2009-12-25 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20091230.004\IDSvix86.sys [2010-1-4 343088]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1101000.013\Ironx86.sys [2009-12-25 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1101000.013\symtdiv.sys [2009-12-25 339504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.1.0.19\ccSvcHst.exe [2009-12-25 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-30 102448]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S2 gupdate1c999b7d6be2420;Google Update Service (gupdate1c999b7d6be2420);c:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-5 21504]

=============== Created Last 30 ================

2010-01-04 12:40:05 0 d-----w- c:\users\brad\appdata\roaming\AnvSoft
2010-01-04 12:39:57 0 d-----w- c:\program files\AnvSoft
2010-01-04 00:08:48 0 d-----w- c:\users\brad\.smplayer
2010-01-04 00:08:18 0 d-----w- c:\program files\SMPlayer
2010-01-03 23:32:18 0 d-----w- c:\windows\system32\custom matrices
2010-01-03 23:32:03 0 d-----w- c:\windows\system32\QuickTime
2010-01-03 23:32:03 0 d-----w- c:\windows\system32\C2MP
2010-01-03 05:40:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 05:40:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 05:40:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 02:54:55 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-26 02:54:55 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-26 02:54:55 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-26 02:54:53 0 d-----w- c:\program files\Symantec
2009-12-26 02:52:35 0 d-----w- c:\windows\system32\drivers\NIS
2009-12-26 02:52:24 0 d-----w- c:\program files\Norton Internet Security
2009-12-26 00:02:44 0 d-----w- c:\programdata\PCSettings
2009-12-25 23:59:17 0 d-----w- c:\programdata\NortonInstaller
2009-12-25 23:59:17 0 d-----w- c:\program files\NortonInstaller
2009-12-21 01:25:49 0 d-----w- c:\program files\iPod
2009-12-21 01:25:42 0 d-----w- c:\program files\iTunes
2009-12-16 05:47:01 0 d-----w- c:\programdata\Norton
2009-12-12 20:17:17 0 d-----w- c:\program files\Windows Portable Devices
2009-12-12 20:15:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-12 20:11:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-12 20:05:36 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-12 20:03:27 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-12 20:03:25 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-12 20:03:24 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-12 19:59:29 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-12-12 19:57:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-12 19:57:03 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-12 19:57:03 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-12-12 19:52:15 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-12 19:52:10 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-12 19:52:09 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-12 18:55:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-12-12 18:55:20 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-12-12 18:55:14 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-12 18:55:08 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-12-12 18:53:39 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-12-12 18:53:15 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-12 18:53:06 355328 ----a-w- c:\windows\system32\WSDApi.dll

==================== Find3M ====================

2010-01-02 23:59:43 3204 ----a-w- c:\windows\bthservsdp.dat
2009-12-27 19:15:28 143236 ----a-w- c:\users\brad\appdata\roaming\nvModes.dat
2009-12-26 00:03:52 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-26 00:03:52 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-26 00:03:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-12 20:16:59 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-02 17:02:50 1632887 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-12-02 16:56:10 4840081 ----a-w- c:\windows\system32\libavcodec.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-11 20:35:14 9654 ----a-w- c:\users\brad\appdata\roaming\wklnhst.dat
2009-11-04 18:45:44 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-11-04 18:43:20 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-11-03 20:11:22 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-11-03 20:11:00 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-11-03 20:10:42 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-11-03 20:09:18 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-11-03 20:08:58 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-11-03 20:08:12 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-11-03 20:07:16 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-11-03 19:36:06 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-11-03 19:34:56 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-11-03 19:34:38 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-03 18:07:24 895308 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-03 18:05:02 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-11-03 00:12:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 22:46:26 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-10-24 03:37:36 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-10-20 20:04:51 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-11 07:47:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-10-27 20:00:05 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-03-08 15:36:19 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 18:05:54.61 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:59 AM

Posted 12 January 2010 - 08:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 bjswift

bjswift
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 15 January 2010 - 03:29 PM

Myrti,

Thanks for your reply. Here are the files from the OTL Scan.

Brad

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:59 AM

Posted 15 January 2010 - 05:01 PM

Hi,

please do not attach logs, simply paste them into your replies. :(

Please also run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 bjswift

bjswift
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 16 January 2010 - 03:10 PM

Myrti,

Sorry about that. Here are the 3 logs as requested.

