Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome not loading possible tdss or other rootkit


  • This topic is locked This topic is locked
2 replies to this topic

#1 sysygysd

sysygysd

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 11 April 2010 - 03:54 PM

Ok, where to start....

About 1 week ago, I noticed that Chrome would not load any pages. I went to their support site and tried a few fixes (uninstall/reinstall, profile refresh, etc..). Nothing worked. I then came here and read up on a few threads with similar issues. I also noticed that in IE8 my google results were being hijacked. But, not all the time, and, when the cache and cookies were cleared, the hijacking stopped for a little while. I found a thread about TDSS rootkit and tried the tdsskiller app from Kapersky?. It indicated that atapi.sys was infected. Yet, it could not repair the file. I have tried to replace atapi.sys several times using various methods (HBCD bootcd, safe mode, repair console from F8 menu). Nothing has worked so far. I have also used combofix to no avail. I will attach my HJT log and GMER log when someone helps me figure out how to attach them to this post. Also, I frequently use MBAM (update always prior to scan) and Spybot S&D. This is one tough bug...

before I forget...I am using Windows 7 (updates are current), IE8(updates current).
[codebox]GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-11 15:33:56
Windows 6.1.7600
Running: xgpuk650.exe; Driver: C:\Users\Todd\AppData\Local\Temp\afliiaob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x8D6BE730]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x8D6BE7E0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x8D6BE880]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x8D6BE920]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83237AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83237104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832373F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832202D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832371DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83237958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832376F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83237F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832381A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E505C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E75052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 518 82E7CB18 4 Bytes [30, E7, 6B, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 7E8 82E7CDE8 8 Bytes [E0, E7, 6B, 8D, 80, E8, 6B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 85C 82E7CE5C 4 Bytes JMP 04205BCC
.rsrc C:\Windows\System32\drivers\volmgrx.sys entry point in ".rsrc" section [0x83B22014]
.text peauth.sys A1ABDC9D 28 Bytes [0F, 1A, BE, 75, E1, D7, 0B, ...]
.text peauth.sys A1ABDCC1 28 Bytes [0F, 1A, BE, 75, E1, D7, 0B, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 77345360 5 Bytes JMP 004F000A
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!NtWriteVirtualMemory 77345EE0 5 Bytes JMP 0050000A
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 004E000A
.text C:\Windows\Explorer.EXE[3728] ntdll.dll!NtProtectVirtualMemory 77345360 5 Bytes JMP 0039000A
.text C:\Windows\Explorer.EXE[3728] ntdll.dll!NtWriteVirtualMemory 77345EE0 5 Bytes JMP 003A000A
.text C:\Windows\Explorer.EXE[3728] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 0038000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] ntdll.dll!NtProtectVirtualMemory 77345360 5 Bytes JMP 003B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] ntdll.dll!NtWriteVirtualMemory 77345EE0 5 Bytes JMP 003C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 003A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!CreateWindowExW 75E20E51 5 Bytes JMP 6A8680F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!DialogBoxIndirectParamW 75E44AA7 5 Bytes JMP 6A98F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!DialogBoxParamW 75E4564A 5 Bytes JMP 6A784B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!DialogBoxParamA 75E5CF6A 5 Bytes JMP 6A98F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!DialogBoxIndirectParamA 75E5D29C 5 Bytes JMP 6A98F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!MessageBoxIndirectA 75E6E8C9 5 Bytes JMP 6A98F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!MessageBoxIndirectW 75E6E9C3 5 Bytes JMP 6A98F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!MessageBoxExA 75E6EA29 5 Bytes JMP 6A98F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4336] USER32.dll!MessageBoxExW 75E6EA4D 5 Bytes JMP 6A98F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] ntdll.dll!NtProtectVirtualMemory 77345360 5 Bytes JMP 001E000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] ntdll.dll!NtWriteVirtualMemory 77345EE0 5 Bytes JMP 001F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 001D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!CreateDialogParamW 75E19BFF 5 Bytes JMP 6A7BC548 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!EnableWindow 75E1A72E 5 Bytes JMP 6A7BC4C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!GetAsyncKeyState 75E1C09A 5 Bytes JMP 6A77D6C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!UnhookWindowsHookEx 75E1CC7B 5 Bytes JMP 6A8782FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!CallNextHookEx 75E1CC8F 5 Bytes JMP 6A859D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!CreateWindowExW 75E20E51 5 Bytes JMP 6A8680F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!SetWindowsHookExW 75E2210A 5 Bytes JMP 6A8145DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!GetKeyState 75E24FDA 5 Bytes JMP 6A7BD73A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!IsDialogMessageW 75E26F06 5 Bytes JMP 6A78425C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!CreateDialogParamA 75E33E79 5 Bytes JMP 6A98FE19 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!IsDialogMessage 75E3407A 5 Bytes JMP 6A98F6BA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!CreateDialogIndirectParamA 75E39110 5 Bytes JMP 6A98FE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!CreateDialogIndirectParamW 75E408AD 5 Bytes JMP 6A98FE87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!DialogBoxIndirectParamW 75E44AA7 5 Bytes JMP 6A98F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!EndDialog 75E4555C 5 Bytes JMP 6A785AC1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!DialogBoxParamW 75E4564A 5 Bytes JMP 6A784B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!SetKeyboardState 75E46B52 5 Bytes JMP 6A98FA1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!SendInput 75E47055 5 Bytes JMP 6A9905E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!SetCursorPos 75E5C1D8 5 Bytes JMP 6A990640 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!DialogBoxParamA 75E5CF6A 5 Bytes JMP 6A98F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!DialogBoxIndirectParamA 75E5D29C 5 Bytes JMP 6A98F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!MessageBoxIndirectA 75E6E8C9 5 Bytes JMP 6A98F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!MessageBoxIndirectW 75E6E9C3 5 Bytes JMP 6A98F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!MessageBoxExA 75E6EA29 5 Bytes JMP 6A98F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!MessageBoxExW 75E6EA4D 5 Bytes JMP 6A98F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] USER32.dll!keybd_event 75E6EC9B 5 Bytes JMP 6A990973 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] SHELL32.dll!SHChangeNotification_Lock + 45BE 761BB3D8 4 Bytes [11, 36, 61, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] SHELL32.dll!SHChangeNotification_Lock + 45C6 761BB3E0 8 Bytes [5F, 35, 61, 73, D0, 73, 60, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] ole32.dll!OleLoadFromStream 76D75B88 5 Bytes JMP 6A98F576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7480] ole32.dll!CoCreateInstance 76DC57FC 5 Bytes JMP 