Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have been infected with a rootkit.


  • This topic is locked This topic is locked
8 replies to this topic

#1 PaperBoy112

PaperBoy112

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 03 April 2014 - 11:29 AM

Hello, I think I have been infected with a rootkit. For the past few days, my computers start up time is not nearly as fast as it was even though I did not do anything that should of caused it to slow down. But today, I did a scan with RougeKiller, and it said it had found a lot of drives that were not legit. Is this a false positive? or is it an actual infection? Here is the log:

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 04/03/2014 09:21:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @iexplore.exe (AssocCreate) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756171A6)
[Address] EAT @iexplore.exe (AssocGetPerceivedType) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561829F)
[Address] EAT @iexplore.exe (AssocIsDangerous) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75629DED)
[Address] EAT @iexplore.exe (AssocQueryKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562AFBF)
[Address] EAT @iexplore.exe (AssocQueryKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616F42)
[Address] EAT @iexplore.exe (AssocQueryStringA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B20C)
[Address] EAT @iexplore.exe (AssocQueryStringByKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B077)
[Address] EAT @iexplore.exe (AssocQueryStringByKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621980)
[Address] EAT @iexplore.exe (AssocQueryStringW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FBFF)
[Address] EAT @iexplore.exe (ChrCmpIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627137)
[Address] EAT @iexplore.exe (ChrCmpIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627126)
[Address] EAT @iexplore.exe (ColorAdjustLuma) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C3F3)
[Address] EAT @iexplore.exe (ColorHLSToRGB) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B787)
[Address] EAT @iexplore.exe (ColorRGBToHLS) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B6CD)
[Address] EAT @iexplore.exe (ConnectToConnectionPoint) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562180D)
[Address] EAT @iexplore.exe (DelayLoadFailureHook) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C56B)
[Address] EAT @iexplore.exe (DllGetClassObject) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563958F)
[Address] EAT @iexplore.exe (DllGetVersion) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623B1B)
[Address] EAT @iexplore.exe (GUIDFromStringW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75613EE2)
[Address] EAT @iexplore.exe (GetAcceptLanguagesA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A2D)
[Address] EAT @iexplore.exe (GetAcceptLanguagesW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621ECB)
[Address] EAT @iexplore.exe (GetMenuPosFromID) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621DCD)
[Address] EAT @iexplore.exe (HashData) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A1C)
[Address] EAT @iexplore.exe (IStream_Copy) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FE03)
[Address] EAT @iexplore.exe (IStream_Read) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756216F3)
[Address] EAT @iexplore.exe (IStream_ReadPidl) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561F70E)
[Address] EAT @iexplore.exe (IStream_ReadStr) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615E95)
[Address] EAT @iexplore.exe (IStream_Reset) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617DC3)
[Address] EAT @iexplore.exe (IStream_Size) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FDCC)
[Address] EAT @iexplore.exe (IStream_Write) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617DB2)
[Address] EAT @iexplore.exe (IStream_WritePidl) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563A935)
[Address] EAT @iexplore.exe (IStream_WriteStr) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756204EB)
[Address] EAT @iexplore.exe (IUnknown_AtomicRelease) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627197)
[Address] EAT @iexplore.exe (IUnknown_Exec) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618D8F)
[Address] EAT @iexplore.exe (IUnknown_GetSite) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621EDC)
[Address] EAT @iexplore.exe (IUnknown_GetWindow) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C9B)
[Address] EAT @iexplore.exe (IUnknown_QueryService) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D31)
[Address] EAT @iexplore.exe (IUnknown_QueryStatus) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75637DCD)
[Address] EAT @iexplore.exe (IUnknown_Set) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D7F)
[Address] EAT @iexplore.exe (IUnknown_SetSite) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D42)
[Address] EAT @iexplore.exe (IntlStrEqWorkerA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F28)
[Address] EAT @iexplore.exe (IntlStrEqWorkerW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F17)
[Address] EAT @iexplore.exe (IsCharSpaceA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B81)
[Address] EAT @iexplore.exe (IsCharSpaceW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D90)
[Address] EAT @iexplore.exe (IsInternetESCEnabled) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A11)
[Address] EAT @iexplore.exe (IsOS) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618C5D)
[Address] EAT @iexplore.exe (MLFreeLibrary) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756364B9)
[Address] EAT @iexplore.exe (MLLoadLibraryA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756364F5)
[Address] EAT @iexplore.exe (MLLoadLibraryW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563653D)
[Address] EAT @iexplore.exe (ParseURLA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A00)
[Address] EAT @iexplore.exe (ParseURLW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B8E9)
[Address] EAT @iexplore.exe (PathAddBackslashA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C09)
[Address] EAT @iexplore.exe (PathAddBackslashW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756177B0)
[Address] EAT @iexplore.exe (PathAddExtensionA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DA1)
[Address] EAT @iexplore.exe (PathAddExtensionW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617A9E)
[Address] EAT @iexplore.exe (PathAppendA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D90)
[Address] EAT @iexplore.exe (PathAppendW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617E3F)
[Address] EAT @iexplore.exe (PathBuildRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627159)
[Address] EAT @iexplore.exe (PathBuildRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562716A)
[Address] EAT @iexplore.exe (PathCanonicalizeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D7F)
[Address] EAT @iexplore.exe (PathCanonicalizeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618CBC)
[Address] EAT @iexplore.exe (PathCombineA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C3C)
[Address] EAT @iexplore.exe (PathCombineW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561779F)
[Address] EAT @iexplore.exe (PathCommonPrefixA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E8F)
[Address] EAT @iexplore.exe (PathCommonPrefixW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E7E)
[Address] EAT @iexplore.exe (PathCompactPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627DEA)
[Address] EAT @iexplore.exe (PathCompactPathExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627C40)
[Address] EAT @iexplore.exe (PathCompactPathExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620448)
[Address] EAT @iexplore.exe (PathCompactPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B6CC)
[Address] EAT @iexplore.exe (PathCreateFromUrlA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269EF)
[Address] EAT @iexplore.exe (PathCreateFromUrlAlloc) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269DE)
[Address] EAT @iexplore.exe (PathCreateFromUrlW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E0B)
[Address] EAT @iexplore.exe (PathFileExistsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CE6)
[Address] EAT @iexplore.exe (PathFileExistsAndAttributesW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617AC0)
[Address] EAT @iexplore.exe (PathFileExistsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616F20)
[Address] EAT @iexplore.exe (PathFindExtensionA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D19)
[Address] EAT @iexplore.exe (PathFindExtensionW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157C8)
[Address] EAT @iexplore.exe (PathFindFileNameA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CD5)
[Address] EAT @iexplore.exe (PathFindFileNameW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157B7)
[Address] EAT @iexplore.exe (PathFindNextComponentA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626BE7)
[Address] EAT @iexplore.exe (PathFindNextComponentW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617E61)
[Address] EAT @iexplore.exe (PathFindOnPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562846C)
[Address] EAT @iexplore.exe (PathFindOnPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620775)
[Address] EAT @iexplore.exe (PathFindSuffixArrayA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756283B7)
[Address] EAT @iexplore.exe (PathFindSuffixArrayW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618D11)
[Address] EAT @iexplore.exe (PathGetArgsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562688B)
[Address] EAT @iexplore.exe (PathGetArgsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623B0A)
[Address] EAT @iexplore.exe (PathGetCharTypeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268AC)
[Address] EAT @iexplore.exe (PathGetCharTypeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615ED2)
[Address] EAT @iexplore.exe (PathGetDriveNumberA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E3A)
[Address] EAT @iexplore.exe (PathGetDriveNumberW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615795)
[Address] EAT @iexplore.exe (PathIsContentTypeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627AA9)
[Address] EAT @iexplore.exe (PathIsContentTypeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FE28)
[Address] EAT @iexplore.exe (PathIsDirectoryA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75628279)
[Address] EAT @iexplore.exe (PathIsDirectoryEmptyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75628187)
[Address] EAT @iexplore.exe (PathIsDirectoryEmptyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562BA25)
[Address] EAT @iexplore.exe (PathIsDirectoryW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617851)
[Address] EAT @iexplore.exe (PathIsFileSpecA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E4B)
[Address] EAT @iexplore.exe (PathIsFileSpecW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617AAF)
[Address] EAT @iexplore.exe (PathIsLFNFileSpecA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DD4)
[Address] EAT @iexplore.exe (PathIsLFNFileSpecW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DC3)
[Address] EAT @iexplore.exe (PathIsNetworkPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562717B)
[Address] EAT @iexplore.exe (PathIsNetworkPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617C86)
[Address] EAT @iexplore.exe (PathIsPrefixA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E6D)
[Address] EAT @iexplore.exe (PathIsPrefixW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E5C)
[Address] EAT @iexplore.exe (PathIsRelativeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E29)
[Address] EAT @iexplore.exe (PathIsRelativeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616F31)
[Address] EAT @iexplore.exe (PathIsRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D6E)
[Address] EAT @iexplore.exe (PathIsRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618CAB)
[Address] EAT @iexplore.exe (PathIsSameRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DF6)
[Address] EAT @iexplore.exe (PathIsSameRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DE5)
[Address] EAT @iexplore.exe (PathIsSystemFolderA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756277A6)
[Address] EAT @iexplore.exe (PathIsSystemFolderW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B549)
[Address] EAT @iexplore.exe (PathIsUNCA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C1A)
[Address] EAT @iexplore.exe (PathIsUNCServerA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CF7)
[Address] EAT @iexplore.exe (PathIsUNCServerShareA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D08)
[Address] EAT @iexplore.exe (PathIsUNCServerShareW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617B7A)
[Address] EAT @iexplore.exe (PathIsUNCServerW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617B69)
[Address] EAT @iexplore.exe (PathIsUNCW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615784)
[Address] EAT @iexplore.exe (PathIsURLA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269CD)
[Address] EAT @iexplore.exe (PathIsURLW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616DFA)
[Address] EAT @iexplore.exe (PathMakePrettyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75628B6E)
[Address] EAT @iexplore.exe (PathMakePrettyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FF0A)
[Address] EAT @iexplore.exe (PathMakeSystemFolderA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627822)
[Address] EAT @iexplore.exe (PathMakeSystemFolderW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616059)
[Address] EAT @iexplore.exe (PathMatchSpecA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C80)
[Address] EAT @iexplore.exe (PathMatchSpecExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C5E)
[Address] EAT @iexplore.exe (PathMatchSpecExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620645)
[Address] EAT @iexplore.exe (PathMatchSpecW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C6F)
[Address] EAT @iexplore.exe (PathParseIconLocationA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CC4)
[Address] EAT @iexplore.exe (PathParseIconLocationW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617BF5)
[Address] EAT @iexplore.exe (PathQuoteSpacesA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CA2)
[Address] EAT @iexplore.exe (PathQuoteSpacesW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618D5B)
[Address] EAT @iexplore.exe (PathRelativePathToA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626BF8)
[Address] EAT @iexplore.exe (PathRelativePathToW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623AC6)
[Address] EAT @iexplore.exe (PathRemoveArgsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75628B40)
[Address] EAT @iexplore.exe (PathRemoveArgsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561A4F7)
[Address] EAT @iexplore.exe (PathRemoveBackslashA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DB2)
[Address] EAT @iexplore.exe (PathRemoveBackslashW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E4F)
[Address] EAT @iexplore.exe (PathRemoveBlanksA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C91)
[Address] EAT @iexplore.exe (PathRemoveBlanksW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561776C)
[Address] EAT @iexplore.exe (PathRemoveExtensionA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D5D)
[Address] EAT @iexplore.exe (PathRemoveExtensionW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CED)
[Address] EAT @iexplore.exe (PathRemoveFileSpecA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C2B)
[Address] EAT @iexplore.exe (PathRemoveFileSpecW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C1B)
[Address] EAT @iexplore.exe (PathRenameExtensionA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D4C)
[Address] EAT @iexplore.exe (PathRenameExtensionW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D3B)
[Address] EAT @iexplore.exe (PathSearchAndQualifyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562687A)
[Address] EAT @iexplore.exe (PathSearchAndQualifyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621AE9)
[Address] EAT @iexplore.exe (PathSetDlgItemPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627B3D)
[Address] EAT @iexplore.exe (PathSetDlgItemPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B5C7)
[Address] EAT @iexplore.exe (PathSkipRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E07)
[Address] EAT @iexplore.exe (PathSkipRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617E50)
[Address] EAT @iexplore.exe (PathStripPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E18)