Brad

OTL logfile created on: 15/01/2010 4:40:52 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.57 Gb Total Space | 57.12 Gb Free Space | 40.92% Space Free | Partition Type: NTFS
Drive D: | 9.48 Gb Total Space | 1.19 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRAD-PC
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/14 16:55:45 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
PRC - [2009/11/21 03:12:38 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/28 00:01:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/20 03:04:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/11 02:58:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 02:57:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:57:28 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/04/11 02:57:20 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/03/08 08:04:00 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/09/19 14:36:32 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/06/09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/07/10 05:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/07/08 13:41:08 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007/06/12 22:44:22 | 00,554,552 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/05/16 14:13:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/05/11 16:51:10 | 00,472,632 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/02/13 15:08:36 | 00,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/01/29 00:37:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2007/01/10 19:42:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/09/07 20:36:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2006/05/02 18:11:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


========== Modules (SafeList) ==========

MOD - [2010/01/14 16:55:45 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
MOD - [2009/11/06 21:27:04 | 00,406,896 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\asOEHook.dll
MOD - [2009/07/12 04:32:02 | 00,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 04:32:00 | 00,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcp90.dll
MOD - [2009/04/11 02:51:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2009/12/20 20:36:38 | 01,181,328 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/20 03:04:55 | 00,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/09/24 21:57:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/28 11:46:41 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c999b7d6be2420) Google Update Service (gupdate1c999b7d6be2420)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/19 14:36:32 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/06/09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/01/19 04:08:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 20:29:32 | 00,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/11/06 20:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 20:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/07/10 05:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/02/05 09:11:18 | 00,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 00,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/09 18:25:34 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/02 09:05:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/05/02 18:11:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/25 23:45:58 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100111.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/25 23:45:58 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/25 23:45:58 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/25 23:45:58 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100111.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/25 23:24:53 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/05 01:24:05 | 00,529,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091205.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/11/05 18:36:13 | 00,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 19:07:22 | 00,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100106.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/20 03:05:50 | 00,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 22:20:48 | 00,339,504 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2009/10/08 23:25:01 | 00,171,056 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/08 23:24:25 | 00,114,736 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/08 23:24:10 | 00,325,168 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/08 23:24:10 | 00,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/09/23 09:25:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 00:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/11 01:12:54 | 00,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/03 10:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 02:27:15 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2007/10/12 22:50:00 | 01,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/10/12 22:50:00 | 01,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2007/08/01 06:42:32 | 00,164,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 19:33:00 | 07,595,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/10 05:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/07 02:28:56 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/20 02:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 02:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 02:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/05/31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/03/21 03:32:04 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 09:45:58 | 01,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/23 20:12:22 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 05:20:32 | 00,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/22 22:10:20 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/02 07:15:30 | 00,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/30 13:54:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 06:21:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 06:21:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 06:21:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 06:21:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 06:21:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 06:21:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 06:21:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 06:20:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 06:20:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 06:20:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 06:20:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 06:20:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 06:20:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 06:20:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 06:20:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 06:20:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 06:20:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 06:20:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 06:20:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 06:20:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 06:20:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 06:20:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 06:20:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 06:20:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 06:20:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 06:20:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 06:20:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 06:20:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 06:20:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 06:19:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 06:19:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 06:19:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 06:19:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 06:19:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 06:19:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:55:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:54:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:54:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:54:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:54:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:54:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 04:11:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 04:06:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 04:00:54 | 00,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/11/02 04:00:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:07:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/18 22:40:57 | 01,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/28 13:24:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/18 18:56:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/webhp?rls=ig
IE - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\S-1-5-21-1386418828-445293620-2689127120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\S-1-5-21-1386418828-445293620-2689127120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\S-1-5-21-1386418828-445293620-2689127120-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.125.176.132:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2009/12/25 23:27:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2009/12/25 23:27:56 | 00,000,000 | ---D | M]

