Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

web search redirected/ possible trojan horse PSW.Generic7.AYUC


  • This topic is locked This topic is locked
18 replies to this topic

#1 matty312

matty312

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 06 January 2010 - 05:39 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/283687/trojan-horse-pswgeneric7ayuc/ ~ OB

been directed here from the am i infected forum. i did have trojan horse PSW.Generic7.AYUC ( may still have this ) popping up every 5 mins with avg resident shield & web links were being redirected.. i no longer have avg installed & replaced it with fix-it 10 professional. i dont get any pop ups now saying trojan horse PSW.Generic7.AYUC but im still getting web links redirected..

was told to run the below scans & post in this section cheers for any help..

cant get rootrepeal to install properly.. get an error report
20:46:30: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000ec)
20:46:31: DeviceIoControl Error! Error Code = 0x1e7
20:46:31: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000ec)

if i ignore the report & continue once everything is clicked & i press scan it comes up with

could not initialize driver! please contact the author




DDS (Ver_09-12-01.01) - NTFSx86
Run by mine at 20:32:57.65 on 06/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1024.504 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\CTsvcCDA.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask2.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\mine\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab

============= SERVICES / DRIVERS ===============

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-8-5 93872]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2010-1-5 203056]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-01-05 22:22:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 22:22:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 22:22:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 17:08:41 0 d-----w- c:\program files\common files\Windows Live
2010-01-05 13:11:32 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-01-05 13:11:26 0 d-----w- c:\programdata\BVRP Software
2010-01-05 13:07:34 0 d-sh--r- C:\_Backup.RC
2010-01-05 13:07:24 0 d--h--w- C:\_Backup
2010-01-05 13:01:02 0 d-----w- c:\users\mine\appdata\roaming\Avanquest
2010-01-05 13:01:01 0 d-----w- c:\programdata\Avanquest
2010-01-05 13:00:32 0 d-----w- c:\program files\common files\AntiVirus
2010-01-05 12:58:45 0 d-----w- c:\program files\Avanquest
2010-01-05 12:49:31 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-05 12:30:26 160529250 ----a-w- c:\windows\MEMORY.DMP
2010-01-05 12:23:19 65536 --sha-w- c:\users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TM.blf
2010-01-05 12:23:19 524288 --sha-w- c:\users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
2010-01-05 12:23:19 524288 --sha-w- c:\users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
2010-01-04 22:45:43 0 d-----w- c:\program files\ESET
2010-01-04 17:54:04 0 d-----w- c:\program files\UnHackMe
2010-01-03 01:50:36 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-03 01:24:59 0 d-----w- c:\programdata\SecTaskMan
2010-01-03 01:24:51 0 d-----w- c:\program files\Security Task Manager
2010-01-02 22:02:58 0 d-----w- c:\users\mine\appdata\roaming\Malwarebytes
2010-01-02 22:02:46 0 d-----w- c:\programdata\Malwarebytes
2010-01-02 14:49:23 65536 --sha-w- c:\users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TM.blf
2010-01-02 14:49:23 524288 --sha-w- c:\users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
2010-01-02 14:49:23 524288 --sha-w- c:\users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
2010-01-02 14:29:36 0 d-----w- c:\users\mine\appdata\roaming\iExpert Software
2010-01-02 14:29:21 0 d-----w- c:\program files\Registry Clean Expert
2010-01-02 10:44:13 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-02 10:44:13 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-01 23:46:06 65536 --sha-w- c:\users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TM.blf
2010-01-01 23:46:06 524288 --sha-w- c:\users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
2010-01-01 23:46:06 524288 --sha-w- c:\users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
2009-12-30 18:23:06 0 d-----w- c:\programdata\LightScribe
2009-12-27 09:30:04 0 d-----w- c:\users\mine\appdata\roaming\iWin
2009-12-27 09:29:16 0 d-----w- c:\program files\ReflexiveArcade
2009-12-27 09:12:14 0 d-----w- c:\program files\MSN Games
2009-12-19 19:42:11 0 d-----w- c:\programdata\vsosdk

==================== Find3M ====================

2010-01-05 12:20:55 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-29 18:57:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-12 01:39:57 87608 ----a-w- c:\users\mine\appdata\roaming\inst.exe
2009-11-12 01:39:57 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-12 01:39:57 47360 ----a-w- c:\users\mine\appdata\roaming\pcouffin.sys
2009-11-11 12:54:24 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-11 12:54:23 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22:37 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 04:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:34:53.75 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2009 11:54:45
System Uptime: 01/06/2010 17:24:56 (-3501 hours ago)

Motherboard: Supermicro | | P4SGR
Processor: IntelŪ PentiumŪ 4 CPU 2.80GHz | Socket 478 | 2798/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 38.974 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{DB1D8F12-95F3-402C-9B97-BC504C9A55C4}_LOCALMFG&000A\8&1B54F4&0&001DF61555F1_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{DB1D8F12-95F3-402C-9B97-BC504C9A55C4}_LOCALMFG&000A\8&1B54F4&0&001DF61555F1_C00000000
Service:

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\3&13C0B0C5&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\3&13C0B0C5&0
Service: i8042prt

==== System Restore Points ===================

RP69: 03/01/2010 01:49:32 - Installed SUPERAntiSpyware Free Edition
RP71: 04/01/2010 18:01:59 - RegRun Virus Scan
RP73: 04/01/2010 18:11:14 - RegRun Virus Scan
RP75: 04/01/2010 18:18:50 - RegRun Virus Scan
RP76: 04/01/2010 21:52:56 - Removed SUPERAntiSpyware Free Edition
RP77: 05/01/2010 12:13:10 - Restore Operation
RP79: 05/01/2010 12:37:05 - Avg8 Update
RP80: 05/01/2010 12:42:54 - Windows Update
RP81: 05/01/2010 12:52:27 - Installed Fix-It Utilities 10 Professional
RP82: 05/01/2010 17:04:30 - Windows Update
RP83: 05/01/2010 23:36:01 - Removed AVG Free 9.0
RP84: 05/01/2010 23:42:03 - Installed AVG Free 9.0

==== Installed Programs ======================

Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
BitTornado 0.3.17
CCleaner
Connect
ConvertXtoDVD 4.0.9.322
Creative ALchemy
Creative Audio Control Panel
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties
ESET Online Scanner v3
Fix-It Utilities 10 Professional
Java™ 6 Update 17
K-Lite Codec Pack 5.4.4 (Basic)
kuler
LimeWire PRO 5.2.4
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Premium
neroxml
PDF Settings CS4
Photoshop Camera Raw
PowerDVD
SpywareBlaster 4.2
Suite Shared Configuration CS4
WinRAR archiver
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