[Address] EAT @iexplore.exe (PathStripPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617B8B)
[Address] EAT @iexplore.exe (PathStripToRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D2A)
[Address] EAT @iexplore.exe (PathStripToRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CFE)
[Address] EAT @iexplore.exe (PathUnExpandEnvStringsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C4D)
[Address] EAT @iexplore.exe (PathUnExpandEnvStringsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621AD8)
[Address] EAT @iexplore.exe (PathUndecorateA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756276F8)
[Address] EAT @iexplore.exe (PathUndecorateW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615EFE)
[Address] EAT @iexplore.exe (PathUnmakeSystemFolderA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756277E4)
[Address] EAT @iexplore.exe (PathUnmakeSystemFolderW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B588)
[Address] EAT @iexplore.exe (PathUnquoteSpacesA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CB3)
[Address] EAT @iexplore.exe (PathUnquoteSpacesW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561777D)
[Address] EAT @iexplore.exe (QISearch) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561566B)
[Address] EAT @iexplore.exe (SHAllocShared) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621BF8)
[Address] EAT @iexplore.exe (SHAnsiToAnsi) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562731E)
[Address] EAT @iexplore.exe (SHAnsiToUnicode) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562004B)
[Address] EAT @iexplore.exe (SHAutoComplete) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561EDC7)
[Address] EAT @iexplore.exe (SHCopyKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272FC)
[Address] EAT @iexplore.exe (SHCopyKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620097)
[Address] EAT @iexplore.exe (SHCreateMemStream) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D97)
[Address] EAT @iexplore.exe (SHCreateShellPalette) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621B15)
[Address] EAT @iexplore.exe (SHCreateStreamOnFileA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271DB)
[Address] EAT @iexplore.exe (SHCreateStreamOnFileEx) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621EB0)
[Address] EAT @iexplore.exe (SHCreateStreamOnFileW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615EE3)
[Address] EAT @iexplore.exe (SHCreateStreamWrapper) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75613EEE)
[Address] EAT @iexplore.exe (SHCreateThread) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562153E)
[Address] EAT @iexplore.exe (SHCreateThreadRef) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617A6D)
[Address] EAT @iexplore.exe (SHCreateThreadWithHandle) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617C06)
[Address] EAT @iexplore.exe (SHDeleteEmptyKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271FD)
[Address] EAT @iexplore.exe (SHDeleteEmptyKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271EC)
[Address] EAT @iexplore.exe (SHDeleteKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FE7F)
[Address] EAT @iexplore.exe (SHDeleteKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618C86)
[Address] EAT @iexplore.exe (SHDeleteOrphanKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563A7A5)
[Address] EAT @iexplore.exe (SHDeleteOrphanKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563A755)
[Address] EAT @iexplore.exe (SHDeleteValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562720E)
[Address] EAT @iexplore.exe (SHDeleteValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618D00)
[Address] EAT @iexplore.exe (SHEnumKeyExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272DA)
[Address] EAT @iexplore.exe (SHEnumKeyExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272C9)
[Address] EAT @iexplore.exe (SHEnumValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272B8)
[Address] EAT @iexplore.exe (SHEnumValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FDE8)
[Address] EAT @iexplore.exe (SHFormatDateTimeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562BCC7)
[Address] EAT @iexplore.exe (SHFormatDateTimeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562BD3F)
[Address] EAT @iexplore.exe (SHFreeShared) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621C09)
[Address] EAT @iexplore.exe (SHGetInverseCMAP) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562D3B5)
[Address] EAT @iexplore.exe (SHGetThreadRef) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620591)
[Address] EAT @iexplore.exe (SHGetValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621BDD)
[Address] EAT @iexplore.exe (SHGetValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CBA)
[Address] EAT @iexplore.exe (SHGetViewStatePropertyBag) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75619323)
[Address] EAT @iexplore.exe (SHIsChildOrSelf) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561590A)
[Address] EAT @iexplore.exe (SHIsLowMemoryMachine) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75637E50)
[Address] EAT @iexplore.exe (SHLoadIndirectString) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D0F)
[Address] EAT @iexplore.exe (SHLockShared) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563AEC2)
[Address] EAT @iexplore.exe (SHMessageBoxCheckA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75637258)
[Address] EAT @iexplore.exe (SHMessageBoxCheckW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75637387)
[Address] EAT @iexplore.exe (SHOpenRegStream2A) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271A8)
[Address] EAT @iexplore.exe (SHOpenRegStream2W) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621AFA)
[Address] EAT @iexplore.exe (SHOpenRegStreamA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271CA)
[Address] EAT @iexplore.exe (SHOpenRegStreamW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271B9)
[Address] EAT @iexplore.exe (SHPackDispParamsV) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75619F0E)
[Address] EAT @iexplore.exe (SHPropertyBag_ReadStrAlloc) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563C2A1)
[Address] EAT @iexplore.exe (SHPropertyBag_WriteBSTR) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563C229)
[Address] EAT @iexplore.exe (SHQueryInfoKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272A7)
[Address] EAT @iexplore.exe (SHQueryInfoKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627296)
[Address] EAT @iexplore.exe (SHQueryValueExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562721F)
[Address] EAT @iexplore.exe (SHQueryValueExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617DD4)
[Address] EAT @iexplore.exe (SHRegCloseUSKey) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B70)
[Address] EAT @iexplore.exe (SHRegCreateUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B5F)
[Address] EAT @iexplore.exe (SHRegCreateUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D4C)
[Address] EAT @iexplore.exe (SHRegDeleteEmptyUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B4E)
[Address] EAT @iexplore.exe (SHRegDeleteEmptyUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B3D)
[Address] EAT @iexplore.exe (SHRegDeleteUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B2C)
[Address] EAT @iexplore.exe (SHRegDeleteUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B1B)
[Address] EAT @iexplore.exe (SHRegDuplicateHKey) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627285)
[Address] EAT @iexplore.exe (SHRegEnumUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B0A)
[Address] EAT @iexplore.exe (SHRegEnumUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AF9)
[Address] EAT @iexplore.exe (SHRegEnumUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AE8)
[Address] EAT @iexplore.exe (SHRegEnumUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D19)
[Address] EAT @iexplore.exe (SHRegGetBoolUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AD7)
[Address] EAT @iexplore.exe (SHRegGetBoolUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B9D9)
[Address] EAT @iexplore.exe (SHRegGetBoolValueFromHKCUHKLM) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D78)
[Address] EAT @iexplore.exe (SHRegGetIntW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627274)
[Address] EAT @iexplore.exe (SHRegGetPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627263)
[Address] EAT @iexplore.exe (SHRegGetPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623AD7)
[Address] EAT @iexplore.exe (SHRegGetUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AC6)
[Address] EAT @iexplore.exe (SHRegGetUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620634)
[Address] EAT @iexplore.exe (SHRegGetValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272EB)
[Address] EAT @iexplore.exe (SHRegGetValueFromHKCUHKLM) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561978F)
[Address] EAT @iexplore.exe (SHRegGetValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C66)
[Address] EAT @iexplore.exe (SHRegOpenUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AB5)
[Address] EAT @iexplore.exe (SHRegOpenUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AA4)
[Address] EAT @iexplore.exe (SHRegQueryInfoUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A93)
[Address] EAT @iexplore.exe (SHRegQueryInfoUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D3B)
[Address] EAT @iexplore.exe (SHRegQueryUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A82)
[Address] EAT @iexplore.exe (SHRegQueryUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A71)
[Address] EAT @iexplore.exe (SHRegSetPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627252)
[Address] EAT @iexplore.exe (SHRegSetPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627241)
[Address] EAT @iexplore.exe (SHRegSetUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A60)
[Address] EAT @iexplore.exe (SHRegSetUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A4F)
[Address] EAT @iexplore.exe (SHRegWriteUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A3E)
[Address] EAT @iexplore.exe (SHRegWriteUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D2A)
[Address] EAT @iexplore.exe (SHRegisterValidateTemplate) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563FE52)
[Address] EAT @iexplore.exe (SHReleaseThreadRef) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562718C)
[Address] EAT @iexplore.exe (SHRunIndirectRegClientCommand) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756298C2)
[Address] EAT @iexplore.exe (SHSendMessageBroadcastA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75636833)
[Address] EAT @iexplore.exe (SHSendMessageBroadcastW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618CCD)
[Address] EAT @iexplore.exe (SHSetThreadRef) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617A52)
[Address] EAT @iexplore.exe (SHSetValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627230)
[Address] EAT @iexplore.exe (SHSetValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75619111)
[Address] EAT @iexplore.exe (SHSkipJunction) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615DC7)
[Address] EAT @iexplore.exe (SHStrDupA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623AE8)
[Address] EAT @iexplore.exe (SHStrDupW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615BE1)
[Address] EAT @iexplore.exe (SHStripMneumonicA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75636D51)
[Address] EAT @iexplore.exe (SHStripMneumonicW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615E69)
[Address] EAT @iexplore.exe (SHUnicodeToAnsi) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D20)
[Address] EAT @iexplore.exe (SHUnicodeToAnsiCP) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75613F15)
[Address] EAT @iexplore.exe (SHUnicodeToUnicode) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562730D)
[Address] EAT @iexplore.exe (SHUnlockShared) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563AEA0)
[Address] EAT @iexplore.exe (ShellMessageBoxA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562952B)
[Address] EAT @iexplore.exe (ShellMessageBoxW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C193)
[Address] EAT @iexplore.exe (StrCSpnA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FD2)
[Address] EAT @iexplore.exe (StrCSpnIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FC1)
[Address] EAT @iexplore.exe (StrCSpnIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FB0)
[Address] EAT @iexplore.exe (StrCSpnW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620623)
[Address] EAT @iexplore.exe (StrCatBuffA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270D1)
[Address] EAT @iexplore.exe (StrCatBuffW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270E2)
[Address] EAT @iexplore.exe (StrCatChainW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626EB1)
[Address] EAT @iexplore.exe (StrCatW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C947)
[Address] EAT @iexplore.exe (StrChrA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270C0)
[Address] EAT @iexplore.exe (StrChrIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562708D)
[Address] EAT @iexplore.exe (StrChrIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615773)
[Address] EAT @iexplore.exe (StrChrNIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562707C)
[Address] EAT @iexplore.exe (StrChrNW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270AF)
[Address] EAT @iexplore.exe (StrChrW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157A6)
[Address] EAT @iexplore.exe (StrCmpCA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626ED3)
[Address] EAT @iexplore.exe (StrCmpCW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618CEF)
[Address] EAT @iexplore.exe (StrCmpICA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561567C)
[Address] EAT @iexplore.exe (StrCmpICW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D5D)
[Address] EAT @iexplore.exe (StrCmpIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C33)
[Address] EAT @iexplore.exe (StrCmpLogicalW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626EC2)
[Address] EAT @iexplore.exe (StrCmpNA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620690)
[Address] EAT @iexplore.exe (StrCmpNCA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626EF5)
[Address] EAT @iexplore.exe (StrCmpNCW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626EE4)
[Address] EAT @iexplore.exe (StrCmpNIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F9F)
[Address] EAT @iexplore.exe (StrCmpNICA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620656)
[Address] EAT @iexplore.exe (StrCmpNICW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756216E2)
[Address] EAT @iexplore.exe (StrCmpNIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C55)
[Address] EAT @iexplore.exe (StrCmpNW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E93)
[Address] EAT @iexplore.exe (StrCmpW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157D9)
[Address] EAT @iexplore.exe (StrCpyNW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270F3)
[Address] EAT @iexplore.exe (StrCpyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C98E)
[Address] EAT @iexplore.exe (StrDupA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F39)
[Address] EAT @iexplore.exe (StrDupW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CCB)
[Address] EAT @iexplore.exe (StrFormatByteSize64A) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C86B)
[Address] EAT @iexplore.exe (StrFormatByteSizeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C84D)
[Address] EAT @iexplore.exe (StrFormatByteSizeEx) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617E1C)
[Address] EAT @iexplore.exe (StrFormatByteSizeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C8B9)
[Address] EAT @iexplore.exe (StrFormatKBSizeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C7D6)
[Address] EAT @iexplore.exe (StrFormatKBSizeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C82D)
[Address] EAT @iexplore.exe (StrFromTimeIntervalA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75635623)
[Address] EAT @iexplore.exe (StrFromTimeIntervalW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756355B0)
[Address] EAT @iexplore.exe (StrIsIntlEqualA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F28)
[Address] EAT @iexplore.exe (StrIsIntlEqualW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F17)
[Address] EAT @iexplore.exe (StrNCatA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C913)
[Address] EAT @iexplore.exe (StrNCatW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C8D9)
[Address] EAT @iexplore.exe (StrPBrkA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627049)
[Address] EAT @iexplore.exe (StrPBrkW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561AE4F)