[2009/03/05 08:00:08 | 00,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2009/03/05 08:00:08 | 00,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1386418828-445293620-2689127120-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [OPSE reminder] C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe File not found
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1386418828-445293620-2689127120-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00 (FavImport Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/...NPUplden-ca.cab (MSN Photo Upload Tool)
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} http://www.nero.com/doc/NeroVersionCheckerControl.cab (NeroVersionCheckerControl Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab (Windows Live SkyDrive Upload Tool)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/Facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.125.176.132
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/25 10:17:15 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:48:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{18e6058e-45b9-11dd-bb96-001a6bf39f1e}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O33 - MountPoints2\{18e60593-45b9-11dd-bb96-001a6bf39f1e}\Shell - "" = AutoRun
O33 - MountPoints2\{18e60593-45b9-11dd-bb96-001a6bf39f1e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{20e937b6-f121-11dd-82d7-001a6bf39f1e}\Shell\AutoRun\command - "" = m9ma.exe
O33 - MountPoints2\{20e937b6-f121-11dd-82d7-001a6bf39f1e}\Shell\explore\Command - "" = m9ma.exe
O33 - MountPoints2\{20e937b6-f121-11dd-82d7-001a6bf39f1e}\Shell\open\Command - "" = m9ma.exe
O33 - MountPoints2\{258b8340-70a5-11de-b50b-001a6bf39f1e}\Shell\AutoRun\command - "" = q9.cmd
O33 - MountPoints2\{258b8340-70a5-11de-b50b-001a6bf39f1e}\Shell\open\Command - "" = q9.cmd
O33 - MountPoints2\{582ed472-53b4-11dd-9403-001a6bf39f1e}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{5e7488ec-b3b7-11dc-a4a1-001a6bf39f1e}\Shell - "" = AutoRun
O33 - MountPoints2\{5e7488ec-b3b7-11dc-a4a1-001a6bf39f1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9502d4f6-fea0-11dd-83a1-001a6bf39f1e}\Shell\auto\command - "" = Limit.exe
O33 - MountPoints2\{9502d4f6-fea0-11dd-83a1-001a6bf39f1e}\Shell\explore\command - "" = Limit.exe
O33 - MountPoints2\{9502d4f6-fea0-11dd-83a1-001a6bf39f1e}\Shell\open\command - "" = Limit.exe
O33 - MountPoints2\{d60c4b5d-2925-11de-9e73-001a6bf39f1e}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/14 16:55:39 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2010/01/04 22:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/01/04 22:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/01/04 22:33:38 | 00,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\uTorrent
[2010/01/04 09:10:46 | 00,000,000 | ---D | C] -- C:\Users\Brad\Documents\Any Video Converter Professional
[2010/01/04 09:10:05 | 00,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\AnvSoft
[2010/01/04 00:00:39 | 00,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\CrashDumps
[2010/01/03 20:38:48 | 00,000,000 | ---D | C] -- C:\Users\Brad\.smplayer
[2010/01/03 20:38:18 | 00,000,000 | ---D | C] -- C:\Program Files\SMPlayer
[2010/01/03 20:30:21 | 25,740,144 | ---- | C] (Microsoft Corporation) -- C:\Users\Brad\Documents\wmp11-windowsxp-x86-enu.exe
[2010/01/03 20:02:18 | 00,000,000 | ---D | C] -- C:\Windows\System32\custom matrices
[2010/01/03 20:02:03 | 00,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/01/03 20:02:03 | 00,000,000 | ---D | C] -- C:\Windows\System32\C2MP
[2010/01/03 02:10:35 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/03 02:10:33 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 02:10:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/25 23:28:28 | 00,000,000 | ---D | C] -- C:\Users\Brad\Documents\Symantec
[2009/12/25 23:24:55 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/12/25 23:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/25 23:23:54 | 00,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\symtdiv.sys
[2009/12/25 23:23:54 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.sys
[2009/12/25 23:23:54 | 00,171,056 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\SymEFA.sys
[2009/12/25 23:23:53 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\srtsp.sys
[2009/12/25 23:23:53 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\srtspx.sys
[2009/12/25 23:23:52 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\cchpx86.sys
[2009/12/25 23:23:52 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1101000.013\Ironx86.sys
[2009/12/25 23:22:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2009/12/25 23:22:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1101000.013
[2009/12/25 23:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/12/25 20:32:44 | 00,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2009/12/25 20:29:17 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/12/25 20:29:17 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/20 21:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/12/20 21:55:42 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/12/20 21:48:50 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2010/01/15 16:46:46 | 03,932,160 | -HS- | M] () -- C:\Users\Brad\ntuser.dat
[2010/01/15 16:37:44 | 00,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6043C01B-7320-459A-BD88-E0BE5E91C269}.job
[2010/01/15 16:37:11 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/15 16:36:46 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/15 00:52:56 | 01,945,320 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1101000.013\Cat.DB
[2010/01/15 00:11:33 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/15 00:00:15 | 00,000,368 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Brad-PC_Brad.job
[2010/01/14 16:55:45 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2010/01/14 16:20:58 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/14 16:20:58 | 00,608,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/14 16:20:58 | 00,109,542 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/14 16:18:28 | 00,143,236 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\nvModes.001
[2010/01/14 16:14:00 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/14 16:14:00 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/14 16:13:56 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/14 16:13:20 | 20,791,95136 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 10:22:23 | 00,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/12 10:22:20 | 00,524,288 | -HS- | M] () -- C:\Users\Brad\NTUSER.DAT{908ffa9a-d071-11dc-b2f3-001a6bf39f1e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/12 10:22:20 | 00,065,536 | -HS- | M] () -- C:\Users\Brad\NTUSER.DAT{908ffa9a-d071-11dc-b2f3-001a6bf39f1e}.TM.blf
[2010/01/12 10:22:15 | 02,143,652 | -H-- | M] () -- C:\Users\Brad\AppData\Local\IconCache.db
[2010/01/11 23:00:43 | 00,000,662 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Brad.job
[2010/01/10 16:52:12 | 00,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrad.job
[2010/01/09 10:29:23 | 09,631,583 | ---- | M] () -- C:\Users\Brad\Documents\Garage Door.pdf
[2010/01/04 22:34:47 | 00,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/03 20:38:29 | 00,000,752 | ---- | M] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2010/01/03 20:30:45 | 25,740,144 | ---- | M] (Microsoft Corporation) -- C:\Users\Brad\Documents\wmp11-windowsxp-x86-enu.exe
[2010/01/03 02:10:38 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/27 15:45:28 | 00,143,236 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\nvModes.dat