05/01/2010 23:47:04, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
05/01/2010 17:35:00, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows CardSpace service to connect.
05/01/2010 17:35:00, Error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/01/2010 13:01:12, Error: Service Control Manager [7030] - The Fix-It Task Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/01/2010 12:30:58, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x856ff5b0, 0x856ff71c, 0x82a357b0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010510-70671-01.
04/01/2010 17:59:41, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
04/01/2010 14:19:04, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user mine-PC\mine SID (S-1-5-21-361937448-3644859876-1079251922-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
04/01/2010 14:19:03, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user mine-PC\mine SID (S-1-5-21-361937448-3644859876-1079251922-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
04/01/2010 13:34:29, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
04/01/2010 09:51:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
04/01/2010 09:51:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
04/01/2010 09:50:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
04/01/2010 09:50:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
04/01/2010 09:50:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
04/01/2010 09:50:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
04/01/2010 09:50:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/01/2010 09:50:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
04/01/2010 09:50:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/01/2010 09:50:38, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
04/01/2010 09:50:34, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
03/01/2010 02:35:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 16:37:46
Windows 6.1.7600
Running: s8nxrpzo.exe; Driver: C:\Users\mine\AppData\Local\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

INT 0x30 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282ACA4
INT 0x38 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281BC6C

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 828768E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 828963B2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 96434C9D 28 Bytes [D5, B8, 6D, C4, C8, 85, AF, ...]
.text peauth.sys 96434CC1 28 Bytes [D5, B8, 6D, C4, C8, 85, AF, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[624] ole32.dll!CoCreateInstance 763957FC 5 Bytes JMP 0092000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExW 76050E51 5 Bytes JMP 6F597AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW 76074AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW 76074AA7 5 Bytes JMP 6F6E58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamW 7607564A 5 Bytes JMP 6F4B490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamA 7608CF6A 5 Bytes JMP 6F6E5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamA 7608D29C 5 Bytes JMP 6F6E590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectA 7609E8C9 5 Bytes JMP 6F6E57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectW 7609E9C3 5 Bytes JMP 6F6E5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExA 7609EA29 5 Bytes JMP 6F6E5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExW 7609EA4D 5 Bytes JMP 6F6E56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!OleLoadFromStream 76345B88 5 Bytes JMP 6F6E5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!CreateDialogParamW 76049BFF 5 Bytes JMP 6F4EC2C8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!EnableWindow 7604A72E 5 Bytes JMP 6F4EC243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!GetAsyncKeyState 7604C09A 5 Bytes JMP 6F4AD6D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!UnhookWindowsHookEx 7604CC7B 5 Bytes JMP 6F5A7E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!CallNextHookEx 7604CC8F 5 Bytes JMP 6F5894EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!CreateWindowExW 76050E51 5 Bytes JMP 6F597AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!SetWindowsHookExW 7605210A 5 Bytes JMP 6F544243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!GetKeyState 76054FDA 5 Bytes JMP 6F4ED47E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!IsDialogMessageW 76056F06 5 Bytes JMP 6F4B3FE8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!CreateDialogParamA 76063E79 5 Bytes JMP 6F6E61B3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!IsDialogMessage 7606407A 5 Bytes JMP 6F6E5BBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!CreateDialogIndirectParamA 76069110 5 Bytes JMP 6F6E61EA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!CreateDialogIndirectParamW 760708AD 5 Bytes JMP 6F6E6221 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxIndirectParamW 76074AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxIndirectParamW 76074AA7 5 Bytes JMP 6F6E58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!EndDialog 7607555C 5 Bytes JMP 6F4B5873 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxParamW 7607564A 5 Bytes JMP 6F4B490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!SetKeyboardState 76076B52 5 Bytes JMP 6F6E5F24 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!SendInput 76077055 5 Bytes JMP 6F6E68A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxParamA 7608CF6A 5 Bytes JMP 6F6E5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxIndirectParamA 7608D29C 5 Bytes JMP 6F6E590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!MessageBoxIndirectA 7609E8C9 5 Bytes JMP 6F6E57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!MessageBoxIndirectW 7609E9C3 5 Bytes JMP 6F6E5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!MessageBoxExA 7609EA29 5 Bytes JMP 6F6E5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!MessageBoxExW 7609EA4D 5 Bytes JMP 6F6E56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!keybd_event 7609EC9B 5 Bytes JMP 6F6E6AD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] SHELL32.dll!SHChangeNotification_Lock + 45BE 76D8B3D8 4 Bytes [11, 36, 81, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] SHELL32.dll!SHChangeNotification_Lock + 45C6 76D8B3E0 8 Bytes [5F, 35, 81, 73, D0, 73, 80, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] SHELL32.dll!SHChangeNotification_Lock + 495E 76D8B778 4 Bytes [11, 36, 81, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] SHELL32.dll!SHChangeNotification_Lock + 4966 76D8B780 4 Bytes [5F, 35, 81, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] SHELL32.dll!SHChangeNotification_Lock + 4F32 76D8BD4C 4 Bytes [11, 36, 81, 73]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] ole32.dll!OleLoadFromStream 76345B88 5 Bytes JMP 6F6E5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] ole32.dll!CoCreateInstance 763957FC 5 Bytes JMP 6F598595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!CreateDialogParamW 76049BFF 5 Bytes JMP 6F4EC2C8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!EnableWindow 7604A72E 5 Bytes JMP 6F4EC243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!GetAsyncKeyState 7604C09A 5 Bytes JMP 6F4AD6D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!UnhookWindowsHookEx 7604CC7B 5 Bytes JMP 6F5A7E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!CallNextHookEx 7604CC8F 5 Bytes JMP 6F5894EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!CreateWindowExW 76050E51 5 Bytes JMP 6F597AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!SetWindowsHookExW 7605210A 5 Bytes JMP 6F544243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!GetKeyState 76054FDA 5 Bytes JMP 6F4ED47E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!IsDialogMessageW 76056F06 5 Bytes JMP 6F4B3FE8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!CreateDialogParamA 76063E79 5 Bytes JMP 6F6E61B3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!IsDialogMessage 7606407A 5 Bytes JMP 6F6E5BBF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!CreateDialogIndirectParamA 76069110 5 Bytes JMP 6F6E61EA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!CreateDialogIndirectParamW 760708AD 5 Bytes JMP 6F6E6221 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxIndirectParamW 76074AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxIndirectParamW 76074AA7 5 Bytes JMP 6F6E58AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!EndDialog 7607555C 5 Bytes JMP 6F4B5873 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxParamW 7607564A 5 Bytes JMP 6F4B490B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!SetKeyboardState 76076B52 5 Bytes JMP 6F6E5F24 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!SendInput 76077055 5 Bytes JMP 6F6E68A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxParamA 7608CF6A 5 Bytes JMP 6F6E5848 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!DialogBoxIndirectParamA 7608D29C 5 Bytes JMP 6F6E590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!MessageBoxIndirectA 7609E8C9 5 Bytes JMP 6F6E57DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!MessageBoxIndirectW 7609E9C3 5 Bytes JMP 6F6E5772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!MessageBoxExA 7609EA29 5 Bytes JMP 6F6E5710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!MessageBoxExW 7609EA4D 5 Bytes JMP 6F6E56AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] USER32.dll!keybd_event 7609EC9B 5 Bytes JMP 6F6E6AD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] SHELL32.dll!SHChangeNotification_Lock + 45BE 76D8B3D8 4 Bytes [11, 36, 81, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] SHELL32.dll!SHChangeNotification_Lock + 45C6 76D8B3E0 8 Bytes [5F, 35, 81, 73, D0, 73, 80, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] SHELL32.dll!SHChangeNotification_Lock + 495E 76D8B778 4 Bytes [11, 36, 81, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] SHELL32.dll!SHChangeNotification_Lock + 4966 76D8B780 4 Bytes [5F, 35, 81, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] SHELL32.dll!SHChangeNotification_Lock + 4F32 76D8BD4C 4 Bytes [11, 36, 81, 73]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] ole32.dll!OleLoadFromStream 76345B88 5 Bytes JMP 6F6E5B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3448] ole32.dll!CoCreateInstance 763957FC 5 Bytes JMP 6F598595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74B1250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74B12494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74AF5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74AF56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74B08573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74B04D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74B050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74B051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74B066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74B082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74B08819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74B0907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74B0E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74B04C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C65D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2488] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C65D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C65D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2488] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C65D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2488] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C65D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2488] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75C65D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [73803932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73801ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [737FC028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [73803B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [7380595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [738047A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [73804EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [73801D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [737FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [738006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [737FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [73801ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [73801A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [73800043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [73800CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [73803932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [738006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [73800CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [73802ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [737FF1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [737FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [737FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [73801A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [73801ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [73804EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [738047A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [737FDF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [738006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [73803932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [737FDCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [737FDE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [73800571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [73801D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [737FDBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [738041F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [7380595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [73804735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [73804B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [7380823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [738089C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [73808584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [73807E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [73808CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [738090D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [73807C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [73808D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [73807F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [7380794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [73807D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [73808898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [738086C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [73808760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [73807EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [73809B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [7380958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [738099D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [73808026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [73807F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [73807AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [738097FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [73807BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [73809C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [738098B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [738077ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [738096FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [738081EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [738080BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [73808286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [73808D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [73807DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [73808F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [7380892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [73809A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [738092E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [73809E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [73808E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [73807B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [73809029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [7380789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [738083BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [7380861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [73808A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [73808454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [738084EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [73809974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [73808EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [737FD9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [73800F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [73801904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [7380141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [73801A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [738009C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [737FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [737FF834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [737FF084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [738027FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [737FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [737FEB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [737FE563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [73802ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [738027DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [737FE901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [73800043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [737FEE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [73801A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [73809974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [73809916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [73808A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [73808D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [73808E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [73807D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [73808FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [73809E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [73809029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [73809E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [73807C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2712] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [73803932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73801ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [737FC028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [73803B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [7380595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [738047A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [73804EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [73801D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [737FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [738006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [737FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [73801ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [73801A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [73800043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [73800CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [73803932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [738006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [73800CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [73802ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [737FF1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [737FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [737FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [73801A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [73801ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [73804EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [738047A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [737FDF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [738006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [73803932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [737FDCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [737FDE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [73800571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [73801D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [737FDBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [738041F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [7380595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [73804735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [73804B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [7380823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [738089C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [73808584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [73807E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [73808CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [738090D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [73807C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [73808D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [73807F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [7380794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [73807D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [73808898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [738086C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [73808760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [73807EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [73809B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [7380958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [738099D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [73808026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [73807F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [73807AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [738097FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [73807BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [73809C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [738098B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [738077ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [738096FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [738081EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [738080BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [73808286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [73808D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [73807DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [73808F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [7380892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [73809A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [738092E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [73809E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [73808E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [73807B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [73809029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [7380789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [738083BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [7380861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [73808A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [73808454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [738084EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [73809974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [73808EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [737FD9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [73800F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [73801904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [7380141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [73801A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [738009C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [737FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [737FF834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [737FF084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [738027FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [737FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [737FEB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [737FE563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [73802ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [738027DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [737FE901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [73800043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [737FEE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [73801BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [73801A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [73809974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [73809916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [73808A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [73808D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [73808E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [73807D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [73808FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [73809E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [73809029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [73809E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [73807C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3448] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [737F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00051658d06d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00051658d06d@001df61555f1 0xBA 0x33 0x3F 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00051658d06d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00051658d06d@001df61555f1 0xBA 0x33 0x3F 0xDA ...

