Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Yahoo redirect malware/virus - please help!


  • This topic is locked This topic is locked
14 replies to this topic

#1 Canadian GRiNGo

Canadian GRiNGo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 10 June 2010 - 02:35 PM

Hello, when I search with Yahoo the links I click on take me to result.yahoo.ca and then redirects. If I click back and then try again I get my destination fine. Google is also bad. I have run Malwarebytes and a host of others,..all to no end.
I have run these programs with log files and was told to post here.
Thanks you for your help in advance.

GooredFix by jpshortstuff (08.01.10.1)
Log created at 06:26 on 10/06/2010 (Grigo68)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-10 06:33:59
Windows 6.1.7600
Running: 2gqvgqfd.exe; Driver: C:\Users\Grigo68\AppData\Local\Temp\ugroqpod.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E132D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E12898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2B1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A43599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A67F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 98E36C9D 28 Bytes [55, 85, 2F, 40, 8B, 03, E8, ...]
.text peauth.sys 98E36CC1 28 Bytes [55, 85, 2F, 40, 8B, 03, E8, ...]
PAGE peauth.sys 98E3CB9B 72 Bytes [CE, DC, 07, 54, F4, 2B, 0E, ...]
PAGE peauth.sys 98E3CBEC 104 Bytes [A7, B4, 33, 3F, 7F, 70, E5, ...]
PAGE peauth.sys 98E3CC55 6 Bytes [13, AC, 74, DB, 67, CB]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!CreateWindowExW 77A50E51 5 Bytes JMP 6BCF80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!DialogBoxIndirectParamW 77A74AA7 5 Bytes JMP 6BE1F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!DialogBoxParamW 77A7564A 5 Bytes JMP 6BC14B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!DialogBoxParamA 77A8CF6A 5 Bytes JMP 6BE1F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!DialogBoxIndirectParamA 77A8D29C 5 Bytes JMP 6BE1F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!MessageBoxIndirectA 77A9E8C9 5 Bytes JMP 6BE1F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!MessageBoxIndirectW 77A9E9C3 5 Bytes JMP 6BE1F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!MessageBoxExA 77A9EA29 5 Bytes JMP 6BE1F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[428] USER32.dll!MessageBoxExW 77A9EA4D 5 Bytes JMP 6BE1F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!CreateDialogParamW 77A49BFF 5 Bytes JMP 6BC4C548 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!EnableWindow 77A4A72E 5 Bytes JMP 6BC4C4C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!GetAsyncKeyState 77A4C09A 5 Bytes JMP 6BC0D6C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!UnhookWindowsHookEx 77A4CC7B 5 Bytes JMP 6BD082FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!CallNextHookEx 77A4CC8F 5 Bytes JMP 6BCE9D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!CreateWindowExW 77A50E51 5 Bytes JMP 6BCF80F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!SetWindowsHookExW 77A5210A 5 Bytes JMP 6BCA45DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!GetKeyState 77A54FDA 5 Bytes JMP 6BC4D73A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!IsDialogMessageW 77A56F06 5 Bytes JMP 6BC1425C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!CreateDialogParamA 77A63E79 5 Bytes JMP 6BE1FE19 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!IsDialogMessage 77A6407A 5 Bytes JMP 6BE1F6BA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!CreateDialogIndirectParamA 77A69110 5 Bytes JMP 6BE1FE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!CreateDialogIndirectParamW 77A708AD 5 Bytes JMP 6BE1FE87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!DialogBoxIndirectParamW 77A74AA7 5 Bytes JMP 6BE1F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!EndDialog 77A7555C 5 Bytes JMP 6BC15AC1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!DialogBoxParamW 77A7564A 5 Bytes JMP 6BC14B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!SetKeyboardState 77A76B52 5 Bytes JMP 6BE1FA1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!SendInput 77A77055 5 Bytes JMP 6BE205E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!SetCursorPos 77A8C1D8 5 Bytes JMP 6BE20640 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!DialogBoxParamA 77A8CF6A 5 Bytes JMP 6BE1F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!DialogBoxIndirectParamA 77A8D29C 5 Bytes JMP 6BE1F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!MessageBoxIndirectA 77A9E8C9 5 Bytes JMP 6BE1F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!MessageBoxIndirectW 77A9E9C3 5 Bytes JMP 6BE1F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!MessageBoxExA 77A9EA29 5 Bytes JMP 6BE1F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!MessageBoxExW 77A9EA4D 5 Bytes JMP 6BE1F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] USER32.dll!keybd_event 77A9EC9B 5 Bytes JMP 6BE20973 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] SHELL32.dll!SHChangeNotification_Lock + 45BA 769CB3E8 4 Bytes [11, 36, 5E, 6F] {ADC [ESI], ESI; POP ESI; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[448] SHELL32.dll!SHChangeNotification_Lock + 45C2 769CB3F0 8 Bytes [5F, 35, 5E, 6F, D0, 73, 5D, ...] {POP EDI; XOR EAX, 0x73d06f5e; POP EBP; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[448] ole32.dll!OleLoadFromStream 77585B88 5 Bytes JMP 6BE1F576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[448] ole32.dll!CoCreateInstance 775D57FC 5 Bytes JMP 6BCF8BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6F5C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6F5D3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6F5D1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6F5CC028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6F5D3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6F5D595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6F5D47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6F5D4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6F5D1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F5CF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6F5C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6F5D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6F5D06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F5CFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6F5D1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6F5D1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6F5D0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6F5D0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6F5D3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6F5D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6F5C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6F5D06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6F5D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6F5D0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6F5D2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6F5CF1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F5CF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F5CFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6F5D1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6F5D1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6F5D4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6F5D47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6F5CDF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6F5D06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6F5D3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6F5CDCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6F5CDE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6F5D0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6F5C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6F5D1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6F5CDBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6F5D41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6F5D595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6F5D4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6F5D4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6F5D823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6F5D89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6F5D8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6F5D7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6F5D8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6F5D90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6F5D7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6F5D8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6F5D7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6F5D794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6F5D7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6F5D8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6F5D86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6F5D8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6F5D7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6F5D9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6F5D958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6F5D99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6F5D8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6F5D7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6F5D7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6F5D97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6F5D7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6F5D9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6F5D98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6F5D77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6F5D96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6F5D81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6F5D80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6F5D8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6F5D8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6F5D7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6F5D8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6F5D892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6F5D9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6F5D92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6F5D9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6F5D8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6F5D7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6F5D9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6F5D789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6F5D83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6F5D861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6F5D8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6F5D8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6F5D84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6F5D9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6F5D8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6F5CD9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6F5D0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6F5D1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6F5D141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6F5D1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6F5D09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6F5CFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6F5CF834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6F5CF084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6F5D27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6F5D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6F5CF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6F5CEB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6F5CE563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6F5D2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6F5D27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6F5CE901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6F5D0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6F5CEE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6F5D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6F5D1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6F5C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6F5D9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6F5D9916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6F5D8A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6F5D8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6F5D8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6F5D7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6F5D8FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6F5D9E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6F5D9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6F5D9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6F5D7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6F5C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[448] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6F5C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2668] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75BB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2668] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75BB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2668] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75BB5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000003e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----





DDS (Ver_10-03-17.01) - NTFSx86
Run by Grigo68 at 13:27:42.27 on Thu 06/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.2141 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Grigo68\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.ca/
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
StartupFolder: c:\users\grigo68\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-3-12 30576]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-18 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]

=============== Created Last 30 ================

2010-06-10 19:24:12 0 ----a-w- c:\users\grigo68\defogger_reenable
2010-06-09 20:38:23 0 d-sh--w- C:\$RECYCLE.BIN
2010-06-09 20:30:33 406646273 ----a-w- c:\windows\MEMORY.DMP
2010-06-09 20:25:58 98816 ----a-w- c:\windows\sed.exe
2010-06-09 20:25:58 77312 ----a-w- c:\windows\MBR.exe
2010-06-09 20:25:58 256512 ----a-w- c:\windows\PEV.exe
2010-06-09 20:25:58 161792 ----a-w- c:\windows\SWREG.exe
2010-06-09 19:34:13 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2010-06-09 19:34:13 203976 ----a-w- c:\windows\system32\richtx32.ocx
2010-06-09 19:34:13 184320 ----a-w- c:\windows\system32\wzcsvc.dll
2010-06-09 19:34:13 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-06-09 19:34:13 132880 ----a-w- c:\windows\system32\MSINET.OCX
2010-06-09 19:34:13 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2010-06-07 20:14:45 0 d-----w- c:\program files\ToniArts
2010-06-07 04:49:25 0 d-----w- c:\programdata\vsosdk
2010-06-06 16:54:34 0 d-----w- c:\users\grigo68\appdata\roaming\Malwarebytes
2010-06-06 16:54:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 16:54:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 16:54:30 0 d-----w- c:\programdata\Malwarebytes
2010-06-06 16:54:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 15:47:28 0 d-----w- c:\program files\Nero
2010-06-05 16:26:56 0 d-----w- c:\programdata\KingsIsle Entertainment
2010-06-03 23:46:12 0 d-----w- c:\program files\MSXML 4.0
2010-06-03 20:02:20 254224 ----a-w- c:\windows\system32\drmclien.dll
2010-06-02 16:41:17 0 d-----w- c:\program files\Microsoft LifeCam
2010-05-31 03:02:52 0 d-----w- c:\users\grigo68\Library
2010-05-31 03:02:52 0 d-----w- c:\programdata\kinoma
2010-05-31 03:02:16 0 d-----w- c:\program files\Sony
2010-05-31 03:02:16 0 d-----w- c:\program files\common files\Sony Shared
2010-05-28 21:27:35 0 d-----w- c:\programdata\CyberLink
2010-05-28 21:27:06 0 d---a-w- c:\programdata\Temp
2010-05-27 22:56:39 0 d-----w- c:\temp\GPS Map
2010-05-25 21:04:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 01:30:26 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-05-25 01:29:02 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-25 01:28:28 0 d-----w- c:\program files\Microsoft Analysis Services
2010-05-25 01:28:05 0 d-----w- c:\programdata\Microsoft Help
2010-05-24 18:40:05 0 d-----w- c:\program files\DVDFab 7
2010-05-23 22:28:37 0 d-----w- c:\programdata\Nero
2010-05-23 22:21:42 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-23 22:21:25 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-23 22:21:07 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-23 22:20:49 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-23 22:20:31 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-23 22:04:58 0 d-----w- c:\users\grigo68\Incomplete
2010-05-23 20:37:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-22 23:37:05 0 d-----w- c:\temp\Alice in Wonderland 2010
2010-05-22 22:16:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-05-22 22:16:22 0 d-----w- c:\windows\WindowsMobile
2010-05-21 14:05:40 0 d-----w- c:\users\grigo68\appdata\roaming\LimeWire
2010-05-20 21:07:09 0 d-----w- c:\programdata\Sun
2010-05-20 21:06:09 0 d-----w- c:\program files\LimeWire
2010-05-19 14:46:49 0 d-----w- c:\programdata\Adobe
2010-05-19 14:22:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-19 14:22:12 47360 ----a-w- c:\users\grigo68\appdata\roaming\pcouffin.sys
2010-05-19 14:22:11 0 d-----w- c:\users\grigo68\appdata\roaming\NVIDIA
2010-05-19 14:01:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32k_01009.Wdf
2010-05-19 14:01:51 0 d-----w- c:\program files\Microsoft IntelliPoint
2010-05-19 13:59:20 0 d-----w- c:\program files\Microsoft IntelliType Pro
2010-05-19 12:57:59 0 d-----w- c:\programdata\Google
2010-05-19 12:57:43 0 d-----w- c:\programdata\NOS
2010-05-19 05:01:08 0 d-----w- c:\windows\Panther
2010-05-19 04:29:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-19 04:27:43 0 d-----w- C:\Temp
2010-05-19 04:27:30 0 d-----w- C:\Software
2010-05-19 04:04:05 0 d--h--w- c:\programdata\CanonBJ
2010-05-19 04:00:16 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-05-19 03:59:41 0 d-----w- c:\program files\Microsoft
2010-05-19 03:59:20 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-19 03:59:00 0 d-----w- c:\windows\PCHEALTH
2010-05-19 03:58:54 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-05-19 03:58:42 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-19 03:53:46 0 d-----w- c:\program files\common files\Windows Live
2010-05-19 03:53:24 0 d-----w- c:\windows\system32\Wat
2010-05-19 03:31:39 0 d-----w- c:\program files\Microsoft Security Essentials
2010-05-19 03:26:02 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-19 03:24:32 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-19 03:24:06 0 d-----w- c:\programdata\NVIDIA
2010-05-19 03:23:50 0 d-sh--w- c:\windows\Installer
2010-05-19 03:23:45 0 d-----w- c:\program files\NVIDIA Corporation
2010-05-19 03:23:31 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 03:18:49 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-05-19 03:16:10 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-19 03:16:10 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-19 03:16:10 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-19 03:15:52 0 d-----w- c:\windows\system32\wbem\Performance
2010-05-19 03:10:37 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-19 03:10:37 132608 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-04-17 06:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-04 00:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-04 00:27:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-04 00:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 00:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-04 00:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-13 00:41:16 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-03-13 00:41:16 39280 ----a-w- c:\windows\system32\nx6000res.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:27:54.55 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/18/2010 9:09:33 PM
System Uptime: 6/9/2010 3:46:26 PM (22 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N68-AM SE2
Processor: AMD Athlon™ II X2 240 Processor | AM2 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 241.911 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP68: 6/6/2010 9:47:10 AM - Installed Nero Multimedia Suite 10.
RP69: 6/6/2010 10:17:11 AM - Removed Nero 7 Demo
RP70: 6/6/2010 9:00:48 PM - Removed Nero 7 Demo
RP71: 6/6/2010 9:04:22 PM - Windows Update
RP72: 6/6/2010 9:13:05 PM - Removed Nero 7 Demo
RP73: 6/7/2010 7:43:24 AM - Installed Wizard101
RP75: 6/7/2010 2:14:36 PM - Installed EasyCleaner
RP76: 6/7/2010 2:22:25 PM - Installed Nero 7 Demo
RP77: 6/7/2010 3:46:54 PM - Windows Update
RP78: 6/8/2010 8:20:48 AM - Windows Update
RP79: 6/8/2010 4:25:01 PM - Cleaned registry with Windows Live OneCare safety scanner
RP80: 6/9/2010 8:20:49 AM - Windows Update