[2009/12/25 23:24:53 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/12/25 23:24:53 | 00,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/12/25 23:24:53 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/12/25 23:24:19 | 00,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009/12/25 20:32:03 | 00,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/20 21:57:33 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/20 21:49:32 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2010/01/09 10:29:22 | 09,631,583 | ---- | C] () -- C:\Users\Brad\Documents\Garage Door.pdf
[2010/01/04 22:34:47 | 00,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/01/03 20:38:29 | 00,000,752 | ---- | C] () -- C:\Users\Public\Desktop\SMPlayer.lnk
[2010/01/03 10:19:21 | 20,791,95136 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/03 02:10:38 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/25 23:26:46 | 01,945,320 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/25 23:24:55 | 00,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/12/25 23:24:55 | 00,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/12/25 23:24:19 | 00,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009/12/25 23:22:55 | 00,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymEFA.inf
[2009/12/25 23:22:55 | 00,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.inf
[2009/12/25 23:22:55 | 00,001,756 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\ccHPx86.inf
[2009/12/25 23:22:55 | 00,001,474 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymNetV.inf
[2009/12/25 23:22:55 | 00,001,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymNet.inf
[2009/12/25 23:22:55 | 00,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\srtspx.inf
[2009/12/25 23:22:55 | 00,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\srtsp.inf
[2009/12/25 23:22:55 | 00,000,743 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\Iron.inf
[2009/12/25 23:22:35 | 00,007,774 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\symnetv.cat
[2009/12/25 23:22:35 | 00,007,493 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymDS.cat
[2009/12/25 23:22:35 | 00,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\srtsp.cat
[2009/12/25 23:22:35 | 00,007,431 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymEFA.cat
[2009/12/25 23:22:35 | 00,007,429 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\srtspx.cat
[2009/12/25 23:22:35 | 00,007,424 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\iron.cat
[2009/12/25 23:22:35 | 00,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\cchpx86.cat
[2009/12/25 23:22:35 | 00,007,355 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\SymNet.cat
[2009/12/25 23:22:35 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1101000.013\isolate.ini
[2009/12/25 20:32:03 | 00,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/12/20 21:57:33 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/20 21:49:32 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/12/02 13:32:50 | 01,632,887 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2009/12/02 13:26:10 | 04,840,081 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/11/04 15:15:44 | 00,611,638 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/11/04 15:13:20 | 00,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/11/03 16:41:22 | 00,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/11/03 16:41:00 | 00,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/11/03 16:40:42 | 00,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/11/03 16:39:18 | 00,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/11/03 16:38:58 | 00,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/11/03 16:38:12 | 00,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/11/03 16:37:16 | 00,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/11/03 16:06:06 | 00,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/11/03 16:04:56 | 00,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/11/03 16:04:38 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/03 14:37:24 | 00,895,308 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/03 14:35:02 | 00,957,047 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/10/27 19:16:26 | 00,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/10/20 03:08:02 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/06 18:43:53 | 00,005,737 | -HS- | C] () -- C:\Users\Brad\AppData\Roaming\020000003d1cecfb573C.manifest
[2009/04/06 18:43:53 | 00,001,263 | -HS- | C] () -- C:\Users\Brad\AppData\Roaming\020000003d1cecfb573P.manifest
[2009/04/06 18:43:53 | 00,000,011 | -HS- | C] () -- C:\Users\Brad\AppData\Roaming\020000003d1cecfb573S.manifest
[2009/04/06 18:43:53 | 00,000,011 | -HS- | C] () -- C:\Users\Brad\AppData\Roaming\020000003d1cecfb573O.manifest
[2009/01/19 09:44:42 | 00,000,257 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\default.rss
[2009/01/10 18:47:32 | 00,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 18:46:56 | 00,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 18:46:50 | 00,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 18:46:14 | 00,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 18:45:54 | 00,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 18:45:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 18:45:32 | 00,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 18:45:28 | 00,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 18:45:12 | 00,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 18:44:08 | 00,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 18:44:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/01/10 09:26:00 | 00,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/12/03 18:41:50 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/03 08:00:45 | 00,001,107 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\QuickZip45.ini
[2008/11/06 13:07:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 13:04:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/10/03 06:04:11 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/03/01 14:14:59 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/11 07:40:36 | 00,009,654 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\wklnhst.dat
[2008/01/05 18:00:29 | 00,340,021 | ---- | C] () -- C:\Windows\System32\jpeg.dll
[2007/12/29 21:13:57 | 00,000,680 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2007/12/27 21:41:47 | 00,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\FnF4.txt
[2007/12/26 14:00:41 | 00,027,444 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\UserTile.png
[2007/12/25 22:17:26 | 00,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/12/25 15:01:34 | 00,099,328 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/25 14:48:34 | 00,143,236 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\nvModes.001
[2007/12/25 14:45:24 | 00,143,236 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\nvModes.dat
[2007/12/25 10:55:52 | 00,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\QSwitch.txt
[2007/12/25 10:55:52 | 00,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\DSwitch.txt
[2007/12/25 10:55:52 | 00,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Local\AtStart.txt
[2007/10/13 06:00:20 | 00,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/02 09:05:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:55:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 04:10:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/06 17:36:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Brad\Documents\Cats in the cradle singing When I see you smile.avi:TOC.WMV
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:7F4E393D
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CD15C3
< End of report >


