Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect in Vista possibly Win32:Aluroot [Rtk]


  • This topic is locked This topic is locked
83 replies to this topic

#1 mhale

mhale

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 03 January 2012 - 09:23 PM

I'm running Windows Vista on a toshiba laptop. Redirects started approc 12-15-11. McAffe was installed and did not correct. Other attempts with Power Eraser, Search and Destroy and Malwarebytes did not remove it. Search and destroy did appear to remove it for a day or so. The restore points before the noticed infection are gone(erased?) and access to windows defender and firewall is unavailable (i.e. i get an error)

I posted on Am I infected.. and was helped by Broni http://www.bleepingcomputer.com/forums/topic435870.html/page__gopid__2536153#entry2536153


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by cubstuff at 18:14:00 on 2012-01-02
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.940 [GMT -6:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPag2.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Window Shopper: {74f475fa-6c75-43bd-aab9-ecda6184f600} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111213184739.dll
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPag2.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPag2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Google Update] "c:\users\cubstuff\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bodyme~1.lnk - c:\program files\bodymedia\sync\BodyMediaSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\superfish\window shopper\SuperfishIEAddon.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265942087663
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/70.22/uploader2.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3D727DAE-E9C3-493F-B8FE-222CE5289741} : DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-3-6 20384]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-12-13 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-12-13 165032]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-13 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-13 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-13 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-13 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-13 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-13 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-13 148520]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-12-13 56064]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-13 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-13 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-13 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-27 1153368]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-3-10 20032]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-3-6 954368]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-13 84488]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-02 23:57:28 -------- d-----w- c:\users\cubstuff\appdata\local\CrashDumps
2011-12-30 05:46:15 -------- d-----w- c:\users\cubstuff\appdata\roaming\.minecraft
2011-12-28 00:59:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-28 00:59:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-18 20:21:21 -------- d-----w- c:\users\cubstuff\appdata\local\NPE
2011-12-18 20:21:21 -------- d-----w- c:\programdata\Norton
2011-12-15 16:11:34 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 16:11:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 16:11:30 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 16:11:28 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 16:11:25 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 16:11:05 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 16:10:30 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 00:47:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-14 00:47:33 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-14 00:47:33 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-14 00:47:32 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-14 00:47:31 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-14 00:47:31 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-14 00:47:31 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-14 00:47:30 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-14 00:47:21 -------- d-----w- c:\program files\common files\Mcafee
2011-12-14 00:47:20 -------- d-----w- c:\program files\McAfee.com
2011-12-14 00:47:17 -------- d-----w- c:\program files\McAfee
2011-12-14 00:37:23 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-13 23:14:46 22032 ----a-w- c:\windows\DCEBoot.exe
2011-12-13 23:14:46 102400 ----a-w- c:\windows\RegBootClean.exe
2011-12-13 22:59:39 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-09 18:07:35 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6f712cb7-9067-468f-a9fb-8176fcac8aab}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-13 22:41:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 18:17:41.94 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-03 06:11:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO
Running: 3l9qymr9.exe; Driver: C:\Users\cubstuff\AppData\Local\Temp\kwdyrpog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x82B80D48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x82B80D72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x82B80D5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x82B80D34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82475982 5 Bytes JMP 82B80D38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8263B143 5 Bytes JMP 82B80D76 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8265A89A 7 Bytes JMP 82B80D4C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8265AB5D 5 Bytes JMP 82B80D62 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? System32\drivers\auwmpdyg.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88353480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88394900, 0x3CA, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 0095000A
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00950036
.text C:\Windows\system32\svchost.exe[752] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00730084
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00730073
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 007300B0
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 0073009F
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00730F7E
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00730025
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00730FD4
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00730F52
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00730F9B
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00730047
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExA 75B09554 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00730058
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00730036
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00730F63
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 007300CB
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileW 75B2B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00730FEF
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00730000
.text C:\Windows\system32\svchost.exe[752] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00730F23
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00D00FA1
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!system 7762804B 5 Bytes JMP 00D0002C
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00D00FCD
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_open 7762D106 5 Bytes JMP 00D00000
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00D00FBC
.text C:\Windows\system32\svchost.exe[752] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00D00011
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00940051
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00940025
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00940FE5
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00940040
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00940062
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00940014
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00940FD4
.text C:\Windows\system32\svchost.exe[752] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00940FC3
.text C:\Windows\system32\svchost.exe[752] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00CF0FE5
.text C:\Windows\System32\svchost.exe[776] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 005A0FE5
.text C:\Windows\System32\svchost.exe[776] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 005A0FAF
.text C:\Windows\System32\svchost.exe[776] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 005A0FD4
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 002D00C1
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 002D0F85
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 002D0F45
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 002D0F56
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 002D0FA0
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 002D001B
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 002D0036
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 002D00B0
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 002D007A
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 002D0058
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 002D0069
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 002D0047
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 002D0095
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 002D0F34
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 002D000A
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 002D0FEF
.text C:\Windows\System32\svchost.exe[776] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 002D00D2
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 005B0F9C
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!system 7762804B 5 Bytes JMP 005B0FB7
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 005B0FE3
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_open 7762D106 5 Bytes JMP 005B000C
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 005B0FC8
.text C:\Windows\System32\svchost.exe[776] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 005B001D
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 002E0076
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 002E0040
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 002E0000
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 002E0065
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 002E0FB9
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 002E0FE5
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 002E001B
.text C:\Windows\System32\svchost.exe[776] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\services.exe[784] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00320FEF
.text C:\Windows\system32\services.exe[784] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00320FC3
.text C:\Windows\system32\services.exe[784] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00320FD4
.text C:\Windows\system32\services.exe[784] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00310F6D
.text C:\Windows\system32\services.exe[784] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 003100BD
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00310F4B
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00310F5C
.text C:\Windows\system32\services.exe[784] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00310F9C
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0031000A
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00310FB9
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 003100A2
.text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00310076
.text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0031004A
.text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 0031005B
.text C:\Windows\system32\services.exe[784] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 0031002F
.text C:\Windows\system32\services.exe[784] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00310091
.text C:\Windows\system32\services.exe[784] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00310F30
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00310FD4
.text C:\Windows\system32\services.exe[784] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00310FE5
.text C:\Windows\system32\services.exe[784] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 003100CE
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00330040
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00330F9E
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00330FEF
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00330025
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00330051
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00330FB9
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00330FD4
.text C:\Windows\system32\services.exe[784] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 0033000A
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00360029
.text C:\Windows\system32\services.exe[784] msvcrt.dll!system 7762804B 5 Bytes JMP 00360FA8
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00360FDE
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_open 7762D106 5 Bytes JMP 00360FEF
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00360FB9
.text C:\Windows\system32\services.exe[784] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00360018
.text C:\Windows\system32\services.exe[784] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00350000
.text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00340000
.text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00340FDB
.text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00340011
.text C:\Windows\system32\services.exe[784] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00340FCA
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 001F0000
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 001F002C
.text C:\Windows\system32\lsass.exe[796] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 001F001B
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 001E0F50