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
DVDFab 7.0.4.0 (15/04/2010)
EasyCleaner
High-Definition Video Playback 10
Java Auto Updater
Java™ 6 Update 20
LG CyberLink Power2Go
LG Power Tools
LimeWire 5.5.8
Malwarebytes' Anti-Malware
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.1
Microsoft LifeCam
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Thunderbird (3.0.4)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 7 Demo
Nero Burning ROM 10
Nero BurnRights 10
Nero Control Center 10
Nero Core Components 10
Nero DiscCopy Gadget 10
Nero Dolby Files 10
Nero Express 10
Nero InfoTool 10
Nero Multimedia Suite 10
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
PRS-500 USB driver
PVSonyDll
Reader Library by Sony
Roblox for Grigo68
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Mobile Device Center
WinRAR archiver

==== Event Viewer Messages From Past Week ========

6/9/2010 2:37:25 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/9/2010 2:30:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0x80000004, 0x8f23d05c, 0x8cf0f878, 0x8cf0f450). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060910-23384-01.

==== End Of File ===========================

EDIT: Moved from Malware Removal Logs to Am I Infected ~ Hamluis.

And moved back. ~ OB

Edited by Orange Blossom, 10 June 2010 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 PM

Posted 15 June 2010 - 05:44 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Canadian GRiNGo

Canadian GRiNGo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 June 2010 - 09:50 AM

Hi, thanks in advance for your time and help. I have this problem on 2 machines, one running vista and this one running windows 7. It happened at the same time and I believe the common link is my children. smile.gif It may have something to do with a game called Roblox as they unpdated it and shortly after this all happened and now roblox does not work. Maybe just coincidence.