6A868BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Acer\ALaunch\ALaunchSvc.exe[2436] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\ALaunch\ALaunchSvc.exe[2436] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\ALaunch\ALaunchSvc.exe[2436] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\ALaunch\ALaunchSvc.exe[2436] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\ALaunch\ALaunchSvc.exe[2436] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [753C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Acer\ALaunch\ALaunchSvc.exe[2436] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74132494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74115624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7413250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74128573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74124D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74128819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7412907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7412E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74124C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [735F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [73603932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73601ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [735FC028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [73603B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [7360595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [736047A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [73604EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [73601D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [735FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [735F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [73601BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [736006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [735FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [73601ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [73601A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [73600043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [73600CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [73603932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [73601BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [735F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [736006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [73601BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [73600CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [73602ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [735FF1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [735FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [735FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [73601A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [73601ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [73604EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [736047A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [735FDF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [736006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [73603932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [735FDCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [735FDE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [73600571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [735F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [73601D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [735FDBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [736041F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [7360595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [73604735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [73604B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [7360823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [736089C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [73608584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [73607E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [73608CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [736090D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [73607C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [73608D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [73607F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [7360794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [73607D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [73608898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [736086C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [73608760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [73607EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [73609B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [7360958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [736099D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [73608026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [73607F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [73607AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [736097FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [73607BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [73609C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [736098B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [736077ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [736096FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [736081EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [736080BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [73608286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [73608D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [73607DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [73608F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [7360892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [73609A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [736092E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [73609E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [73608E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [73607B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [73609029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [7360789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [736083BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [7360861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [73608A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [73608454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [736084EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [73609974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [73608EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [735FD9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [73600F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [73601904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [7360141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [73601A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [736009C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [735FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [735FF834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [735FF084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [736027FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [73601BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [735FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [735FEB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [735FE563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [73602ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [736027DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [735FE901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [73600043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [735FEE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [73601BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [73601A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [735F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[7480] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [735F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86142AC8

---- Threads - GMER 1.0.15 ----

Thread System [4:7396] A4085F2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_wmpnetwk.exe_2cf83ce93a6cebb5cc39ab16191bde487b7fce_14d89c9a

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\volmgrx.sys suspicious modification
File C:\Users\Todd\Desktop\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
[/codebox]

HJT
[codebox]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:43 PM, on 4/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Users\Todd\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Todd\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [cdloader] "C:\Users\Todd\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Todd\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c98d867d991e28) (gupdate1c98d867d991e28) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Services) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12755 bytes
[/codebox]

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:31 PM

Posted 15 April 2010 - 05:59 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Two infected system files. This is the new variant of TDSS, a rootkit which is very nasty.

We need to find a back up for the infected file volmgrx.sys so please run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    volmgrx.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:31 PM

Posted 19 April 2010 - 07:56 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users