[Address] EAT @iexplore.exe (StrRChrA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562709E)
[Address] EAT @iexplore.exe (StrRChrIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562706B)
[Address] EAT @iexplore.exe (StrRChrIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562705A)
[Address] EAT @iexplore.exe (StrRChrW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756199BE)
[Address] EAT @iexplore.exe (StrRStrIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F8E)
[Address] EAT @iexplore.exe (StrRStrIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F7D)
[Address] EAT @iexplore.exe (StrRetToBSTR) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623AF9)
[Address] EAT @iexplore.exe (StrRetToBufA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C688)
[Address] EAT @iexplore.exe (StrRetToBufW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D6E)
[Address] EAT @iexplore.exe (StrRetToStrA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C70A)
[Address] EAT @iexplore.exe (StrRetToStrW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D67)
[Address] EAT @iexplore.exe (StrSpnA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FF4)
[Address] EAT @iexplore.exe (StrSpnW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FE3)
[Address] EAT @iexplore.exe (StrStrA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F6C)
[Address] EAT @iexplore.exe (StrStrIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615EC1)
[Address] EAT @iexplore.exe (StrStrIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615762)
[Address] EAT @iexplore.exe (StrStrNIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F4A)
[Address] EAT @iexplore.exe (StrStrNW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F5B)
[Address] EAT @iexplore.exe (StrStrW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C44)
[Address] EAT @iexplore.exe (StrToInt64ExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627016)
[Address] EAT @iexplore.exe (StrToInt64ExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627027)
[Address] EAT @iexplore.exe (StrToIntA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627038)
[Address] EAT @iexplore.exe (StrToIntExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627005)
[Address] EAT @iexplore.exe (StrToIntExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561AE60)
[Address] EAT @iexplore.exe (StrToIntW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157EA)
[Address] EAT @iexplore.exe (StrTrimA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F06)
[Address] EAT @iexplore.exe (StrTrimW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CDC)
[Address] EAT @iexplore.exe (UrlApplySchemeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269BC)
[Address] EAT @iexplore.exe (UrlApplySchemeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269AB)
[Address] EAT @iexplore.exe (UrlCanonicalizeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562699A)
[Address] EAT @iexplore.exe (UrlCanonicalizeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E3E)
[Address] EAT @iexplore.exe (UrlCombineA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626989)
[Address] EAT @iexplore.exe (UrlCombineW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E71)
[Address] EAT @iexplore.exe (UrlCompareA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626978)
[Address] EAT @iexplore.exe (UrlCompareW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626967)
[Address] EAT @iexplore.exe (UrlCreateFromPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626956)
[Address] EAT @iexplore.exe (UrlCreateFromPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561778E)
[Address] EAT @iexplore.exe (UrlEscapeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626945)
[Address] EAT @iexplore.exe (UrlEscapeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E60)
[Address] EAT @iexplore.exe (UrlFixupW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626934)
[Address] EAT @iexplore.exe (UrlGetLocationA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626923)
[Address] EAT @iexplore.exe (UrlGetLocationW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626912)
[Address] EAT @iexplore.exe (UrlGetPartA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626901)
[Address] EAT @iexplore.exe (UrlGetPartW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E82)
[Address] EAT @iexplore.exe (UrlHashA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268F0)
[Address] EAT @iexplore.exe (UrlHashW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268DF)
[Address] EAT @iexplore.exe (UrlIsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268CE)
[Address] EAT @iexplore.exe (UrlIsNoHistoryA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626847)
[Address] EAT @iexplore.exe (UrlIsNoHistoryW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615EB0)
[Address] EAT @iexplore.exe (UrlIsOpaqueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626869)
[Address] EAT @iexplore.exe (UrlIsOpaqueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626858)
[Address] EAT @iexplore.exe (UrlIsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E2D)
[Address] EAT @iexplore.exe (UrlUnescapeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268BD)
[Address] EAT @iexplore.exe (UrlUnescapeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E1C)
[Address] EAT @iexplore.exe (WhichPlatform) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75636B96)
[Address] EAT @iexplore.exe (wnsprintfA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B420)
[Address] EAT @iexplore.exe (wnsprintfW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B184)
[Address] EAT @iexplore.exe (wvnsprintfA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B3E1)
[Address] EAT @iexplore.exe (wvnsprintfW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B226)
[Address] EAT @iexplore.exe (CreateAssemblyCache) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B3762)
[Address] EAT @iexplore.exe (CreateAssemblyNameObject) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B3318)
[Address] EAT @iexplore.exe (SxsBeginAssemblyInstall) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BE809)
[Address] EAT @iexplore.exe (SxsEndAssemblyInstall) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BDF59)
[Address] EAT @iexplore.exe (SxsFindClrClassInformation) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B3AF1)
[Address] EAT @iexplore.exe (SxsFindClrSurrogateInformation) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B3E29)
[Address] EAT @iexplore.exe (SxsGenerateActivationContext) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x70878DA1)
[Address] EAT @iexplore.exe (SxsInstallW) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BE145)
[Address] EAT @iexplore.exe (SxsLookupClrGuid) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B426F)
[Address] EAT @iexplore.exe (SxsOleAut32MapConfiguredClsidToReferenceClsid) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x7085157B)
[Address] EAT @iexplore.exe (SxsOleAut32MapIIDOrCLSIDToTypeLibrary) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BD488)
[Address] EAT @iexplore.exe (SxsOleAut32MapIIDToProxyStubCLSID) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x70851434)
[Address] EAT @iexplore.exe (SxsOleAut32MapIIDToTLBPath) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708516C0)
[Address] EAT @iexplore.exe (SxsOleAut32MapReferenceClsidToConfiguredClsid) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x7085324D)
[Address] EAT @iexplore.exe (SxsOleAut32RedirectTypeLibrary) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x70851FA4)
[Address] EAT @iexplore.exe (SxsProbeAssemblyInstallation) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B28BE)
[Address] EAT @iexplore.exe (SxsQueryManifestInformation) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708C3835)
[Address] EAT @iexplore.exe (SxsRunDllInstallAssembly) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BDCCD)
[Address] EAT @iexplore.exe (SxsRunDllInstallAssemblyW) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BDDCD)
[Address] EAT @iexplore.exe (SxsUninstallW) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BD66C)
[Address] EAT @iexplore.exe (SxspGenerateManifestPathOnAssemblyIdentity) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BFBF1)
[Address] EAT @iexplore.exe (AssocCreate) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756171A6)
[Address] EAT @iexplore.exe (AssocGetPerceivedType) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561829F)
[Address] EAT @iexplore.exe (AssocIsDangerous) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75629DED)
[Address] EAT @iexplore.exe (AssocQueryKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562AFBF)
[Address] EAT @iexplore.exe (AssocQueryKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616F42)
[Address] EAT @iexplore.exe (AssocQueryStringA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B20C)
[Address] EAT @iexplore.exe (AssocQueryStringByKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B077)
[Address] EAT @iexplore.exe (AssocQueryStringByKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621980)
[Address] EAT @iexplore.exe (AssocQueryStringW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FBFF)
[Address] EAT @iexplore.exe (ChrCmpIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627137)
[Address] EAT @iexplore.exe (ChrCmpIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627126)
[Address] EAT @iexplore.exe (ColorAdjustLuma) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C3F3)
[Address] EAT @iexplore.exe (ColorHLSToRGB) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B787)
[Address] EAT @iexplore.exe (ColorRGBToHLS) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B6CD)
[Address] EAT @iexplore.exe (ConnectToConnectionPoint) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562180D)
[Address] EAT @iexplore.exe (DelayLoadFailureHook) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C56B)
[Address] EAT @iexplore.exe (DllGetClassObject) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563958F)
[Address] EAT @iexplore.exe (DllGetVersion) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623B1B)
[Address] EAT @iexplore.exe (GUIDFromStringW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75613EE2)
[Address] EAT @iexplore.exe (GetAcceptLanguagesA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A2D)
[Address] EAT @iexplore.exe (GetAcceptLanguagesW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621ECB)
[Address] EAT @iexplore.exe (GetMenuPosFromID) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621DCD)
[Address] EAT @iexplore.exe (HashData) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A1C)
[Address] EAT @iexplore.exe (IStream_Copy) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FE03)
[Address] EAT @iexplore.exe (IStream_Read) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756216F3)
[Address] EAT @iexplore.exe (IStream_ReadPidl) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561F70E)
[Address] EAT @iexplore.exe (IStream_ReadStr) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615E95)
[Address] EAT @iexplore.exe (IStream_Reset) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617DC3)
[Address] EAT @iexplore.exe (IStream_Size) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FDCC)
[Address] EAT @iexplore.exe (IStream_Write) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617DB2)
[Address] EAT @iexplore.exe (IStream_WritePidl) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563A935)
[Address] EAT @iexplore.exe (IStream_WriteStr) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756204EB)
[Address] EAT @iexplore.exe (IUnknown_AtomicRelease) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627197)
[Address] EAT @iexplore.exe (IUnknown_Exec) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618D8F)
[Address] EAT @iexplore.exe (IUnknown_GetSite) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621EDC)
[Address] EAT @iexplore.exe (IUnknown_GetWindow) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C9B)
[Address] EAT @iexplore.exe (IUnknown_QueryService) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D31)
[Address] EAT @iexplore.exe (IUnknown_QueryStatus) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75637DCD)
[Address] EAT @iexplore.exe (IUnknown_Set) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D7F)
[Address] EAT @iexplore.exe (IUnknown_SetSite) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D42)
[Address] EAT @iexplore.exe (IntlStrEqWorkerA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F28)
[Address] EAT @iexplore.exe (IntlStrEqWorkerW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F17)
[Address] EAT @iexplore.exe (IsCharSpaceA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B81)
[Address] EAT @iexplore.exe (IsCharSpaceW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D90)
[Address] EAT @iexplore.exe (IsInternetESCEnabled) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A11)
[Address] EAT @iexplore.exe (IsOS) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618C5D)
[Address] EAT @iexplore.exe (MLFreeLibrary) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756364B9)
[Address] EAT @iexplore.exe (MLLoadLibraryA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756364F5)
[Address] EAT @iexplore.exe (MLLoadLibraryW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563653D)
[Address] EAT @iexplore.exe (ParseURLA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A00)
[Address] EAT @iexplore.exe (ParseURLW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B8E9)
[Address] EAT @iexplore.exe (PathAddBackslashA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C09)
[Address] EAT @iexplore.exe (PathAddBackslashW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756177B0)
[Address] EAT @iexplore.exe (PathAddExtensionA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DA1)
[Address] EAT @iexplore.exe (PathAddExtensionW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617A9E)
[Address] EAT @iexplore.exe (PathAppendA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D90)
[Address] EAT @iexplore.exe (PathAppendW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617E3F)
[Address] EAT @iexplore.exe (PathBuildRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627159)
[Address] EAT @iexplore.exe (PathBuildRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562716A)
[Address] EAT @iexplore.exe (PathCanonicalizeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D7F)
[Address] EAT @iexplore.exe (PathCanonicalizeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618CBC)
[Address] EAT @iexplore.exe (PathCombineA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C3C)
[Address] EAT @iexplore.exe (PathCombineW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561779F)
[Address] EAT @iexplore.exe (PathCommonPrefixA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E8F)
[Address] EAT @iexplore.exe (PathCommonPrefixW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E7E)
[Address] EAT @iexplore.exe (PathCompactPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627DEA)
[Address] EAT @iexplore.exe (PathCompactPathExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627C40)
[Address] EAT @iexplore.exe (PathCompactPathExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620448)
[Address] EAT @iexplore.exe (PathCompactPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B6CC)
[Address] EAT @iexplore.exe (PathCreateFromUrlA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269EF)
[Address] EAT @iexplore.exe (PathCreateFromUrlAlloc) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269DE)
[Address] EAT @iexplore.exe (PathCreateFromUrlW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E0B)
[Address] EAT @iexplore.exe (PathFileExistsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CE6)
[Address] EAT @iexplore.exe (PathFileExistsAndAttributesW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617AC0)
[Address] EAT @iexplore.exe (PathFileExistsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616F20)
[Address] EAT @iexplore.exe (PathFindExtensionA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D19)
[Address] EAT @iexplore.exe (PathFindExtensionW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157C8)
[Address] EAT @iexplore.exe (PathFindFileNameA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CD5)
[Address] EAT @iexplore.exe (PathFindFileNameW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157B7)
[Address] EAT @iexplore.exe (PathFindNextComponentA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626BE7)
[Address] EAT @iexplore.exe (PathFindNextComponentW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617E61)