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 001E0F61
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 001E0F2E
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 001E0F3F
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 001E0F94
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 001E001B
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 001E0F72
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 001E0FAF
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 001E005B
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 001E006C
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 001E0036
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 001E0F83
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 001E0F1D
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\lsass.exe[796] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 001E00B1
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExA 75D539AB 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00200FAF
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00200040
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00200051
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00200F94
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0020001B
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 0020000A
.text C:\Windows\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00200FCA
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00950053
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!system 7762804B 5 Bytes JMP 00950042
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00950FD2
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_open 7762D106 5 Bytes JMP 00950FEF
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00950027
.text C:\Windows\system32\lsass.exe[796] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 0095000C
.text C:\Windows\system32\lsass.exe[796] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00940FE5
.text C:\Windows\system32\lsass.exe[796] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00540000
.text C:\Windows\system32\lsass.exe[796] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00540025
.text C:\Windows\system32\lsass.exe[796] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00540FE5
.text C:\Windows\system32\lsass.exe[796] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00540FD4
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 001D0FEF
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[996] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 001C007D
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 001C0062
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 001C0F01
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 001C0F1C
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 001C0F41
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 001C0FAF
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 001C0051
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 001C0F68
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 001C0F83
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 001C0025
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 001C0F94
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 001C0036
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 001C0EF0
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 001C0098
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 002C0038
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!system 7762804B 5 Bytes JMP 002C0027
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 002C0FD2
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_open 7762D106 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 002C0FB7
.text C:\Windows\system32\svchost.exe[996] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 002C000C
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 001E006C
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 001E0051
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 001E007D
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 001E001B
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 001E0040
.text C:\Windows\system32\svchost.exe[996] WS2_32.dll!socket 775A36D1 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00750FEF
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00750FCA
.text C:\Windows\system32\svchost.exe[1092] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 0075000A
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00740087
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00740076
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 007400B3
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00740F1C
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00740F6D
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0074000A
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00740FB9
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00740F41
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00740051
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0074001B
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00740036
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00740F9E
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00740F5C
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 007400D8
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00740FD4
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00740FE5
.text C:\Windows\system32\svchost.exe[1092] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00740098
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00A8002F
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!system 7762804B 5 Bytes JMP 00A80F9A
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00A80FC6
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_open 7762D106 5 Bytes JMP 00A80000
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00A80FB5
.text C:\Windows\system32\svchost.exe[1092] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00A80FE3
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00760062
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00760FCA
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00760051
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00760073
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00760011
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00760000
.text C:\Windows\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 0076002C
.text C:\Windows\system32\svchost.exe[1092] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00A70000
.text C:\Windows\system32\svchost.exe[1092] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00770000
.text C:\Windows\system32\svchost.exe[1092] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00770025
.text C:\Windows\system32\svchost.exe[1092] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00770FE5
.text C:\Windows\system32\svchost.exe[1092] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00770040
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00FE0FCA
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00FE0FE5
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00B200A4
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00B20089
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00B20F28
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00B20F39
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00B20064
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00B20011
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00B20FB6
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00B20F54
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00B20F80
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00B20F9B
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00B20033
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00B20022
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00B20F6F
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00B200DA
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00B20000
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00B20FE5
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00B200B5
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 01FA003B
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!system 7762804B 5 Bytes JMP 01FA0020
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 01FA0FC1
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_open 7762D106 5 Bytes JMP 01FA0FEF
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 01FA0FA6
.text C:\Windows\System32\svchost.exe[1128] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 01FA0FD2
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00FF004A
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00FF0FCD
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00FF000A
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00FF0FA8
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00FF005B
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00FF0FEF
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00FF001B
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00FF0FDE
.text C:\Windows\System32\svchost.exe[1128] WS2_32.dll!socket 775A36D1 5 Bytes JMP 01F90000
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 01F00FEF
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 01F00FB9
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 01F00FCA
.text C:\Windows\System32\svchost.exe[1128] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 01F00000
.text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 01020FE5
.text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 01020011
.text C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 01020000
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00D5007D
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00D5006C
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00D50F12
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00D500A9
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00D50F5C
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00D50FD4
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00D50FB9
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00D50051
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00D50040
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00D50F8D
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00D50025
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00D50FA8
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00D50F4B
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00D50F01
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00D5000A
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00D50FEF
.text C:\Windows\System32\svchost.exe[1232] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00D5008E
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 0160005D
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!system 7762804B 5 Bytes JMP 0160004C
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 01600027
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_open 7762D106 5 Bytes JMP 01600000
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 01600FD2
.text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 01600FEF
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 01590039
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 01590FB2
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 0159000A
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 01590F97
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 01590F7C
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 01590FDE
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 01590FEF
.text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 01590FCD
.text C:\Windows\System32\svchost.exe[1232] WS2_32.dll!socket 775A36D1 5 Bytes JMP 015F000A
.text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 015E0FEF
.text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 015E002F
.text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 015E0014
.text C:\Windows\System32\svchost.exe[1232] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 015E0FDE
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 014C0000
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 014C0FE5
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 014C001B
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory 774854C4 5 Bytes JMP 00D6000A
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!KiUserExceptionDispatcher 77485BF8 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 01470071
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 01470F2B
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 01470EF5
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 01470F06
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 01470F72
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0147000A
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 01470FB9
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 01470F3C
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 01470F83
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0147002F
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 01470040
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 01470FA8
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 01470F57
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 01470EDA
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 01470FD4
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 01470FEF
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 01470082
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 01540FBE
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!system 7762804B 5 Bytes JMP 0154003F
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 01540FD9
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_open 7762D106 5 Bytes JMP 01540000
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 0154002E
.text C:\Windows\system32\svchost.exe[1256] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 0154001D
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 014D0047
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 014D0036
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 014D0FE5
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 014D0FA5
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 014D0062
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 014D001B