OTL logfile created on: 6/15/2010 8:17:09 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Grigo68\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 242.53 Gb Free Space | 81.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRIGO-68
Current User Name: Grigo68
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/15 08:16:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Grigo68\Desktop\OTL.exe
PRC - [2010/06/15 08:13:21 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/05/10 09:27:58 | 000,906,656 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/04/03 18:49:39 | 000,280,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
PRC - [2010/03/12 18:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/01/26 18:58:38 | 000,256,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/11 18:04:14 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/06/15 08:16:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Grigo68\Desktop\OTL.exe
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/18 21:53:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/28 14:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/12 18:41:16 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/03/12 18:41:16 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/12/11 01:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/11/11 17:23:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1151651599-3955158004-1120715731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
IE - HKU\S-1-5-21-1151651599-3955158004-1120715731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\S-1-5-21-1151651599-3955158004-1120715731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1151651599-3955158004-1120715731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 AF 47 86 03 F7 CA 01 [binary data]
IE - HKU\S-1-5-21-1151651599-3955158004-1120715731-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/09 15:07:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/05/21 20:07:59 | 000,000,000 | ---D | M] -- C:\Users\Grigo68\AppData\Roaming\Mozilla\Extensions
[2010/05/18 21:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grigo68\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/21 20:07:59 | 000,000,000 | ---D | M] -- C:\Users\Grigo68\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/06/09 14:29:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Users\Grigo68\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1151651599-3955158004-1120715731-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1151651599-3955158004-1120715731-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/15 08:16:12 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Grigo68\Desktop\OTL.exe
[2010/06/15 08:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/15 08:13:00 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010/06/10 17:33:12 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/10 17:33:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/10 17:33:10 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/10 17:33:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/10 17:33:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/10 17:33:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/10 17:33:07 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/10 17:33:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/10 06:25:53 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Grigo68\Desktop\GooredFix.exe
[2010/06/09 14:54:01 | 000,209,920 | ---- | C] (farbar) -- C:\Users\Grigo68\Desktop\TDLfix.exe
[2010/06/09 14:38:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/09 14:38:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/09 14:38:22 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\temp
[2010/06/09 14:33:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/09 14:30:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/09 14:25:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/09 14:25:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/09 14:25:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/09 14:25:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/09 14:25:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/09 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Simply Super Software
[2010/06/09 13:34:13 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2010/06/09 13:34:13 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2010/06/09 13:34:13 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/06/09 13:34:13 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2010/06/09 13:34:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstdfmt.dll
[2010/06/07 14:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2010/06/06 22:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010/06/06 10:54:34 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Malwarebytes
[2010/06/06 10:54:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/06 10:54:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/06 10:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/06 10:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/06 09:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/06/06 09:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/06/05 10:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2010/06/04 19:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/04 13:35:01 | 000,561,152 | ---- | C] (Joshua F. Madison) -- C:\Users\Grigo68\Desktop\Convert.exe
[2010/06/03 17:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/03 14:02:20 | 000,254,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmclien.dll
[2010/06/03 14:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/02 10:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2010/05/31 17:03:46 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Microsoft Games
[2010/05/30 21:06:07 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\My Digital Editions
[2010/05/30 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Apple Computer
[2010/05/30 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Apple Computer
[2010/05/30 21:02:52 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Library
[2010/05/30 21:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma
[2010/05/30 21:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/05/30 21:02:50 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\My Books
[2010/05/30 21:02:50 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\kinoma
[2010/05/30 21:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/05/30 21:02:16 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Sony Corporation
[2010/05/30 21:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/05/29 12:14:25 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Desktop\DSi
[2010/05/28 15:33:13 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Power2Go
[2010/05/28 15:31:35 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\CyberLink
[2010/05/28 15:30:08 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/28 15:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/05/28 15:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/05/28 15:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/05/25 15:04:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/24 19:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/24 19:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/05/24 19:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/05/24 19:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/24 19:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/05/24 19:28:08 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Microsoft Help
[2010/05/24 19:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/24 19:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/24 19:27:52 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/05/24 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/05/24 12:39:03 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Desktop\Tools
[2010/05/23 17:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/05/23 16:44:09 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Nero
[2010/05/23 16:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/05/23 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/23 16:21:42 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/05/23 16:21:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/05/23 16:21:07 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/05/23 16:20:49 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/05/23 16:20:31 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/05/23 16:20:16 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/05/23 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Incomplete
[2010/05/23 16:00:04 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\WinRAR
[2010/05/23 15:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/23 14:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/23 14:37:12 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/23 14:37:12 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/23 14:37:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/23 14:37:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/23 14:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/22 16:16:22 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2010/05/21 08:05:40 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\LimeWire
[2010/05/20 16:15:55 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Roblox
[2010/05/20 15:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/20 15:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/05/19 08:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/19 08:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/19 08:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/05/19 08:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/19 08:45:53 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Adobe
[2010/05/19 08:22:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Grigo68\AppData\Roaming\pcouffin.sys
[2010/05/19 08:22:12 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Vso
[2010/05/19 08:22:11 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\NVIDIA
[2010/05/19 08:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/05/19 07:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/05/19 07:12:17 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Google
[2010/05/19 07:12:17 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Google
[2010/05/19 06:58:23 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Macromedia
[2010/05/19 06:58:10 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Adobe
[2010/05/19 06:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/05/19 06:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/19 06:57:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/05/19 06:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/18 23:01:08 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/05/18 22:27:43 | 000,000,000 | ---D | C] -- C:\Temp
[2010/05/18 22:27:30 | 000,000,000 | ---D | C] -- C:\Software
[2010/05/18 22:26:11 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Billy Jake
[2010/05/18 22:25:58 | 001,921,212 | ---- | C] (MediaChance) -- C:\Users\Grigo68\Documents\autorun.exe
[2010/05/18 22:25:52 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Work
[2010/05/18 22:25:50 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Woodworking
[2010/05/18 22:25:43 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Wizard101
[2010/05/18 22:25:43 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Sandy Work
[2010/05/18 22:25:43 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\PcSetup
[2010/05/18 22:20:56 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\My eBooks
[2010/05/18 22:20:56 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\LimeWire
[2010/05/18 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Hunting
[2010/05/18 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Gun
[2010/05/18 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\Fishing
[2010/05/18 22:12:20 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\DVDFab
[2010/05/18 22:12:20 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\CyberLink
[2010/05/18 22:12:20 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\Documents\CAD Drawings
[2010/05/18 22:04:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/05/18 22:02:23 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/18 22:01:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/18 22:00:16 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/05/18 22:00:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/05/18 21:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/18 21:59:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/18 21:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/18 21:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/18 21:59:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/18 21:58:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/05/18 21:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/05/18 21:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/18 21:53:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/05/18 21:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/18 21:44:24 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Thunderbird
[2010/05/18 21:44:24 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Thunderbird
[2010/05/18 21:44:24 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Mozilla
[2010/05/18 21:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/05/18 21:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/18 21:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/05/18 21:23:50 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/05/18 21:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/05/18 21:23:31 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/18 21:17:53 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/05/18 21:17:53 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/05/18 21:17:53 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/05/18 21:17:52 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/05/18 21:17:44 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/05/18 21:17:44 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/05/18 21:17:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/05/18 21:17:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/05/18 21:17:38 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/05/18 21:17:37 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/05/18 21:17:29 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/05/18 21:17:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/05/18 21:17:26 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/05/18 21:17:26 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/05/18 21:17:26 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/05/18 21:17:26 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/05/18 21:17:26 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/05/18 21:17:26 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/05/18 21:17:26 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/05/18 21:17:26 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/05/18 21:17:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/05/18 21:17:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/05/18 21:17:26 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/05/18 21:17:25 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/05/18 21:17:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/05/18 21:17:24 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/18 21:17:24 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/18 21:17:23 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/18 21:09:59 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Searches
[2010/05/18 21:09:50 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Identities
[2010/05/18 21:09:49 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Contacts
[2010/05/18 21:09:44 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\VirtualStore
[2010/05/18 21:09:42 | 000,000,000 | --SD | C] -- C:\Users\Grigo68\AppData\Roaming\Microsoft
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Videos
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Saved Games
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Pictures
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Music
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Links
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Favorites
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Downloads
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\My Documents
[2010/05/18 21:09:42 | 000,000,000 | R--D | C] -- C:\Users\Grigo68\Desktop
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\AppData\Local\Temporary Internet Files
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Templates
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Start Menu
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\SendTo