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 06 January 2010 - 07:01 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 13 January 2010 - 05:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 matty312

matty312
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 January 2010 - 06:04 AM

thanks for gettting in touch but i think i may have fixed the problem of redirecting all the time on internet explorer.. tuesday it crashed & wouldn't boot up. when it did it restarted up in recovery console & tried to sort the problem out itself.. after 5 attempts of fixing itself it said windows cannot repair this computer.. it would not boot up just kept going to recovery console. so i started it in safe mode & it booted up. i then ran a scan with fix it 10 professional & it found a trojan-spy.win32.banker.ovo which it quarantined & 109 registry repairs which it fixed.. i then rebooted computer in normal mode & it booted up straight away, i am no longer getting redirected through internet explorer it just goes to where i ask it.. i dont know if the problem is solved totally but it seems to be working fine now..
i did recieve a message from microsoft which said
During the crash analysis, we noticed the basic input/output system (BIOS) version on this computer does not match the specifications for the central processing unit (CPU), also known as a processor, that is installed on your computer. This can occur when a newer processor is installed on an older system board or older BIOS. Using a BIOS that does not support the installed processor can result in Windows system crashes. Contact your computer manufacturer or motherboard manufacturer for an updated version of BIOS for your computer's processor.
is it possible to do any check to confirm if there is any problems still..

cheers wayne

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 14 January 2010 - 07:36 AM

Hi,

yes, we can check your logs, if you want to. smile.gif Please provide them in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 matty312

matty312
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 January 2010 - 08:05 AM