[Address] EAT @iexplore.exe (PathFindOnPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562846C)
[Address] EAT @iexplore.exe (PathFindOnPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620775)
[Address] EAT @iexplore.exe (PathFindSuffixArrayA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756283B7)
[Address] EAT @iexplore.exe (PathFindSuffixArrayW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618D11)
[Address] EAT @iexplore.exe (PathGetArgsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562688B)
[Address] EAT @iexplore.exe (PathGetArgsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623B0A)
[Address] EAT @iexplore.exe (PathGetCharTypeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268AC)
[Address] EAT @iexplore.exe (PathGetCharTypeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615ED2)
[Address] EAT @iexplore.exe (PathGetDriveNumberA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E3A)
[Address] EAT @iexplore.exe (PathGetDriveNumberW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615795)
[Address] EAT @iexplore.exe (PathIsContentTypeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627AA9)
[Address] EAT @iexplore.exe (PathIsContentTypeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FE28)
[Address] EAT @iexplore.exe (PathIsDirectoryA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75628279)
[Address] EAT @iexplore.exe (PathIsDirectoryEmptyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75628187)
[Address] EAT @iexplore.exe (PathIsDirectoryEmptyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562BA25)
[Address] EAT @iexplore.exe (PathIsDirectoryW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617851)
[Address] EAT @iexplore.exe (PathIsFileSpecA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E4B)
[Address] EAT @iexplore.exe (PathIsFileSpecW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617AAF)
[Address] EAT @iexplore.exe (PathIsLFNFileSpecA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DD4)
[Address] EAT @iexplore.exe (PathIsLFNFileSpecW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DC3)
[Address] EAT @iexplore.exe (PathIsNetworkPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562717B)
[Address] EAT @iexplore.exe (PathIsNetworkPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617C86)
[Address] EAT @iexplore.exe (PathIsPrefixA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E6D)
[Address] EAT @iexplore.exe (PathIsPrefixW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E5C)
[Address] EAT @iexplore.exe (PathIsRelativeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E29)
[Address] EAT @iexplore.exe (PathIsRelativeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616F31)
[Address] EAT @iexplore.exe (PathIsRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D6E)
[Address] EAT @iexplore.exe (PathIsRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618CAB)
[Address] EAT @iexplore.exe (PathIsSameRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DF6)
[Address] EAT @iexplore.exe (PathIsSameRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DE5)
[Address] EAT @iexplore.exe (PathIsSystemFolderA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756277A6)
[Address] EAT @iexplore.exe (PathIsSystemFolderW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B549)
[Address] EAT @iexplore.exe (PathIsUNCA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C1A)
[Address] EAT @iexplore.exe (PathIsUNCServerA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CF7)
[Address] EAT @iexplore.exe (PathIsUNCServerShareA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D08)
[Address] EAT @iexplore.exe (PathIsUNCServerShareW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617B7A)
[Address] EAT @iexplore.exe (PathIsUNCServerW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617B69)
[Address] EAT @iexplore.exe (PathIsUNCW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615784)
[Address] EAT @iexplore.exe (PathIsURLA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269CD)
[Address] EAT @iexplore.exe (PathIsURLW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616DFA)
[Address] EAT @iexplore.exe (PathMakePrettyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75628B6E)
[Address] EAT @iexplore.exe (PathMakePrettyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FF0A)
[Address] EAT @iexplore.exe (PathMakeSystemFolderA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627822)
[Address] EAT @iexplore.exe (PathMakeSystemFolderW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616059)
[Address] EAT @iexplore.exe (PathMatchSpecA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C80)
[Address] EAT @iexplore.exe (PathMatchSpecExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C5E)
[Address] EAT @iexplore.exe (PathMatchSpecExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620645)
[Address] EAT @iexplore.exe (PathMatchSpecW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C6F)
[Address] EAT @iexplore.exe (PathParseIconLocationA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CC4)
[Address] EAT @iexplore.exe (PathParseIconLocationW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617BF5)
[Address] EAT @iexplore.exe (PathQuoteSpacesA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CA2)
[Address] EAT @iexplore.exe (PathQuoteSpacesW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618D5B)
[Address] EAT @iexplore.exe (PathRelativePathToA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626BF8)
[Address] EAT @iexplore.exe (PathRelativePathToW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623AC6)
[Address] EAT @iexplore.exe (PathRemoveArgsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75628B40)
[Address] EAT @iexplore.exe (PathRemoveArgsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561A4F7)
[Address] EAT @iexplore.exe (PathRemoveBackslashA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626DB2)
[Address] EAT @iexplore.exe (PathRemoveBackslashW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E4F)
[Address] EAT @iexplore.exe (PathRemoveBlanksA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C91)
[Address] EAT @iexplore.exe (PathRemoveBlanksW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561776C)
[Address] EAT @iexplore.exe (PathRemoveExtensionA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D5D)
[Address] EAT @iexplore.exe (PathRemoveExtensionW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CED)
[Address] EAT @iexplore.exe (PathRemoveFileSpecA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C2B)
[Address] EAT @iexplore.exe (PathRemoveFileSpecW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C1B)
[Address] EAT @iexplore.exe (PathRenameExtensionA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D4C)
[Address] EAT @iexplore.exe (PathRenameExtensionW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D3B)
[Address] EAT @iexplore.exe (PathSearchAndQualifyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562687A)
[Address] EAT @iexplore.exe (PathSearchAndQualifyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621AE9)
[Address] EAT @iexplore.exe (PathSetDlgItemPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627B3D)
[Address] EAT @iexplore.exe (PathSetDlgItemPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B5C7)
[Address] EAT @iexplore.exe (PathSkipRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E07)
[Address] EAT @iexplore.exe (PathSkipRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617E50)
[Address] EAT @iexplore.exe (PathStripPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626E18)
[Address] EAT @iexplore.exe (PathStripPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617B8B)
[Address] EAT @iexplore.exe (PathStripToRootA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626D2A)
[Address] EAT @iexplore.exe (PathStripToRootW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CFE)
[Address] EAT @iexplore.exe (PathUnExpandEnvStringsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626C4D)
[Address] EAT @iexplore.exe (PathUnExpandEnvStringsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621AD8)
[Address] EAT @iexplore.exe (PathUndecorateA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756276F8)
[Address] EAT @iexplore.exe (PathUndecorateW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615EFE)
[Address] EAT @iexplore.exe (PathUnmakeSystemFolderA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756277E4)
[Address] EAT @iexplore.exe (PathUnmakeSystemFolderW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562B588)
[Address] EAT @iexplore.exe (PathUnquoteSpacesA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626CB3)
[Address] EAT @iexplore.exe (PathUnquoteSpacesW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561777D)
[Address] EAT @iexplore.exe (QISearch) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561566B)
[Address] EAT @iexplore.exe (SHAllocShared) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621BF8)
[Address] EAT @iexplore.exe (SHAnsiToAnsi) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562731E)
[Address] EAT @iexplore.exe (SHAnsiToUnicode) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562004B)
[Address] EAT @iexplore.exe (SHAutoComplete) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561EDC7)
[Address] EAT @iexplore.exe (SHCopyKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272FC)
[Address] EAT @iexplore.exe (SHCopyKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620097)
[Address] EAT @iexplore.exe (SHCreateMemStream) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D97)
[Address] EAT @iexplore.exe (SHCreateShellPalette) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621B15)
[Address] EAT @iexplore.exe (SHCreateStreamOnFileA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271DB)
[Address] EAT @iexplore.exe (SHCreateStreamOnFileEx) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621EB0)
[Address] EAT @iexplore.exe (SHCreateStreamOnFileW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615EE3)
[Address] EAT @iexplore.exe (SHCreateStreamWrapper) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75613EEE)
[Address] EAT @iexplore.exe (SHCreateThread) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562153E)
[Address] EAT @iexplore.exe (SHCreateThreadRef) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617A6D)
[Address] EAT @iexplore.exe (SHCreateThreadWithHandle) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617C06)
[Address] EAT @iexplore.exe (SHDeleteEmptyKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271FD)
[Address] EAT @iexplore.exe (SHDeleteEmptyKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271EC)
[Address] EAT @iexplore.exe (SHDeleteKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FE7F)
[Address] EAT @iexplore.exe (SHDeleteKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618C86)
[Address] EAT @iexplore.exe (SHDeleteOrphanKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563A7A5)
[Address] EAT @iexplore.exe (SHDeleteOrphanKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563A755)
[Address] EAT @iexplore.exe (SHDeleteValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562720E)
[Address] EAT @iexplore.exe (SHDeleteValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618D00)
[Address] EAT @iexplore.exe (SHEnumKeyExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272DA)
[Address] EAT @iexplore.exe (SHEnumKeyExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272C9)
[Address] EAT @iexplore.exe (SHEnumValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272B8)
[Address] EAT @iexplore.exe (SHEnumValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561FDE8)
[Address] EAT @iexplore.exe (SHFormatDateTimeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562BCC7)
[Address] EAT @iexplore.exe (SHFormatDateTimeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562BD3F)
[Address] EAT @iexplore.exe (SHFreeShared) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621C09)
[Address] EAT @iexplore.exe (SHGetInverseCMAP) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562D3B5)
[Address] EAT @iexplore.exe (SHGetThreadRef) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620591)
[Address] EAT @iexplore.exe (SHGetValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621BDD)
[Address] EAT @iexplore.exe (SHGetValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CBA)
[Address] EAT @iexplore.exe (SHGetViewStatePropertyBag) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75619323)
[Address] EAT @iexplore.exe (SHIsChildOrSelf) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561590A)
[Address] EAT @iexplore.exe (SHIsLowMemoryMachine) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75637E50)
[Address] EAT @iexplore.exe (SHLoadIndirectString) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D0F)
[Address] EAT @iexplore.exe (SHLockShared) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563AEC2)
[Address] EAT @iexplore.exe (SHMessageBoxCheckA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75637258)
[Address] EAT @iexplore.exe (SHMessageBoxCheckW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75637387)
[Address] EAT @iexplore.exe (SHOpenRegStream2A) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271A8)
[Address] EAT @iexplore.exe (SHOpenRegStream2W) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75621AFA)
[Address] EAT @iexplore.exe (SHOpenRegStreamA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271CA)
[Address] EAT @iexplore.exe (SHOpenRegStreamW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756271B9)
[Address] EAT @iexplore.exe (SHPackDispParamsV) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75619F0E)
[Address] EAT @iexplore.exe (SHPropertyBag_ReadStrAlloc) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563C2A1)
[Address] EAT @iexplore.exe (SHPropertyBag_WriteBSTR) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563C229)
[Address] EAT @iexplore.exe (SHQueryInfoKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272A7)
[Address] EAT @iexplore.exe (SHQueryInfoKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627296)
[Address] EAT @iexplore.exe (SHQueryValueExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562721F)
[Address] EAT @iexplore.exe (SHQueryValueExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617DD4)
[Address] EAT @iexplore.exe (SHRegCloseUSKey) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B70)
[Address] EAT @iexplore.exe (SHRegCreateUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B5F)
[Address] EAT @iexplore.exe (SHRegCreateUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D4C)
[Address] EAT @iexplore.exe (SHRegDeleteEmptyUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B4E)
[Address] EAT @iexplore.exe (SHRegDeleteEmptyUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B3D)
[Address] EAT @iexplore.exe (SHRegDeleteUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B2C)
[Address] EAT @iexplore.exe (SHRegDeleteUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B1B)
[Address] EAT @iexplore.exe (SHRegDuplicateHKey) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627285)
[Address] EAT @iexplore.exe (SHRegEnumUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626B0A)
[Address] EAT @iexplore.exe (SHRegEnumUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AF9)
[Address] EAT @iexplore.exe (SHRegEnumUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AE8)
[Address] EAT @iexplore.exe (SHRegEnumUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D19)
[Address] EAT @iexplore.exe (SHRegGetBoolUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AD7)
[Address] EAT @iexplore.exe (SHRegGetBoolUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B9D9)
[Address] EAT @iexplore.exe (SHRegGetBoolValueFromHKCUHKLM) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D78)
[Address] EAT @iexplore.exe (SHRegGetIntW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627274)
[Address] EAT @iexplore.exe (SHRegGetPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627263)
[Address] EAT @iexplore.exe (SHRegGetPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623AD7)
[Address] EAT @iexplore.exe (SHRegGetUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AC6)
[Address] EAT @iexplore.exe (SHRegGetUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620634)
[Address] EAT @iexplore.exe (SHRegGetValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756272EB)
[Address] EAT @iexplore.exe (SHRegGetValueFromHKCUHKLM) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561978F)
[Address] EAT @iexplore.exe (SHRegGetValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C66)
[Address] EAT @iexplore.exe (SHRegOpenUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AB5)
[Address] EAT @iexplore.exe (SHRegOpenUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626AA4)