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Recent
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\PrintHood
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\NetHood
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Documents\My Videos
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Documents\My Pictures
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Documents\My Music
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\My Documents
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Local Settings
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\AppData\Local\History
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Cookies
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\Application Data
[2010/05/18 21:09:42 | 000,000,000 | -HSD | C] -- C:\Users\Grigo68\AppData\Local\Application Data
[2010/05/18 21:09:42 | 000,000,000 | -H-D | C] -- C:\Users\Grigo68\AppData
[2010/05/18 21:09:42 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Local\Microsoft
[2010/05/18 21:09:42 | 000,000,000 | ---D | C] -- C:\Users\Grigo68\AppData\Roaming\Media Center Programs
[2010/05/18 21:09:31 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/05/18 21:09:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/15 08:18:23 | 002,621,440 | -HS- | M] () -- C:\Users\Grigo68\NTUSER.DAT
[2010/06/15 08:16:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Grigo68\Desktop\OTL.exe
[2010/06/14 20:49:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/11 03:24:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 03:24:53 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 03:22:20 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/11 03:22:20 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/11 03:22:20 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/11 03:17:46 | 000,410,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/11 03:17:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/11 03:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/11 03:17:16 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 03:16:30 | 002,439,772 | -H-- | M] () -- C:\Users\Grigo68\AppData\Local\IconCache.db
[2010/06/10 13:24:12 | 000,000,000 | ---- | M] () -- C:\Users\Grigo68\defogger_reenable
[2010/06/10 13:23:34 | 000,525,824 | ---- | M] () -- C:\Users\Grigo68\Desktop\dds.scr
[2010/06/10 13:23:23 | 000,050,477 | ---- | M] () -- C:\Users\Grigo68\Desktop\Defogger.exe
[2010/06/10 06:27:38 | 000,293,376 | ---- | M] () -- C:\Users\Grigo68\Desktop\2gqvgqfd.exe
[2010/06/10 06:25:53 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Grigo68\Desktop\GooredFix.exe
[2010/06/09 14:54:01 | 000,209,920 | ---- | M] (farbar) -- C:\Users\Grigo68\Desktop\TDLfix.exe
[2010/06/09 14:53:26 | 000,077,312 | ---- | M] () -- C:\Users\Grigo68\Desktop\mbr.exe
[2010/06/09 14:37:27 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/09 14:30:33 | 406,646,273 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/09 14:29:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/09 14:25:01 | 003,705,284 | R--- | M] () -- C:\Users\Grigo68\Desktop\ComboFix.exe
[2010/06/02 10:41:51 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2010/05/31 17:03:16 | 000,110,536 | ---- | M] () -- C:\Users\Grigo68\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/30 21:43:35 | 000,010,369 | ---- | M] () -- C:\Users\Grigo68\Documents\Saskatchewan Environment - Big Game Draw Application 2010.htm
[2010/05/30 21:02:20 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Reader Library.lnk
[2010/05/27 01:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 21:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/24 19:28:38 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/05/24 12:40:14 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Grigo68\AppData\Roaming\pcouffin.sys
[2010/05/24 12:40:14 | 000,007,887 | ---- | M] () -- C:\Users\Grigo68\AppData\Roaming\pcouffin.cat
[2010/05/24 12:40:14 | 000,001,144 | ---- | M] () -- C:\Users\Grigo68\AppData\Roaming\pcouffin.inf
[2010/05/23 14:37:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/23 14:37:06 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/23 14:37:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/23 14:37:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/22 16:16:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010/05/21 20:08:05 | 000,001,823 | ---- | M] () -- C:\Users\Grigo68\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/05/20 23:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/19 09:11:57 | 000,004,461 | ---- | M] () -- C:\Users\Grigo68\Documents\Grigo.csv
[2010/05/19 08:01:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
[2010/05/18 22:29:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/18 22:04:43 | 000,039,252 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/05/18 21:44:44 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/05/18 21:31:40 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/18 21:11:03 | 000,524,288 | -HS- | M] () -- C:\Users\Grigo68\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 21:11:03 | 000,524,288 | -HS- | M] () -- C:\Users\Grigo68\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 21:11:03 | 000,065,536 | -HS- | M] () -- C:\Users\Grigo68\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/18 21:10:00 | 000,001,417 | ---- | M] () -- C:\Users\Grigo68\Desktop\Internet Explorer.lnk
[2010/05/18 21:09:42 | 000,000,020 | -HS- | M] () -- C:\Users\Grigo68\ntuser.ini
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/14 20:49:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/06/10 13:24:12 | 000,000,000 | ---- | C] () -- C:\Users\Grigo68\defogger_reenable
[2010/06/10 13:23:29 | 000,525,824 | ---- | C] () -- C:\Users\Grigo68\Desktop\dds.scr
[2010/06/10 13:23:23 | 000,050,477 | ---- | C] () -- C:\Users\Grigo68\Desktop\Defogger.exe
[2010/06/10 06:27:35 | 000,293,376 | ---- | C] () -- C:\Users\Grigo68\Desktop\2gqvgqfd.exe
[2010/06/09 14:53:25 | 000,077,312 | ---- | C] () -- C:\Users\Grigo68\Desktop\mbr.exe
[2010/06/09 14:30:33 | 406,646,273 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/09 14:25:58 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/09 14:25:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/09 14:25:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/09 14:25:58 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/09 14:25:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/09 14:24:47 | 003,705,284 | R--- | C] () -- C:\Users\Grigo68\Desktop\ComboFix.exe
[2010/06/02 10:41:51 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2010/05/30 21:43:35 | 000,010,369 | ---- | C] () -- C:\Users\Grigo68\Documents\Saskatchewan Environment - Big Game Draw Application 2010.htm
[2010/05/30 21:02:20 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Reader Library.lnk
[2010/05/22 16:16:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010/05/21 20:08:05 | 000,001,823 | ---- | C] () -- C:\Users\Grigo68\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/05/19 08:22:25 | 000,000,034 | ---- | C] () -- C:\Users\Grigo68\AppData\Roaming\pcouffin.log
[2010/05/19 08:22:12 | 000,007,887 | ---- | C] () -- C:\Users\Grigo68\AppData\Roaming\pcouffin.cat
[2010/05/19 08:22:12 | 000,001,144 | ---- | C] () -- C:\Users\Grigo68\AppData\Roaming\pcouffin.inf
[2010/05/19 08:01:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
[2010/05/18 22:36:17 | 000,001,417 | ---- | C] () -- C:\Users\Grigo68\Desktop\Internet Explorer.lnk
[2010/05/18 22:29:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/18 22:26:11 | 001,273,340 | ---- | C] () -- C:\Users\Grigo68\Documents\World_Flags.pdf
[2010/05/18 22:26:11 | 000,561,664 | ---- | C] () -- C:\Users\Grigo68\Documents\Tracks.doc
[2010/05/18 22:26:11 | 000,464,767 | ---- | C] () -- C:\Users\Grigo68\Documents\trackguide2003.pdf
[2010/05/18 22:26:11 | 000,357,376 | ---- | C] () -- C:\Users\Grigo68\Documents\Tracks2.doc
[2010/05/18 22:26:11 | 000,024,064 | ---- | C] () -- C:\Users\Grigo68\Documents\Watch compass.doc
[2010/05/18 22:26:10 | 009,491,736 | ---- | C] () -- C:\Users\Grigo68\Documents\Temperature Tables.pdf
[2010/05/18 22:26:10 | 000,536,576 | ---- | C] () -- C:\Users\Grigo68\Documents\StmTbl.exe
[2010/05/18 22:26:10 | 000,255,950 | ---- | C] () -- C:\Users\Grigo68\Documents\Tikka bedding job .docx
[2010/05/18 22:26:09 | 001,160,057 | ---- | C] () -- C:\Users\Grigo68\Documents\Space-Ray Heater.pdf
[2010/05/18 22:26:09 | 000,150,528 | ---- | C] () -- C:\Users\Grigo68\Documents\Shift2009.xls
[2010/05/18 22:26:09 | 000,145,408 | ---- | C] () -- C:\Users\Grigo68\Documents\Shift2008-9.xls
[2010/05/18 22:26:09 | 000,122,880 | ---- | C] () -- C:\Users\Grigo68\Documents\Shift2010-2011.xls
[2010/05/18 22:26:09 | 000,090,112 | ---- | C] () -- C:\Users\Grigo68\Documents\Shift2009-2010.xls
[2010/05/18 22:26:09 | 000,007,962 | ---- | C] () -- C:\Users\Grigo68\Documents\Saskatchewan Environment - Big Game Draw Application2009.htm
[2010/05/18 22:26:09 | 000,007,746 | ---- | C] () -- C:\Users\Grigo68\Documents\Saskatchewan Environment - Big Game Draw Application2008.htm
[2010/05/18 22:26:09 | 000,004,772 | ---- | C] () -- C:\Users\Grigo68\Documents\Saskatchewan Environment - Big Game Draw Application2007.htm
[2010/05/18 22:26:09 | 000,004,763 | ---- | C] () -- C:\Users\Grigo68\Documents\Saskatchewan Environment - Big Game Draw Application2006.htm
[2010/05/18 22:26:09 | 000,004,763 | ---- | C] () -- C:\Users\Grigo68\Documents\Saskatchewan Environment - Big Game Draw Application2005.htm
[2010/05/18 22:26:09 | 000,004,761 | ---- | C] () -- C:\Users\Grigo68\Documents\Saskatchewan Environment - Big Game Draw Application2004.htm
[2010/05/18 22:26:08 | 009,376,198 | ---- | C] () -- C:\Users\Grigo68\Documents\Samsung A740.pdf
[2010/05/18 22:26:08 | 000,302,592 | ---- | C] () -- C:\Users\Grigo68\Documents\RRSP.xls
[2010/05/18 22:26:08 | 000,030,720 | ---- | C] () -- C:\Users\Grigo68\Documents\Sandy Grigo Resume.DOC
[2010/05/18 22:26:08 | 000,019,456 | ---- | C] () -- C:\Users\Grigo68\Documents\Sanapplication.doc
[2010/05/18 22:26:08 | 000,013,219 | ---- | C] () -- C:\Users\Grigo68\Documents\Rules for Clue.docx
[2010/05/18 22:26:08 | 000,012,429 | ---- | C] () -- C:\Users\Grigo68\Documents\sale flyer.docx
[2010/05/18 22:26:07 | 001,726,683 | ---- | C] () -- C:\Users\Grigo68\Documents\Rifle Mag .204.pdf
[2010/05/18 22:26:07 | 000,328,219 | ---- | C] () -- C:\Users\Grigo68\Documents\ring rec.jpg
[2010/05/18 22:26:07 | 000,145,396 | ---- | C] () -- C:\Users\Grigo68\Documents\receipt2.jpg
[2010/05/18 22:26:07 | 000,127,335 | ---- | C] () -- C:\Users\Grigo68\Documents\receipt1.jpg
[2010/05/18 22:26:07 | 000,036,352 | ---- | C] () -- C:\Users\Grigo68\Documents\Rimfire Drop.xls
[2010/05/18 22:26:07 | 000,022,528 | ---- | C] () -- C:\Users\Grigo68\Documents\Ricktionary.xls
[2010/05/18 22:26:07 | 000,010,159 | ---- | C] () -- C:\Users\Grigo68\Documents\Rimfire Sports & Custom Invoice.htm
[2010/05/18 22:26:06 | 001,634,114 | ---- | C] () -- C:\Users\Grigo68\Documents\PICT2391.JPG
[2010/05/18 22:26:06 | 001,035,441 | ---- | C] () -- C:\Users\Grigo68\Documents\PC1616-PC1832-PC1864_V4-2_UM-EN_29007358R002.pdf
[2010/05/18 22:26:06 | 000,602,144 | ---- | C] () -- C:\Users\Grigo68\Documents\PICT2338-3.jpg
[2010/05/18 22:26:06 | 000,030,208 | ---- | C] () -- C:\Users\Grigo68\Documents\Pressure Chart.xls
[2010/05/18 22:26:06 | 000,023,552 | ---- | C] () -- C:\Users\Grigo68\Documents\Quotes.doc
[2010/05/18 22:26:06 | 000,019,968 | ---- | C] () -- C:\Users\Grigo68\Documents\PhoneList.xls
[2010/05/18 22:26:06 | 000,018,944 | ---- | C] () -- C:\Users\Grigo68\Documents\possibility.xls
[2010/05/18 22:26:06 | 000,017,218 | ---- | C] () -- C:\Users\Grigo68\Documents\RCBS Chargemaster.docx
[2010/05/18 22:26:06 | 000,010,752 | ---- | C] () -- C:\Users\Grigo68\Documents\pikeclean.gif
[2010/05/18 22:26:06 | 000,000,635 | ---- | C] () -- C:\Users\Grigo68\Documents\Prophet River Firearms - 2309 54 Ave, Lloydminster, AB.kmz
[2010/05/18 22:26:05 | 001,035,441 | ---- | C] () -- C:\Users\Grigo68\Documents\PC1616-PC1832-PC1864_v4-2_EU_UM_EN_29007358R002.pdf
[2010/05/18 22:26:05 | 000,521,075 | ---- | C] () -- C:\Users\Grigo68\Documents\MITLockGuide.pdf
[2010/05/18 22:26:05 | 000,363,915 | ---- | C] () -- C:\Users\Grigo68\Documents\meadowlake_2.pdf
[2010/05/18 22:26:05 | 000,064,936 | ---- | C] () -- C:\Users\Grigo68\Documents\mil_dot_ret_6lim_insert.pdf
[2010/05/18 22:26:05 | 000,037,376 | ---- | C] () -- C:\Users\Grigo68\Documents\Mechanic Mathematical formulas.doc
[2010/05/18 22:26:05 | 000,002,572 | ---- | C] () -- C:\Users\Grigo68\Documents\Milespergallon.html
[2010/05/18 22:26:04 | 007,811,072 | ---- | C] () -- C:\Users\Grigo68\Documents\MaintLogXP.mdb
[2010/05/18 22:26:04 | 000,217,380 | ---- | C] () -- C:\Users\Grigo68\Documents\meadowlake_1.pdf
[2010/05/18 22:26:04 | 000,027,648 | ---- | C] () -- C:\Users\Grigo68\Documents\Max Baby Teeth.doc
[2010/05/18 22:26:02 | 001,158,283 | ---- | C] () -- C:\Users\Grigo68\Documents\Jake Baseball 2009 team.jpg
[2010/05/18 22:26:02 | 000,476,202 | ---- | C] () -- C:\Users\Grigo68\Documents\Jake Baseball 2009-2.jpg
[2010/05/18 22:26:02 | 000,270,992 | ---- | C] () -- C:\Users\Grigo68\Documents\House plan 26041.pdf
[2010/05/18 22:26:02 | 000,231,727 | ---- | C] () -- C:\Users\Grigo68\Documents\Jake Baseball 2009.jpg
[2010/05/18 22:26:02 | 000,105,472 | ---- | C] () -- C:\Users\Grigo68\Documents\Lock picking involves two basic components.doc
[2010/05/18 22:26:02 | 000,058,368 | ---- | C] () -- C:\Users\Grigo68\Documents\Hockey Rink Dimensions.doc
[2010/05/18 22:26:02 | 000,024,576 | ---- | C] () -- C:\Users\Grigo68\Documents\House Panel-1.xls
[2010/05/18 22:26:02 | 000,024,064 | ---- | C] () -- C:\Users\Grigo68\Documents\Leupold Warranty.doc
[2010/05/18 22:26:01 | 002,420,736 | ---- | C] () -- C:\Users\Grigo68\Documents\Garlic & Dill Pickles.doc
[2010/05/18 22:26:01 | 001,173,728 | ---- | C] () -- C:\Users\Grigo68\Documents\fishposter.pdf
[2010/05/18 22:26:01 | 000,437,584 | ---- | C] () -- C:\Users\Grigo68\Documents\Famous Recipes.exe
[2010/05/18 22:26:01 | 000,039,424 | ---- | C] () -- C:\Users\Grigo68\Documents\DVD's.xls
[2010/05/18 22:26:01 | 000,024,064 | ---- | C] () -- C:\Users\Grigo68\Documents\Epicure Dip.doc
[2010/05/18 22:26:01 | 000,010,256 | ---- | C] () -- C:\Users\Grigo68\Documents\FISH BRINE.docx
[2010/05/18 22:26:01 | 000,004,461 | ---- | C] () -- C:\Users\Grigo68\Documents\Grigo.csv
[2010/05/18 22:26:00 | 017,991,680 | ---- | C] () -- C:\Users\Grigo68\Documents\Dad B-day Gift (35).ppt
[2010/05/18 22:25:59 | 004,205,545 | ---- | C] () -- C:\Users\Grigo68\Documents\Canon SX20IS.pdf
[2010/05/18 22:25:59 | 000,444,956 | ---- | C] () -- C:\Users\Grigo68\Documents\Billy Baseball 2009-2.jpg
[2010/05/18 22:25:59 | 000,278,668 | ---- | C] () -- C:\Users\Grigo68\Documents\Billy Baseball 2009.jpg
[2010/05/18 22:25:59 | 000,110,592 | ---- | C] () -- C:\Users\Grigo68\Documents\Chad Cell.mdb
[2010/05/18 22:25:59 | 000,044,544 | ---- | C] () -- C:\Users\Grigo68\Documents\Chad Grigo Resume.DOC
[2010/05/18 22:25:59 | 000,044,032 | ---- | C] () -- C:\Users\Grigo68\Documents\Cover Letter.doc
[2010/05/18 22:25:59 | 000,023,040 | ---- | C] () -- C:\Users\Grigo68\Documents\budget1.xls
[2010/05/18 22:25:59 | 000,020,480 | ---- | C] () -- C:\Users\Grigo68\Documents\church history.doc
[2010/05/18 22:25:59 | 000,000,629 | ---- | C] () -- C:\Users\Grigo68\Documents\Clay Temp - 5724 47 St, Lloydminster, AB, Canada.kmz
[2010/05/18 22:25:58 | 002,115,179 | ---- | C] () -- C:\Users\Grigo68\Documents\b&e list 1.JPG
[2010/05/18 22:25:58 | 001,993,071 | ---- | C] () -- C:\Users\Grigo68\Documents\b&e list 2.JPG
[2010/05/18 22:25:58 | 001,036,139 | ---- | C] () -- C:\Users\Grigo68\Documents\Billy Baseball 2009 team.jpg
[2010/05/18 22:25:58 | 000,298,620 | ---- | C] () -- C:\Users\Grigo68\Documents\Bill of sale.pdf
[2010/05/18 22:25:56 | 001,407,054 | ---- | C] () -- C:\Users\Grigo68\Documents\Animal tracks.bmp
[2010/05/18 22:25:55 | 001,695,243 | ---- | C] () -- C:\Users\Grigo68\Documents\2007_BOTY.pdf
[2010/05/18 22:25:55 | 000,773,632 | ---- | C] () -- C:\Users\Grigo68\Documents\10-22.doc
[2010/05/18 22:01:54 | 2415,357,952 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/18 21:43:06 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/05/18 21:31:40 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/18 21:09:42 | 002,621,440 | -HS- | C] () -- C:\Users\Grigo68\NTUSER.DAT
[2010/05/18 21:09:42 | 000,524,288 | -HS- | C] () -- C:\Users\Grigo68\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/05/18 21:09:42 | 000,524,288 | -HS- | C] () -- C:\Users\Grigo68\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 21:09:42 | 000,262,144 | -HS- | C] () -- C:\Users\Grigo68\ntuser.dat.LOG1
[2010/05/18 21:09:42 | 000,065,536 | -HS- | C] () -- C:\Users\Grigo68\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/18 21:09:42 | 000,000,020 | -HS- | C] () -- C:\Users\Grigo68\ntuser.ini
[2010/05/18 21:09:42 | 000,000,000 | -HS- | C] () -- C:\Users\Grigo68\ntuser.dat.LOG2
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:CB0AACC9
< End of report >