OTL logfile created on: 14/01/2010 12:56:42 - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\mine\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,024.00 Mb Total Physical Memory | 499.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 42.07 Gb Free Space | 55.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINE-PC
Current User Name: mine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/14 12:55:24 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\mine\Desktop\OTL.exe
PRC - [2009/12/03 23:40:32 | 00,050,456 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\Fix-It\MXTask2.exe
PRC - [2009/12/03 23:40:30 | 00,529,688 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\Fix-It\mxtask.exe
PRC - [2009/11/11 12:28:44 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/28 03:31:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/08 13:46:32 | 01,012,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2009/08/03 05:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 01:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/14 01:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/11/18 13:15:30 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/06/27 19:04:00 | 01,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2007/06/27 19:03:40 | 00,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/10/19 01:30:18 | 00,087,552 | ---- | M] () -- C:\Program Files\BitTornado\btdownloadgui.exe
PRC - [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/14 12:55:24 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\mine\Desktop\OTL.exe
MOD - [2009/12/03 23:36:22 | 00,053,248 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\Fix-It\errhook.dll
MOD - [2009/12/03 23:31:58 | 00,028,672 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\Fix-It\WinHook.dll
MOD - [2009/11/11 12:29:10 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/14 01:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:50 | 00,406,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
MOD - [2009/07/14 01:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 01:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avg9wd)
SRV - File not found [Auto | Stopped] -- -- (avg9emc)
SRV - [2009/12/03 23:40:30 | 00,529,688 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager)
SRV - [2009/11/28 05:46:49 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/11/12 00:27:04 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/11 12:53:38 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/09/08 13:46:32 | 01,012,040 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/07/14 01:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/11/18 13:15:30 | 00,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\System32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2010/01/13 00:22:53 | 00,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2009/11/12 01:39:57 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/16 02:11:56 | 01,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/08/10 20:06:28 | 00,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2009/08/05 15:58:40 | 00,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/15 09:17:58 | 00,203,056 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (sbtis)
DRV - [2009/07/14 01:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 00,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 01:20:36 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 23:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:50 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2009/07/13 22:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 20:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-361937448-3644859876-1079251922-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-361937448-3644859876-1079251922-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-361937448-3644859876-1079251922-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 02 89 F2 DD 93 CA 01 [binary data]
IE - HKU\S-1-5-21-361937448-3644859876-1079251922-1002\S-1-5-21-361937448-3644859876-1079251922-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/11/11 18:23:24 | 00,000,000 | ---D | M] -- C:\Users\mine\AppData\Roaming\Mozilla\Extensions
[2009/11/11 18:23:24 | 00,000,000 | ---D | M] -- C:\Users\mine\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-361937448-3644859876-1079251922-1002..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-361937448-3644859876-1079251922-1002..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-361937448-3644859876-1079251922-1002\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/14 12:55:15 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\mine\Desktop\OTL.exe
[2010/01/13 02:32:22 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/13 00:22:53 | 00,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2010/01/13 00:22:53 | 00,000,000 | ---D | C] -- C:\Users\mine\AppData\Local\eSupport.com
[2010/01/12 23:21:44 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 23:21:44 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/12 22:12:56 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/06 07:19:42 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2010/01/05 22:22:45 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/05 22:22:41 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/05 22:22:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/05 21:43:53 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mine\Desktop\zztoy.exe
[2010/01/05 21:40:05 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\mine\Desktop\TFC.exe
[2010/01/05 17:08:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/05 13:13:14 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software
[2010/01/05 13:11:32 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\sbtis.sys
[2010/01/05 13:11:26 | 00,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/01/05 13:07:34 | 00,000,000 | RHSD | C] -- C:\_Backup.RC
[2010/01/05 13:07:24 | 00,000,000 | -H-D | C] -- C:\_Backup
[2010/01/05 13:01:02 | 00,000,000 | ---D | C] -- C:\Users\mine\AppData\Roaming\Avanquest
[2010/01/05 13:01:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2010/01/05 13:00:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AntiVirus
[2010/01/05 12:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest
[2010/01/05 12:49:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/05 12:30:52 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/01/04 22:45:43 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/01/04 17:54:22 | 00,000,000 | ---D | C] -- C:\Users\mine\Documents\RegRun2
[2010/01/04 17:54:04 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/01/03 01:50:36 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/03 01:24:59 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/01/03 01:24:51 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/01/02 22:02:58 | 00,000,000 | ---D | C] -- C:\Users\mine\AppData\Roaming\Malwarebytes
[2010/01/02 22:02:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/02 14:29:36 | 00,000,000 | ---D | C] -- C:\Users\mine\AppData\Roaming\iExpert Software
[2010/01/02 10:44:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/01 23:30:01 | 00,000,000 | ---D | C] -- C:\Users\mine\AppData\Local\Power2Go
[2009/12/30 19:51:39 | 00,000,000 | ---D | C] -- C:\Users\mine\Documents\CyberLink
[2009/12/30 18:30:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/12/30 18:23:06 | 00,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2009/12/30 17:59:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2009/12/27 09:30:04 | 00,000,000 | ---D | C] -- C:\Users\mine\AppData\Roaming\iWin
[2009/12/27 09:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2009/12/27 09:12:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Games
[2009/12/21 11:02:29 | 00,000,000 | ---D | C] -- C:\Users\mine\AppData\Roaming\CyberLink
[2009/12/19 19:42:11 | 00,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2009/11/12 01:39:57 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\mine\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/01/14 13:00:57 | 02,359,296 | -HS- | M] () -- C:\Users\mine\ntuser.dat
[2010/01/14 12:55:24 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\mine\Desktop\OTL.exe
[2010/01/13 09:54:04 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 09:54:03 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/13 09:52:37 | 00,716,994 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/13 09:52:37 | 00,154,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/13 09:52:37 | 00,004,522 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/13 09:48:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/13 09:47:58 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/13 09:47:48 | 80,495,8208 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/13 02:37:24 | 02,521,587 | -H-- | M] () -- C:\Users\mine\AppData\Local\IconCache.db
[2010/01/13 00:42:34 | 00,333,982 | ---- | M] () -- C:\Users\mine\Desktop\4SGRA043.zip
[2010/01/13 00:22:53 | 00,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2010/01/12 23:52:43 | 00,524,288 | -HS- | M] () -- C:\Users\mine\ntuser.dat{88840d78-ffc7-11de-96e2-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/12 23:52:43 | 00,524,288 | -HS- | M] () -- C:\Users\mine\ntuser.dat{88840d78-ffc7-11de-96e2-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/12 23:52:43 | 00,065,536 | -HS- | M] () -- C:\Users\mine\ntuser.dat{88840d78-ffc7-11de-96e2-00051658d06d}.TM.blf
[2010/01/12 22:12:41 | 11,231,5138 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/09 10:59:43 | 00,001,041 | ---- | M] () -- C:\Users\mine\AppData\Roaming\vso_ts_preview.xml
[2010/01/05 22:22:50 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/05 21:44:02 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mine\Desktop\zztoy.exe
[2010/01/05 21:40:17 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\mine\Desktop\TFC.exe
[2010/01/05 13:05:38 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/05 13:05:38 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/05 12:40:15 | 00,057,560 | ---- | M] () -- C:\Users\mine\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/05 12:23:19 | 00,524,288 | -HS- | M] () -- C:\Users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/05 12:23:19 | 00,524,288 | -HS- | M] () -- C:\Users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/05 12:23:19 | 00,065,536 | -HS- | M] () -- C:\Users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TM.blf
[2010/01/02 14:49:23 | 00,524,288 | -HS- | M] () -- C:\Users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/02 14:49:23 | 00,524,288 | -HS- | M] () -- C:\Users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/02 14:49:23 | 00,065,536 | -HS- | M] () -- C:\Users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TM.blf
[2010/01/01 23:46:06 | 00,524,288 | -HS- | M] () -- C:\Users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/01 23:46:06 | 00,524,288 | -HS- | M] () -- C:\Users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/01 23:46:06 | 00,065,536 | -HS- | M] () -- C:\Users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TM.blf
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/19 18:31:17 | 00,001,186 | ---- | M] () -- C:\Users\mine\Desktop\ConvertXtoDVD 4.lnk