[Address] EAT @iexplore.exe (SHRegQueryInfoUSKeyA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A93)
[Address] EAT @iexplore.exe (SHRegQueryInfoUSKeyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D3B)
[Address] EAT @iexplore.exe (SHRegQueryUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A82)
[Address] EAT @iexplore.exe (SHRegQueryUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A71)
[Address] EAT @iexplore.exe (SHRegSetPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627252)
[Address] EAT @iexplore.exe (SHRegSetPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627241)
[Address] EAT @iexplore.exe (SHRegSetUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A60)
[Address] EAT @iexplore.exe (SHRegSetUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A4F)
[Address] EAT @iexplore.exe (SHRegWriteUSValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626A3E)
[Address] EAT @iexplore.exe (SHRegWriteUSValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D2A)
[Address] EAT @iexplore.exe (SHRegisterValidateTemplate) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563FE52)
[Address] EAT @iexplore.exe (SHReleaseThreadRef) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562718C)
[Address] EAT @iexplore.exe (SHRunIndirectRegClientCommand) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756298C2)
[Address] EAT @iexplore.exe (SHSendMessageBroadcastA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75636833)
[Address] EAT @iexplore.exe (SHSendMessageBroadcastW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618CCD)
[Address] EAT @iexplore.exe (SHSetThreadRef) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617A52)
[Address] EAT @iexplore.exe (SHSetValueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627230)
[Address] EAT @iexplore.exe (SHSetValueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75619111)
[Address] EAT @iexplore.exe (SHSkipJunction) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615DC7)
[Address] EAT @iexplore.exe (SHStrDupA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623AE8)
[Address] EAT @iexplore.exe (SHStrDupW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615BE1)
[Address] EAT @iexplore.exe (SHStripMneumonicA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75636D51)
[Address] EAT @iexplore.exe (SHStripMneumonicW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615E69)
[Address] EAT @iexplore.exe (SHUnicodeToAnsi) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D20)
[Address] EAT @iexplore.exe (SHUnicodeToAnsiCP) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75613F15)
[Address] EAT @iexplore.exe (SHUnicodeToUnicode) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562730D)
[Address] EAT @iexplore.exe (SHUnlockShared) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7563AEA0)
[Address] EAT @iexplore.exe (ShellMessageBoxA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562952B)
[Address] EAT @iexplore.exe (ShellMessageBoxW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C193)
[Address] EAT @iexplore.exe (StrCSpnA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FD2)
[Address] EAT @iexplore.exe (StrCSpnIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FC1)
[Address] EAT @iexplore.exe (StrCSpnIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FB0)
[Address] EAT @iexplore.exe (StrCSpnW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620623)
[Address] EAT @iexplore.exe (StrCatBuffA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270D1)
[Address] EAT @iexplore.exe (StrCatBuffW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270E2)
[Address] EAT @iexplore.exe (StrCatChainW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626EB1)
[Address] EAT @iexplore.exe (StrCatW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C947)
[Address] EAT @iexplore.exe (StrChrA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270C0)
[Address] EAT @iexplore.exe (StrChrIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562708D)
[Address] EAT @iexplore.exe (StrChrIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615773)
[Address] EAT @iexplore.exe (StrChrNIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562707C)
[Address] EAT @iexplore.exe (StrChrNW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270AF)
[Address] EAT @iexplore.exe (StrChrW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157A6)
[Address] EAT @iexplore.exe (StrCmpCA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626ED3)
[Address] EAT @iexplore.exe (StrCmpCW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75618CEF)
[Address] EAT @iexplore.exe (StrCmpICA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561567C)
[Address] EAT @iexplore.exe (StrCmpICW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D5D)
[Address] EAT @iexplore.exe (StrCmpIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C33)
[Address] EAT @iexplore.exe (StrCmpLogicalW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626EC2)
[Address] EAT @iexplore.exe (StrCmpNA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620690)
[Address] EAT @iexplore.exe (StrCmpNCA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626EF5)
[Address] EAT @iexplore.exe (StrCmpNCW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626EE4)
[Address] EAT @iexplore.exe (StrCmpNIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F9F)
[Address] EAT @iexplore.exe (StrCmpNICA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75620656)
[Address] EAT @iexplore.exe (StrCmpNICW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756216E2)
[Address] EAT @iexplore.exe (StrCmpNIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C55)
[Address] EAT @iexplore.exe (StrCmpNW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E93)
[Address] EAT @iexplore.exe (StrCmpW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157D9)
[Address] EAT @iexplore.exe (StrCpyNW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756270F3)
[Address] EAT @iexplore.exe (StrCpyW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C98E)
[Address] EAT @iexplore.exe (StrDupA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F39)
[Address] EAT @iexplore.exe (StrDupW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CCB)
[Address] EAT @iexplore.exe (StrFormatByteSize64A) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C86B)
[Address] EAT @iexplore.exe (StrFormatByteSizeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C84D)
[Address] EAT @iexplore.exe (StrFormatByteSizeEx) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617E1C)
[Address] EAT @iexplore.exe (StrFormatByteSizeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C8B9)
[Address] EAT @iexplore.exe (StrFormatKBSizeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C7D6)
[Address] EAT @iexplore.exe (StrFormatKBSizeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C82D)
[Address] EAT @iexplore.exe (StrFromTimeIntervalA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75635623)
[Address] EAT @iexplore.exe (StrFromTimeIntervalW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756355B0)
[Address] EAT @iexplore.exe (StrIsIntlEqualA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F28)
[Address] EAT @iexplore.exe (StrIsIntlEqualW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F17)
[Address] EAT @iexplore.exe (StrNCatA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C913)
[Address] EAT @iexplore.exe (StrNCatW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C8D9)
[Address] EAT @iexplore.exe (StrPBrkA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627049)
[Address] EAT @iexplore.exe (StrPBrkW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561AE4F)
[Address] EAT @iexplore.exe (StrRChrA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562709E)
[Address] EAT @iexplore.exe (StrRChrIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562706B)
[Address] EAT @iexplore.exe (StrRChrIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562705A)
[Address] EAT @iexplore.exe (StrRChrW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756199BE)
[Address] EAT @iexplore.exe (StrRStrIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F8E)
[Address] EAT @iexplore.exe (StrRStrIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F7D)
[Address] EAT @iexplore.exe (StrRetToBSTR) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75623AF9)
[Address] EAT @iexplore.exe (StrRetToBufA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C688)
[Address] EAT @iexplore.exe (StrRetToBufW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615D6E)
[Address] EAT @iexplore.exe (StrRetToStrA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562C70A)
[Address] EAT @iexplore.exe (StrRetToStrW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617D67)
[Address] EAT @iexplore.exe (StrSpnA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FF4)
[Address] EAT @iexplore.exe (StrSpnW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626FE3)
[Address] EAT @iexplore.exe (StrStrA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F6C)
[Address] EAT @iexplore.exe (StrStrIA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615EC1)
[Address] EAT @iexplore.exe (StrStrIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615762)
[Address] EAT @iexplore.exe (StrStrNIW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F4A)
[Address] EAT @iexplore.exe (StrStrNW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F5B)
[Address] EAT @iexplore.exe (StrStrW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615C44)
[Address] EAT @iexplore.exe (StrToInt64ExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627016)
[Address] EAT @iexplore.exe (StrToInt64ExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627027)
[Address] EAT @iexplore.exe (StrToIntA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627038)
[Address] EAT @iexplore.exe (StrToIntExA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75627005)
[Address] EAT @iexplore.exe (StrToIntExW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561AE60)
[Address] EAT @iexplore.exe (StrToIntW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756157EA)
[Address] EAT @iexplore.exe (StrTrimA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626F06)
[Address] EAT @iexplore.exe (StrTrimW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75617CDC)
[Address] EAT @iexplore.exe (UrlApplySchemeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269BC)
[Address] EAT @iexplore.exe (UrlApplySchemeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756269AB)
[Address] EAT @iexplore.exe (UrlCanonicalizeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7562699A)
[Address] EAT @iexplore.exe (UrlCanonicalizeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E3E)
[Address] EAT @iexplore.exe (UrlCombineA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626989)
[Address] EAT @iexplore.exe (UrlCombineW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E71)
[Address] EAT @iexplore.exe (UrlCompareA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626978)
[Address] EAT @iexplore.exe (UrlCompareW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626967)
[Address] EAT @iexplore.exe (UrlCreateFromPathA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626956)
[Address] EAT @iexplore.exe (UrlCreateFromPathW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561778E)
[Address] EAT @iexplore.exe (UrlEscapeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626945)
[Address] EAT @iexplore.exe (UrlEscapeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E60)
[Address] EAT @iexplore.exe (UrlFixupW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626934)
[Address] EAT @iexplore.exe (UrlGetLocationA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626923)
[Address] EAT @iexplore.exe (UrlGetLocationW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626912)
[Address] EAT @iexplore.exe (UrlGetPartA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626901)
[Address] EAT @iexplore.exe (UrlGetPartW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E82)
[Address] EAT @iexplore.exe (UrlHashA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268F0)
[Address] EAT @iexplore.exe (UrlHashW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268DF)
[Address] EAT @iexplore.exe (UrlIsA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268CE)
[Address] EAT @iexplore.exe (UrlIsNoHistoryA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626847)
[Address] EAT @iexplore.exe (UrlIsNoHistoryW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75615EB0)
[Address] EAT @iexplore.exe (UrlIsOpaqueA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626869)
[Address] EAT @iexplore.exe (UrlIsOpaqueW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75626858)
[Address] EAT @iexplore.exe (UrlIsW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E2D)
[Address] EAT @iexplore.exe (UrlUnescapeA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x756268BD)
[Address] EAT @iexplore.exe (UrlUnescapeW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75616E1C)
[Address] EAT @iexplore.exe (WhichPlatform) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x75636B96)
[Address] EAT @iexplore.exe (wnsprintfA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B420)
[Address] EAT @iexplore.exe (wnsprintfW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B184)
[Address] EAT @iexplore.exe (wvnsprintfA) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B3E1)
[Address] EAT @iexplore.exe (wvnsprintfW) : RPCRT4.dll -> HOOKED (C:\Windows\SYSTEM32\SHLWAPI.dll @ 0x7561B226)
[Address] EAT @iexplore.exe (CreateAssemblyCache) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B3762)
[Address] EAT @iexplore.exe (CreateAssemblyNameObject) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B3318)
[Address] EAT @iexplore.exe (SxsBeginAssemblyInstall) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BE809)
[Address] EAT @iexplore.exe (SxsEndAssemblyInstall) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BDF59)
[Address] EAT @iexplore.exe (SxsFindClrClassInformation) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B3AF1)
[Address] EAT @iexplore.exe (SxsFindClrSurrogateInformation) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B3E29)
[Address] EAT @iexplore.exe (SxsGenerateActivationContext) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x70878DA1)
[Address] EAT @iexplore.exe (SxsInstallW) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BE145)
[Address] EAT @iexplore.exe (SxsLookupClrGuid) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B426F)
[Address] EAT @iexplore.exe (SxsOleAut32MapConfiguredClsidToReferenceClsid) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x7085157B)
[Address] EAT @iexplore.exe (SxsOleAut32MapIIDOrCLSIDToTypeLibrary) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BD488)
[Address] EAT @iexplore.exe (SxsOleAut32MapIIDToProxyStubCLSID) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x70851434)
[Address] EAT @iexplore.exe (SxsOleAut32MapIIDToTLBPath) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708516C0)
[Address] EAT @iexplore.exe (SxsOleAut32MapReferenceClsidToConfiguredClsid) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x7085324D)
[Address] EAT @iexplore.exe (SxsOleAut32RedirectTypeLibrary) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x70851FA4)
[Address] EAT @iexplore.exe (SxsProbeAssemblyInstallation) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708B28BE)
[Address] EAT @iexplore.exe (SxsQueryManifestInformation) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708C3835)
[Address] EAT @iexplore.exe (SxsRunDllInstallAssembly) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BDCCD)
[Address] EAT @iexplore.exe (SxsRunDllInstallAssemblyW) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BDDCD)
[Address] EAT @iexplore.exe (SxsUninstallW) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BD66C)
[Address] EAT @iexplore.exe (SxspGenerateManifestPathOnAssemblyIdentity) : T2EMBED.DLL -> HOOKED (C:\Windows\SYSTEM32\sxs.dll @ 0x708BFBF1)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD100 SATA Disk Device +++++
--- User ---
[MBR] 08f3011a2eddb6a0b78c082c0403e874
[BSP] 10dd8e677753492d64db5b810ff2064e : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) silicon -power USB Device +++++
--- User ---
[MBR] a2bd7ffaf68d812af32caa87e8aeef8c
[BSP] 4765dcecc710ea5d8e35ff4cbdaee7f5 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1701998624 | Size: 795662 MB
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1330184192 | Size: 263172 MB
2 - [XXXXXX] DISKMNG (0x53) [VISIBLE] Offset (sectors): 538989391 | Size: 682794 MB
3 - [XXXXXX] BTWIZ (0xbb) [HIDDEN!] Offset (sectors): -384957826 | Size: 31 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_04032014_092115.txt >>