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 014D0000
.text C:\Windows\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 014D0FC0
.text C:\Windows\system32\svchost.exe[1256] WS2_32.dll!socket 775A36D1 5 Bytes JMP 01530FEF
.text C:\Windows\system32\svchost.exe[1256] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 0152000A
.text C:\Windows\system32\svchost.exe[1256] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 01520036
.text C:\Windows\system32\svchost.exe[1256] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 0152001B
.text C:\Windows\system32\svchost.exe[1256] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 01520FE5
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00120FDE
.text C:\Windows\system32\svchost.exe[1400] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 000F0084
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 000F0073
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 75AE1BF3 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 000F0EF7
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000F0F08
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 000F003D
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 000F0FCA
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 000F0058
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 000F0F63
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 000F0F8A
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 000F002C
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 000F0FA5
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 000F0F48
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000F0EDC
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 75B2B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 000F000A
.text C:\Windows\system32\svchost.exe[1400] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 000F0F19
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00140FA6
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!system 7762804B 5 Bytes JMP 00140FB7
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00140FD2
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_open 7762D106 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00140027
.text C:\Windows\system32\svchost.exe[1400] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 0014000C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00110098
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00110058
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 0011007D
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00110FDB
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0011002C
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00110011
.text C:\Windows\system32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00110047
.text C:\Windows\system32\svchost.exe[1400] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00130000
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 0091001B
.text C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 008F0F36
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 008F007C
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 008F00BC
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 008F0F25
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 008F0F80
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 008F0022
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 008F0FC7
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 008F006B
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 008F005A
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 008F0FA2
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 008F0F91
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 008F0033
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 008F0F65
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 008F0F0A
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 008F0011
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[1464] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 008F00A1
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00DB0073
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!system 7762804B 5 Bytes JMP 00DB0062
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00DB002C
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_open 7762D106 5 Bytes JMP 00DB0000
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00DB0047
.text C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00DB0011
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00900047
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00900FC0
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00900000
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00900FA5
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00900062
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0090002C
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 0090001B
.text C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00900FE5
.text C:\Windows\system32\svchost.exe[1464] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00930000
.text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00920FE5
.text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00920FB9
.text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00920FD4
.text C:\Windows\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00920FA8
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00F90000
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00F9001B
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00F90FE5
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00F70F18
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00F70F29
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00F70EF3
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 00F7008A
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00F70040
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00F70FD4
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00F70FB9
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00F70F3A
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00F70F72
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00F7002F
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00F70F83
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00F70FA8
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00F70F4B
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00F700A5
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileW 75B2B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00F70FEF
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00F7000A
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00F70079
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 028F0FEF
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!system 7762804B 5 Bytes JMP 028F007A
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 028F003A
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_open 7762D106 5 Bytes JMP 028F000C
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 028F0055
.text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 028F001D
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00F8002C
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00F80FA5
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00F80000
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00F80F8A
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00F80F65
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00F80FCA
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00F80FDB
.text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00F8001B
.text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!socket 775A36D1 5 Bytes JMP 02880FEF
.text C:\Windows\system32\svchost.exe[1588] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00FA0000
.text C:\Windows\system32\svchost.exe[1588] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1588] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00FA0FE5
.text C:\Windows\system32\svchost.exe[1588] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00FA0FCA
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1984] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 6D789AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1984] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 6D789A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[2368] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 000B0FEF
.text C:\Windows\System32\svchost.exe[2368] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 000B0FC3
.text C:\Windows\System32\svchost.exe[2368] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 000B0FDE
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 000500A4
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00050089
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00050F25
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000500C6
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 0005005D
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00050FCA
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00050FAF
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00050F68
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 0005004C
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00050F8D
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 0005002F
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00050F9E
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 0005006E
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 00050F14
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00050FE5
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[2368] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 000500B5
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 000D0F81
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!system 7762804B 5 Bytes JMP 000D0F9C
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 000D000C
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_open 7762D106 5 Bytes JMP 000D0FEF
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 000D0FAD
.text C:\Windows\System32\svchost.exe[2368] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 000D0FDE
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 000A0F7C
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 000A0F97
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 000A0FE5
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 000A001E
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 000A0039
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 000A0FC3
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 000A0FD4
.text C:\Windows\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 000A0FA8
.text C:\Windows\Explorer.EXE[3328] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 02740000
.text C:\Windows\Explorer.EXE[3328] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 02740036
.text C:\Windows\Explorer.EXE[3328] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 02740011
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 02640F1C
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 02640062
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 02640EF0
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 02640087
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 02640F52
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 02640FE5
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 02640FCA
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 02640047
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 02640F6F
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 0264002C
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 02640F8A
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 02640FA5
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 02640F37
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 026400AC
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0264001B
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 02640000
.text C:\Windows\Explorer.EXE[3328] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 02640F0B
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 02720039
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 02720FA8
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 02720FEF
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 02720F97
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 02720054
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0272000A
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 02720FDE
.text C:\Windows\Explorer.EXE[3328] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 02720FB9
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 02780FBE
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!system 7762804B 5 Bytes JMP 02780FD9
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 0278002E
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_open 7762D106 5 Bytes JMP 0278000C
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 02780049
.text C:\Windows\Explorer.EXE[3328] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 0278001D
.text C:\Windows\Explorer.EXE[3328] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 02730000
.text C:\Windows\Explorer.EXE[3328] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 0273001B
.text C:\Windows\Explorer.EXE[3328] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 02730FE5
.text C:\Windows\Explorer.EXE[3328] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 0273002C
.text C:\Windows\Explorer.EXE[3328] WS2_32.dll!socket 775A36D1 5 Bytes JMP 02750FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00880000
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00880FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00880011
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00020F30
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00020076
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00020F15
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000200AC
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 0002005B
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0002001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00020FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00020F41
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00020F81
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00020FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes


Thanks for Your Help!

BC AdBot (Login to Remove)

 


#2 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 03 January 2012 - 09:26 PM

DDS cont

JMP 00020F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00020036
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00020F66
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000200BD
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 0002000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00020FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00020091
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00860065
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00860FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 0086000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00860FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00860076
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00860025
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00860FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00860040
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!EnableWindow 75F3CD8B 5 Bytes JMP 6A979A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!DialogBoxParamW 75F610B0 5 Bytes JMP 6A8D170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!DialogBoxIndirectParamW 75F62EF5 5 Bytes JMP 6AAC62BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!DialogBoxParamA 75F78152 5 Bytes JMP 6AAC6259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!DialogBoxIndirectParamA 75F7847D 5 Bytes JMP 6AAC6323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!MessageBoxIndirectA 75F8D4D9 5 Bytes JMP 6AAC61E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!MessageBoxIndirectW 75F8D5D3 5 Bytes JMP 6AAC6167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!MessageBoxExA 75F8D639 5 Bytes JMP 6AAC6103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] USER32.dll!MessageBoxExW 75F8D65D 5 Bytes JMP 6AAC609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 009C004A
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!system 7762804B 5 Bytes JMP 009C0FB5
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 009C0011
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_open 7762D106 5 Bytes JMP 009C0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 009C0FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 009C0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00870000
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00870040
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 0087001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00870051
.text C:\Program Files\Internet Explorer\iexplore.exe[4500] WS2_32.dll!socket 775A36D1 5 Bytes JMP 0089000A
.text C:\Windows\system32\svchost.exe[4520] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[4520] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00330022
.text C:\Windows\system32\svchost.exe[4520] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00330011
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 00020F5F
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 000200A5
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 00020F1F
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000200B6
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 0002008A
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 0002002F
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00020FDE
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00020F70
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00020FB2
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00020054
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 0002006F
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00020FCD
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00020F95
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000200DB
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00020014
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00020FEF
.text C:\Windows\system32\svchost.exe[4520] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00020F44
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00350F9A
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!system 7762804B 5 Bytes JMP 00350025
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 00350000
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_open 7762D106 5 Bytes JMP 00350FEF
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 00350FAB
.text C:\Windows\system32\svchost.exe[4520] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00350FC6
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 0032002F
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00320014
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 00320F83
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00320040
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 00320FC3
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00320FDE
.text C:\Windows\system32\svchost.exe[4520] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00320FB2
.text C:\Windows\system32\svchost.exe[4520] WS2_32.dll!socket 775A36D1 5 Bytes JMP 00340FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ntdll.dll!NtCreateFile 77484224 5 Bytes JMP 00040000
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ntdll.dll!NtCreateProcess 774842E4 5 Bytes JMP 00040FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ntdll.dll!NtProtectVirtualMemory 77484B84 5 Bytes JMP 00040FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!GetStartupInfoW 75AE1929 5 Bytes JMP 0001008A
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!GetStartupInfoA 75AE19C9 5 Bytes JMP 00010079
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateProcessW 75AE1BF3 5 Bytes JMP 000100B6
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateProcessA 75AE1C28 5 Bytes JMP 000100A5
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!VirtualProtect 75AE1DC3 5 Bytes JMP 00010F7A
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateNamedPipeA 75AE2EF5 5 Bytes JMP 00010FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateNamedPipeW 75AE5C0C 5 Bytes JMP 00010FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreatePipe 75B08F06 5 Bytes JMP 00010F4E
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!LoadLibraryExW 75B0927C 5 Bytes JMP 00010F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!LoadLibraryW 75B09400 5 Bytes JMP 00010FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!LoadLibraryExA 75B09554 5 Bytes JMP 00010054
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!LoadLibraryA 75B0957C 5 Bytes JMP 00010039
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!VirtualProtectEx 75B0DC52 5 Bytes JMP 00010F69
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!GetProcAddress 75B2925B 5 Bytes JMP 000100C7
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateFileW 75B2B0EB 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateFileW 75B2B0EB 5 Bytes JMP 00010FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateThread 75B2CB2E 5 Bytes JMP 6A937303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!CreateFileA 75B2D07F 5 Bytes JMP 00010000
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] kernel32.dll!WinExec 75B760CF 5 Bytes JMP 00010F29
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegCreateKeyExA 75D539AB 5 Bytes JMP 00070036
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegCreateKeyA 75D53BA9 5 Bytes JMP 00070F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegOpenKeyA 75D589C7 5 Bytes JMP 00070FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegCreateKeyW 75D6391E 5 Bytes JMP 0007001B
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegCreateKeyExW 75D641F1 5 Bytes JMP 00070051
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegOpenKeyExA 75D67C42 5 Bytes JMP 0007000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegOpenKeyW 75D6E2B5 5 Bytes JMP 00070FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ADVAPI32.dll!RegOpenKeyExW 75D77BA1 5 Bytes JMP 00070FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogParamW 75F372A2 5 Bytes JMP 6AAC6628 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!GetAsyncKeyState 75F3863C 5 Bytes JMP 6A91DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetWindowsHookExW 75F387AD 5 Bytes JMP 6A972194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CallNextHookEx 75F38E3B 5 Bytes JMP 6A997BB7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!UnhookWindowsHookEx 75F398DB 5 Bytes JMP 6A9BEB74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!EnableWindow 75F3CD8B 5 Bytes JMP 6A979A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DefWindowProcA 75F3DB88 7 Bytes JMP 6A93952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateWindowExA 75F3DC2A 5 Bytes JMP 6A943363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateWindowExW 75F41305 5 Bytes JMP 6A99FF8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!GetKeyState 75F48CB1 5 Bytes JMP 6A91DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DefWindowProcW 75F503B4 7 Bytes JMP 6A997C1A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessageW 75F50745 5 Bytes JMP 6AAC6D82 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogParamA 75F517AA 5 Bytes JMP 6AAC65F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessage 75F51847 2 Bytes JMP 6AAC6D5A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!IsDialogMessage + 3 75F5184A 2 Bytes [B7, F4] {MOV BH, 0xf4}
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogIndirectParamA 75F526F1 5 Bytes JMP 6AAC6660 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!CreateDialogIndirectParamW 75F59A62 5 Bytes JMP 6AAC6698 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetKeyboardState 75F60987 5 Bytes JMP 6AAC7649 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamW 75F610B0 5 Bytes JMP 6A8D170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamW 75F62EF5 5 Bytes JMP 6AAC62BE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SendInput 75F62F75 5 Bytes JMP 6AAC75F1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!EndDialog 75F6326E 5 Bytes JMP 6AAC702E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!SetCursorPos 75F76FB2 5 Bytes JMP 6AAC76CA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxParamA 75F78152 5 Bytes JMP 6AAC6259 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!DialogBoxIndirectParamA 75F7847D 5 Bytes JMP 6AAC6323 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectA 75F8D4D9 5 Bytes JMP 6AAC61E0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxIndirectW 75F8D5D3 5 Bytes JMP 6AAC6167 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExA 75F8D639 5 Bytes JMP 6AAC6103 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!MessageBoxExW 75F8D65D 5 Bytes JMP 6AAC609F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] USER32.dll!keybd_event 75F8D972 5 Bytes JMP 6AAC75AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_wsystem 77627F2F 5 Bytes JMP 00080FAD
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!system 7762804B 5 Bytes JMP 00080FBE
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_creat 7762BBE1 5 Bytes JMP 0008001D
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_open 7762D106 5 Bytes JMP 00080000
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_wcreat 7762D326 5 Bytes JMP 0008002E
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] msvcrt.dll!_wopen 7762D501 5 Bytes JMP 00080FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] SHELL32.dll!SHRestricted + D95 763389A8 4 Bytes [CF, 01, B9, 63]
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] SHELL32.dll!SHRestricted + D9D 763389B0 8 Bytes [E0, 61, B8, 63, 79, F7, B8, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] ole32.dll!OleLoadFromStream 760C1E80 5 Bytes JMP 6AAC6A8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WININET.dll!InternetOpenA 75E34E3C 5 Bytes JMP 00090FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WININET.dll!InternetOpenUrlA 75E3BFDE 5 Bytes JMP 00090FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WININET.dll!InternetOpenW 75E6C126 5 Bytes JMP 00090FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WININET.dll!InternetOpenUrlW 75E9D8D2 5 Bytes JMP 00090FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[6128] WS2_32.dll!socket 775A36D1 5 Bytes JMP 001B0FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe[256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe[256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe[256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe[256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\mfevtps.exe[532] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0024A4B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[532] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0024A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[856] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxsrvc.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01582F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxsrvc.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01582D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxsrvc.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01582CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxsrvc.exe[956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01582CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[1948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[1948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[1948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\RtHDVCpl.exe[1948] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00882F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00882D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00882CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00882CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CE2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CE2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CE2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2380] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CE2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01AE2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01AE2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01AE2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01AE2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01152F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01152D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01152CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01152CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3024] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002D2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002D2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00242F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00242D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00242CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00242CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001A2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001A2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001A2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3240] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001A2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00232F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00232D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00232CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3328] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00232CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01652F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01652D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01652CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3344] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01652CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3436] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [021B2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [021B2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [021B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[3500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [021B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\sdclt.