========== Files Created - No Company Name ==========

[2010/01/13 00:42:31 | 00,333,982 | ---- | C] () -- C:\Users\mine\Desktop\4SGRA043.zip
[2010/01/12 22:13:24 | 00,524,288 | -HS- | C] () -- C:\Users\mine\ntuser.dat{88840d78-ffc7-11de-96e2-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/12 22:13:23 | 00,524,288 | -HS- | C] () -- C:\Users\mine\ntuser.dat{88840d78-ffc7-11de-96e2-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/12 22:13:23 | 00,065,536 | -HS- | C] () -- C:\Users\mine\ntuser.dat{88840d78-ffc7-11de-96e2-00051658d06d}.TM.blf
[2010/01/05 22:22:50 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/05 13:05:38 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/01/05 13:05:38 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/01/05 12:30:26 | 11,231,5138 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/05 12:23:19 | 00,524,288 | -HS- | C] () -- C:\Users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/05 12:23:19 | 00,524,288 | -HS- | C] () -- C:\Users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/05 12:23:19 | 00,065,536 | -HS- | C] () -- C:\Users\mine\ntuser.dat{c60de97d-f980-11de-b704-00051658d06d}.TM.blf
[2010/01/02 14:49:23 | 00,524,288 | -HS- | C] () -- C:\Users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/02 14:49:23 | 00,524,288 | -HS- | C] () -- C:\Users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/02 14:49:23 | 00,065,536 | -HS- | C] () -- C:\Users\mine\ntuser.dat{f0e11faa-f787-11de-8b19-00051658d06d}.TM.blf
[2010/01/01 23:46:06 | 00,524,288 | -HS- | C] () -- C:\Users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TMContainer00000000000000000002.regtrans-ms
[2010/01/01 23:46:06 | 00,524,288 | -HS- | C] () -- C:\Users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TMContainer00000000000000000001.regtrans-ms
[2010/01/01 23:46:06 | 00,065,536 | -HS- | C] () -- C:\Users\mine\ntuser.dat{450ae330-f72d-11de-875f-00051658d06d}.TM.blf
[2009/11/17 15:04:02 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/17 15:04:02 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/17 12:30:37 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/12 01:41:55 | 00,001,041 | ---- | C] () -- C:\Users\mine\AppData\Roaming\vso_ts_preview.xml
[2009/11/12 01:41:26 | 00,000,034 | ---- | C] () -- C:\Users\mine\AppData\Roaming\pcouffin.log
[2009/11/12 01:39:57 | 00,087,608 | ---- | C] () -- C:\Users\mine\AppData\Roaming\inst.exe
[2009/11/12 01:39:57 | 00,007,887 | ---- | C] () -- C:\Users\mine\AppData\Roaming\pcouffin.cat
[2009/11/12 01:39:57 | 00,001,144 | ---- | C] () -- C:\Users\mine\AppData\Roaming\pcouffin.inf
[2009/11/11 12:08:51 | 00,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/11/11 12:08:51 | 00,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/16 06:50:54 | 00,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/07/13 23:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/11/13 06:07:24 | 00,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 05:20:30 | 00,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 05:25:42 | 00,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2005/03/08 06:17:00 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7B92815D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

OTL Extras logfile created on: 14/01/2010 12:56:42 - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\mine\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,024.00 Mb Total Physical Memory | 499.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): c:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 42.07 Gb Free Space | 55.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINE-PC
Current User Name: mine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 10 Professional
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Premium
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"AVG9Uninstall" = AVG Free 9.0
"BitTornado" = BitTornado 0.3.17
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DriverAgent.exe" = DriverAgent by eSupport.com
"ESET Online Scanner" = ESET Online Scanner v3
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
"LimeWire" = LimeWire PRO 5.2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"SpywareBlaster_is1" = SpywareBlaster 4.2
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/01/2010 18:18:11 | Computer Name = mine-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 12/01/2010 18:24:42 | Computer Name = mine-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d50 Start
Time: 01ca93d5b84ff3a0 Termination Time: 150 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 29f10ba1-ffc9-11de-96e2-00051658d06d

Error - 12/01/2010 18:27:03 | Computer Name = mine-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b40 Start
Time: 01ca93d5f44fc490 Termination Time: 141 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 96ffd7d1-ffc9-11de-96e2-00051658d06d

Error - 12/01/2010 18:31:46 | Computer Name = mine-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 848 Start
Time: 01ca93d6684537b0 Termination Time: 209 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 39c1a571-ffca-11de-96e2-00051658d06d

Error - 12/01/2010 20:12:20 | Computer Name = mine-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 12/01/2010 20:12:20 | Computer Name = mine-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 12/01/2010 20:55:04 | Computer Name = mine-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 12/01/2010 20:55:04 | Computer Name = mine-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 13/01/2010 05:52:34 | Computer Name = mine-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 13/01/2010 05:52:34 | Computer Name = mine-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ System Events ]
Error - 12/01/2010 20:08:09 | Computer Name = mine-PC | Source = Service Control Manager | ID = 7001
Description = The AVG Free E-mail Scanner service depends on the AVG Free WatchDog
service which failed to start because of the following error: %%2

Error - 12/01/2010 20:08:11 | Computer Name = mine-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 AvgTdiX

Error - 12/01/2010 20:50:49 | Computer Name = mine-PC | Source = Service Control Manager | ID = 7000
Description = The AVG Free WatchDog service failed to start due to the following
error: %%2

Error - 12/01/2010 20:50:55 | Computer Name = mine-PC | Source = Service Control Manager | ID = 7001
Description = The AVG Free E-mail Scanner service depends on the AVG Free WatchDog
service which failed to start because of the following error: %%2

Error - 12/01/2010 20:50:56 | Computer Name = mine-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 AvgTdiX

Error - 12/01/2010 20:51:21 | Computer Name = mine-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 13/01/2010 05:48:22 | Computer Name = mine-PC | Source = Service Control Manager | ID = 7000
Description = The AVG Free WatchDog service failed to start due to the following
error: %%2

Error - 13/01/2010 05:48:24 | Computer Name = mine-PC | Source = Service Control Manager | ID = 7001
Description = The AVG Free E-mail Scanner service depends on the AVG Free WatchDog
service which failed to start because of the following error: %%2

Error - 13/01/2010 05:48:27 | Computer Name = mine-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 AvgTdiX

Error - 13/01/2010 05:48:46 | Computer Name = mine-PC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 14 January 2010 - 08:10 AM

Hi,

please run ComboFix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 matty312

matty312
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 January 2010 - 09:31 AM

i dont think combifix is installing.. i double click the icon, a little box comes up saying combifix with a green bar below it. once the green bar is full it dissapears & does nothing

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 14 January 2010 - 09:38 AM

Hi,

please try the following:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • rename it to fun.com
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 matty312

matty312
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 January 2010 - 09:48 AM

its come up warning this is a beta version combifix meant for compatibility testing, under no circumstances should this be run on a live machine, click no to exit now... do i press yes to install or no???