OTL Extras logfile created on: 6/15/2010 8:17:09 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Grigo68\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 242.53 Gb Free Space | 81.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRIGO-68
Current User Name: Grigo68
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25B932C7-EB2B-422E-910D-504FB00DAE43}" = Reader Library by Sony
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47A3FE80-528F-482B-8143-B3A4645557FC}" = Microsoft LifeCam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C93369CB-B4E9-E095-9289-E6B5AE941033}" = Nero 7 Demo
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDFab 7_is1" = DVDFab 7.0.4.0 (15/04/2010)
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1151651599-3955158004-1120715731-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Grigo68

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2010 10:36:23 PM | Computer Name = Grigo-68 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/12/2010 2:30:42 AM | Computer Name = Grigo-68 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/12/2010 5:56:07 PM | Computer Name = Grigo-68 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/12/2010 9:46:34 PM | Computer Name = Grigo-68 | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: Flash10e.ocx, version: 10.0.45.2, time
stamp: 0x4b5f8faa Exception code: 0xc0000005 Fault offset: 0x001582b2 Faulting process
id: 0x1734 Faulting application start time: 0x01cb0a8d9b936de0 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10e.ocx
Report
Id: 7f1d4840-768d-11df-817a-e0cb4eb6434d

Error - 6/13/2010 2:30:26 AM | Computer Name = Grigo-68 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/13/2010 12:47:48 PM | Computer Name = Grigo-68 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/14/2010 2:30:25 AM | Computer Name = Grigo-68 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/14/2010 7:57:33 AM | Computer Name = Grigo-68 | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/15/2010 2:30:25 AM | Computer Name = Grigo-68 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/15/2010 2:44:54 AM | Computer Name = Grigo-68 | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 5/27/2010 11:08:53 PM | Computer Name = Grigo-68 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 5/27/2010 11:08:54 PM | Computer Name = Grigo-68 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 5/27/2010 11:08:55 PM | Computer Name = Grigo-68 | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom2, has a bad block.

Error - 6/5/2010 10:24:59 AM | Computer Name = Grigo-68 | Source = DCOM | ID = 10010
Description =

Error - 6/9/2010 4:26:21 PM | Computer Name = Grigo-68 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/9/2010 4:30:36 PM | Computer Name = Grigo-68 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:29:09 PM on ?6/?9/?2010 was unexpected.