OTL Extras logfile created on: 15/01/2010 4:40:52 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Brad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.57 Gb Total Space | 57.12 Gb Free Space | 40.92% Space Free | Partition Type: NTFS
Drive D: | 9.48 Gb Total Space | 1.19 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRAD-PC
Current User Name: Brad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6A2F0FD9-4DF8-4D0F-A324-CF66BC97B08E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C37354FC-E83A-4086-85E9-3BFCE0CF6F5A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0035ABB5-BC10-42A3-A30C-F7112F2F3EF5}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{07654D90-926D-45DD-A8D9-13C2AFD3E8A8}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{1C5490C8-8F41-43CA-BD08-AE96BFFEE10F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1D2E38F0-F627-420A-9E54-FFADA9D17428}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DC4346C-B358-46E0-94D1-CE1C5C15B599}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{3E43D31B-C534-49D1-B51D-5CDE4CC1EFBF}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{407DE0FF-1BAB-4AC2-82E7-2D58582D18D6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4BB88A28-7FA8-42E2-A1D4-5AD3CE4DD480}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{54E479EA-4002-448D-AC56-7371CBDABE9F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{576E5431-C927-4D07-80B9-9B7B5DDE7D07}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{5EBDA771-444E-40E0-B9C6-FC4747CBE05F}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{6E92C0D0-BE9E-4E44-9F5B-28EE2D04C203}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{6F94CC29-8971-4013-9655-659A4FE82A3B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7B96A3AA-FA11-4FFE-AA57-A5617855E055}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7C077A08-CD4D-4164-9ADB-4CAC3E9AA1C8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{83A225AD-AFEC-41D2-AB41-712D0737C6EC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{95E74C1E-9321-4CEF-92C8-007CA4B95D38}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{97C33967-11AF-4888-95E9-9C5ABA59135C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9A89DD1A-7F20-4BF7-9082-6EFDDA8D5889}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9EDC8986-9B49-4F38-A742-60F798DDB82C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A1E0FEDC-092C-49D9-9648-63BDD6997372}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B754BF81-1EF1-4DA7-8EF9-9366E0D85C5A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C262E1A1-5E54-410B-92B8-30473020886C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CA90157A-AA8C-4112-819E-BB336DDF4BB5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DB9ECD10-C863-4027-BCAE-F4FD7F22E10A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E94E0298-5400-4DFF-A844-6A7BE51B338E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F482307E-878D-47FD-A888-5EB48138BE67}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1CE975D2-718E-465d-BBCB-8655F097C120}" = SF_CDD_Software
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{215C2536-35C7-4602-9612-A8833FBE0E20}" = SF_CDD_ProductContext
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}" = HP User Guides 0060
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Digital Image Standard 2006 Editor
"{49B31157-6863-46AE-9CAF-05388D5D40A7}" = ESU for Microsoft Vista
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Digital Image Standard 2006 Library
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53933198-468C-437C-B8D8-1150B3102196}" = HP QuickTouch 1.00 C1
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{596A8F65-C705-4e68-B85E-CE0B45490712}" = HP Photosmart Appliance Printer Driver Software 8.0.D
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{755C609D-5792-4136-A0D8-0513E04D4EBE}" = HP Help and Support
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}" = PDF Manual NW-A800 Series
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9AF46AB7-DD4C-4C74-00BC-A618C5BA1D4C}" = Tiger Woods PGA TOUR 07
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B46E38DB-F929-4EA6-BBB1-BE9873A0F1F4}" = muvee Reveal
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C20B3C31-28CD-4732-AE45-A30F401AF91F}" = WALKMAN Launcher
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{d5f6de4a-c4e1-4bfe-8d53-378ff3fd2ed1}" = Nero 9
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}" = Video Downloader
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.7.2
"BlackBerry_{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"FrostWire" = FrostWire 4.18.3
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.1
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PictureItPrem_v12" = Microsoft Digital Image Standard 2006 Update
"PokerStars.net" = PokerStars.net
"Quick Zip_is1" = Quick Zip 4.60.018
"SMPlayer_is1" = SMPlayer 0.6.5.1
"SolSuite" = SolSuite
"Tiger Global Screensaver" = Tiger Global Screensaver
"Touratech QV 4_is1" = Touratech QV 4 Update
"uTorrent" = µTorrent
"VMidi" = vanBasco's Karaoke Player
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/04/2009 4:07:57 PM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8064.206, time stamp
0x498cf586, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0xc58, application start time
0x01c9bd32dd18dc1e.