Edited by matty312, 14 January 2010 - 09:49 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 14 January 2010 - 10:27 AM

Hi,

yes, sorry, I should have warned you about the additional warning.

It should be working fine though, please press yes and let it run.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 matty312

matty312
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 January 2010 - 10:55 AM

ComboFix 10-01-13.0C - mine 14/01/2010 15:37:31.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1024.494 [GMT 0:00]
Running from: c:\users\mine\Desktop\fun.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-485396332-4218298694-3102802977-1000
c:\users\mine\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 15:47 . 2010-01-14 15:47 -------- d-----w- c:\users\mine\AppData\Local\temp
2010-01-14 15:47 . 2010-01-14 15:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 00:22 . 2010-01-13 00:23 -------- d-----w- c:\users\mine\AppData\Local\eSupport.com
2010-01-13 00:22 . 2010-01-13 00:22 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-01-12 23:21 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:21 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 22:12 . 2010-01-12 22:12 -------- d-----w- C:\$AVG
2010-01-06 07:19 . 2010-01-06 07:19 -------- d-----w- c:\windows\Sun
2010-01-05 22:22 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 22:22 . 2010-01-05 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 22:22 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 17:08 . 2010-01-05 17:08 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-05 13:11 . 2009-07-15 09:17 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-01-05 13:11 . 2010-01-05 13:11 -------- d-----w- c:\programdata\BVRP Software
2010-01-05 13:07 . 2010-01-05 13:07 -------- d-----r- C:\_Backup.RC
2010-01-05 13:07 . 2010-01-14 15:34 -------- d-----w- C:\_Backup
2010-01-05 13:01 . 2010-01-05 13:13 -------- d-----w- c:\users\mine\AppData\Roaming\Avanquest
2010-01-05 13:01 . 2010-01-05 13:11 -------- d-----w- c:\programdata\Avanquest
2010-01-05 13:00 . 2010-01-05 13:11 -------- d-----w- c:\program files\Common Files\AntiVirus
2010-01-05 12:58 . 2010-01-05 12:58 -------- d-----w- c:\program files\Avanquest
2010-01-05 12:49 . 2010-01-05 12:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 12:39 . 2009-12-12 08:02 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-04 22:45 . 2010-01-04 22:45 -------- d-----w- c:\program files\ESET
2010-01-04 17:54 . 2010-01-05 12:19 -------- d-----w- c:\program files\UnHackMe
2010-01-03 01:50 . 2010-01-03 01:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-03 01:24 . 2010-01-12 23:16 -------- d-----w- c:\programdata\SecTaskMan
2010-01-03 01:24 . 2010-01-05 12:19 -------- d-----w- c:\program files\Security Task Manager
2010-01-02 22:02 . 2010-01-02 22:02 -------- d-----w- c:\users\mine\AppData\Roaming\Malwarebytes
2010-01-02 22:02 . 2010-01-02 22:02 -------- d-----w- c:\programdata\Malwarebytes
2010-01-02 14:29 . 2010-01-02 14:29 -------- d-----w- c:\users\mine\AppData\Roaming\iExpert Software
2010-01-02 10:44 . 2010-01-05 12:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-01 23:30 . 2010-01-01 23:30 -------- d-----w- c:\users\mine\AppData\Local\Power2Go
2009-12-30 19:52 . 2010-01-05 12:19 -------- d-----w- c:\users\Public\CyberLink
2009-12-30 18:30 . 2009-12-30 18:30 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-30 18:23 . 2009-12-30 18:23 -------- d-----w- c:\programdata\LightScribe
2009-12-30 17:59 . 2010-01-05 12:22 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-27 09:30 . 2009-12-27 09:30 -------- d-----w- c:\users\mine\AppData\Roaming\iWin
2009-12-27 09:29 . 2009-12-27 09:29 -------- d-----w- c:\program files\ReflexiveArcade
2009-12-27 09:12 . 2009-12-27 09:25 -------- d-----w- c:\program files\MSN Games
2009-12-21 11:02 . 2010-01-01 23:13 -------- d-----w- c:\users\mine\AppData\Roaming\CyberLink
2009-12-19 19:42 . 2009-12-19 19:42 -------- d-----w- c:\programdata\vsosdk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 06:07 . 2009-11-11 18:14 -------- d-----w- c:\users\mine\AppData\Roaming\.BitTornado
2010-01-13 06:07 . 2009-11-12 00:59 -------- d-----w- c:\programdata\FLEXnet
2010-01-13 06:07 . 2009-11-11 12:25 -------- d-----w- c:\program files\CCleaner
2010-01-13 06:04 . 2009-11-11 18:22 -------- d-----w- c:\users\mine\AppData\Roaming\LimeWire
2010-01-13 06:04 . 2009-11-11 12:28 -------- d-----w- c:\program files\AVG
2010-01-13 02:24 . 2009-11-11 12:21 -------- d-----w- c:\program files\SpywareBlaster
2010-01-12 22:12 . 2009-11-11 12:28 -------- d-----w- c:\programdata\avg9
2010-01-09 10:59 . 2009-11-12 01:39 -------- d-----w- c:\users\mine\AppData\Roaming\Vso
2010-01-05 12:40 . 2009-11-11 14:25 57560 ----a-w- c:\users\mine\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-05 12:20 . 2009-11-12 17:27 -------- d-----w- c:\program files\CyberLink
2010-01-05 12:20 . 2009-11-11 12:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 12:19 . 2009-11-12 17:27 -------- d-----w- c:\programdata\CyberLink
2010-01-02 14:22 . 2009-11-17 12:50 -------- d-----w- c:\users\mine\AppData\Roaming\Uniblue
2009-12-06 23:52 . 2009-12-06 23:52 -------- d-----w- c:\users\mine\AppData\Roaming\Yahoo!
2009-12-06 10:53 . 2009-12-06 10:50 -------- d-----w- c:\programdata\Skype
2009-12-06 10:48 . 2009-11-11 18:20 -------- d-----w- c:\program files\Java
2009-11-29 18:57 . 2009-11-29 18:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-29 18:24 . 2009-11-12 00:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-28 05:46 . 2009-11-11 12:52 -------- d-----w- c:\program files\Creative
2009-11-28 05:44 . 2009-11-28 05:42 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-28 05:43 . 2009-11-11 12:09 -------- d-----w- c:\programdata\Creative
2009-11-28 05:42 . 2009-11-28 05:42 -------- d-----w- c:\program files\Common Files\Creative
2009-11-28 05:36 . 2009-11-28 05:24 37634288 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.26.02__\CMS5_PCAPP_LB_5_26_02.exe
2009-11-17 15:04 . 2009-11-17 15:04 -------- d-----w- c:\program files\Xvid
2009-11-17 14:07 . 2009-11-17 12:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-17 13:22 . 2009-11-11 19:15 -------- d-----w- c:\users\mine\AppData\Roaming\Ahead
2009-11-17 13:18 . 2009-11-17 13:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-17 12:42 . 2009-11-17 12:42 -------- d-----w- c:\users\mine\AppData\Roaming\Media Player Classic
2009-11-17 12:28 . 2009-11-11 16:15 -------- d-----w- c:\program files\ffdshow
2009-11-16 14:12 . 2009-11-16 14:12 -------- d--h--w- c:\programdata\CanonBJ
2009-11-12 01:39 . 2009-11-12 01:39 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-12 01:39 . 2009-11-12 01:39 47360 ----a-w- c:\users\mine\AppData\Roaming\pcouffin.sys
2009-11-12 01:39 . 2009-11-12 01:39 47360 ----a-w- c:\users\mine\AppData\Roaming\pcouffin.sys
2009-11-11 13:53 . 2009-11-11 13:36 54743966 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource Player_Organizer 3.30.21__\CMS_PCAPP_LB_3_30_21.exe
2009-11-11 13:36 . 2009-11-11 13:33 8512328 ----a-w- c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2009-11-11 12:54 . 2009-11-11 12:54 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-11 12:54 . 2009-11-11 12:54 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-11 12:29 . 2009-11-11 12:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-02 20:42 . 2009-11-11 12:22 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-26 00:47 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