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016B2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\sdclt.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [016B2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\sdclt.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\sdclt.exe[3652] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00282F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00282D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00282CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3748] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00282CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001D2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001D2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxtray.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxtray.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxtray.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxtray.exe[3980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\hkcmd.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\hkcmd.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\hkcmd.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\hkcmd.exe[3992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxpers.exe[4028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxpers.exe[4028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxpers.exe[4028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\igfxpers.exe[4028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001D2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001D2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe[4108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe[4108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe[4108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe[4108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00832F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00832D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00832CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4500] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00832CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[4564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01E02F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01E02D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01E02CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01E02CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxext.exe[5496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxext.exe[5496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxext.exe[5496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\igfxext.exe[5496] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00252F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00252D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00252CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5604] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00252CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [63B9BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [63B9E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [63B97F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63B9F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [63BA07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63B9B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63B9ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63B91555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [63B90E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [63B860B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [63B87278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [63BA33C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [63B919CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [63B86692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [63B9BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [63B9F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [63BA072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [63BA07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [63B90ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [63B9EFD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [63B99229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [63B9E73F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [63B9ECFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [63B9C6B1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [63B85F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [63B9F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [63B9939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [63B86291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [63B9E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [63B9EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [63B9DFBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [63B97BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [63B97F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [63B8F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [63B9E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [63B9B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [63B9ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [63B9AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [63B9939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [63BA07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [63B85F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [63B99229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [63B8F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [63B9F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [63BA072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [63B9F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [63B90ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [63B9D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [63B9D557] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [63B86692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [63BA2FB4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [63BA327D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63BA3B2F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [63B8EEBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [63B919CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [63B860B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [63B90859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [63BA3983] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [63BA33C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63B91555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [63B87278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [63B90E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [63BA3E89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [63B8F30B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [63BA3FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [63BA3D27] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [63B8FCC5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [63B9A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [63BA07CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [63B9E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [63B9A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [63B9B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63B9B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [63B9C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63B9F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [63B9BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [63B99F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [63B97F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [63B9E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [63B99AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [63B90ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [63B9A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63B9ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [63B9EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [63B86291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [63B9939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [63B85F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [63B9E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [63B99C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [63B9968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [63B9997F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [63B9CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [63B9D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [63B9D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [63BA0DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [63B8F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [63B8F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [63BA0D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [63BA1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [63BA1095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [63B8FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [63BA12D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [63B8FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [63BA1542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [63BA1590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [63BA1C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [63BA1191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [63BA1BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [63BA19EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [63B8E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [63BA1B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [63BA136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [63BA162F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [63BA1284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [63BA194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [63BA0F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [63BA2769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [63BA2937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [63B87430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [63B90178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [63B8FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [63B84984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [63BA140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [63BA17B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [63BA171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [63BA1CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [63BA18A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [63B8FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [63B85D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [63B84927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [63BA0F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [63BA2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [63BA2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [63BA20D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [63BA218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [63B90123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [63BA1F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [63B98C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [63B9F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [63B9FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [63B85EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [63B9029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [63B97F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [63B9C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [63B99C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [63B9968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [63B863E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63B84E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [63B85F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63B86D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [63B8F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [63BA1F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [63BA2028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [63BA2B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [63BA2B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [63B90178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [63B864C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [63B84CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [63B84927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [63B84984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [63B86528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[6128] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [63B847BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Users\cubstuff\Desktop\3l9qymr9.exe[7528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00262F30] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\cubstuff\Desktop\3l9qymr9.exe[7528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00262D00] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\cubstuff\Desktop\3l9qymr9.exe[7528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00262CA0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\cubstuff\Desktop\3l9qymr9.exe[7528] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00262CD0] C:\Windows\TEMP\logishrd\LVPrcInj0a.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