 

 



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:51 AM

Posted 07 April 2014 - 07:13 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 PaperBoy112

PaperBoy112
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 08 April 2014 - 10:44 PM

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16843
Run by Andrew at 20:35:08 on 2014-04-08
Microsoft Windows 8  6.2.9200.0.1252.2.1033.18.7384.5619 [GMT -7:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\ThumbnailExtractionHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Uninstall C:\Users\Andrew\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_2\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_2\amd64"
mRun: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
mRun: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
mRun: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{13A2C8B7-3620-46A7-8042-DB99EB462E5B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{13A2C8B7-3620-46A7-8042-DB99EB462E5B}\2454C4C4138393 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{307B101B-10F9-4C99-80FA-17847AAE1238} : DHCPNameServer = 10.77.0.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-Explorer: NoDriveAutoRun = dword:67108863
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-11-30 80552]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-11-30 26280]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-4-27 56336]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-11-25 150808]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-10-21 252728]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2014-2-16 62168]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-3-7 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-6-14 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-2-23 3782672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-4-7 127752]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2013-3-1 43320]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-10-8 1039160]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-11-21 2468496]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2014-3-7 98744]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-3-27 25816]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-11-21 2482960]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2013-11-21 288328]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-11-21 792648]
R3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2014-3-10 29424]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\Drivers\tap0901t.sys [2014-4-7 31232]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-11-21 58536]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-27 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-27 857912]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2013-4-26 54064]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2013-3-25 49584]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-3-27 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-3-27 63192]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-4-4 33008]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2014-4-7 758224]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-4-27 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-04-08 02:45:29 -------- d-----w- C:\Program Files\Dolphin
2014-04-08 02:43:15 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Tunngle
2014-04-08 02:43:15 -------- d-----w- C:\ProgramData\Tunngle
2014-04-08 02:43:14 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2014-04-08 02:43:12 -------- d-----w- C:\Program Files (x86)\Tunngle
2014-04-08 02:28:22 -------- d-----w- C:\Users\Andrew\AppData\Roaming\BitTorrent
2014-04-04 14:03:32 -------- d-----w- C:\Users\Andrew\AppData\Local\HPConnectedMusic
2014-04-04 00:33:52 -------- d-----w- C:\Users\Andrew\AppData\Roaming\TS3Client
2014-04-02 19:40:55 119512 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-03-31 22:06:04 -------- d-----w- C:\Program Files (x86)\ESET
2014-03-28 19:53:43 -------- d-----w- C:\Users\Andrew\AppData\Roaming\AVG2014
2014-03-28 19:52:57 -------- d-----w- C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-03-28 19:52:00 -------- d--h--w- C:\$AVG
2014-03-28 19:52:00 -------- d-----w- C:\ProgramData\AVG2014
2014-03-28 19:51:44 -------- d-----w- C:\Program Files (x86)\AVG
2014-03-28 19:51:36 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27165ADE-F7E2-4DB7-837E-928B70F69000}\mpengine.dll
2014-03-28 19:51:23 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-28 19:46:33 -------- d--h--w- C:\ProgramData\Common Files
2014-03-28 19:46:33 -------- d-----w- C:\Users\Andrew\AppData\Local\MFAData
2014-03-28 19:46:33 -------- d-----w- C:\Users\Andrew\AppData\Local\Avg2014
2014-03-28 19:46:33 -------- d-----w- C:\ProgramData\MFAData
2014-03-27 14:24:21 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-27 14:24:02 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-27 14:24:02 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-27 14:24:02 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-27 14:24:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-26 19:13:33 -------- d-----w- C:\Program Files\CCleaner
2014-03-26 00:56:05 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-03-21 00:29:54 -------- d-----w- C:\Users\Andrew\AppData\Local\Skype
2014-03-19 23:53:21 -------- d-----w- C:\Users\Andrew\AppData\Roaming\JetBrains
2014-03-19 23:51:24 -------- d-----w- C:\Program Files (x86)\JetBrains
2014-03-18 00:59:02 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2014-03-18 00:59:02 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2014-03-18 00:59:02 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2014-03-18 00:59:02 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2014-03-18 00:59:00 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2014-03-18 00:59:00 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2014-03-18 00:53:42 -------- d-----w- C:\Users\Andrew\AppData\Local\DayZ
2014-03-18 00:03:45 1628160 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-18 00:02:28 4036608 ----a-w- C:\Windows\System32\win32k.sys
2014-03-17 23:52:18 595968 ----a-w- C:\Windows\System32\qedit.dll
2014-03-17 23:52:18 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-17 01:00:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-03-17 01:00:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-15 21:37:57 254640 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-13 20:10:25 -------- d-----w- C:\Users\Andrew\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 20:10:03 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-03-13 20:10:03 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-03-13 16:54:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-13 03:29:06 -------- d-----w- C:\Program Files\HitmanPro
2014-03-13 03:28:09 -------- d-----w- C:\ProgramData\HitmanPro
2014-03-11 23:15:11 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-10 21:51:47 495856 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2014-03-10 21:51:47 264432 ----a-w- C:\Windows\System32\SynTPAPI.dll
2014-03-10 21:51:47 192240 ----a-w- C:\Windows\System32\SynTPCo18.dll
2014-03-10 21:51:47 151280 ----a-w- C:\Windows\SysWow64\SynTPCom.dll
2014-03-10 21:51:45 544496 ----a-w- C:\Windows\SysWow64\SynCom.dll
2014-03-10 21:51:45 1060080 ----a-w- C:\Windows\System32\SynCOM.dll
2014-03-10 21:51:42 29424 ----a-w- C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
.
==================== Find3M  ====================
.
2014-03-04 22:52:34 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52:34 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-23 08:13:41 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 08:13:31 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-23 08:13:31 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-23 08:11:59 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 08:11:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-23 08:11:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-23 06:54:46 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 06:54:37 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-23 06:53:22 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 06:53:18 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-23 06:53:18 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-23 06:35:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-23 06:31:25 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-23 04:06:33 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-02-22 01:53:27 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-02-22 01:49:41 1587 ----a-w- C:\ProgramData\1393033781.bdinstall.bin
2014-02-22 00:16:49 1587 ----a-w- C:\ProgramData\1393028209.bdinstall.bin
2014-02-22 00:15:02 1587 ----a-w- C:\ProgramData\1393028102.bdinstall.bin
2014-02-21 23:53:05 1587 ----a-w- C:\ProgramData\1393026785.bdinstall.bin
2014-02-21 23:52:15 1587 ----a-w- C:\ProgramData\1393026735.bdinstall.bin
2014-02-21 23:47:49 1587 ----a-w- C:\ProgramData\1393026469.bdinstall.bin
2014-02-21 23:47:37 1587 ----a-w- C:\ProgramData\1393026457.bdinstall.bin
2014-02-21 23:41:49 1587 ----a-w- C:\ProgramData\1393026109.bdinstall.bin
2014-02-21 23:40:04 1587 ----a-w- C:\ProgramData\1393026004.bdinstall.bin
2014-02-21 23:35:49 1587 ----a-w- C:\ProgramData\1393025749.bdinstall.bin
2014-02-21 23:15:59 1587 ----a-w- C:\ProgramData\1393024559.bdinstall.bin
2014-02-21 23:05:27 1587 ----a-w- C:\ProgramData\1393023927.bdinstall.bin
2014-02-21 23:03:54 1587 ----a-w- C:\ProgramData\1393023834.bdinstall.bin
2014-02-21 19:24:25 257380 ----a-w- C:\ProgramData\1393010570.bdinstall.bin
2014-02-17 19:23:09 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2014-02-16 19:12:29 74512 ----a-w- C:\Windows\SysWow64\bdsandboxuiskin32.dll
2014-02-16 19:12:29 74512 ----a-w- C:\Windows\System32\bdsandboxuiskin32.dll
2014-01-31 00:48:33 1339392 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-01-26 02:57:10 389120 ----a-w- C:\Windows\SysWow64\RegistryHelperLM.ocx
2014-01-12 23:30:39 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-01-12 23:30:18 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 20:35:47.55 ===============

 

 

 

 

 

 

 

Attach:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 2014-02-15 9:00:30 PM
System Uptime: 2014-04-08 8:19:19 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 1995
Processor: AMD A10-5745M APU with Radeon™ HD Graphics   | Socket FT1 | 1800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 907 GiB total, 793.328 GiB free.
D: is FIXED (NTFS) - 24 GiB total, 2.344 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {d2de069d-7286-420b-baf8-225d700ce748}
Description: Ralink Bluetooth PCIe Adapter
Device ID: PCI\VEN_1814&DEV_3298&SUBSYS_18EC103C&REV_00\4&288455B5&0&0128
Manufacturer: Ralink Technology Corp.
Name: Ralink Bluetooth PCIe Adapter
PNP Device ID: PCI\VEN_1814&DEV_3298&SUBSYS_18EC103C&REV_00\4&288455B5&0&0128
Service: rtbth
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
==== System Restore Points ===================
.
RP23: 2014-03-22 9:46:35 PM - Installed DirectX
RP24: 2014-03-24 1:46:32 PM - Removed Java SE Development Kit 7 Update 51 (64-bit)
RP25: 2014-03-25 7:23:43 PM - avast! antivirus system restore point
RP26: 2014-03-27 4:31:28 PM - avast! antivirus system restore point
RP27: 2014-04-06 4:04:44 PM - Scheduled Checkpoint
RP28: 2014-04-07 5:04:07 PM - Removed Skype™ 6.14
RP29: 2014-04-08 8:21:46 PM - Removed Skype™ 6.14
.
==== Installed Programs ======================
.
4 Elements II
Adobe Photoshop Elements 11
Adobe Premiere Elements 11
Airport Mania
Aloha TriPeaks
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
AVG 2014
Azteca
Bejeweled 3
BitTorrent
Bonjour
Bounce Symphony
Build-a-lot
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Counter-Strike: Source
Cradle of Rome 2
Curse at Twilight
CyberLink YouCam
D3DX10
DayZ
Delicious: Emily's Childhood Memories Premium Edition
Dolphin
Elements 11 Organizer
Energy Star
ESET Online Scanner v3
Farm Frenzy
Galerie de photos
Garry's Mod
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Grand Theft Auto IV
Hewlett-Packard ACLM.NET v1.2.1.1
HitmanPro 3.7
House of 1000 Doors: Family Secrets
HP 3D DriveGuard
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Launch Box
HP MyRoom
HP Postscript Converter
HP Quick Start
HP Recovery Manager
HP Registration Service
HP Support Assistant
HP System Event Utility
HP Utility Center
HP Wireless Button Driver
IDT Audio
Java 7 Update 51 (64-bit)
Jewel Match 3
Left 4 Dead 2
Letters from Nowhere 2
Luxor Evolved
Mah Jong Medley
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Exploit version 0.09.5.1000
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft Application Error Reporting
Microsoft Games for Windows Marketplace
Microsoft Office
Microsoft OneDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft XNA Framework Redistributable 4.0 Refresh
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
OEM Application Profile
Peggle Nights
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
Polar Bowler
PRE11 STI 64Installer
PSE11 STI Installer
Ralink Bluetooth Stack
Ralink RT3290 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Royal Envoy 2 Collector's Edition
SpeedRunners
Steam
SUPERAntiSpyware
swMSM
Synaptics ClickPad Driver
The Treasures of Mystery Island: The Ghost Ship
Trinklit Supreme
Tunngle beta
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WildTangent Games
WildTangent Games App (HP Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Worms Revolution
Youda Jewel Shop
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2014-04-08 8:20:46 PM, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
2014-04-08 8:20:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
2014-04-08 8:20:29 PM, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2014-04-07 4:49:06 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {B77C4C36-0154-4C52-AB49-FAA03837E47F}  and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user User-PC\User SID (S-1-5-21-3003775526-1270309354-3113253203-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
2014-04-07 4:49:06 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {A188DB29-2ABC-46CB-9A38-40B82CF5D051}  and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user User-PC\User SID (S-1-5-21-3003775526-1270309354-3113253203-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
2014-04-04 8:19:56 AM, Error: Service Control Manager [7024]  - The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:  The operation completed successfully.
2014-04-01 3:41:33 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
.
==== End Of File ===========================

 



#4 PaperBoy112

PaperBoy112
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 08 April 2014 - 10:49 PM

And the final log.