R1 SBRE;SBRE;c:\windows\System32\drivers\SBREDrv.sys [05/08/2009 15:58 93872]
R1 sbtis;sbtis;c:\windows\System32\drivers\sbtis.sys [05/01/2010 13:11 203056]
R2 sbapifs;sbapifs;c:\windows\System32\drivers\sbapifs.sys [10/08/2009 20:06 69936]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [28/11/2009 05:46 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/11/2009 12:53 79360]
S3 DrvAgent32;DrvAgent32;c:\windows\System32\drivers\DrvAgent32.sys [13/01/2010 00:22 23456]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-14 15:51:39
ComboFix-quarantined-files.txt 2010-01-14 15:51

Pre-Run: 45,088,006,144 bytes free
Post-Run: 45,017,567,232 bytes free

- - End Of File - - 2966DD6EF4B3F78D7BCAF61878BB37E3


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 14 January 2010 - 11:06 AM

Hi,

are you still getting redirected?

Please run the following script:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Folder::
c:\programdata\vsosdk


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 matty312

matty312
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 January 2010 - 11:35 AM

ComboFix 10-01-13.0C - mine 14/01/2010 16:19:39.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1024.595 [GMT 0:00]
Running from: c:\users\mine\Desktop\fun.com
Command switches used :: c:\users\mine\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\vsosdk
c:\programdata\vsosdk\A1425ACA09E4DFCD4B8FEF9520BFE27D17E20AA50F759E1B767FBF2CD426E244.vsoact