#3 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 03 January 2012 - 09:28 PM

and the rest



---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB33361$\3620296088 0 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\@ 2048 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\bckfg.tmp 863 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\keywords 199 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\L 0 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\L\ogejidap 66560 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U 0 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB33361$\3620296088\U\80000032.@ 77312 bytes
File C:\Windows\$NtUninstallKB33361$\3699975985 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\adsCAH9FQX8.js 1285 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\eventCAOO7X3I.js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\eventCACHTUMV.js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\ptj[2].js 164 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\1735548935@x10[1].js 228 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNIM9FYW\1845346795@Top1[1].js 225 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\1011_104_USA_728090A[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\travelguard_worryless_728x90_101[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\MY[1].png 938 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=160a;exp=0;adnt=1;tile=4;sz=160x600;ord=4563002368726963[1].htm 439 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=160a;exp=0;adnt=1;tile=4;sz=160x600;ord=6211430334976251[1].htm 439 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=300b;adnt=1;tile=2;sz=300x250;exp=0;ord=3582122134621891[1].htm 442 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=728b;exp=0;adnt=1;dcopt=ist;tile=4;sz=728x90;ord=8096711807510601[1].htm 708 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\misc;pos=728b;exp=0;adnt=1;dcopt=ist;tile=4;sz=728x90;ord=8430009504959254[1].htm 708 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\adsCAAKEN32.js 9070 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\border-9df07ad724e04b139b2d875cf3cfa8ce[1].png 163 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\super-mario-brothers_large[1].jpg 13678 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\super-mario-brothers_large[2].jpg 6651 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\super-mario-brothers_medium[1].jpg 2479 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\super-mario-brothers_medium[2].jpg 2479 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\dbg;s1=dbg;s2=haywire;sz=320x240;ord=31251c8bdb314b579f5c53cb6fe474a2[1].asx 259 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\370819_100000537319823_1418661541_q[1].jpg 2427 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3TOCHHC\button-tumblr-48px-5a8f7993723be66121c233fe317963c9[1].png 2489 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MNQL5F4Q.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8OAB1P0Z.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\96QR1RHG.txt 502 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3PMJC2A3.txt 72 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7S68V6Y8.txt 281 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0H4VPZJ4.txt 78 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ACA3YLZW.txt 475 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\AD0F717L.txt 805 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KN07QGR6.txt 680 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3W45VBVF.txt 86 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0UH498NP.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GK063BHU.txt 777 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W9OGNP7B.txt 617 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WA1B8HKD.txt 322 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FZFA9P6R.txt 456 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\ID3Z39R6.txt 690 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NMVD8TRW.txt 201 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EKBQN9S2.txt 1205 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5SWC1KR9.txt 111 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9B2Z6Q4O.txt 344 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L5R8RBV6.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H6T09RQW.txt 604 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\22HT8IME.txt 192 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C6GKE7Q2.txt 1831 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GQDFU0LD.txt 428 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GRV3IHT6.txt 104 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Y4Y46MZZ.txt 223 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\T6M2KZZM.txt 514 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DEHA653K.txt 92 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\F8YP22DY.txt 180 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5DF6DUIW.txt 1006 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\N7XPYXE0.txt 362 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KZ7N2L4G.txt 1831 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KZHBBSR1.txt 1528 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EITDGXVC.txt 115 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OE5JWIV4.txt 84 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OURNS3G3.txt 1946 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J9WYGMBR.txt 430 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\J9Z3L2HU.txt 1377 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3NP8V1IH.txt 108 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3O90C22X.txt 271 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W70A0JAF.txt 90 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7Q660R6L.txt 2364 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4Z4LCS7I.txt 2025 bytes
File C:\Windows\Temp\fla6426.tmp 1841281 bytes