Error - 16/04/2009 4:33:09 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24/04/2009 12:38:56 AM | Computer Name = Brad-PC | Source = Google Update | ID = 20
Description =

Error - 24/04/2009 6:25:57 PM | Computer Name = Brad-PC | Source = Application Error | ID = 1000
Description = Faulting application Ad-Aware.exe, version 7.1.0.12, time stamp 0x48c8d9be,
faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception
code 0xc0000005, fault offset 0x000bf285, process id 0x17dc, application start time
0x01c9c52b53fae387.

Error - 04/05/2009 12:31:32 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 04/05/2009 12:31:32 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 21/05/2009 4:20:24 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 21/05/2009 4:20:25 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/06/2009 10:30:37 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 02/06/2009 10:30:38 PM | Computer Name = Brad-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 17/03/2008 1:43:00 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/04/2008 8:35:00 PM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 18/04/2008 3:56:27 PM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 03/06/2008 9:04:05 PM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 22/10/2008 5:52:43 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/12/2008 2:41:43 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/12/2008 2:40:51 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 13/12/2008 4:00:41 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/12/2008 5:06:50 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/01/2010 4:24:00 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/01/2010 11:29:42 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/01/2010 9:16:29 AM | Computer Name = Brad-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.14 for the Network Card with network
address 001A73A2C172 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/01/2010 9:17:28 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/01/2010 9:18:08 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 13/01/2010 5:29:36 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13/01/2010 5:30:34 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/01/2010 3:43:35 PM | Computer Name = Brad-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:22:54 PM on 13/01/2010 was unexpected.

Error - 14/01/2010 3:44:58 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/01/2010 3:45:44 PM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-16 16:31:09
Windows 6.0.6002 Service Pack 2
Running: we0rhmd4.exe; Driver: C:\Users\Brad\AppData\Local\Temp\kxldqpob.sys