.
((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 16:28 . 2010-01-14 16:29 -------- d-----w- c:\users\mine\AppData\Local\temp
2010-01-14 16:28 . 2010-01-14 16:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-14 16:28 . 2010-01-14 16:28 -------- d-----w- c:\users\me\AppData\Local\temp
2010-01-14 16:28 . 2010-01-14 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-14 16:17 . 2010-01-14 16:18 -------- d-----w- C:\32788R22FWJFW
2010-01-13 00:22 . 2010-01-13 00:23 -------- d-----w- c:\users\mine\AppData\Local\eSupport.com
2010-01-13 00:22 . 2010-01-13 00:22 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-01-12 23:21 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 23:21 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 22:12 . 2010-01-12 22:12 -------- d-----w- C:\$AVG
2010-01-06 07:19 . 2010-01-06 07:19 -------- d-----w- c:\windows\Sun
2010-01-05 22:22 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 22:22 . 2010-01-05 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-05 22:22 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 17:08 . 2010-01-05 17:08 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-05 13:11 . 2009-07-15 09:17 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2010-01-05 13:11 . 2010-01-05 13:11 -------- d-----w- c:\programdata\BVRP Software
2010-01-05 13:07 . 2010-01-05 13:07 -------- d-----r- C:\_Backup.RC
2010-01-05 13:07 . 2010-01-14 15:34 -------- d-----w- C:\_Backup
2010-01-05 13:01 . 2010-01-05 13:13 -------- d-----w- c:\users\mine\AppData\Roaming\Avanquest
2010-01-05 13:01 . 2010-01-05 13:11 -------- d-----w- c:\programdata\Avanquest
2010-01-05 13:00 . 2010-01-05 13:11 -------- d-----w- c:\program files\Common Files\AntiVirus
2010-01-05 12:58 . 2010-01-05 12:58 -------- d-----w- c:\program files\Avanquest
2010-01-05 12:49 . 2010-01-05 12:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 12:39 . 2009-12-12 08:02 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-01-04 22:45 . 2010-01-04 22:45 -------- d-----w- c:\program files\ESET
2010-01-04 17:54 . 2010-01-05 12:19 -------- d-----w- c:\program files\UnHackMe
2010-01-03 01:50 . 2010-01-03 01:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-03 01:24 . 2010-01-12 23:16 -------- d-----w- c:\programdata\SecTaskMan
2010-01-03 01:24 . 2010-01-05 12:19 -------- d-----w- c:\program files\Security Task Manager
2010-01-02 22:02 . 2010-01-02 22:02 -------- d-----w- c:\users\mine\AppData\Roaming\Malwarebytes
2010-01-02 22:02 . 2010-01-02 22:02 -------- d-----w- c:\programdata\Malwarebytes
2010-01-02 14:29 . 2010-01-02 14:29 -------- d-----w- c:\users\mine\AppData\Roaming\iExpert Software
2010-01-02 10:44 . 2010-01-05 12:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-01 23:30 . 2010-01-01 23:30 -------- d-----w- c:\users\mine\AppData\Local\Power2Go
2009-12-30 19:52 . 2010-01-05 12:19 -------- d-----w- c:\users\Public\CyberLink
2009-12-30 18:30 . 2009-12-30 18:30 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-30 18:23 . 2009-12-30 18:23 -------- d-----w- c:\programdata\LightScribe
2009-12-30 17:59 . 2010-01-05 12:22 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-27 09:30 . 2009-12-27 09:30 -------- d-----w- c:\users\mine\AppData\Roaming\iWin
2009-12-27 09:29 . 2009-12-27 09:29 -------- d-----w- c:\program files\ReflexiveArcade
2009-12-27 09:12 . 2009-12-27 09:25 -------- d-----w- c:\program files\MSN Games
2009-12-21 11:02 . 2010-01-01 23:13 -------- d-----w- c:\users\mine\AppData\Roaming\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 06:07 . 2009-11-11 18:14 -------- d-----w- c:\users\mine\AppData\Roaming\.BitTornado
2010-01-13 06:07 . 2009-11-12 00:59 -------- d-----w- c:\programdata\FLEXnet
2010-01-13 06:07 . 2009-11-11 12:25 -------- d-----w- c:\program files\CCleaner
2010-01-13 06:04 . 2009-11-11 18:22 -------- d-----w- c:\users\mine\AppData\Roaming\LimeWire
2010-01-13 06:04 . 2009-11-11 12:28 -------- d-----w- c:\program files\AVG
2010-01-13 02:24 . 2009-11-11 12:21 -------- d-----w- c:\program files\SpywareBlaster
2010-01-12 22:12 . 2009-11-11 12:28 -------- d-----w- c:\programdata\avg9
2010-01-09 10:59 . 2009-11-12 01:39 -------- d-----w- c:\users\mine\AppData\Roaming\Vso
2010-01-05 12:40 . 2009-11-11 14:25 57560 ----a-w- c:\users\mine\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-05 12:20 . 2009-11-12 17:27 -------- d-----w- c:\program files\CyberLink
2010-01-05 12:20 . 2009-11-11 12:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 12:19 . 2009-11-12 17:27 -------- d-----w- c:\programdata\CyberLink
2010-01-02 14:22 . 2009-11-17 12:50 -------- d-----w- c:\users\mine\AppData\Roaming\Uniblue
2009-12-06 23:52 . 2009-12-06 23:52 -------- d-----w- c:\users\mine\AppData\Roaming\Yahoo!
2009-12-06 10:53 . 2009-12-06 10:50 -------- d-----w- c:\programdata\Skype
2009-12-06 10:48 . 2009-11-11 18:20 -------- d-----w- c:\program files\Java
2009-11-29 18:57 . 2009-11-29 18:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-29 18:24 . 2009-11-12 00:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-28 05:46 . 2009-11-11 12:52 -------- d-----w- c:\program files\Creative
2009-11-28 05:44 . 2009-11-28 05:42 -------- d--h--w- c:\program files\Creative Installation Information
2009-11-28 05:43 . 2009-11-11 12:09 -------- d-----w- c:\programdata\Creative
2009-11-28 05:42 . 2009-11-28 05:42 -------- d-----w- c:\program files\Common Files\Creative
2009-11-28 05:36 . 2009-11-28 05:24 37634288 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.26.02__\CMS5_PCAPP_LB_5_26_02.exe
2009-11-17 15:04 . 2009-11-17 15:04 -------- d-----w- c:\program files\Xvid
2009-11-17 14:07 . 2009-11-17 12:30 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-17 13:22 . 2009-11-11 19:15 -------- d-----w- c:\users\mine\AppData\Roaming\Ahead
2009-11-17 13:18 . 2009-11-17 13:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-17 12:42 . 2009-11-17 12:42 -------- d-----w- c:\users\mine\AppData\Roaming\Media Player Classic
2009-11-17 12:28 . 2009-11-11 16:15 -------- d-----w- c:\program files\ffdshow
2009-11-16 14:12 . 2009-11-16 14:12 -------- d--h--w- c:\programdata\CanonBJ
2009-11-12 01:39 . 2009-11-12 01:39 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-12 01:39 . 2009-11-12 01:39 47360 ----a-w- c:\users\mine\AppData\Roaming\pcouffin.sys
2009-11-12 01:39 . 2009-11-12 01:39 47360 ----a-w- c:\users\mine\AppData\Roaming\pcouffin.sys
2009-11-11 13:53 . 2009-11-11 13:36 54743966 ----a-w- c:\programdata\Creative\Software Update\cache\Creative MediaSource Player_Organizer 3.30.21__\CMS_PCAPP_LB_3_30_21.exe
2009-11-11 13:36 . 2009-11-11 13:33 8512328 ----a-w- c:\programdata\Creative\Software Update\cache\Creative ALchemy 1.25.10__\ALMY_PCVTAPP_LB_1_25_10.exe
2009-11-11 12:54 . 2009-11-11 12:54 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-11 12:54 . 2009-11-11 12:54 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-11-11 12:29 . 2009-11-11 12:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-02 20:42 . 2009-11-11 12:22 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-26 00:47 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-14_15.47.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-01-12 23:01 . 2010-01-14 15:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-12 23:01 . 2010-01-14 16:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 23:01 . 2010-01-14 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-01-12 23:01 . 2010-01-14 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-01-12 23:01 . 2010-01-14 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-12 23:01 . 2010-01-14 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-11-11 12:05 . 2010-01-14 16:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-11 12:05 . 2010-01-14 15:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

R1 SBRE;SBRE;c:\windows\System32\drivers\SBREDrv.sys [05/08/2009 15:58 93872]
R1 sbtis;sbtis;c:\windows\System32\drivers\sbtis.sys [05/01/2010 13:11 203056]
R2 SBAMSvc;Fix-It;c:\program files\Common Files\AntiVirus\SBAMSvc.exe [08/09/2009 13:46 1012040]
R2 sbapifs;sbapifs;c:\windows\System32\drivers\sbapifs.sys [10/08/2009 20:06 69936]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [28/11/2009 05:46 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/11/2009 12:53 79360]
S3 DrvAgent32;DrvAgent32;c:\windows\System32\drivers\DrvAgent32.sys [13/01/2010 00:22 23456]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-14 16:32:42
ComboFix-quarantined-files.txt 2010-01-14 16:32
ComboFix2.txt 2010-01-14 15:51

Pre-Run: 45,083,185,152 bytes free
Post-Run: 45,037,965,312 bytes free

- - End Of File - - 11F46B0637AEFC99CD8ADF541A2D63DF


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 14 January 2010 - 11:47 AM

Hi,

are you still getting redirected?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 matty312

matty312
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 14 January 2010 - 11:54 AM

no not getting redirected that stopped the other day when my antivirus found trojan-spy.win32.banker.ovo & removed it...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users