---- EOF - GMER 1.0.15 ----

#4 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 03 January 2012 - 09:33 PM

Attached File  Attach.txt   16.68KB   1 downloadsand the attach. Sorry for the multiple posts.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 07 January 2012 - 01:39 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 January 2012 - 01:40 PM

After combofix was scanning about 40 minutes, i got the error message Freeware implementation of XCACLS has stopped working. I hit the red x on the message instead of "close program". Combofix window is still up.... What now?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 07 January 2012 - 02:25 PM

Hello


go ahead and stop combofix if it is not progressing and do this


Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 January 2012 - 03:04 PM

Gringo- I've forgotten to tell you thank you for you help. I know you're busy and I appreciate what you do.

I waited and combofix resumed after another error message (which i x'd)

computer restarted 2x and then produced it's log. I got error about deleted registry key and restarted. I checked IE and the redirects seem to be gone. The computer seems to be running faster as well. I do however have a new IE icon on the desktop named "The Internet". I'm not sure where that came from, so haven't touched it

combo fix log

ComboFix 12-01-06.03 - cubstuff 01/07/2012 13:06:44.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1112 [GMT -6:00]
Running from: c:\users\cubstuff\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\$NtUninstallKB33361$\3620296088\@
c:\windows\$NtUninstallKB33361$\3620296088\bckfg.tmp
c:\windows\$NtUninstallKB33361$\3620296088\cfg.ini
c:\windows\$NtUninstallKB33361$\3620296088\Desktop.ini
c:\windows\$NtUninstallKB33361$\3620296088\keywords
c:\windows\$NtUninstallKB33361$\3620296088\kwrd.dll
c:\windows\$NtUninstallKB33361$\3620296088\L\ogejidap
c:\windows\$NtUninstallKB33361$\3620296088\lsflt7.ver
c:\windows\$NtUninstallKB33361$\3620296088\U\00000001.@
c:\windows\$NtUninstallKB33361$\3620296088\U\00000002.@
c:\windows\$NtUninstallKB33361$\3620296088\U\00000004.@
c:\windows\$NtUninstallKB33361$\3620296088\U\80000000.@
c:\windows\$NtUninstallKB33361$\3620296088\U\80000004.@
c:\windows\$NtUninstallKB33361$\3620296088\U\80000032.@
c:\windows\$NtUninstallKB33361$\3699975985
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\TEMP\logishrd\LVPrcInj0a.dll
c:\windows\$NtUninstallKB33361$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-03 01:29 . 2012-01-03 01:29 -------- d-----w- c:\users\cubstuff\AppData\Roaming\Malwarebytes
2012-01-03 01:29 . 2012-01-03 01:29 -------- d-----w- c:\programdata\Malwarebytes
2012-01-03 01:29 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 01:29 . 2012-01-07 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-02 23:57 . 2012-01-07 18:58 -------- d-----w- c:\users\cubstuff\AppData\Local\CrashDumps
2011-12-30 05:46 . 2011-12-30 05:48 -------- d-----w- c:\users\cubstuff\AppData\Roaming\.minecraft
2011-12-28 00:59 . 2011-12-28 05:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-28 00:59 . 2011-12-28 01:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-18 20:21 . 2012-01-02 17:38 -------- d-----w- c:\users\cubstuff\AppData\Local\NPE
2011-12-18 20:21 . 2011-12-18 20:21 -------- d-----w- c:\programdata\Norton
2011-12-15 16:11 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 16:11 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 16:11 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 16:11 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 16:11 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 16:11 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 16:10 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 00:47 . 2011-04-14 20:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-14 00:47 . 2011-04-14 20:01 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-14 00:47 . 2011-04-14 20:01 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-14 00:47 . 2011-04-14 20:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-14 00:47 . 2011-04-14 20:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-14 00:47 . 2011-04-14 20:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-14 00:47 . 2011-04-14 20:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-14 00:47 . 2011-04-14 20:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-14 00:47 . 2011-12-14 00:49 -------- d-----w- c:\program files\Common Files\Mcafee
2011-12-14 00:47 . 2011-12-14 07:20 -------- d-----w- c:\program files\McAfee
2011-12-14 00:37 . 2011-03-13 17:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-13 23:14 . 2011-12-13 23:14 22032 ----a-w- c:\windows\DCEBoot.exe
2011-12-13 23:14 . 2011-12-13 23:14 102400 ----a-w- c:\windows\RegBootClean.exe
2011-12-13 22:59 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-10 07:22 . 2011-12-10 07:22 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-12-09 18:07 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F712CB7-9067-468F-A9FB-8176FCAC8AAB}\mpengine.dll
2011-11-13 22:41 . 2011-05-21 10:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2011-03-28 16:22 176936 ----a-w- c:\program files\PageRage\prxtbPag2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-01 21:05 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\prxtbPag2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\prxtbPag2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-27 3077528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1195408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BodyMedia Sync.lnk - c:\program files\BodyMedia\Sync\BodyMediaSync.exe [2011-9-16 776704]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-21 66864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
xmlpros REG_MULTI_SZ XMLProvS
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-07 15:14 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 20:28]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 20:28]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234329832-1625283619-1638487238-1000Core.job
- c:\users\cubstuff\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 19:59]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234329832-1625283619-1638487238-1000UA.job
- c:\users\cubstuff\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 19:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} - c:\users\cubstuff\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\Uninstall.exe
AddRemove-03_Swallowtail - c:\users\cubstuff\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\users\cubstuff\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\users\cubstuff\AppData\Local\Temp\SAMSUNG\USB Drivers\-r\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7576)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2012-01-07 13:40:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 19:40
.
Pre-Run: 146,317,103,104 bytes free
Post-Run: 149,556,092,928 bytes free
.
- - End Of File - - C9F16A57E6D063D872948B829581C4DB


Thanks again for your help and will wait for your instructions

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 07 January 2012 - 03:10 PM

Greetings


How is the computer doing now?