Error - 6/9/2010 4:30:44 PM | Computer Name = Grigo-68 | Source = BugCheck | ID = 1001
Description =

Error - 6/9/2010 4:34:10 PM | Computer Name = Grigo-68 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/9/2010 4:37:25 PM | Computer Name = Grigo-68 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/15/2010 10:09:54 AM | Computer Name = Grigo-68 | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147633287

User:
Grigo-68\Grigo68 Name: Exploit:JS/CVE-2010-0886 ID: 2147633287 Severity: Severe Category:
Exploit Path: Action: %%808 Error Code: 0x80508023 Error description: The program
could not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.83.1870.0, AS: 1.83.1870.0 Engine Version: 1.1.5802.0


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-15 08:49:20
Windows 6.1.7600
Running: sn68hr30.exe; Driver: C:\Users\Grigo68\AppData\Local\Temp\ugroqpod.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A39AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A39104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A393F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A21634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A21898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A391DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A39958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A396F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A39F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A3A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A99599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABDF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9E23BC9D 28 Bytes [5E, 2E, 2A, 4A, 9F, 2B, B8, ...]
.text peauth.sys 9E23BCC1 28 Bytes [5E, 2E, 2A, 4A, 9F, 2B, B8, ...]
PAGE peauth.sys 9E241B9B 72 Bytes [27, C7, 29, 08, 4C, AC, A9, ...]
PAGE peauth.sys 9E241BEC 111 Bytes [10, F4, AB, A6, BA, 53, A3, ...]
PAGE peauth.sys 9E24202C 102 Bytes [01, F3, 55, F3, E7, 94, D4, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CreateDialogParamW 76B79BFF 5 Bytes JMP 6F56C578 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!EnableWindow 76B7A72E 5 Bytes JMP 6F56C4F3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!GetAsyncKeyState 76B7C09A 5 Bytes JMP 6F52D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!UnhookWindowsHookEx 76B7CC7B 5 Bytes JMP 6F62835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CallNextHookEx 76B7CC8F 5 Bytes JMP 6F609D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CreateWindowExW 76B80E51 5 Bytes JMP 6F618157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!SetWindowsHookExW 76B8210A 5 Bytes JMP 6F5C4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!GetKeyState 76B84FDA 5 Bytes JMP 6F56D76A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!IsDialogMessageW 76B86F06 5 Bytes JMP 6F534284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CreateDialogParamA 76B93E79 5 Bytes JMP 6F7401E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!IsDialogMessage 76B9407A 5 Bytes JMP 6F73FA8A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CreateDialogIndirectParamA 76B99110 5 Bytes JMP 6F740220 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CreateDialogIndirectParamW 76BA08AD 5 Bytes JMP 6F740257 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamW 76BA4AA7 5 Bytes JMP 6F73F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!EndDialog 76BA555C 5 Bytes JMP 6F535AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamW 76BA564A 5 Bytes JMP 6F534BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!SetKeyboardState 76BA6B52 5 Bytes JMP 6F73FDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!SendInput 76BA7055 5 Bytes JMP 6F7409B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!SetCursorPos 76BBC1D8 5 Bytes JMP 6F740A0C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamA 76BBCF6A 5 Bytes JMP 6F73F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamA 76BBD29C 5 Bytes JMP 6F73F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectA 76BCE8C9 5 Bytes JMP 6F73F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectW 76BCE9C3 5 Bytes JMP 6F73F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxExA 76BCEA29 5 Bytes JMP 6F73F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxExW 76BCEA4D 5 Bytes JMP 6F73F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!keybd_event 76BCEC9B 5 Bytes JMP 6F740D3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] SHELL32.dll!SHChangeNotification_Lock + 45BA 75B2B3E8 4 Bytes [11, 36, FB, 72]
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] SHELL32.dll!SHChangeNotification_Lock + 45C2 75B2B3F0 8 Bytes [5F, 35, FB, 72, D0, 73, FA, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ole32.dll!OleLoadFromStream 75875B88 5 Bytes JMP 6F73F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] ole32.dll!CoCreateInstance 758C57FC 5 Bytes JMP 6F618C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!CreateWindowExW 76B80E51 5 Bytes JMP 6F618157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DialogBoxIndirectParamW 76BA4AA7 5 Bytes JMP 6F73F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DialogBoxParamW 76BA564A 5 Bytes JMP 6F534BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DialogBoxParamA 76BBCF6A 5 Bytes JMP 6F73F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DialogBoxIndirectParamA 76BBD29C 5 Bytes JMP 6F73F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!MessageBoxIndirectA 76BCE8C9 5 Bytes JMP 6F73F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!MessageBoxIndirectW 76BCE9C3 5 Bytes JMP 6F73F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!MessageBoxExA 76BCEA29 5 Bytes JMP 6F73F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!MessageBoxExW 76BCEA4D 5 Bytes JMP 6F73F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateDialogParamW 76B79BFF 5 Bytes JMP 6F56C578 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!EnableWindow 76B7A72E 5 Bytes JMP 6F56C4F3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!GetAsyncKeyState 76B7C09A 5 Bytes JMP 6F52D6E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!UnhookWindowsHookEx 76B7CC7B 5 Bytes JMP 6F62835E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CallNextHookEx 76B7CC8F 5 Bytes JMP 6F609D5C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateWindowExW 76B80E51 5 Bytes JMP 6F618157 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetWindowsHookExW 76B8210A 5 Bytes JMP 6F5C4633 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!GetKeyState 76B84FDA 5 Bytes JMP 6F56D76A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!IsDialogMessageW 76B86F06 5 Bytes JMP 6F534284 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateDialogParamA 76B93E79 5 Bytes JMP 6F7401E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!IsDialogMessage 76B9407A 5 Bytes JMP 6F73FA8A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateDialogIndirectParamA 76B99110 5 Bytes JMP 6F740220 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateDialogIndirectParamW 76BA08AD 5 Bytes JMP 6F740257 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxIndirectParamW 76BA4AA7 5 Bytes JMP 6F73F5E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!EndDialog 76BA555C 5 Bytes JMP 6F535AE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxParamW 76BA564A 5 Bytes JMP 6F534BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetKeyboardState 76BA6B52 5 Bytes JMP 6F73FDEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SendInput 76BA7055 5 Bytes JMP 6F7409B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetCursorPos 76BBC1D8 5 Bytes JMP 6F740A0C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxParamA 76BBCF6A 5 Bytes JMP 6F73F585 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxIndirectParamA 76BBD29C 5 Bytes JMP 6F73F64B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxIndirectA 76BCE8C9 5 Bytes JMP 6F73F51A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxIndirectW 76BCE9C3 5 Bytes JMP 6F73F4AF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxExA 76BCEA29 5 Bytes JMP 6F73F44D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxExW 76BCEA4D 5 Bytes JMP 6F73F3EB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!keybd_event 76BCEC9B 5 Bytes JMP 6F740D3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] SHELL32.dll!SHChangeNotification_Lock + 45BA 75B2B3E8 4 Bytes [11, 36, FB, 72]
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] SHELL32.dll!SHChangeNotification_Lock + 45C2 75B2B3F0 8 Bytes [5F, 35, FB, 72, D0, 73, FA, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] ole32.dll!OleLoadFromStream 75875B88 5 Bytes JMP 6F73F946 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] ole32.dll!CoCreateInstance 758C57FC 5 Bytes JMP 6F618C45 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [72FA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72FA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [72F9C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [72FA3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [72FA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [72FA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [72FA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [72FA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [72F9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [72FA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [72F9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [72FA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [72FA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [72FA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [72FA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [72FA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [72FA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [72FA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [72FA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [72F9F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [72F9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [72F9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [72FA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [72FA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [72FA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [72FA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [72F9DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [72FA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [72FA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [72F9DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [72F9DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [72FA0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [72FA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [72F9DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [72FA41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [72FA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [72FA4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [72FA4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [72FA823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [72FA89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [72FA8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [72FA7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [72FA8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [72FA90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [72FA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [72FA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [72FA7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [72FA794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [72FA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [72FA8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [72FA86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [72FA8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [72FA7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [72FA9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [72FA958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [72FA99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [72FA8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [72FA7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [72FA7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [72FA97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [72FA7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [72FA9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [72FA98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [72FA77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [72FA96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [72FA81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [72FA80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [72FA8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [72FA8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [72FA7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [72FA8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [72FA892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [72FA9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [72FA92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [72FA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [72FA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [72FA7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [72FA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [72FA789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [72FA83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [72FA861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [72FA8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [72FA8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [72FA84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [72FA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [72FA8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [72F9D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [72FA0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [72FA1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [72FA141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [72FA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [72FA09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [72F9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [72F9F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [72F9F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [72FA27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [72F9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [72F9EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [72F9E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [72FA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [72FA27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [72F9E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [72FA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [72F9EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [72FA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [72FA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [72FA9916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [72FA8A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [72FA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [72FA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [72FA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [72FA8FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [72FA9E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [72FA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [72FA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [72FA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2104] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2840] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2840] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2840] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2840] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2840] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe[2840] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75225D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [72FA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72FA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [72F9C028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [72FA3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [72FA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [72FA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [72FA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [72FA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [72F9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [72FA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [72F9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [72FA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [72FA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [72FA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [72FA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [72FA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [72FA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [72FA0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [72FA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [72F9F1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [72F9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [72F9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [72FA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [72FA1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [72FA4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [72FA47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [72F9DF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [72FA06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [72FA3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [72F9DCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [72F9DE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [72FA0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [72FA1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [72F9DBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [72FA41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [72FA595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [72FA4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [72FA4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [72FA823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [72FA89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [72FA8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [72FA7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [72FA8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [72FA90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [72FA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [72FA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [72FA7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [72FA794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [72FA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [72FA8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [72FA86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [72FA8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [72FA7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [72FA9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [72FA958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [72FA99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [72FA8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [72FA7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [72FA7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [72FA97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [72FA7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [72FA9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [72FA98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [72FA77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [72FA96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [72FA81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [72FA80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [72FA8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [72FA8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [72FA7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [72FA8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [72FA892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [72FA9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [72FA92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [72FA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [72FA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [72FA7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [72FA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [72FA789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [72FA83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [72FA861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [72FA8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [72FA8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [72FA84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [72FA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [72FA8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [72F9D9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [72FA0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [72FA1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [72FA141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [72FA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [72FA09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [72F9FAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [72F9F834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [72F9F084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [72FA27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [72F9F312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [72F9EB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [72F9E563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [72FA2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [72FA27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [72F9E901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [72FA0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [72F9EE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [72FA1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [72FA1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [72FA9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [72FA9916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [72FA8A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [72FA8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [72FA8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [72FA7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [72FA8FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [72FA9E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [72FA9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [72FA9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [72FA7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5664] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [72F99F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000003e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 PM

Posted 15 June 2010 - 10:15 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Canadian GRiNGo

Canadian GRiNGo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 June 2010 - 10:54 AM

ComboFix 10-06-14.03 - Grigo68 06/15/2010 9:45.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.2013 [GMT -6:00]
Running from: c:\users\Grigo68\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\wuauclt.exe