Attached Files



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:51 AM

Posted 09 April 2014 - 06:32 AM

N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 PaperBoy112

PaperBoy112
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 09 April 2014 - 04:00 PM

Before I post the logs, I just want to say thank you for helping me out. :)

 

FRST:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by User (administrator) on User-PC on 09-04-2014 13:51:27
Running from C:\Users\User\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Hewlett-Packard Development Company, L.P.) c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-03-13] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-11-01] (IVT Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
HKU\S-1-5-21-3003775526-1270309354-3113253203-1002\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3003775526-1270309354-3113253203-1002\...\RunOnce: [Uninstall C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_2\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_2\amd64"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {7CC96401-A95D-4565-9ED4-CA5F9EC3B7D9} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA2022B94-35C3-42E9-A4A9-696F9028CD38&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Hosts: 127.0.0.1 localhost
Tcpip\..\Interfaces\{13A2C8B7-3620-46A7-8042-DB99EB462E5B}: [NameServer]8.8.8.8,8.8.4.4

Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-06-14] (Advanced Micro Devices, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1706744 2013-11-01] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-11-01] (IVT Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-04-07] (SurfRight B.V.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2014-03-07] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2014-01-16] ()
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-23] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2014-03-10] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 wlxslswy; No ImagePath
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 rtbth; \SystemRoot\System32\drivers\rtbth.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-09 13:51 - 2014-04-09 13:51 - 00014789 _____ () C:\Users\User\Downloads\FRST.txt
2014-04-09 13:51 - 2014-04-09 13:51 - 00000000 ____D () C:\FRST
2014-04-09 13:50 - 2014-04-09 13:50 - 02157056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-04-08 20:39 - 2014-04-08 20:39 - 00000000 ____D () C:\Users\User\Downloads\tdsskiller
2014-04-08 20:38 - 2014-04-08 20:39 - 04118841 _____ () C:\Users\User\Downloads\tdsskiller.zip
2014-04-08 20:38 - 2014-04-08 20:38 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2014-04-08 20:33 - 2014-04-08 20:33 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2014-04-07 19:47 - 2014-04-08 15:16 - 00000000 ____D () C:\Users\User\Documents\Dolphin Emulator
2014-04-07 19:45 - 2014-04-08 15:16 - 00000768 _____ () C:\Windows\DirectX.log
2014-04-07 19:45 - 2014-04-07 19:46 - 00000000 ____D () C:\Program Files\Dolphin
2014-04-07 19:43 - 2014-04-08 16:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tunngle
2014-04-07 19:43 - 2014-04-08 16:22 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-04-07 19:43 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-04-07 19:28 - 2014-04-08 17:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2014-04-05 20:13 - 2014-04-08 16:23 - 00000119 _____ () C:\Windows\n02.ini
2014-04-04 14:01 - 2014-04-04 14:01 - 00000000 ____D () C:\Users\User\Documents\SavedGames
2014-04-03 17:33 - 2014-04-03 17:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-04-03 09:04 - 2014-04-03 09:04 - 00000794 _____ () C:\Windows\setupact.log
2014-04-03 09:04 - 2014-04-03 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-02 16:25 - 2014-04-02 16:25 - 00000000 ____D () C:\Users\User\Documents\Adobe
2014-04-02 12:40 - 2014-04-02 12:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-01 16:04 - 2014-04-01 16:04 - 00001529 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-03-31 15:06 - 2014-03-31 15:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-31 14:53 - 2014-03-31 14:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-31 14:53 - 2014-03-31 14:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-28 20:06 - 2014-04-04 08:18 - 00000828 _____ () C:\Windows\system32\.crusader
2014-03-28 12:53 - 2014-03-28 12:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-03-28 12:52 - 2014-03-31 14:53 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-28 12:52 - 2014-03-28 12:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-28 12:52 - 2014-03-28 12:52 - 00000000 ___HD () C:\$AVG
2014-03-28 12:52 - 2014-03-28 12:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2014-03-28 12:51 - 2014-03-28 12:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-28 12:51 - 2014-01-19 00:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-28 12:46 - 2014-04-09 13:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-28 12:46 - 2014-03-28 13:03 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-03-28 12:46 - 2014-03-28 12:46 - 00000000 ____D () C:\Users\User\AppData\Local\MFAData
2014-03-28 12:40 - 2014-04-09 13:51 - 00654529 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 15:39 - 2014-04-08 13:07 - 00400102 _____ () C:\Windows\PFRO.log
2014-03-27 07:24 - 2014-04-07 17:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 07:24 - 2014-04-04 19:56 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 07:24 - 2014-04-04 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 07:24 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 07:24 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 07:24 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 06:51 - 2014-03-27 06:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-03-26 12:13 - 2014-03-26 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-26 12:13 - 2014-03-26 12:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-25 18:40 - 2014-03-25 18:40 - 00003506 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User
2014-03-25 18:02 - 2014-03-25 18:02 - 00000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-25 17:56 - 2014-03-25 17:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-03-20 17:29 - 2014-04-08 17:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-03-20 17:29 - 2014-03-20 17:29 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-03-20 17:25 - 2014-04-08 20:22 - 00000000 ____D () C:\ProgramData\Skype
2014-03-19 17:46 - 2014-03-27 15:39 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-19 16:53 - 2014-03-19 16:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\JetBrains
2014-03-19 16:51 - 2014-03-19 17:13 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2014-03-18 09:21 - 2014-04-08 13:07 - 03297024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 17:59 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-03-17 17:59 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-03-17 17:59 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-03-17 17:59 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-03-17 17:59 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-03-17 17:59 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-03-17 17:53 - 2014-03-17 18:43 - 00000000 ____D () C:\Users\User\Documents\DayZ
2014-03-17 17:53 - 2014-03-17 18:43 - 00000000 ____D () C:\Users\User\AppData\Local\DayZ
2014-03-17 17:20 - 2014-02-23 01:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-17 17:20 - 2014-02-23 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-17 17:20 - 2014-02-23 01:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-17 17:20 - 2014-02-23 01:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-17 17:20 - 2014-02-23 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-17 17:20 - 2014-02-23 01:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-17 17:20 - 2014-02-23 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-17 17:20 - 2014-02-23 01:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-17 17:20 - 2014-02-23 01:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-17 17:20 - 2014-02-23 01:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-17 17:20 - 2014-02-23 01:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-17 17:20 - 2014-02-23 01:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-17 17:20 - 2014-02-23 01:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-17 17:20 - 2014-02-23 01:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-17 17:20 - 2014-02-23 01:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-17 17:20 - 2014-02-23 01:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-17 17:20 - 2014-02-22 23:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-17 17:20 - 2014-02-22 23:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-17 17:20 - 2014-02-22 23:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-17 17:20 - 2014-02-22 23:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-17 17:20 - 2014-02-22 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-17 17:20 - 2014-02-22 23:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-17 17:20 - 2014-02-22 21:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-17 17:03 - 2014-01-30 17:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-17 17:03 - 2014-01-30 17:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-17 17:03 - 2013-10-25 00:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-17 17:03 - 2013-10-24 15:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-17 17:02 - 2014-02-07 21:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-17 16:56 - 2013-12-06 23:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-17 16:56 - 2013-12-06 22:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-17 16:52 - 2014-02-05 16:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-17 16:52 - 2014-02-05 16:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-16 18:05 - 2014-04-09 12:34 - 00003104 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-03-16 18:05 - 2014-04-09 12:34 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-03-16 18:00 - 2014-03-27 15:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-16 18:00 - 2014-03-25 19:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-16 18:00 - 2014-03-16 18:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-15 08:53 - 2014-04-07 17:06 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForUser.job
2014-03-15 08:53 - 2014-04-05 19:06 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForUser
2014-03-13 13:10 - 2014-03-27 06:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-13 13:10 - 2014-03-13 13:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 13:10 - 2014-03-13 13:10 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-13 10:22 - 2014-03-13 10:28 - 00000335 _____ () C:\local.conf
2014-03-13 09:54 - 2014-03-13 16:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-12 20:29 - 2014-04-07 19:33 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-12 20:28 - 2014-04-04 08:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-11 16:15 - 2014-03-20 17:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-10 14:51 - 2014-03-10 14:51 - 01060080 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00544496 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00495856 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-03-10 14:51 - 2014-03-10 14:51 - 00264432 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00192240 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo18.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00151280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00029424 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF.sys