---- System - GMER 1.0.15 ----

SSDT 871C5110 ZwAlertResumeThread
SSDT 8F353B20 ZwAlertThread
SSDT 87D56AC8 ZwAllocateVirtualMemory
SSDT 8714FCF8 ZwAlpcConnectPort
SSDT 87309828 ZwAssignProcessToJobObject
SSDT 87DB4C68 ZwCreateMutant
SSDT 872E9008 ZwCreateSymbolicLinkObject
SSDT 87D556C0 ZwCreateThread
SSDT 87308B38 ZwDebugActiveProcess
SSDT 87D56CE0 ZwDuplicateObject
SSDT 87D56368 ZwFreeVirtualMemory
SSDT 87240120 ZwImpersonateAnonymousToken
SSDT 8723D118 ZwImpersonateThread
SSDT 8714A4F0 ZwLoadDriver
SSDT 87D56248 ZwMapViewOfSection
SSDT 872C7120 ZwOpenEvent
SSDT 87D56F40 ZwOpenProcess
SSDT 871B9D18 ZwOpenProcessToken
SSDT 872DC108 ZwOpenSection
SSDT 87D56DF0 ZwOpenThread
SSDT 872E7810 ZwProtectVirtualMemory
SSDT 8723C120 ZwResumeThread
SSDT 871B3120 ZwSetContextThread
SSDT 87D57F80 ZwSetInformationProcess
SSDT 872E54E0 ZwSetSystemInformation
SSDT 8723F118 ZwSuspendProcess
SSDT 871C8110 ZwSuspendThread
SSDT 8718F8B8 ZwTerminateProcess
SSDT 871C2068 ZwTerminateThread
SSDT 871B0110 ZwUnmapViewOfSection
SSDT 87D56738 ZwWriteVirtualMemory
SSDT 872E8EB0 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820EC860 8 Bytes [10, 51, 1C, 87, 20, 3B, 35, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820EC874 4 Bytes [C8, 6A, D5, 87] {ENTER 0xd56a, 0x87}
.text ntkrnlpa.exe!KeSetEvent + 13D 820EC880 4 Bytes [F8, FC, 14, 87] {CLC ; CLD ; ADC AL, 0x87}
.text ntkrnlpa.exe!KeSetEvent + 191 820EC8D4 4 Bytes [28, 98, 30, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820EC938 4 Bytes [68, 4C, DB, 87]
.text ...
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82729000]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CC0F380, 0x354CE2, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!CreateDialogParamW 767772A2 5 Bytes JMP 6C16DA10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!GetAsyncKeyState 7677863C 5 Bytes JMP 6C0890DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!SetWindowsHookExW 767787AD 5 Bytes JMP 6C1697FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!CallNextHookEx 76778E3B 5 Bytes JMP 6C15CE81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!UnhookWindowsHookEx 767798DB 5 Bytes JMP 6C0D4620 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!EnableWindow 7677CD8B 5 Bytes JMP 6C16D89D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!CreateWindowExW 76781305 5 Bytes JMP 6C16D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!GetKeyState 76788CB1 5 Bytes JMP 6C16CE4B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!IsDialogMessageW 76790745 5 Bytes JMP 6C09592F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!CreateDialogParamA 767917AA 5 Bytes JMP 6C265084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!IsDialogMessage 76791847 5 Bytes JMP 6C264920 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!CreateDialogIndirectParamA 767926F1 5 Bytes JMP 6C2650BB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!CreateDialogIndirectParamW 76799A62 5 Bytes JMP 6C2650F2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!SetKeyboardState 767A0987 5 Bytes JMP 6C264C8F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!DialogBoxParamW 767A10B0 5 Bytes JMP 6C09541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!DialogBoxIndirectParamW 767A2EF5 5 Bytes JMP 6C2643FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!SendInput 767A2F75 5 Bytes JMP 6C26584B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!EndDialog 767A326E 5 Bytes JMP 6C097DD6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!SetCursorPos 767B6FB2 5 Bytes JMP 6C26589F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!DialogBoxParamA 767B8152 5 Bytes JMP 6C26439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!DialogBoxIndirectParamA 767B847D 5 Bytes JMP 6C264462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!MessageBoxIndirectA 767CD4D9 5 Bytes JMP 6C264331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!MessageBoxIndirectW 767CD5D3 5 Bytes JMP 6C2642C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!MessageBoxExA 767CD639 5 Bytes JMP 6C264264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!MessageBoxExW 767CD65D 5 Bytes JMP 6C264202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] USER32.dll!keybd_event 767CD972 5 Bytes JMP 6C265BCF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] SHELL32.dll!SHRestricted + D95 757E8988 4 Bytes [4D, 30, 7B, 6F] {DEC EBP; XOR [EBX+0x6f], BH}
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] SHELL32.dll!SHRestricted + D9D 757E8990 8 Bytes [57, 2F, 7B, 6F, 9C, 5B, 7A, ...] {PUSH EDI; DAS ; JNP 0x73; PUSHF ; POP EBX; JP 0x77}
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] ole32.dll!OleLoadFromStream 765C1E12 5 Bytes JMP 6C264780 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5456] ole32.dll!CoCreateInstance 765F9EA6 5 Bytes JMP 6C16D6E0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!CreateWindowExW 76781305 5 Bytes JMP 6C16D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxParamW 767A10B0 5 Bytes JMP 6C09541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxIndirectParamW 767A2EF5 5 Bytes JMP 6C2643FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxParamA 767B8152 5 Bytes JMP 6C26439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!DialogBoxIndirectParamA 767B847D 5 Bytes JMP 6C264462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxIndirectA 767CD4D9 5 Bytes JMP 6C264331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxIndirectW 767CD5D3 5 Bytes JMP 6C2642C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxExA 767CD639 5 Bytes JMP 6C264264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5708] USER32.dll!MessageBoxExW 767CD65D 5 Bytes JMP 6C264202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73FACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3796] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6F7A1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6F7A007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6F79E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6F7A0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6F79EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6F79A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6F7A1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6F7A3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6F7A2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6F7A3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6F79FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6F79E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F79DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6F79FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F79D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6F7AFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6F7B051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6F7AEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6F7AF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6F7AEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6F7AE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6F7AED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6F7A007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6F79FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6F79E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6F79FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6F79E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6F7A1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6F79EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6F7A3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6F7A2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6F7A2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6F7A3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6F7A2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6F79BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6F7A173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6F79BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6F7A0F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6F7A14E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6F79ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6F79BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6F7A1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6F79C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6F7A103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6F79EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6F7A0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6F7A1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6F7A0921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6F79FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6F79A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6F79A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6F79E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6F79E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6F79FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6F79FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6F7A0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F79DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F79D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6F79D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6F79EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6F7A007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6F79C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6F79E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6F7A3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6F7A2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6F7A1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6F79BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6F79BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6F79E