Infected copy of c:\windows\system32\ctfmon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ctfmon.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 15:50 . 2010-06-15 15:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-15 15:50 . 2010-06-15 15:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-15 15:40 . 2010-06-15 15:41 -------- d-----w- C:\32788R22FWJFW
2010-06-10 23:33 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 23:33 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 23:33 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-10 23:33 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 23:33 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 20:38 . 2010-06-15 15:51 -------- d-----w- c:\users\Grigo68\AppData\Local\temp
2010-06-09 19:34 . 2001-10-04 06:14 184320 ----a-w- c:\windows\system32\wzcsvc.dll
2010-06-09 19:34 . 2000-04-03 16:05 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2010-06-07 20:14 . 2010-06-07 20:14 -------- d-----w- c:\program files\ToniArts
2010-06-07 04:49 . 2010-06-07 04:49 -------- d-----w- c:\programdata\vsosdk
2010-06-06 16:54 . 2010-06-06 16:54 -------- d-----w- c:\users\Grigo68\AppData\Roaming\Malwarebytes
2010-06-06 16:54 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 16:54 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 16:54 . 2010-06-06 16:54 -------- d-----w- c:\programdata\Malwarebytes
2010-06-06 16:54 . 2010-06-06 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 15:47 . 2010-06-06 15:48 -------- d-----w- c:\program files\Common Files\Nero
2010-06-06 15:47 . 2010-06-06 15:47 -------- d-----w- c:\program files\Nero
2010-06-05 16:26 . 2010-06-05 16:26 -------- d-----w- c:\programdata\KingsIsle Entertainment
2010-06-05 01:37 . 2010-06-08 22:25 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-03 23:46 . 2010-06-03 23:46 -------- d-----w- c:\program files\MSXML 4.0
2010-06-03 20:02 . 2000-08-08 18:31 254224 ----a-w- c:\windows\system32\drmclien.dll
2010-06-03 20:01 . 2010-06-07 20:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 16:41 . 2010-06-02 16:41 -------- d-----w- c:\program files\Microsoft LifeCam
2010-05-31 23:03 . 2010-05-31 23:54 -------- d-----w- c:\users\Grigo68\AppData\Local\Microsoft Games
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\users\Grigo68\AppData\Roaming\Apple Computer
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\users\Grigo68\AppData\Local\Apple Computer
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\users\Grigo68\Library
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\programdata\kinoma
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\program files\DIFX
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\users\Grigo68\AppData\Local\kinoma
2010-05-31 03:02 . 2010-05-31 03:02 292878 ----a-r- c:\users\Grigo68\AppData\Roaming\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\users\Grigo68\AppData\Local\Sony Corporation
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\program files\Sony
2010-05-31 03:02 . 2010-05-31 03:02 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-05-28 21:33 . 2010-05-28 21:33 -------- d-----w- c:\users\Grigo68\AppData\Local\Power2Go
2010-05-28 21:31 . 2010-05-28 21:33 -------- d-----w- c:\users\Public\CyberLink
2010-05-28 21:31 . 2010-05-28 21:33 -------- d-----w- c:\users\Grigo68\AppData\Roaming\CyberLink
2010-05-28 21:30 . 2010-05-28 21:30 53319 ----a-w- c:\programdata\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
2010-05-28 21:30 . 2010-06-07 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 21:30 . 2009-01-08 17:20 34088 ----a-w- c:\programdata\CyberLink\Power2Go\P2GoGadget.dll
2010-05-28 21:29 . 2010-05-28 21:29 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-05-28 21:28 . 2010-05-28 21:31 -------- d-----w- c:\program files\CyberLink
2010-05-28 21:27 . 2010-05-28 21:31 -------- d-----w- c:\programdata\CyberLink
2010-05-28 21:27 . 2010-05-28 21:26 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-05-27 22:56 . 2010-05-27 23:00 -------- d-----w- c:\temp\GPS Map
2010-05-25 21:04 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 01:30 . 2010-05-25 01:30 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-05-25 01:29 . 2010-05-25 01:29 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-05-25 01:29 . 2010-05-25 01:29 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-25 01:28 . 2010-05-25 01:28 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-05-25 01:28 . 2010-05-25 01:28 -------- d-----w- c:\users\Grigo68\AppData\Local\Microsoft Help
2010-05-25 01:28 . 2010-05-25 01:33 -------- d-----w- c:\programdata\Microsoft Help
2010-05-25 01:27 . 2010-05-25 01:27 -------- d-----r- C:\MSOCache
2010-05-24 18:40 . 2010-05-24 18:40 -------- d-----w- c:\program files\DVDFab 7
2010-05-23 23:41 . 2010-05-23 23:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-23 22:44 . 2010-05-23 22:44 -------- d-----w- c:\users\Grigo68\AppData\Roaming\Nero
2010-05-23 22:28 . 2010-05-23 22:29 -------- d-----w- c:\programdata\Nero
2010-05-23 22:21 . 2010-05-23 22:21 -------- d-----w- c:\program files\Microsoft.NET
2010-05-23 22:21 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-23 22:21 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-23 22:21 . 2008-10-15 12:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-05-23 22:20 . 2007-07-20 00:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-23 22:20 . 2007-05-16 22:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-05-23 22:04 . 2010-06-02 20:07 -------- d-----w- c:\users\Grigo68\Incomplete
2010-05-23 20:37 . 2010-05-23 20:37 -------- d-----w- c:\program files\Common Files\Java
2010-05-23 20:37 . 2010-05-23 20:37 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 20:37 . 2010-05-23 20:37 -------- d-----w- c:\program files\Java
2010-05-22 23:37 . 2010-05-22 23:47 -------- d-----w- c:\temp\Alice in Wonderland 2010
2010-05-22 22:16 . 2010-05-22 22:16 -------- d-----w- c:\windows\WindowsMobile
2010-05-21 14:05 . 2010-06-15 15:51 -------- d-----w- c:\users\Grigo68\AppData\Roaming\LimeWire
2010-05-20 22:15 . 2010-05-20 22:17 -------- d-----w- c:\users\Grigo68\AppData\Local\Roblox
2010-05-20 21:06 . 2010-05-20 21:07 -------- d-----w- c:\program files\LimeWire
2010-05-19 14:47 . 2010-05-19 14:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-19 14:46 . 2010-02-01 01:45 38784 ----a-w- c:\users\Grigo68\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-19 14:46 . 2010-02-01 01:45 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-19 14:46 . 2010-05-19 14:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-19 14:45 . 2010-05-19 14:49 -------- d-----w- c:\users\Grigo68\AppData\Local\Adobe
2010-05-19 14:45 . 2010-05-19 14:45 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-05-19 14:22 . 2010-05-24 18:40 -------- d-----w- c:\users\Grigo68\AppData\Roaming\Vso
2010-05-19 14:22 . 2010-05-24 18:40 47360 ----a-w- c:\users\Grigo68\AppData\Roaming\pcouffin.sys
2010-05-19 14:22 . 2010-05-19 14:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-19 14:22 . 2010-05-19 14:22 -------- d-----w- c:\users\Grigo68\AppData\Roaming\NVIDIA
2010-05-19 14:01 . 2010-05-19 14:01 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-05-19 13:59 . 2010-05-19 13:59 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-05-19 13:12 . 2010-05-19 13:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4151.tmp.exe
2010-05-19 13:12 . 2010-05-19 13:52 -------- d-----w- c:\users\Grigo68\AppData\Local\Google
2010-05-19 12:57 . 2010-05-20 02:49 -------- d-----w- c:\program files\Google
2010-05-19 12:57 . 2010-05-19 12:57 -------- d-----w- c:\windows\system32\Macromed
2010-05-19 12:57 . 2010-06-15 15:39 -------- d-----w- c:\programdata\NOS
2010-05-19 05:01 . 2010-05-19 03:09 -------- d-----w- c:\windows\Panther
2010-05-19 04:27 . 2010-06-06 15:15 -------- d-----w- C:\Temp
2010-05-19 04:27 . 2010-06-07 20:14 -------- d-----w- C:\Software
2010-05-19 04:04 . 2010-05-19 04:04 -------- d--h--w- c:\programdata\CanonBJ
2010-05-19 04:04 . 2009-07-14 01:15 71168 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP4.DLL
2010-05-19 04:00 . 2010-05-19 04:00 -------- dc----w- c:\windows\system32\DRVSTORE
2010-05-19 04:00 . 2010-04-28 13:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-05-19 03:59 . 2010-05-19 03:59 -------- d-----w- c:\program files\Microsoft
2010-05-19 03:59 . 2010-05-19 03:59 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-19 03:59 . 2010-05-19 04:00 -------- d-----w- c:\program files\Windows Live
2010-05-19 03:59 . 2010-05-19 03:59 -------- d-----w- c:\windows\PCHEALTH
2010-05-19 03:58 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-05-19 03:58 . 2010-05-25 01:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-19 03:53 . 2010-05-19 03:53 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-19 03:53 . 2010-05-19 03:53 -------- d-----w- c:\windows\system32\Wat
2010-05-19 03:53 . 2010-06-06 01:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-19 03:44 . 2010-05-19 03:44 -------- d-----w- c:\users\Grigo68\AppData\Local\Thunderbird
2010-05-19 03:44 . 2010-05-19 03:44 -------- d-----w- c:\users\Grigo68\AppData\Roaming\Thunderbird
2010-05-19 03:43 . 2010-06-09 21:07 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-19 03:31 . 2010-05-31 23:03 110536 ----a-w- c:\users\Grigo68\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-19 03:31 . 2010-05-19 03:31 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-19 03:26 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-19 03:24 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-19 03:24 . 2010-05-19 03:24 -------- d-----w- c:\programdata\NVIDIA
2010-05-19 03:23 . 2010-06-15 14:12 -------- d-sh--w- c:\windows\Installer
2010-05-19 03:23 . 2010-05-19 03:24 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-19 03:23 . 2010-05-06 16:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 03:16 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-19 03:16 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-19 03:16 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-19 03:15 . 2010-06-11 09:22 -------- d-----w- c:\windows\system32\wbem\Performance
2010-05-19 03:10 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-05-19 03:10 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 02:49 . 2010-06-15 02:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-25 01:31 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-05-22 22:16 . 2010-05-22 22:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-05-19 14:01 . 2010-05-19 14:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point32k_01009.Wdf
2010-05-19 04:29 . 2010-05-19 04:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-19 03:27 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-04-17 06:04 . 2010-04-17 06:04 306032 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-04 00:27 . 2010-04-04 00:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-04 00:27 . 2010-04-04 00:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-04 00:27 . 2010-04-04 00:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 00:27 . 2010-04-04 00:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-04 00:27 . 2010-04-04 00:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-09_20.37.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-10 23:33 . 2010-03-05 07:28 67584 c:\windows\winsxs\x86_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.1.7600.20660_none_7739ff463386a390\asycfilt.dll
+ 2010-06-10 23:33 . 2010-03-05 07:42 67584 c:\windows\winsxs\x86_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_6.1.7600.16544_none_76ca037b1a553140\asycfilt.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14 12800 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20708_none_17c1af1fcbf1956f\msfeedssync.exe
+ 2010-06-10 23:33 . 2010-05-06 12:47 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.20708_none_17c1af1fcbf1956f\msfeedsbs.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14 12800 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16588_none_16e1910eb314d806\msfeedssync.exe
+ 2010-06-10 23:33 . 2010-05-06 12:41 64512 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7600.16588_none_16e1910eb314d806\msfeedsbs.dll
+ 2010-06-10 23:33 . 2010-05-21 05:09 68608 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\WininetPlugin.dll
+ 2010-06-10 23:33 . 2010-05-21 05:06 48128 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\jsproxy.dll
+ 2010-06-10 23:33 . 2010-05-21 05:18 68608 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\WininetPlugin.dll
+ 2010-06-10 23:33 . 2010-05-21 05:14 48128 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\jsproxy.dll
+ 2009-07-13 23:25 . 2009-07-14 01:15 26624 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_aa6eef2ed4cb63a3\lpk.dll
+ 2010-06-10 23:33 . 2010-05-27 06:13 70656 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_aa6eef2ed4cb63a3\fontsub.dll
+ 2009-07-13 23:25 . 2009-07-14 01:15 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_aa6eef2ed4cb63a3\dciman32.dll
+ 2010-06-10 23:33 . 2010-05-27 06:11 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_aa6eef2ed4cb63a3\atmlib.dll
+ 2009-07-13 23:25 . 2009-07-14 01:15 26624 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_a9faf23bbb9d8bf7\lpk.dll
+ 2010-05-19 03:17 . 2009-10-19 14:10 70656 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_a9faf23bbb9d8bf7\fontsub.dll
+ 2009-07-13 23:25 . 2009-07-14 01:15 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_a9faf23bbb9d8bf7\dciman32.dll
+ 2010-06-10 23:33 . 2010-05-27 07:24 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_a9faf23bbb9d8bf7\atmlib.dll
+ 2009-07-14 00:06 . 2009-07-14 01:16 73216 c:\windows\System32\WpdMtpUS.dll
+ 2009-07-14 04:55 . 2010-06-11 09:19 32636 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-10 23:33 . 2010-05-06 12:41 64512 c:\windows\System32\msfeedsbs.dll
- 2010-05-19 03:17 . 2010-02-23 07:55 64512 c:\windows\System32\msfeedsbs.dll
- 2009-07-13 23:43 . 2009-07-14 01:16 68608 c:\windows\System32\migration\WininetPlugin.dll
+ 2010-06-10 23:33 . 2010-05-21 05:18 68608 c:\windows\System32\migration\WininetPlugin.dll
+ 2010-06-10 23:33 . 2010-05-21 05:14 48128 c:\windows\System32\jsproxy.dll
- 2009-07-13 23:43 . 2009-07-14 01:15 48128 c:\windows\System32\jsproxy.dll
- 2009-07-14 04:50 . 2010-06-02 16:42 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2010-06-15 02:49 86016 c:\windows\System32\DriverStore\infpub.dat
- 2010-05-19 04:05 . 2010-06-09 20:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-19 04:05 . 2010-06-15 12:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-19 04:05 . 2010-06-15 12:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-19 04:05 . 2010-06-09 20:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-06-09 20:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-06-15 12:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-19 03:13 . 2010-06-15 15:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-19 03:13 . 2010-06-09 20:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2010-06-11 09:20 78224 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-05-19 03:13 . 2010-06-09 20:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-19 03:13 . 2010-06-15 15:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-19 03:13 . 2010-06-09 20:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-19 03:13 . 2010-06-15 15:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-19 03:13 . 2010-06-15 15:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-19 03:13 . 2010-06-09 20:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-19 05:03 . 2010-06-09 20:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-19 05:03 . 2010-06-15 15:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-19 05:03 . 2010-06-09 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-05-19 05:03 . 2010-06-15 15:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-05-19 05:03 . 2010-06-09 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-05-19 05:03 . 2010-06-15 15:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-05-19 03:13 . 2010-06-09 20:31 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-19 03:13 . 2010-06-15 15:51 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-19 03:13 . 2010-06-09 20:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-19 03:13 . 2010-06-15 15:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-11 09:25 . 2010-06-11 09:25 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\cd69a59bf5c1cc034d247dfb47d7b7a0\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\032d4f48e3b8bdbf0a9d4ae5d1e54706\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll
+ 2010-05-19 03:13 . 2010-06-11 09:19 4194 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1151651599-3955158004-1120715731-1001_UserData.bin
+ 2010-06-11 09:17 . 2010-06-15 15:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-07 14:15 . 2010-06-09 20:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:26 . 2009-07-14 01:15 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20708_none_80162cb59f4e9af3\ieui.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16588_none_7f360ea48671dd8a\ieui.dll
+ 2010-06-10 23:33 . 2010-05-06 12:47 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.20708_none_aba2a4753bc02e0f\ieproxy.dll
+ 2010-06-10 23:33 . 2010-05-06 12:41 163328 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.7600.16588_none_aac2866422e370a6\ieproxy.dll
+ 2010-06-10 23:33 . 2010-05-06 12:47 859648 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7600.20708_none_5718cce63105efd1\iedvtool.dll
+ 2010-06-10 23:33 . 2010-05-06 12:41 859648 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.7600.16588_none_5638aed518293268\iedvtool.dll
+ 2010-06-10 23:33 . 2010-05-06 12:47 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.20708_none_8fc42c8f48acc457\iedkcs32.dll
+ 2010-06-10 23:33 . 2010-05-06 12:41 381440 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.7600.16588_none_8ee40e7e2fd006ee\iedkcs32.dll
+ 2010-06-10 23:33 . 2010-05-21 05:09 980480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll
+ 2010-06-10 23:33 . 2010-05-21 05:18 977920 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll
+ 2010-06-10 23:33 . 2010-05-06 12:47 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.20708_none_fc3966ba6da23c6c\mstime.dll
+ 2010-06-10 23:33 . 2010-05-06 12:41 606208 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.7600.16588_none_fb5948a954c57f03\mstime.dll
+ 2010-06-10 23:33 . 2010-05-27 04:03 293888 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_aa6eef2ed4cb63a3\atmfd.dll
+ 2010-06-10 23:33 . 2010-05-27 03:49 293888 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_a9faf23bbb9d8bf7\atmfd.dll
+ 2010-06-10 23:33 . 2010-03-03 23:27 258048 c:\windows\winsxs\msil_system.security_b03f5f7f11d50a3a_6.1.7600.20659_none_59bd59fca437b8e4\System.Security.dll
+ 2010-06-10 23:33 . 2010-03-03 23:27 258048 c:\windows\winsxs\msil_system.security_b03f5f7f11d50a3a_6.1.7600.16543_none_708a89228a90a5c1\System.Security.dll
+ 2009-07-14 00:06 . 2009-07-14 01:16 229376 c:\windows\System32\WpdMtp.dll
+ 2009-07-14 02:05 . 2010-06-11 09:22 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-06-09 20:36 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-06-09 20:36 103496 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-06-11 09:22 103496 c:\windows\System32\perfc009.dat
- 2010-05-19 03:17 . 2010-02-23 07:55 606208 c:\windows\System32\mstime.dll
+ 2010-06-10 23:33 . 2010-05-06 12:41 606208 c:\windows\System32\mstime.dll
+ 2010-06-15 14:13 . 2010-06-15 14:13 231888 c:\windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
+ 2010-06-15 14:13 . 2010-06-15 14:13 311760 c:\windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.dll
- 2010-05-19 03:17 . 2010-02-23 07:55 381440 c:\windows\System32\iedkcs32.dll
+ 2010-06-10 23:33 . 2010-05-06 12:41 381440 c:\windows\System32\iedkcs32.dll
+ 2009-07-14 04:33 . 2010-06-11 09:17 410952 c:\windows\System32\FNTCACHE.DAT
- 2009-07-14 04:33 . 2010-06-03 20:09 410952 c:\windows\System32\FNTCACHE.DAT
+ 2009-07-14 04:50 . 2010-06-15 02:49 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2010-06-02 16:42 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 00:06 . 2009-07-14 01:16 844288 c:\windows\System32\drivers\UMDF\WpdMtpDr.dll
- 2010-05-19 03:09 . 2010-06-09 20:13 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-05-19 03:09 . 2010-06-12 01:23 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-06-10 23:33 . 2010-03-03 23:27 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\d312ae3c839cbbaf0153dd6a5e1a6876\System.Xml.Linq.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\75190fea57506849bf789217494660e3\System.Web.Routing.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\e7f4bffda6ebce2a4cf3320fc04e8e7e\System.Web.Entity.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\5b11305aa949234f873f71983d57f77e\System.Web.Entity.Design.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\abd91751d95244576ddc53a3cce944eb\System.Web.DynamicData.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\53f048195f4b5688931c0d8bbeae2d18\System.Security.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\5a0d704749575b5bbe1bdb700888a9da\System.Management.Instrumentation.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a201a3bb5864be6fb8a9a57372dc4ad5\System.Data.Services.Design.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\4add23d9336f2d0071b80d4813adfb31\System.Data.Services.Client.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\0abe8380288b819073d0a184ef6251d9\System.Data.Entity.Design.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9be269ddbd90e2652172f1de2363bb63\System.Data.DataSetExtensions.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aadfdc0e7d9181a98d667a52c3c35601\System.Configuration.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 184320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ffc5cbb91ee589818d2969a1609b427f\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 365056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d0cfe09afebf30fced26fae3fb99698c\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c78322c157cadf6938a427ffcc929c15\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 621568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bd9e458cc8bab9f92d776caaaacc80f1\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8c2dbc4d4331d23584c0065dea581dc5\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 161792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\76aa4404840d215f7eaa4e14eb456462\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\af847684cc1ad77356c79a6ecb5c471e\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\9cbc243dee555075b2c18cf8058d0583\Microsoft.PowerShell.Security.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\17d51c3685eb428873845eb2aadb650f\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 854528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\b66e3fec43bfb3895ff238282bb4ef2c\Microsoft.Office.Tools.Word.v9.0.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 268800 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\5dc627c9d46bc35bce59b801445a05ce\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 23:33 . 2010-03-03 23:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-06-10 23:33 . 2010-05-01 14:38 2327040 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20704_none_b9a8f17114b7fd91\win32k.sys
+ 2010-06-10 23:33 . 2010-05-01 14:49 2326528 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16585_none_b8c9d3a9fbda597f\win32k.sys
+ 2010-06-10 23:33 . 2010-05-06 12:47 5972992 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_2eb6d2b213590cc6\mshtml.dll
+ 2010-06-10 23:33 . 2010-05-06 12:41 5970944 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_2dd6b4a0fa7c4f5d\mshtml.dll
+ 2010-06-10 23:33 . 2010-05-06 12:48 1225728 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.20708_none_d056d7f1c7f97cfd\urlmon.dll
+ 2010-06-10 23:33 . 2010-05-06 12:42 1225216 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.7600.16588_none_cf76b9e0af1cbf94\urlmon.dll
- 2010-05-19 03:17 . 2010-02-23 07:55 1225216 c:\windows\System32\urlmon.dll
+ 2010-06-10 23:33 . 2010-05-06 12:42 1225216 c:\windows\System32\urlmon.dll
+ 2009-07-14 02:03 . 2010-06-15 10:58 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-06-09 14:31 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-06-10 23:33 . 2010-05-06 12:41 5970944 c:\windows\System32\mshtml.dll
+ 2009-07-14 04:34 . 2010-06-11 09:19 3834150 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2010-06-06 01:57 3834150 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-06-11 09:24 . 2010-06-11 09:24 2018304 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5ddad539120e3f4d1c66f22e51a39e3c\WindowsLive.Writer.CoreServices.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5a118423bf60e297c8d380df734887bd\WindowsBase.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 2400768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c5a910e7d4d44237fe9ca53e3ec96614\System.Web.Extensions.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f3d145b35bc659c63d4c15df62c2c178\System.IdentityModel.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c575d65bcb13c9bb68ea0fb4ecfc124\System.Deployment.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c5e39b9e9ddae1a66a56b178134101b8\System.Data.Services.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\26f30d536d6dec26af4df9f65ca5b985\System.Data.Linq.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\35c46b8b09a941690ccf8aaf790bfbe4\System.Data.Entity.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\2ce20cdf50b09576d2cbebefeeb74598\System.Core.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\643cafc707523bfdd8f7b9caa4b7f041\ReachFramework.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\880af99e4d198da712043f2126b22780\PresentationUI.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\8e8158455c281733289aa942017d7d41\MIGUIControls.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 1300992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\02bbddd81d072c935baea84da59fb52a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
+ 2010-06-11 09:25 . 2010-06-11 09:25 1354752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\e49801692ef418e5dd8b21dfa9fcf37c\Microsoft.Office.Tools.Excel.v9.0.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 4743168 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.Bu#\dad2d74b8e6685968c0dedf1a9ffda01\Microsoft.Office.BusinessApplications.SyncServices.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\ee83542ca5401ca64d53482f3c5e1a67\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\dd9316f65756bffc1d3442dfc67dab38\Microsoft.Build.Tasks.ni.dll
+ 2010-06-10 23:33 . 2010-05-06 12:47 10985984 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.20708_none_80162cb59f4e9af3\ieframe.dll
+ 2010-06-10 23:33 . 2010-05-06 12:41 10984448 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.7600.16588_none_7f360ea48671dd8a\ieframe.dll
+ 2009-07-14 07:18 . 2010-06-11 09:01 17474641 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
+ 2010-05-19 03:26 . 2010-05-28 19:37 32472008 c:\windows\System32\MRT.exe
+ 2010-06-10 23:33 . 2010-05-06 12:41 10984448 c:\windows\System32\ieframe.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2e2e31c87004468796d3defa1a1df011\System.Windows.Forms.ni.dll
+ 2010-06-11 09:24 . 2010-06-11 09:24 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8cdf06a9eeb0f4a3f64b1eaf38c6c13a\System.ServiceModel.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 14318592 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\568d4ff0d99acb515afb166de88d70e0\PresentationFramework.ni.dll
+ 2010-06-11 09:18 . 2010-06-11 09:18 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\000d37fb19609769186e2d467381d37f\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-13 119152]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]