==================== One Month Modified Files and Folders =======

2014-04-09 13:51 - 2014-04-09 13:51 - 00014789 _____ () C:\Users\User\Downloads\FRST.txt
2014-04-09 13:51 - 2014-04-09 13:51 - 00000000 ____D () C:\FRST
2014-04-09 13:51 - 2014-03-28 12:46 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-09 13:51 - 2014-03-28 12:40 - 00654529 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 13:50 - 2014-04-09 13:50 - 02157056 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-04-09 13:48 - 2014-02-16 10:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3003775526-1270309354-3113253203-1002
2014-04-09 13:46 - 2014-02-15 22:04 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DC6CE52D-8101-4AA1-A81A-689732D1A086}
2014-04-09 13:45 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-09 12:34 - 2014-03-16 18:05 - 00003104 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-04-09 12:34 - 2014-03-16 18:05 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-04-09 12:33 - 2014-03-06 07:09 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-09 12:33 - 2014-02-15 22:05 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-04-08 20:39 - 2014-04-08 20:39 - 00000000 ____D () C:\Users\User\Downloads\tdsskiller
2014-04-08 20:39 - 2014-04-08 20:38 - 04118841 _____ () C:\Users\User\Downloads\tdsskiller.zip
2014-04-08 20:38 - 2014-04-08 20:38 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2014-04-08 20:33 - 2014-04-08 20:33 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2014-04-08 20:27 - 2013-04-27 19:31 - 00877348 _____ () C:\Windows\system32\perfh00C.dat
2014-04-08 20:27 - 2013-04-27 19:31 - 00191806 _____ () C:\Windows\system32\perfc00C.dat
2014-04-08 20:27 - 2012-07-26 00:28 - 01994298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 20:22 - 2014-03-20 17:25 - 00000000 ____D () C:\ProgramData\Skype
2014-04-08 20:21 - 2014-03-06 07:09 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 20:20 - 2013-11-20 11:44 - 00001060 _____ () C:\Windows\SysWOW64\bscs.ini
2014-04-08 20:20 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 17:25 - 2014-04-07 19:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2014-04-08 17:25 - 2014-03-20 17:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-04-08 16:23 - 2014-04-05 20:13 - 00000119 _____ () C:\Windows\n02.ini
2014-04-08 16:22 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tunngle
2014-04-08 16:22 - 2014-04-07 19:43 - 00000000 ____D () C:\ProgramData\Tunngle
2014-04-08 16:20 - 2014-03-05 20:38 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-08 15:16 - 2014-04-07 19:47 - 00000000 ____D () C:\Users\User\Documents\Dolphin Emulator
2014-04-08 15:16 - 2014-04-07 19:45 - 00000768 _____ () C:\Windows\DirectX.log
2014-04-08 14:55 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-08 13:07 - 2014-03-27 15:39 - 00400102 _____ () C:\Windows\PFRO.log
2014-04-08 13:07 - 2014-03-18 09:21 - 03297024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-07 19:46 - 2014-04-07 19:45 - 00000000 ____D () C:\Program Files\Dolphin
2014-04-07 19:45 - 2014-03-05 16:55 - 00000000 ____D () C:\AdwCleaner
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-04-07 19:43 - 2014-04-07 19:43 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-04-07 19:33 - 2014-03-12 20:29 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-07 17:19 - 2014-03-27 07:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 17:06 - 2014-03-15 08:53 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForUser.job
2014-04-07 17:05 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-07 14:10 - 2014-02-15 22:00 - 00000000 ____D () C:\Users\User
2014-04-07 13:58 - 2014-02-24 15:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-07 13:58 - 2014-02-17 14:03 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-06 12:38 - 2014-02-16 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-05 20:34 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-05 19:06 - 2014-03-15 08:53 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForUser
2014-04-04 19:56 - 2014-03-27 07:24 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 19:56 - 2014-03-27 07:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 14:49 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-04 14:01 - 2014-04-04 14:01 - 00000000 ____D () C:\Users\User\Documents\SavedGames
2014-04-04 08:18 - 2014-03-28 20:06 - 00000828 _____ () C:\Windows\system32\.crusader
2014-04-04 08:18 - 2014-03-12 20:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-03 17:35 - 2014-04-03 17:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-04-03 09:51 - 2014-03-27 07:24 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-03-27 07:24 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-03-27 07:24 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 09:04 - 2014-04-03 09:04 - 00000794 _____ () C:\Windows\setupact.log
2014-04-03 09:04 - 2014-04-03 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-02 16:25 - 2014-04-02 16:25 - 00000000 ____D () C:\Users\User\Documents\Adobe
2014-04-02 16:25 - 2014-02-15 22:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-02 12:40 - 2014-04-02 12:40 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-01 16:05 - 2013-04-27 20:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-01 16:04 - 2014-04-01 16:04 - 00001529 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-04-01 15:47 - 2013-04-27 20:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-31 15:06 - 2014-03-31 15:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-31 14:53 - 2014-03-31 14:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-31 14:53 - 2014-03-31 14:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-31 14:53 - 2014-03-28 12:52 - 00000972 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-30 15:16 - 2014-03-06 07:09 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 15:16 - 2014-03-06 07:09 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 19:17 - 2014-02-18 12:45 - 00000093 _____ () C:\Users\User\Desktop\Computer Link.txt
2014-03-29 13:15 - 2014-02-16 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-28 20:06 - 2014-02-15 22:04 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-28 13:03 - 2014-03-28 12:46 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-03-28 12:53 - 2014-03-28 12:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-03-28 12:53 - 2014-03-28 12:52 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-28 12:52 - 2014-03-28 12:52 - 00000000 ___HD () C:\$AVG
2014-03-28 12:52 - 2014-03-28 12:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2014-03-28 12:52 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-28 12:51 - 2014-03-28 12:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-28 12:46 - 2014-03-28 12:46 - 00000000 ____D () C:\Users\User\AppData\Local\MFAData
2014-03-27 15:39 - 2014-03-19 17:46 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-27 15:39 - 2014-03-16 18:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-27 07:24 - 2014-02-16 15:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 06:51 - 2014-03-27 06:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-03-27 06:51 - 2014-03-13 13:10 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-26 12:13 - 2014-03-26 12:13 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-26 12:13 - 2014-03-26 12:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-25 19:13 - 2014-03-16 18:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-25 18:40 - 2014-03-25 18:40 - 00003506 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User
2014-03-25 18:02 - 2014-03-25 18:02 - 00000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-25 18:02 - 2014-02-18 16:28 - 00048640 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-03-25 17:56 - 2014-03-25 17:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-03-24 13:47 - 2014-02-17 16:23 - 00000000 ____D () C:\Program Files\Java
2014-03-20 17:29 - 2014-03-20 17:29 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-03-20 17:26 - 2014-03-11 16:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-19 17:13 - 2014-03-19 16:51 - 00000000 ____D () C:\Program Files (x86)\JetBrains
2014-03-19 16:53 - 2014-03-19 16:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\JetBrains
2014-03-18 12:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-03-18 09:36 - 2014-02-15 22:04 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 09:20 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-18 09:20 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-18 09:20 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-18 09:20 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-18 09:20 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-18 09:08 - 2014-02-16 23:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 09:06 - 2014-02-16 23:12 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 18:43 - 2014-03-17 17:53 - 00000000 ____D () C:\Users\User\Documents\DayZ
2014-03-17 18:43 - 2014-03-17 17:53 - 00000000 ____D () C:\Users\User\AppData\Local\DayZ
2014-03-17 14:10 - 2014-02-16 15:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-03-16 18:00 - 2014-03-16 18:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-15 13:20 - 2014-03-06 07:11 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 09:39 - 2012-07-26 01:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-14 09:39 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-03-14 09:37 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\spp
2014-03-14 09:34 - 2014-03-07 18:33 - 00000000 ____D () C:\Users\User\AppData\Local\bluesoleil
2014-03-14 09:31 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\registration
2014-03-14 09:29 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-14 09:29 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-03-14 09:27 - 2012-08-03 17:02 - 00000000 ____D () C:\SWSetup
2014-03-14 09:27 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-13 16:26 - 2014-03-13 09:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-13 13:10 - 2014-03-13 13:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2014-03-13 13:10 - 2014-03-13 13:10 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-13 13:07 - 2014-02-15 22:01 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-03-13 10:28 - 2014-03-13 10:22 - 00000335 _____ () C:\local.conf
2014-03-12 17:11 - 2013-11-21 05:42 - 00002739 _____ () C:\Windows\system32\RaCoInst.log
2014-03-10 14:52 - 2013-11-21 05:38 - 00002990 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-03-10 14:51 - 2014-03-10 14:51 - 01060080 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00544496 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00495856 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2014-03-10 14:51 - 2014-03-10 14:51 - 00264432 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00192240 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo18.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00151280 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2014-03-10 14:51 - 2014-03-10 14:51 - 00029424 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF.sys

Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\jansi-64-git-Bukkit-1.7.2-R0.3-8-ga662658-b3032jnks.dll
C:\Users\User\AppData\Local\temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-08 14:44

==================== End Of Log ============================

 

 

 

 

 

Addition:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by User at 2014-04-09 13:52:29
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30614 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2CF55108-C313-06FD-C3A6-EEA5BEAD3C15}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0614.353.5073 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0614.353.5073 - Advanced Micro Devices, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30769 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0614.353.5073 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0614.353.5073 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0614.353.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0614.0352.5073 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0614.353.5073 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{A64DC543-B6C3-4745-AAD6-AC9F1B765BCF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6466.0 - IDT)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Exploit version 0.09.5.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.09.5.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OEM Application Profile (HKLM-x32\...\{769E695A-F93F-803E-3763-9A00A0E38786}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Ralink Bluetooth Stack (HKLM\...\{C079427A-BB28-5168-3DB1-DC6608D226D4}) (Version: 11.0.748.2 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

23-03-2014 04:46:35 Installed DirectX
24-03-2014 20:46:32 Removed Java SE Development Kit 7 Update 51 (64-bit)
26-03-2014 02:23:43 avast! antivirus system restore point
27-03-2014 23:31:28 avast! antivirus system restore point
06-04-2014 23:04:44 Scheduled Checkpoint
08-04-2014 00:04:07 Removed Skype™ 6.14
09-04-2014 03:21:46 Removed Skype™ 6.14

==================== Hosts content: ==========================

2012-07-25 22:26 - 2014-04-06 10:39 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2591FBC6-EBA6-4393-8AD0-4CFB49FA0A4F} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {3F77FAA0-F1EF-405D-A34D-3026B0E0EDB4} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {46DA3858-E744-4F24-AD60-5616846E4807} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-01-16] (Malwarebytes Corporation)
Task: {5297EC1B-44F0-4171-8767-3369C0FE77BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {76B1B656-B929-4BB5-9E62-B966CC5831D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {7C934DD2-5BE5-4ABA-B464-27709E702424} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {858B2CA4-3A45-417A-983A-A4593DE6B93A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {8B29836B-E8D3-4C72-B55B-A1D46B6151BD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-10] (Synaptics Incorporated)
Task: {98FCB326-7A22-4D0F-8E8B-A318C5E212B2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {9C25E3BC-7364-4068-B49E-B575FECDCDCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C69B5EC3-869A-4414-ABB2-52C76AE9CD55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D458D791-D6C6-427F-975D-6ACF871AB515} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F32D5954-32E0-4F91-8FFF-96EB5F6CC8F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {FDE87205-C9D0-44FD-91BB-8977312DD3BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {FFA108BA-C6C1-41B9-855D-0E09565F17E6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

==================== Loaded Modules (whitelisted) =============

2013-06-14 05:04 - 2013-06-14 05:04 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00016632 _____ () C:\Windows\system32\BsHelpCSps.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00371448 _____ () C:\Windows\system32\BsExtendFunc.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00029432 _____ () C:\Windows\system32\BsTrace.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00062200 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2013-04-27 20:32 - 2013-01-02 15:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-14 05:04 - 2013-06-14 05:04 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00029432 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00016632 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00062200 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00080120 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2013-11-01 16:48 - 2013-11-01 16:48 - 00371448 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75036281.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78820277.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75036281.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78820277.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: SkypeUpdate => 2

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Ralink Bluetooth PCIe Adapter
Description: Ralink Bluetooth PCIe Adapter
Class Guid: {d2de069d-7286-420b-baf8-225d700ce748}
Manufacturer: Ralink Technology Corp.
Service: rtbth
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2014 08:20:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0xb78
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (04/08/2014 08:20:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x678
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5

Error: (04/08/2014 04:50:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1404

Error: (04/08/2014 04:50:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1404

Error: (04/08/2014 04:50:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2014 04:20:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: Dolphin.exe, version: 0.0.0.0, time stamp: 0x5299030d
Faulting module name: Dolphin.exe, version: 0.0.0.0, time stamp: 0x5299030d
Exception code: 0xc0000417
Fault offset: 0x00000000006122ac
Faulting process id: 0x1a6c
Faulting application start time: 0xDolphin.exe0
Faulting application path: Dolphin.exe1
Faulting module path: Dolphin.exe2
Report Id: Dolphin.exe3
Faulting package full name: Dolphin.exe4
Faulting package-relative application ID: Dolphin.exe5

Error: (04/08/2014 03:23:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.500, time stamp: 0x533d8de2
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1c44
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (04/08/2014 01:08:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7
Exception code: 0x40000015
Fault offset: 0x0007d28a
Faulting process id: 0xa6c
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (04/08/2014 01:08:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5f8
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5

Error: (04/07/2014 06:58:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

System errors:
=============
Error: (04/08/2014 08:20:46 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/08/2014 08:20:29 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (04/08/2014 08:20:29 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (04/08/2014 08:20:03 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:22:34 PM on ‎2014-‎04-‎08 was unexpected.

Error: (04/08/2014 01:08:29 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/08/2014 01:08:12 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (04/08/2014 01:08:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (04/08/2014 01:07:41 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:57:52 PM on ‎2014-‎04-‎07 was unexpected.

Error: (04/07/2014 04:49:06 PM) (Source: DCOM) (User: User-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}User-PCUserS-1-5-21-3003775526-1270309354-3113253203-1002LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/07/2014 04:49:06 PM) (Source: DCOM) (User: User-PC)
Description: application-specificLocalActivation{A188DB29-2ABC-46CB-9A38-40B82CF5D051}{EA022610-0748-4C24-B229-6C507EBDFDBB}User-PCUserS-1-5-21-3003775526-1270309354-3113253203-1002LocalHost (Using LRPC)UnavailableUnavailable

Microsoft Office Sessions:
=========================
Error: (04/08/2014 08:20:44 PM) (Source: Application Error)(User: )
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28ab7801cf53a2a8955258C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeef712a9e-bf95-11e3-beae-3423870e7625

Error: (04/08/2014 08:20:25 PM) (Source: Application Error)(User: )
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd67801cf53a29ca9a7a0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle3fd12f1-bf95-11e3-beae-3423870e7625

Error: (04/08/2014 04:50:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1404

Error: (04/08/2014 04:50:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1404

Error: (04/08/2014 04:50:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2014 04:20:12 PM) (Source: Application Error)(User: )
Description: Dolphin.exe0.0.0.05299030dDolphin.exe0.0.0.05299030dc000041700000000006122ac1a6c01cf5380f066f130C:\Program Files\Dolphin\Dolphin.exeC:\Program Files\Dolphin\Dolphin.exe54c3c734-bf74-11e3-bead-a0481cd4046c

Error: (04/08/2014 03:23:20 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.500533d8de2MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1c4401cf5379257c6d7dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll63951b11-bf6c-11e3-bead-a0481cd4046c

Error: (04/08/2014 01:08:28 PM) (Source: Application Error)(User: )
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aa6c01cf536644cba492C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe8bf34817-bf59-11e3-bead-3423870e7625

Error: (04/08/2014 01:08:07 PM) (Source: Application Error)(User: )
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5f801cf53663876ca9aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll7fdd6d41-bf59-11e3-bead-3423870e7625

Error: (04/07/2014 06:58:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\Scans\esetsmartinstaller_enu.exe

CodeIntegrity Errors:
===================================
  Date: 2014-03-13 07:38:58.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:38:58.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:43.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:43.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:42.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:41.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:38.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:38.059
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:09.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-13 07:36:08.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 7384.25 MB
Available physical RAM: 5657.77 MB
Total Pagefile: 8536.25 MB
Available Pagefile: 6681.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:906.65 GB) (Free:792.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.75 GB) (Free:2.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 76D81DA4)

Partition: GPT Partition Type.

==================== End Of Log ============================



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:51 AM

Posted 09 April 2014 - 04:24 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt 
 

SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA2022B94-35C3-42E9-A4A9-696F9028CD38&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:51 AM

Posted 12 April 2014 - 09:43 AM

Still need help?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:51 AM

Posted 13 April 2014 - 11:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users