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6F7A2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6F7A2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6F7A3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6F7A23A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6F79BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6F79FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6F79FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6F79F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6F7AED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6F7AE43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6F7AEDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6F7AF9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6F7AE9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6F7AE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6F7AEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6F7B020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6F7AF4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6F7AEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6F7AFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6F7AF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6F7B051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6F7AFF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6F7B0085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6F7B0395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6F7AFDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6F7AF677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6F79CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6F7A2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6F7A0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6F79D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6F79D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F79DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6F79EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6F7A1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6F79E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6F79CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6F7A007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6F79A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6F7A0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6F7A3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6F7A3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6F79C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6F79BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6F7A1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6F79CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F79D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6F7A1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6F7A103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6F79EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6F79C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6F79BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6F7A09B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6F79C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6F79FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6F79E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6F79C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6F79FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6F79C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6F79F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6F79FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6F79F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6F7A65DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6F7A620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6F7A7595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6F7A60AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6F7A615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6F7A75E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6F7A6533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6F7A799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6F7A684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6F7A6E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6F7A6AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6F7A6B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6F7A7281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6F7A6716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6F7A71ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6F7A7021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6F7A7FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6F7A7159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6F7A68E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6F7A6BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6F7A6803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6F7A6F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6F7A63A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6F7A80BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6F7A8513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6F7A8176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6F7A7BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6F7A8235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6F7A697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6F7A6DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6F7A6D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6F7A731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6F7A6EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6F7A6C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6F7A6AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6F7A78EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6F7A63F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6F7A76D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6F7A8732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6F7A777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6F7A7831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6F7A667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6F7A7636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6F79BB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6F7A3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6F7A3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6F7A007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6F7A1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6F79A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6F79EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6F79C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6F79C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6F79E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6F79FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6F79BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6F79FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6F7A8235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6F7A81D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6F7A72CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6F7A75E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6F7A76D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6F7A65DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6F7A788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6F7A86D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6F7A78EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6F7A8732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6F7A6533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5456] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6F7982F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [827259B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 [827259B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [827259B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [827259B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort2 [827259B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort3 [827259B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf39f1e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf39f1e@0015dee6daa3 0x23 0x23 0x0A 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf39f1e@002106f247f1 0x3D 0xC9 0x1C 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf39f1e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf39f1e@0015dee6daa3 0x23 0x23 0x0A 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf39f1e@002106f247f1 0x3D 0xC9 0x1C 0x9C ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:59 AM

Posted 16 January 2010 - 04:54 PM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 bjswift

bjswift
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 17 January 2010 - 02:35 PM

Thanks Myri, I will re-format the computer. I was meaning to do it fo awhile now.

Thanks again

Brad

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:59 AM

Posted 17 January 2010 - 02:43 PM

Hi,

happy to hear. :( It's usually the safest solution.

If you need some information on how to backup your data and reformat please also read this:

Reformatting a hard disk deletes all data. You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.
Also see How to keep your Windows XP activation after clean install.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows pre-installed. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media.

If you need additional assistance with reformatting or have questions about multiple hard drives, you can start a new topic in the Windows XP Home and Professional forum. If you don't get a reply, please send me a PM and I will get someone to take a look.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:59 AM

Posted 23 January 2010 - 08:42 PM

Since the topic seems resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users