c:\users\Grigo68\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-03-13 30576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-06-15 09:53:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-15 15:53
ComboFix2.txt 2010-06-09 20:38

Pre-Run: 260,398,432,256 bytes free
Post-Run: 259,914,121,216 bytes free

- - End Of File - - A8ACE1689E0AE0152C3840D1C4EA21A8


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 PM

Posted 15 June 2010 - 12:16 PM

Hello,
Please let me know how things are running now and what problems you still have.


P2P WARNING
-------------------
Going over your logs I noticed that you have LimeWire installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Canadian GRiNGo

Canadian GRiNGo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 June 2010 - 01:33 PM

Still the same problems, when I click on a link like the fast reply on this page a new google window pops up. And if I do a search from yahoo I get the reults.yahoo.ca then redirect, if I hit back then click the link I am searching for it works.

Thanks for your help,
Chad.

Scan under way.

Edited by Canadian GRiNGo, 15 June 2010 - 01:36 PM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 PM

Posted 15 June 2010 - 01:45 PM

Hello again, please try the following.
  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.
A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Canadian GRiNGo

Canadian GRiNGo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 June 2010 - 02:06 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4200

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/15/2010 12:57:30 PM
mbam-log-2010-06-15 (12-57-30).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 200276
Time elapsed: 19 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



13:04:26:977 1084 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
13:04:26:977 1084 ================================================================================
13:04:26:977 1084 SystemInfo:

13:04:26:977 1084 OS Version: 6.1.7600 ServicePack: 0.0
13:04:26:977 1084 Product type: Workstation
13:04:26:977 1084 ComputerName: GRIGO-68
13:04:26:977 1084 UserName: Grigo68
13:04:26:977 1084 Windows directory: C:\Windows
13:04:26:977 1084 Processor architecture: Intel x86
13:04:26:977 1084 Number of processors: 2
13:04:26:977 1084 Page size: 0x1000
13:04:26:977 1084 Boot type: Normal boot
13:04:26:977 1084 ================================================================================
13:04:27:211 1084 Initialize success
13:04:27:211 1084
13:04:27:211 1084 Scanning Services ...
13:04:27:804 1084 Raw services enum returned 438 services
13:04:27:804 1084
13:04:27:804 1084 Scanning Drivers ...
13:04:28:880 1084 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
13:04:28:896 1084 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
13:04:28:911 1084 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
13:04:28:927 1084 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:04:28:927 1084 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:04:28:942 1084 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:04:28:958 1084 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
13:04:28:974 1084 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
13:04:28:989 1084 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:04:29:005 1084 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
13:04:29:020 1084 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
13:04:29:052 1084 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
13:04:29:052 1084 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:04:29:067 1084 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:04:29:083 1084 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
13:04:29:083 1084 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:04:29:098 1084 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
13:04:29:114 1084 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
13:04:29:130 1084 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:04:29:145 1084 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:04:29:161 1084 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:04:29:176 1084 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
13:04:29:192 1084 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:04:29:223 1084 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:04:29:239 1084 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:04:29:254 1084 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:04:29:270 1084 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
13:04:29:270 1084 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:04:29:286 1084 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:04:29:286 1084 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:04:29:301 1084 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:04:29:301 1084 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:04:29:317 1084 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:04:29:332 1084 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:04:29:395 1084 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:04:29:395 1084 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
13:04:29:410 1084 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:04:29:442 1084 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:04:29:442 1084 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:04:29:457 1084 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
13:04:29:473 1084 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:04:29:488 1084 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:04:29:504 1084 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:04:29:504 1084 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:04:29:520 1084 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
13:04:29:520 1084 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:04:29:535 1084 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:04:29:566 1084 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:04:29:613 1084 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
13:04:29:676 1084 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:04:29:738 1084 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:04:29:769 1084 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
13:04:29:769 1084 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:04:29:785 1084 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:04:29:800 1084 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:04:29:816 1084 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:04:29:832 1084 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:04:29:847 1084 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:04:29:847 1084 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:04:29:863 1084 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:04:29:894 1084 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
13:04:29:910 1084 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:04:29:925 1084 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
13:04:29:941 1084 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:04:29:956 1084 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:04:29:972 1084 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
13:04:29:988 1084 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:04:29:988 1084 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:04:30:003 1084 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:04:30:003 1084 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:04:30:019 1084 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
13:04:30:034 1084 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:04:30:050 1084 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
13:04:30:066 1084 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
13:04:30:081 1084 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
13:04:30:112 1084 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
13:04:30:128 1084 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:04:30:144 1084 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
13:04:30:144 1084 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:04:30:159 1084 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:04:30:175 1084 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:04:30:175 1084 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:04:30:190 1084 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:04:30:206 1084 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
13:04:30:237 1084 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
13:04:30:253 1084 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:04:30:253 1084 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
13:04:30:284 1084 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
13:04:30:300 1084 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
13:04:30:331 1084 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
13:04:30:346 1084 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:04:30:346 1084 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:04:30:362 1084 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:04:30:393 1084 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:04:30:393 1084 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:04:30:409 1084 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:04:30:424 1084 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:04:30:440 1084 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:04:30:456 1084 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:04:30:471 1084 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:04:30:487 1084 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:04:30:487 1084 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:04:30:502 1084 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
13:04:30:534 1084 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\Windows\system32\DRIVERS\MpFilter.sys
13:04:30:549 1084 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
13:04:30:565 1084 MpNWMon (77075a384a94b83e19d78efbcf8a832e) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:04:30:596 1084 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:04:30:612 1084 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
13:04:30:627 1084 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:04:30:643 1084 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:04:30:658 1084 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:04:30:658 1084 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
13:04:30:674 1084 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
13:04:30:690 1084 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:04:30:705 1084 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:04:30:799 1084 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
13:04:30:846 1084 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
13:04:30:877 1084 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:04:30:877 1084 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:04:30:892 1084 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:04:30:892 1084 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:04:30:924 1084 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:04:30:924 1084 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:04:30:924 1084 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:04:30:955 1084 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
13:04:30:986 1084 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:04:31:002 1084 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:04:31:017 1084 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
13:04:31:017 1084 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:04:31:033 1084 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:04:31:048 1084 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
13:04:31:064 1084 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
13:04:31:080 1084 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
13:04:31:095 1084 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:04:31:095 1084 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
13:04:31:111 1084 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:04:31:126 1084 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:04:31:142 1084 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:04:31:173 1084 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
13:04:31:189 1084 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:04:31:220 1084 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
13:04:31:407 1084 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:04:31:579 1084 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
13:04:31:579 1084 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
13:04:31:594 1084 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
13:04:31:610 1084 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
13:04:31:626 1084 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:04:31:641 1084 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
13:04:31:641 1084 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:04:31:657 1084 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
13:04:31:672 1084 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
13:04:31:688 1084 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:04:31:719 1084 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
13:04:31:735 1084 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:04:31:750 1084 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:04:31:782 1084 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
13:04:31:797 1084 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:04:31:813 1084 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:04:31:828 1084 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:04:31:860 1084 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:04:31:875 1084 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:04:31:891 1084 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:04:31:906 1084 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:04:31:938 1084 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:04:31:953 1084 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:04:31:969 1084 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:04:31:969 1084 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:04:31:984 1084 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
13:04:31:984 1084 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:04:32:000 1084 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:04:32:016 1084 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:04:32:016 1084 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:04:32:031 1084 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
13:04:32:031 1084 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
13:04:32:062 1084 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:04:32:078 1084 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
13:04:32:078 1084 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
13:04:32:109 1084 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:04:32:125 1084 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:04:32:125 1084 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:04:32:140 1084 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:04:32:156 1084 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
13:04:32:172 1084 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:04:32:203 1084 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:04:32:203 1084 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:04:32:218 1084 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
13:04:32:234 1084 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:04:32:250 1084 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:04:32:265 1084 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:04:32:281 1084 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:04:32:312 1084 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
13:04:32:328 1084 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
13:04:32:343 1084 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
13:04:32:359 1084 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:04:32:374 1084 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
13:04:32:406 1084 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
13:04:32:421 1084 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
13:04:32:437 1084 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
13:04:32:452 1084 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
13:04:32:452 1084 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
13:04:32:468 1084 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
13:04:32:484 1084 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
13:04:32:499 1084 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:04:32:515 1084 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
13:04:32:515 1084 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:04:32:530 1084 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
13:04:32:530 1084 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:04:32:546 1084 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
13:04:32:546 1084 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:04:32:577 1084 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
13:04:32:608 1084 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
13:04:32:624 1084 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
13:04:32:640 1084 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
13:04:32:655 1084 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
13:04:32:671 1084 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
13:04:32:686 1084 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:04:32:718 1084 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:04:32:733 1084 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:04:32:749 1084 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
13:04:32:780 1084 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
13:04:32:796 1084 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:04:32:811 1084 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:04:32:827 1084 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:04:32:827 1084 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
13:04:32:842 1084 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
13:04:32:858 1084 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:04:32:874 1084 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
13:04:32:889 1084 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
13:04:32:905 1084 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:04:32:920 1084 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
13:04:32:936 1084 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:04:32:952 1084 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:04:32:983 1084 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:04:32:998 1084 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:04:32:998 1084 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:04:32:998 1084 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:04:33:014 1084 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:04:33:030 1084 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:04:33:045 1084 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:04:33:076 1084 WINUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.SYS
13:04:33:076 1084 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:04:33:092 1084 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:04:33:108 1084 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:04:33:139 1084 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:04:33:139 1084
13:04:33:139 1084 Completed
13:04:33:139 1084
13:04:33:139 1084 Results:
13:04:33:139 1084 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:04:33:139 1084 File objects infected / cured / cured on reboot: 0 / 0 / 0
13:04:33:139 1084
13:04:33:154 1084 KLMD(ARK) unloaded successfully


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 PM

Posted 15 June 2010 - 02:10 PM

Hi, could you please reset your router (it should have a button for that which can be pushed using a pen or something like that). Please see if this makes any difference.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Canadian GRiNGo

Canadian GRiNGo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 June 2010 - 02:17 PM

Well, now I feel stupid. All is better on both machines, was it a router ip address being captured or something?
Thanks for all your help, sorry for any ignorance on my part.

Chad

Edited by Canadian GRiNGo, 15 June 2010 - 02:17 PM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 PM

Posted 15 June 2010 - 02:24 PM

No problem Chad smile.gif

Routers get often targeted by malware. What you can do to prevent this, is change the default password.
.
Here is a bit more information:

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    QUOTE
    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

Lets also do one last scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push



regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Canadian GRiNGo

Canadian GRiNGo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 15 June 2010 - 04:43 PM

Thanks again Elise for all your help.


C:\Users\Grigo68\Music\Downloads\NEW_nero8321[tfile.ru]\Nero-8.3.2.1_all_update.exe Win32/Toolbar.AskSBar application deleted - quarantined


I have removed all traces off Nero and rescaned, okay!

Edited by Canadian GRiNGo, 15 June 2010 - 07:00 PM.


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 PM

Posted 16 June 2010 - 03:27 AM

Well done smile.gif

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,817 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:51 PM

Posted 25 June 2010 - 08:59 AM

Since this issue seems to be resolved, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users