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 January 2012 - 04:26 PM

ComboFix 12-01-06.03 - cubstuff 01/07/2012 14:38:41.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1113 [GMT -6:00]
Running from: c:\users\cubstuff\Desktop\ComboFix.exe
Command switches used :: c:\users\cubstuff\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\$NtUninstallKB33361$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 20:59 . 2012-01-07 21:01 -------- d-----w- c:\users\cubstuff\AppData\Local\temp
2012-01-07 20:59 . 2012-01-07 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 01:29 . 2012-01-03 01:29 -------- d-----w- c:\users\cubstuff\AppData\Roaming\Malwarebytes
2012-01-03 01:29 . 2012-01-03 01:29 -------- d-----w- c:\programdata\Malwarebytes
2012-01-03 01:29 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 01:29 . 2012-01-07 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-02 23:57 . 2012-01-07 18:58 -------- d-----w- c:\users\cubstuff\AppData\Local\CrashDumps
2011-12-30 05:46 . 2011-12-30 05:48 -------- d-----w- c:\users\cubstuff\AppData\Roaming\.minecraft
2011-12-28 00:59 . 2011-12-28 05:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-28 00:59 . 2011-12-28 01:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-18 20:21 . 2012-01-02 17:38 -------- d-----w- c:\users\cubstuff\AppData\Local\NPE
2011-12-18 20:21 . 2011-12-18 20:21 -------- d-----w- c:\programdata\Norton
2011-12-15 16:11 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 16:11 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 16:11 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 16:11 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 16:11 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 16:11 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 16:10 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 00:47 . 2011-04-14 20:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-14 00:47 . 2011-04-14 20:01 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-14 00:47 . 2011-04-14 20:01 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-14 00:47 . 2011-04-14 20:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-14 00:47 . 2011-04-14 20:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-14 00:47 . 2011-04-14 20:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-14 00:47 . 2011-04-14 20:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-14 00:47 . 2011-04-14 20:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-14 00:47 . 2011-12-14 00:49 -------- d-----w- c:\program files\Common Files\Mcafee
2011-12-14 00:47 . 2011-12-14 07:20 -------- d-----w- c:\program files\McAfee
2011-12-14 00:37 . 2011-03-13 17:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-13 23:14 . 2011-12-13 23:14 22032 ----a-w- c:\windows\DCEBoot.exe
2011-12-13 23:14 . 2011-12-13 23:14 102400 ----a-w- c:\windows\RegBootClean.exe
2011-12-13 22:59 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-10 07:22 . 2011-12-10 07:22 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-12-09 18:07 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F712CB7-9067-468F-A9FB-8176FCAC8AAB}\mpengine.dll
2011-11-13 22:41 . 2011-05-21 10:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2011-03-28 16:22 176936 ----a-w- c:\program files\PageRage\prxtbPag2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-12-01 21:05 191488 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\prxtbPag2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\prxtbPag2.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-06-20 4351216]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-27 3077528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1195408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BodyMedia Sync.lnk - c:\program files\BodyMedia\Sync\BodyMediaSync.exe [2011-9-16 776704]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-21 66864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
xmlpros REG_MULTI_SZ XMLProvS
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-07 15:14 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 20:28]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 20:28]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234329832-1625283619-1638487238-1000Core.job
- c:\users\cubstuff\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 19:59]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-234329832-1625283619-1638487238-1000UA.job
- c:\users\cubstuff\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-21 19:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(11304)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\mfevtps.exe
c:\windows\system32\rundll32.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2012-01-07 15:09:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 21:09
ComboFix2.txt 2012-01-07 19:41
.
Pre-Run: 149,500,334,080 bytes free
Post-Run: 149,499,244,544 bytes free
.
- - End Of File - - B3730326AE0631BCE28C7BA6EAF1E08C


Still no redirects, everything seems to be running fine.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 07 January 2012 - 06:21 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.7
Conduit Engine
Java™ 6 Update 6
Yontoo Layers Client 1.10.01


and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 January 2012 - 08:12 PM

I already had MBAM installed and used it to generate this log. Updates are current. If i need to re-install. please let me know

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.07.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
cubstuff :: STACY-LAPTOP [administrator]

Protection: Disabled

1/7/2012 6:45:49 PM
mbam-log-2012-01-07 (18-45-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178463
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 January 2012 - 08:14 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:08:59 PM, on 1/7/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111213184739.dll
O2 - BHO: PageRage - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPag2.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BodyMedia Sync.lnk = C:\Program Files\BodyMedia\Sync\BodyMediaSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265942087663
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/70.22/uploader2.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13908 bytes

#14 mhale

mhale
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 07 January 2012 - 08:18 PM

Thanks again Gringo, I'm not sure when/if you sleep because you seem to be answering our questions 24-7. The computer seems to be running fine still. I couldn't find a way to delete the previous version of Adobe Reader . Other than that- your instructions were perfect and nothing went wrong.

Edited by mhale, 07 January 2012 - 08:19 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 AM

Posted 07 January 2012 - 08:51 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users